AWS Certified Cloud Practitioner Training 2020 – Full Course

Hey, this is Andrew Brown from exam Pro. And 
cloud computing has now become one of the   essential skills that you need to learn in order 
to make it in the web development industry in AWS,   Amazon Web Services is the most popular cloud 
computing service used by startups. So this whole   course is about getting AWS certified 
for the certified cloud practitioner,   which is the entry level certification. And the 
idea here is that by getting the certification,   you are going to be able to prove that you 
can work with cloud computing, prove that you   can work in AWS and you're gonna have a lot more 
job opportunities available to you.

So you know,   let's get to this and start learning about AWS. 
Hey, this is Andrew Brown from exam Pro. And   I'm going to try to answer all the questions you 
might have about the CCP, which is known as the   certified cloud practitioner to determine whether 
it's the right certification for you. Okay,   so the CCP is all about AWS foundational 
knowledge. So what that means is that it   can show that you know how to poke around and 
you can use the service console and you know,   the general offerings from AWS, it's like a lite 
version of the solution architect associate,   okay. But the CCP has some very unique offerings, 
which no other certification on AWS has, which is   they have a strong focus on billing and business 
centric concepts. Okay. And that's why it's   going to make a lot of sense why a lot of people 
who tried to obtain the CCP are in sales and   management because it's going to give them that 
knowledge to help them inform VPS or CEOs, the   reasons why to use AWS. Okay. Alright, so the next 
thing you're probably going to ask me is, what   value does the CCP hold? Well, it's not a Gilda 

It can help superficially increase your   a recertification count if that's something that 
some companies care about. But it's not recognized   as an important certification for developers 
on resume. So if you think by getting the CCP,   it's going to help you get a job, I probably won't 
help too much. If you were a bootcamp grad, then   it could be a good indicator that you're a little 
bit familiar with AWS. So it can be okay in that   one circumstance. But generally, for developers, 
it's not going to help you too much. Alright,   so maybe you're thinking so far? Hey, Andrew, this 
doesn't sound that great. Why would I want to even   bother getting this and you might be thinking 
about skipping the CCP. But I'm going to tell you   that that is not what you should do, you should 
actually go get the CCP.

And why is that? Well,   it's for a totally different reason. It's because 
the CCP is going to help you build confidence. And   it's a very easy one, because it's the easiest 
certification. Because it's the most inexpensive   certification, it's the perfect opportunity for 
you to get comfortable for when you actually go   take a real exam, okay, so the other exams, the 
associates, and everything beyond that are very   difficult. And you don't want that to be your 
first certification you go for, because you're   gonna go the exam center, you're going to be very 
nervous or stressed out, or something's gonna go   wrong. And so by taking the CCP and going to 
the test center, you're going to learn your   test center and learn how you have to be on time, 
and the what the environments going to be like,   okay, and that is the big value out of the CCP. 
So that's why I want you to go after it. And also   just some people day just to just prepare, 
because they might get overwhelmed once they   start with a solution architect associate. 
And so it is a very easy way to ease into   the associate certifications.

Alright, so let's 
talk about study time, how much time do I have   to put in to pass this exam. Now, if you are a 
developer, so you're already working in industry,   you can pass this in less than a week. If you're 
a bootcamp grad, I'd say about 15 hours. So we're   talking about a week and a half of study. And if 
you're in sales and management, you probably don't   have a lot of developer experience, or with a 
cloud infrastructure. So we're looking at 20   hours of study, but the thing is, is that you 
can, you know, book this exam a week ahead and   use this course and you will pass because it is a 
very easy certification, and it's not a huge time   requirement. Okay, so that just gives you kind of 
an idea of the time you need to put in. Alright,   so when it comes time to take this exam, you're 
going to have to go to a test center, which is   partnered with AWS, and there are two test center 
networks, we have psi and Pearson VUE.

And so   before the only way you can take this exam, you 
had to go in person to a test center. But now that   Pearson VUE is part of AWS as its offering the 
exam through their network, Pearson VUE is known   for their proctored exams. So what is the proctor 
exam that's when you have someone that who is   supervising or monitoring your examination and 
specifically for online Okay, so what that means   is that you can sign up and schedule an online 
exam and through a web camera and if you You would   just take the exam and somebody would watch you to 
make sure that you're not cheating. Okay. So now   it's even easier to get a VA certified because you 
can take this at the convenience of your own home.   But I would strongly recommend that you take it at 
an in person test center, if there is one nearby,   just because when you go for this harder 
certifications, they may not offer proctored   exams.

And so I at this point, I recommend that 
you try to go to a test center. But if you just   want to get even certified, and you're really 
excited, definitely go take it online. Alright,   and now we just have some remaining questions 
here. So what does it cost to take this exam,   it's $100 USD is the most inexpensive eight have 
a certification, it's going to take 90 minutes,   that's the time that you're allocated during the 
the exam, it doesn't actually take that long,   you could probably get it done in under an hour 
it again, it's not a very hard certification. But   I do recommend that when you go to the exam, 
you maximize all of your time and review your   questions. Because it is a very good habit to get 
into when you take exams, there are 65 questions,   the passing score is 70%. I think that actually 
is a hard number. With all the other exams,   it's kind of a floating number. So it's never 
exactly that amount.

But I'm pretty sure for   the cloud practitioner, if you get over 70%, you 
are going to pass, okay. And then when you get the   certification, it's going to be valid for three 
years. So it's going to be with you for quite a   long time. So there you go. Hopefully that answers 
all the questions you have about the certified   cloud practitioner. Hey, this is Andrew Brown 
from exam Pro. And here I have the exam guide   pulled up, because I'm going to give you a quick 
walkthrough of it. So you have an idea what AWS   wants you to know, in order to pass this exam. 
So the first thing we're going to do is we're   going to scroll on down to the content outline, 
and just give the domains a read and understand   the weighting of the actual exam.

So we have four 
domains. Here, we have cloud concepts, security,   technology, and billing and pricing. And so the 
largest portion of the exam is technology at 36%.   And billing and pricing is the lowest amount which 
is kind of funny, because I find that the most   valuable thing in the entire course is billing and 
pricing. Okay, we're going to learn a lot about   billing and pricing, AWS here. But that's just 
how they waited it out. But let's just talk about   these four domains. So we understand what it is 
that we need to know for each of these domains. So   for domain one, we need to be we need to be able 
to define the AWS cloud and its value proposition,   we need to be able to identify aspects of 
Eva's cloud economics list of the different   cloud architecture design principles, okay. 
Now for security, we need to know a variety   of different AWS security services. And we need 
to know the shared responsibility model, okay,   you need to know that for every single exam, it's 
always brought up like 100 times over.

But yeah,   that's part of the security donate onto 
technology, you're going to need to know   all the core database services and also a bunch 
of other AWS services. And you're going to need   to know global infrastructure. Okay, so we're 
talking regions, azs, and edge locations. All   right. And then on to billing and pricing. So we 
need to be able to compare and contrast various   pricing models for AWS recognize the various 
account structures in relation to Eva's billing   and pricing and identify resources available for 
billing support. So that is the content outline.   So the next thing I wanted to go over with you is 
the response type. So when you're taking the exam,   you're going to be presented questions in one 
or the other format. So we have multiple choice   and multiple responses for multiple choice, you 
just choose one out of four, okay, and then for   multiple response, it's going to be two or more 
correct responses out of five or more options,   okay, but generally, I find that it's two out of 
five or three out of six.

Okay. And then the last   thing here is white papers. So white papers are 
generally core to studying for AWS, for the CCP,   however, you do not have to read a single white 
paper, everything in this course covers anything   that could possibly pop up in these white papers 
here. And white papers are super boring. Okay.   But just so you know, we have the overview of 
Amazon Web Services architecting for the cloud,   eight of us best practices, how AWS pricing 
works, cost management in the in AWS cloud, okay,   so those are your four white papers recommended 
and then a fifth one, this isn't a white paper   though, but they just say compare the a of a 
support plan.

So you go to the webpage and you   read about the support plans. Okay, so there you 
go. That is the exam guide in a nutshell. Hey,   This is Andrew Brown from exam Pro. And we are 
looking at what is cloud computing, which is the   most important question on our journey to become 
a certified cloud practitioner. So what I've done   here is I've pulled up the textbook definition 
of cloud computing. And we will read through   this and then I will give you a bit more context 
on what is cloud computing. So Cloud computing,   from the dictionary is the practice of using a 
network of remote servers hosted on the internet   to store manage and process data rather than 
a local server or personal computer. Okay,   so what does that mean? Well, to really understand 
that, we need to understand on premise and cloud   providers, so now most people are using cloud 
providers such as AWS, GCP, or Azure to run   their actual workloads. And prior to that everyone 
was doing on premise. So what you would do with on   premise is you'd own the servers.

So it'd be the 
hardware and the software, you'd hire the people   to configure those servers and those applications, 
you'd pay or rent the real estate to house all   these physical servers. And you would take all 
the risk. Now on premise is still well and alive   today. And there's definitely good reasons to have 
an on premise solution. But a lot of companies are   now starting to use cloud providers. And so 
cloud providers are like AWS, GCP, and Azure,   as I said earlier. And so here, it's someone else 
owns the servers. So you are not responsible for   that hardware, and to different degrees, they 
will configure the software layer for you,   or you have control over yourself depends on what 
kind of service you're using. They're hiring the   IT people, and they're watching these servers 
around the clock for you. So you do not have to   pay for that. And someone else is paying for or 
renting the real estate. So they are buying the   real estate to house these servers, which are data 
centers. And now you have a shared responsibility.   So you're responsible for configuring cloud 
services and the code that you deploy on to the   services.

And so these cloud providers are going 
to take care of the rest for you. Okay, so that   is generally what cloud computing is, Hey, this 
is Angie brown from exam Pro. And we are looking   at the six advantages and benefits of cloud 
computing. And so this section really is about why   go with a cloud provider over on premise. Okay, 
and so let's jump into the first point here. So we   have trade capital expense for variable expense. 
So with on prem, you'd have to pay for your data   centers, and the servers. And so that would be 
an upfront cost where with a cloud provider,   you're paying on demand, so you only pay when you 
consume those computing resources, and pretty much   nothing else.

Okay. Moving on to number two, we 
have benefit from massive economics of scale. So   when you're using cloud computing, you have usage 
from hundreds of 1000s of customers aggregated   in the cloud. And so you are sharing the cost 
with other customers to get unbeatable savings,   which you cannot get on prem. The next point here 
is stop guessing capacity. So eliminate guesswork   about infrastructure capacities. So instead of 
paying for idle or underutilized servers, you   can scale up or down to meet the current needs. 
So where on prem, you just buy your servers,   and they would either be underutilized because 
they would just be way too big for the job,   or they're just not being utilized all the time. 
So moving on to number four, increased speed and   agility. So with cloud computing, you can launch 
resources within a few clicks, within minutes,   instead of waiting days or weeks for your it to 
implement the solution on prem.

Then number five,   we have stopped spending money on running a 
maintaining data centers. So the idea here   is that if you don't have to pay for the servers, 
the IT staff and a bunch of other stuff, then you   can just focus on your customers, okay? So rather 
than that heavy lifting of racking, stacking and   powering servers, and the last point here is go 
global in minutes.

So deploy your app in multi   multiple regions around the world with, with 
a few clicks, provide low latency and a better   experience for your customers at minimal costs. 
And so when you have an on prem environment,   that data center is, I don't know how many people 
can afford multiple data centers. But with AWS and   cloud computing, you're gonna have a lot more 
reach. Okay, so those are the six advantages or   benefits of cloud computing. And this definitely 
shows up on the exam. So you do need to know these   six points. Hey, this is Andrew Brown from exam 

And we are looking at the types of cloud   computing we have three here for us. So we have 
software as a service platform as a service and   infrastructure as a service. And you can see 
that we have this nice pyramid here. I promise   you It's not a scheme scheme, it's just a way of 
showing how one is built on top of another. Okay.   So starting at the top here, we have Software as 
a Service, also known as SAS. And these are for   customers, okay, so the idea is that you have a 
completed product that that is run and managed by   the service provider. So you don't have to worry 
about how the service is maintained, it just   works and remains available.

So if we had some 
examples of sasses here, maybe you'd have your   Gmail or your office 365 or your Salesforce, okay, 
going down to platform as IT services is really   intended for developers, it removes the need 
for your organization to manage the underlying   infrastructure and focus on the deployment and 
management of your applications. So the idea here   is you don't have to worry about provisioning and 
configuring and understanding the hardware. Alas,   it just works. So you have an app, you push it. So 
for AWS, you have Elastic Beanstalk. Then there's   also Heroku, which is a very popular service. And 
then I believe there's one called like engines for   Google. And then the last one on our list here 
is infrastructure service. And this is really   intended for admins. And so when you're using 
AWS, GCP, or Azure, this is what infrastructure   as a services. So it's the basic building blocks 
for cloud it. So it provides access to networking   features, computers, and data storage space. 
So you don't worry about the IT staff, the data   centers or the hardware, but you have access to 
all those resources to build whatever you want,   okay, and so obviously, a, if you wanted to build 
your own platform as a service, you'd build that   up on top of IT infrastructure service, if you 
wanted to build your own software as a service,   you could build that on top of the platform as 
a service, or an infrastructure as a service.   So there you go.

Hey, this is Andrew Brown 
from exam Pro. And we are looking at cloud   computing deployment models. So there are three 
different kinds here. And so we're gonna start   with the cloud on the left hand side work on to 
on prem, and then talk about hybrid. So Cloud is   where you are fully utilizing cloud computing. So 
here I have a few services such as Squarespace,   Basecamp, and Dropbox. And it is very well suited 
for startups, because it's extremely low cost.   It's great for SAS offerings, where with on prem 
or hybrid, they might never get to the size where   they need to deal with regulatory bodies, or, or 
it's just the nature of the applications are not   that complicated. Or if it's new projects 
or companies, they don't have red tape,   because they have existing infrastructure, 
okay, and they can design to be 100% on cloud.   So now going on to on prem. So on prem is when 
you are deploying resources on premise using   virtualization and resource management tools, and 
is sometimes called private cloud, and so on prem   is still being utilized by a lot of companies 

And generally, you will see public sector   so the government has on prem data centers, when 
you're dealing with super sensitive data, such as   hospitals, you have like health records, there is 
an aversion to putting that into the cloud, or you   have large enterprises with heavy regulation. 
So insurance companies, and I mean, these   organizations are starting to soften and start 
utilizing cloud, but there are still holdouts,   and reasons, both technical and, and business or 
political reasons as to why you cannot use Cloud,   okay, then you have hybrid. And so hybrid is where 
you use a combination of both cloud and on prem.   So you connect the two with hybrid services. 
And so we see a lot of banks. Using this,   we see FinTech or investment management, or even 
large professional service providers. And a lot   of the reasons why is that they can adopt cloud 
but they have legacy on premise environments,   or some of their customers or clients still are 
not comfortable with cloud computing. So in some   capacity, they are using a cloud.

But it's totally 
possible that if they started from day one,   they would just only use cloud. So there you can 
see I have C IBC, which is a bank, then you have   the C CPP Investment Board, that's a Investment 
Board in Canada. Then you have Deloitte, which is   a large professional service. So those are the 
three cloud computing deployment models. Hey,   this is Andrew Brown from exam Pro. And we are 
looking at ABS global infrastructure. And what   we're going to figure out here is where does all 
this cloud computing stuff run? Okay, so we have   69 azs, within 22 geographical regions around 
the world and we have lots of edge locations   more than available. azs. But what does that all 
mean? So eight of us serves over a million active   customers in more than 190 countries and they're 
steadily expanding their Mobile infrastructure to   help customers achieve low latency and higher 
throughput. And so that global infrastructure,   our region's azs, and edge location. So a region 
is just a physical location in the world with   multiple azs. An AZ is one or more discrete data 
centers owned by AWS, and then edge locations or   data centers owned by a trusted partner of AWS 
and maybe owned by AWS themselves.

And so now   that we have that overview, we're gonna jump into 
those three types of infrastructure. Hey, this is   Andrew Brown from exam Pro, and we are looking 
at regions for the AWS global infrastructure.   And so a region is a geographically distinct 
location, which has multiple data centers,   also known as azs for AWS. And I've highlighted in 
red geographically distinct, because that is the   most important thing you need to remember about 
regions. Every region is physically isolated from   an independent of every other region in terms of 
location, power, and water supply. Every region   has at least two diseases. So again, an AZ is a 
data center. So it has at least two data centers   running within that region, the largest region 
for AWS, US East, so that is north Virginia. And   new services almost always become available first 
in US East. And not all services are available in   all regions. Okay. So if you definitely want to 
use a new feature or service via AWS, your best   bet is to switch over to US East, and US East one, 
which again, is north Virginia is the region where   you see all your billing information.

All right, 
and you can just see here on the left hand side,   I have a bunch of flags. For the countries where 
these regions are run in here, I might not have   all of them in here. But I definitely have a lot 
here. So you can see there's a lot of coverage   here. So now that we know what a region is, 
let's just go take a look at some of the features   of regions. Okay, so I just hopped over to the 
AWS website, because I just wanted to show you   a little bit more about regions visually. And so 
here we have our, they say region maps, but these   are really just a particular continent that has 
a bunch of regions. So looking at North America,   you can see we have regions on the west coast and 
the East Coast. And so we have Ohio or Oregon,   North California. And we have Canada and North 
Virginia here. Okay. And so you can see in Canada,   there's only two availability zones. And they 
are working on third one, it was just recently   announced. So AWS can always say that they 
at least have two ACS in every single region,   but they're definitely coming close to being able 
to say they have at least three in every region,   which is very important because most companies 
or enterprises have to run in at least three azs.   So now going on to South America, you can see 
that there is a single region here, and that is   in Brazil.

And then we have over here in Europe. 
So we have a few here we have London, Stockholm,   Frankfurt, Paris, and Brahim, I'm sorry if I 
pronounced that wrong. I've forgotten already. Oh,   and then we have Ireland. Okay, sorry, Ireland. I 
know you're you're there as well. Okay. And then   on to Asia Pacific. So we have Mainland China, 
Sydney. So I would think that that would be   Australia there Tokyo such Japan, Seoul, so that 
is Korea cannot see that. But that's another place   in mainland China. And we have another place 
in Japan. And then a Mumbai is I believe that   is India. And then we have Hong Kong. So that's 
Hong Kong. Okay. So yeah, those are the regions   and then we just hop over here to the regional 
table. This gives you an idea what services are   offered. So when we said that not all services 
are available, you can kind of see that like,   for example that Amazon Connect is only available 
in a few regions. So we have North Virginia and   North Carolina, okay? And then deep lense really 
is only in Northern Virginia.

So again, as I said,   everything is north Northern Virginia. You can 
see we have checkboxes all the way down here.   And this is also broken up based on those 
geographical continents. So if I go here,   you can see Ireland seems to be having all the 
ones in Europe, and then in Asia Pacific, it   looks like I guess Singapore Singapore looks like 
they have the majority of services there. Okay,   so there you go.

That is hey, this is Angie brown 
from exam pro and we are looking at availability   zones, also known as AZ. So an AZ is a data 
center owned and operated by AWS in which 80   of us services run. Each region has at least two 
azs and at best is getting pretty close to being   able to say that they have at least three ACS and 
all regions. ACS are represented by a region code   followed by a letter identifier. So US East one 
is region that would be North Virginia. Na is   the data center. Okay, and so from North Virginia, 
there are six azs. So you'd have a, b, c, d, e, f,   okay, then we want to just talk on the concept of 
multi AZ. So this is when you're distribute your   instances across multiple availability zones, 
which allows for failover configuration for   handling requests when one AZ goes down. Okay, 
so that is very useful. And then one more thing   to note is that the latency between availability 
zones is a sub 10 milliseconds.

Okay, so there,   these days, these are purposely positioned to 
be exactly that far apart. Okay. And so there   you go. Hey, this is Andrew Brown from exam Pro, 
and we are looking at edge locations. And this   is all about getting data fast or uploading data 
fast to AWS. So an edge location is a data center   owned by a trusted partner of AWS, which has 
a direct connection to the AWS network. These   locations serve requests for CloudFront, and 
relativity three, and requests going to either   of these services will be routed to the nearest 
edge location automatically. So we also have s3,   transfer acceleration and API, a gateway.

the idea here is that this is where you want   to upload data quickly to AWS, you're going to use 
these two services to hit a special endpoint at an   edge location to then transfer stuff quickly via 
the AWS network. Okay. So the whole takeaway from   this is that edge locations allow for low latency 
no matter where the end user is geographically   located. Alright, so we're back on the AWS website 
here where we were looking at regions earlier,   but this time, I want to give attention to 
edge locations. So edge locations are the   little blue dots here, and you can see there 
are a lot of them.

Okay, and so down below,   we have an idea of how many edge locations there 
are, you can see that there are a lot. So even   just in Atlanta alone, there are five. And so they 
definitely outnumber availability zones. Okay,   so just to give you an idea, those are the ones 
for North America, then down below, we have just   a few there. Okay. for Brazil, then in Europe, we 
have quite a few here. And then in Asia Pacific,   we have more edge location. So there you go. 
Hey, this is Andrew Brown from exam Pro. And   we're going to take a look at Gov cloud. Okay. 
And so Gov cloud is a very special region that   allows customers to host sensitive controlled 
unclassified information and other types of   regulated workloads. So the Gov cloud region is 
only operated by employees who are US citizens   and us or on US soil. So it's definitely not 
something that I can use. Because you have to be   a US identity and root account holders who pass a 
screening process in order to use this particular   region.

So who is this very special region for 
it's for customers, that need to architect secure   cloud solutions that comply with FedRAMP, the 
Department of Justice, the US international   traffic and arms regulation, export administration 
regulations, and the Department of Defense. Okay,   so it just makes it a lot easier if you're working 
with us with these government bodies in order to   utilize cloud computing. Okay, so I just hopped 
back over here on the AWS global infrastructure   regions page, because I just wanted to highlight 
here, those Gov cloud region.

So there actually   are two, there is one on us West and US East. As 
far as I'm aware of, there aren't any other Gov   clouds other than for us at this time, maybe in 
the future, AWS will have it for other countries,   but for the time being, it's just the US. And 
just to look at the Gov cloud page here in more   detailed here, you can see all the nice graphics 
here for that address security and compliance.   So if you want to build something and sell it 
to the government or govern government related   industries, by using Gov cloud, you are going 
to become compliant.

Okay? And that's gonna make   business a lot easier for you. So yeah, that's 
all you need to know. Hey, this is Andrew Brown   from exam Pro, and I'm going to show you how to 
get set up with your AWS account. So here I am on   the AWS homepage, and we have two buttons that we 
can click on, click the one here in the middle, or   click the big orange button to create our account. 
I like to press the orange one.

So that's what I'm   going to go ahead and do here. Okay. Okay, great. 
And so now we're going to be presented with a form   here. So I'm going to go ahead here and just fill 
in an email. We're going to do Andrew, plus fresh   at exam since this is a fresh account, 
okay, and I'm just going to supply Have some kind   of password here, I'm going to call this the exam 
Pro, a fresh account.

Okay. And I'm just going to   go ahead here and continue. So, now in order 
to create this account, we're going to have to   provide some additional information here. So I'm 
just gonna mark this as a personal and I'm going   to fill in this information here. Okay, and so I'm 
just gonna have to go here and fill that in. Okay.   Okay, so now I have that information filled in 
there. And so I'm just gonna have to check here   to say that I agree to their customer agreement, 
okay, and we can go ahead and create our account.   Now, in order to use AWS, you have to have a valid 
credit card, you cannot use AWS without a credit   card. Okay? So that's just something that you're 
going to have to do. So I'm going to go ahead here   and provide my credit card here. Okay. All right. 
So now I have all my information filled in here.   So I'm just gonna go ahead and verify and add. 
Okay, and then now just wants to also verify   on my phone number, this is definitely something 
that's required.

So I'm just going to provide my   phone number here. Okay, great. My phone numbers 
in there, I'm just going to supply the security   check here. So we'll just fill that in. Okay, and 
then we will just send an SMS and confirm. Great,   so that text message came in here. So I'm just 
going to fill in the confirmation here. 0448.   Okay. And great. So now we're verified. Okay, so 
now we're going to choose our support plan, we're   definitely going to go with basic here. Great. And 
so now we just have a little bit of information   here. Um, I don't really need to do any of this. 
I'm just ready to go sign into the console.

Great.   So now that we've created our account, I believe 
we could probably go ahead and sign up here, I'm   not sure if we have to confirm our email because 
we did confirm by phone number. But let's just   give it a go here and see if we can log in. Okay. 
So we'll just put that in there. I'll just provide   the password. Great. So we have made it into this 
AWS account here. So this new account is realized.   So there you go. And maybe we'll just have to 
poke around here to see if there's anything else   we need to do. But yeah, we're in good shape. 
Hey, this is Andrew Brown from exam Pro. And   what we're going to do now is make sure you do not 
get overbuilt and there are three ways we're going   to do that.

So there are some billing preferences, 
we're going to set, we're going to set up a budget   Eva's budgets, and we're also going to create a 
billing alarm. Okay, I'm just going to talk to you   also through as to like the advantages and 
disadvantages of some of these things. And   also just make sure we do not get over billed 
within our account. So the first thing I want   you to do is I want you to make your way over to 
support or sorry, maybe under your account here,   I'm going to go to my billing dashboard. And when 
you get over here, I want you to click on the left   hand side here and go to billing preferences, 

And so we're going to have a bunch of   preferences here. And they're all really good. So 
the first one is receive a PDF, invoice by email,   I would check that on receive free tier usage 
alerts, this is definitely important. Because if   you have a free account, you want to know when you 
are going outside that free tier, and so then you   just provide your email there. So I'm just gonna 
do Andrew plus fresh at exam pro dotco there,   and then we have received billing alerts. Okay, 
and you definitely want to turn that on. And there   is this detail billing reports down here.

is a legacy feature. This has now been replaced   with cost and usage reports, okay. So it's not 
necessary to turn that on, and actually do show   you how to use cost and usage somewhere in this 
course here. So we will cover that. But anyway,   make sure these are all three ticked on, provide 
your email and save your preferences. Okay. And   now you're going to be in the loop of some of 
your billing information. Okay. So now that   we have these preferences set up, let's make our 
way over to eight of us budget. So I want you to   go to the top here and we're going to type in 
budgets, okay. And so what budgets do is they   allow you to tell you whether you are getting over 
or whether you are going over your defined budget,   or it's going to also provide some forecast 
costs to you as well.

Okay, so now that ad   was budgets here has loaded, what I want you to do 
is create a new budget, you get two free budgets,   in AWS. So we can definitely set to there 
It's two cents per day for budgets. And so   that doesn't sound like a lot. But if you made 
your third budget, it's going to cost you $14   per month. Okay, so for more additional ways of 
tracking costs, we're going to use billion lines,   which really are inexpensive or end or free. But 
we'll do budgets first, because it's good to at   least have one budget set here for all costs. So 
here, I'm just going to say, overall costs, okay.   All right, and we will leave it monthly here, 
I can't remember if overall is one or two L's,   I think it's two. We want this to be a reoccurring 
budget, we're going to have a fixed cost,   and we're going to set it some something very 
low such as $20. Okay, since we are using again,   the free tier, we should not be expecting to see 
a bill for quite a while.

And $20 is a good low   bill there. And we definitely want all costs 
unblended. So this is great. And everything   is checkbox there. So we'll go ahead here and 
configure alerts. And we're going to provide   our email against Andrew plus fresh at exam, 
pro dotco. Okay. And we'll just hit Add there,   it's already been added. You could also use SNS, 
but we're gonna leave that alone. And we can also   get alerted when we are approaching it. So we 
haven't surpassed 100%. But actually, I'm just   going to set it to 100. Because $20 to me is not a 
lot. And we can do this for actual or forecasted.   And leave that for actual, okay. And I'm going to 
go ahead there and create that budget. Alright,   and so we don't have any information here. But 
if I just give it a hard refresh. So if you are,   if you are using an account where you're doing 
stuff, if you do refresh there, you'll probably   see more information. Okay, great.

So we've 
created a budget. So now that we have our budget   created there, let's go make a billing alarm for 
a higher amount. Okay, so what I want you to do is   go to services and type in cloudwatch. Okay. And 
once we are over here, we are going to make our   way over to alarms. All right. And so we're going 
to make our way over to a billing here. And what   it's going to tell us is that we need to switch 
regions, because billing metrics always live in   US East one, okay, so generally, it's always good 
to switch to that region there.

So what we'll do   is we'll go up to the top here and switch to 
US East one. Okay. So now if we go to billing,   we can now set our billing alarm. Okay. So, notice 
down here that we get 10, free alarms, and 1000   free email notifications. So it's definitely more 
free than budgets. Okay. But budgets does have   a lot more functionality there. But you can use 
definitely use both. Okay, so here, I'm creating   a new ability alarm. And I'm just going to scroll 
down here. And we can set the amount. So here,   I'm just going to set a larger amount such as 
$100. And so if it's greater or equal to that,   then is going to alert me. Okay, and we'll 
leave cat and estimated charges there alone,   we'll look at some additional configuration.

is all good. We'll hit next. Okay. And then the   next thing is, we need it to actually notify us. 
So we're going to say add notification here. And   oh, I think I already had one here. So it was not 
necessary, but we needed to send it to something.   So it's going to need an SNS topic, we don't 
have one. So we'll create a new one. Okay,   and we'll call this notify me. Okay, and then 
I'll just provide my email there again. Okay, and   we will hit Create topic. And then we'll go ahead 
and hit next. And we'll just say, so this $100 100   Bill 100 building alarm. I don't know if it'll let 
you do spaces there. So I'm just out of habit, I   always leave out spaces. Great. And so we're just 
previewing it here.

So just scroll down. This all   looks good. And so now we have a billing alarm. 
So you know, it's not uncommon to create multiple   billing alarms. So you could have one at 100 and 
150 and 202. So you can keep track of that stuff.   And of course, you definitely want to make use of 
a diverse budgets. So you have to there that you   can utilize. So maybe once you start using your 
account and you use the live we see two instances   you just want to monitor that you create a budget 
for that. But yeah, we have all bases covered   here. And the only thing that is left to do is we 
need to confirm this, the email that was sent out   to this so that our billing alarm it will take 
effect Okay. All right. So um, that notification   was sent to me for the billing alarm there for 
notify me, so it's just me subscribing to that   SNS topic. I guess we only have to do this once. 
I think we add additional ones we won't have to   confirm but I'm just gonna go ahead here and hit 
confirmation okay.

And so, now that is confirmed   there, okay. And I think if I do a refresh here, 
it should say that this is now different state   Okay, so just has nothing there, which is good. 
So yeah, we are all set up and we don't have to   worry about getting overbuilt. Alright, so there's 
a little bit more work we need to do to have our   account fully set up. So we can start working with 
AWS. And what I want you to do is make your way   over to IBM. So just go up here and type in IBM. 
If you click that there, you'll end up in the same   place that I am here. And so we have a bunch of 
recommendations here that ABS wants us to do. So   we need to turn MFA on our root account, we need 
to create individual users, because we generally   do not want to be using the root account, which 
is what we're logged in as right now.

We'll have   to set some groups and assign permissions and 
apply an IM password policy. So let's go ahead   and do that. But just before we do, I just want 
to make it easier for us to sign in. So what we   can do here is changed this URL. So just go ahead 
here and customize. And we're just gonna say exam   pro fresh, okay. And that is a unique name. So 
if you type in something, and it says it's not or   it's taken through, just have to change it until 
you get something that you like.

So now that we   have that set up, let's go turn on MFA. So we're 
going to want to turn on MFA for this account,   specifically, the root account here. And the 
reason why is that let's say someone stole your   email and password to this root account, then 
they would be able to do some serious damage.   So by turning on MFA, there's going to be an 
additional layer of security. So the idea is,   when somebody logs in, they're gonna have to 
provide an additional code based on the MFA   delivery mechanism. So just let's go here and 
hit manage MFA.

Okay, and so it's gonna pop up   here and just say what we're already doing, which 
is to start securing our account. And so I'm just   gonna click off there, go to MFA and activate MFA. 
And so now we're going to be presented with three   options. We have virtual you, UTF, and other 
hardware. So virtual is going to be for mobile   devices. That's what we're going to do. So we're 
just going to go ahead there and hit Continue.   Okay, and what we want to do is we want to install 
a compatible application on our phone. So just   going over here, if we scroll down, it's going to 
tell us which ones are compatible. I definitely   know authenticator is one, so I'm just going 
to search for that there. Where are you? Yeah,   down here. So if you're on Android or iPhone, 
you have authy, too, or Google Authenticator.   I'm using Google Authenticator, I find 
that more easy to use. And then the idea   here is you'll just hit show QR code.

And then 
using once you have authenticator installed,   you're going to open up the authenticator app. I 
know, you can't see me doing this. So I'll just   have to talk my way through it here. And there's a 
plus button in Google Authenticator, and it says,   scan a barcode. And so now I'm holding my, my 
phone up to the computer there, it's grabbed   the code, it saved the secret. So now what I 
need to do is enter in two consecutive codes. So   going down here, I'm going to enter this code in 
before it expires. So this one is 786763. And then   there's a little wheel that is spinning, and it's 
going to then give us a new set of numbers. Okay,   and so now it is now 984816. And so I'm just going 
to hit assign MFA there, and now it MFA is turned   on.

So now that we have MFA turned on, we can 
make our way back to our dashboard and proceed   to the next step. So now we're going to proceed 
to create ourselves our own user, because again,   we do not want to be using the root account, which 
should be rarely used. And we should just create   ourselves a user. So we'll hit Manage Users here, 
we're going to hit Add User, I'm going to create   a new one called Andrew Brown, we're going to give 
it programmatic access and access to the console,   we're going to let it auto generate a password 
for us. And we're going to make sure that it   requires a password reset the next time this user 
logs in going to permissions we don't have any   groups.

So we're going to create a group here. And 
we're going to call this group admin or admins,   I should say, and we're going to give it 
administrator access. Now, generally, you don't   want to be giving too many users admin access, 
because it gives you full access just like your   root account. But for our purposes here, this is 
totally fine. It's not unusual to have one or two   admins within your entire account. But generally 
you want to set most people as power user. Okay,   and this is it gives you full access. But there 
are some limitations such as you don't have the   ability to manage users and groups. So power user 
is a very good one here, but for this one here,   we are going to stick with admin. I'm going to 
hit Create group and we are going to go ahead hit   next Review. And we will hit create user.

so now what we'll do is we're going to get an   access key ID a secret and a password. So I'm 
just going to expose those here. And I'm just   going to copy these off screen. Alright, and then 
we will just proceed here. Okay, so I just copied   at least my password off screen here. And what 
I'm going to do next is I'm going to make my   way back to the IM console. So just go up here 
services, and we can just type in I am. Okay,   and so now we have done pretty much everything 
here except for setting a password policy. So   just before we go ahead and set a password policy, 
what I want to do is I want to log into this new   user. So we have this nice long URL here. So I 
want you to copy that URL. And what we're going   to do is we're going to log out and now a log 
in as that new user, okay, so I'll just go ahead   here and log out.

Great. So I'm logged out here. 
And so the way we can get to that page is we can   paste in that URL up here, which will bring us to 
the console. And so you can, you can always use   that link. Or if you can remember that alias, you 
can always just go to the console and type it in   there. So my name was Andrew Brown here, I'm just 
going to go off screen and grab my password. And   I'm just going to hit sign in here. Alright, and 
so now I just need to reset my password here. So   I'm going to provide the old password and we are 
going to set a new password. Great. And so now   I'm logged in, not as the root user, but as a new 
user I've created. And just one more thing here,   I want to go back to you I am here.

And the reason 
I want to go back here is that I exposed my access   key and password to you. And anytime that actually 
happens, we're going to want to do is go to your   user there. And I'm gonna go to Andrew Brown here, 
and we're gonna go to our security credentials.   And you can see that was that access key and you 
saw that password. So what I can do is I can make   it inactive, and then I can create myself another 
access key. And I'm not going to show you the   secret this time around. But it's just, you know, 
anytime you accidentally share your credentials,   you're definitely going to want to reset them 
there and the password that you saw earlier,   it doesn't matter because I reset my password 
when I logged in here. Okay, so now that is   all set up. What we will do is we will log out of 
this account, and we will log back in as the root   account to set up a password policy.

Okay, and I 
just want to show you when I go to sign into the   console, it's going to show me this filled in. And 
so whenever we're logging in as the root account,   we actually have to click this link down below. 
And so we would just type in our email here. But   if I wanted to log back in as that user, 
I could just type in here exam pro fresh,   and it would bring me back to here and I would 
fill in this information. But if you're always   logging in as the root user, I'm just gonna click 
back there. It's always your email. I know that's   a little bit confusing, but that's just how it 
works. And so this time around, I got the MFA,   so I can't just log in willy nilly.

So I'm just 
going to use my phone, and I'm going to open up   authenticator, and I have to provide it that code. 
Okay, so it's those numbers again. So this one's   gonna be 904361. I'm gonna hit submit. And so 
now I'm back into my account. And we'll make our   way back to I am and do that last step. And so we 
just have one more thing that AWS wants us to do.   And let's apply an IM password policy.

So we'll go 
down here and click Manage password policy. And so   what we can see is a bunch of stuff. And we really 
just care about this part up here. So I'll set   password policy. And now we can see some rules. 
So you can enforce the minimum characters, you can   require at least one uppercase one lowercase, 
at least one number require at least one of   these enable password expiration. Yeah, I could do 
that. I suppose password expiration requires admin   reset, maybe not allow users to change their own 
password, definitely prevent password reuse. So   ensure they don't use the same password, I would 
probably just crank this up as high as possible,   we'll leave it as five. And we'll save changes. 
And so now, if we go back to our dashboard, we   should satisfy that entire list.

And so we have so 
we've met every requirement of AWS. So generally,   from now on, you should just log in as that 
user and stay out of your account. Okay. Hey,   this is Andrew Brown from exam Pro. And now 
that we've set up our account, I want to go   through the motions Using some of the most common 
database services with you here, so you can gain   some confidence here on the platform itself.

just to have some practical hands on experience,   this is not going to be a very difficult section, 
it's not important for you to remember anything,   but just to again, gain confidence. And just 
before we get started here, I want to make sure   that you are in the north Virginia region. Okay. 
So North Virginia, also known as US East one. The   reason why it's one is because there's another 
USC, which is USC two, this one is US East one,   because it came first. But based on the region 
you're in, is going to change the the offerings   that you have, because not everything is available 
in every single region. Generally, they are across   all regions. But like, if I was in Canada Central, 
we have a fewer availability zones, those are data   centers, where in North Virginia, we have like 
six, and if there are any new features, they're   definitely going to be in North Virginia. So I'm 
just gonna ask you to change over to that region   and follow along with me there. Okay. So the first 
thing I want you to do is I'm going to show you   how to launch a server.

So a server is going to 
be using EC two. So going up to services here,   we will type in EC two. And we will make our way 
over to the EC two console. So once we are here,   I want you to go ahead and launch a new instance. 
So there's a big blue button here. So we'll just   hit launch instance. And now we're going to be 
presented with a bunch of options to configure   our server. So we are going to choose what OS 
we want to use, we're going to stick with Amazon   Linux two, because it's part of the free tier. 
And saving money is a great thing when we are   learning. The next thing we need to do is choose 
the size of our of our server here. So these are   called instance types. And so you can see that 
the memory gets larger in the amount of CPUs   get larger, we're going to stick with TT micro 
because again, that's part of the free tier and   we want to save some money. going next to instance 
details, we can choose how many instances we want   to start an instance is a server.

So if you have 
attendances that's 10 servers, and we have a lot   of options here, we're going to launch it in 
our default VPC and into the default subnet, it   is going to be auto assigned a public IP. So it's 
going to be public facing. And we're going to want   to create an IM role here. So what I want you to 
do is go ahead and just right click here and make   a new tab, because we want to give this a bit of 
permissions. So up here, I'm just going to go to   the IM Management Console. And I want you to make 
your way down and create a new role. And so we are   going to be presented with a bunch of options. So 
we are creating a role for EC two. So we'll select   TC two, we're going to go to next to permissions. 
And I want you to type in SS M and I want you to   use Amazon easy to roll for SSM.

SSM is simple 
SYSTEMS MANAGER. And that's going to be a way for   us to actually log into that machine. Okay. And so 
we're going to get here and I'm just gonna say a   my easy to roll. And I want you hit Create roll. 
And so now that roll has been created. And we   will just go ahead and close that tab there and we 
will drop this down, you can see that says none,   so we'll hit the refresh button here.

And we'll 
choose my EC to roll. So now we have that,   that set up, we are going to leave everything 
else blank. And I want you to go to storage. So   here you can choose how much storage you want. 
It's gonna have eight gigabytes by default,   you change the volume type, we're gonna stick with 
general purpose. And we're going to go review and   launch. And we are going to hit launch. And it's 
going to ask you to create a key pair. And so   key pairs are used to get into the server. But we 
actually don't need one because we are using SSM,   which is another way of logging into the server. 
So we're going to proceed without a key pair.   Okay, I will just say I acknowledge that I will 
not be able to connect to this instance, unless   I already know the built in password, which is not 
true because we can get through SYSTEMS MANAGER,   but we will go ahead and launch this instance. 
Alright, and so this instance is now launching.   In order for us to see it, you can either go view 
instances, we'll just click that down below here.   Alright, and so now this instance is launching, 
and you're gonna see a pending state, and we're   waiting for two status checks to pass.

So this is 
going to turn from yellow to green. And then we're   going to wait for this to initialize. And once 
that's done here, I'll see you here in a moment,   go. Okay, so after a short Wait here, I think I 
waited about three to four minutes. Our server is   now running and it also has two checks. So that 
means that the server is in good shape. So now   that our server is running, we'll just take a peek 
down here, because we get a variety of different   information such as when it was launched. The 
Im role, the security group that is in which   was the default one what size it was, and we can 
see that it has a public IP address and private   IP addresses. Okay, so now that the server is 
ready Running, this is a costing us money.

Now   we are on the free tier. So I guess technically 
it's not. But if we wanted to shut this down,   and we're not going to shut it down just yet, but 
I'm just showing here that we would just go here   to terminate, and that would shut the server down. 
And then we would no longer be paying for it,   we could also stop the instance. And that wouldn't 
destroy it, but it would not have it not running   more. And we'd also be saving money, okay, so 
whether you stop or terminate that instance,   will ensure that you save money.

So now that this 
is done, let's actually learn how to get access   to this instance. Alright, so there's a couple 
different ways we can get into this instance.   One way is using SSH. So if we had created that 
key pair, we could have used it to get into that   server here. Or we can use simple SYSTEMS MANAGER, 
sessions manager, which is the my preferred way,   and AWS, AWS is recommended way, which is what 
we're going to do. But just before we go head over   to SSM, I want you to right click here and just 
go to connect. And you can see that it's actually   giving you instructions. So if you had downloaded 
that key pair, you would have to jump on it,   you would have had to do a bunch of other stuff. 
So you have to use SSH and provide that key to   get into it.

So there are instructions there. 
There's also this easy to instance Connect. And   so this is another way to connect, I'm not sure if 
it would let us in here without our our key pair,   but I'll just give it a go here. And it did. So 
this is one way this is actually I guess the third   way to access it. So actually, I'm in the server 
right now. But the way I want to show you how to   get in is via simple SYSTEMS MANAGER. So I'm just 
gonna go ahead there and close that I want you to   go the top here and type in SSM, which is for 
simple SYSTEMS MANAGER, even though they never   display the simple word there anymore, definitely 
as part of the name.

And then once we are over   here, I want you to go to the left hand side and 
go to a session manager. And we're going to start   a session. And so we can see we have our instance. 
So remember when we created that Im role and we   set it with that SSM UCT roll that was so that 
we could use sessions manager. And the advantage   here of using sessions manager, it's going to log 
every time somebody uses a session.

So I just hit   start on that session there. And so it's very 
similar to that other Connect screen here. And   it actually logs in as the root user not too easy 
to user, which is a bit frustrating. So we'd have   to do sudo Su, EC to hyphen user. And now we are 
the correct user. And we are within this instance.   So you know, that's how you gain access to it, 
we're not really going to be doing much with this   instance, today. So I want you to go ahead and 
terminate this instance, or sorry, that session   there. But that session history is recorded. 
So by forcing everyone to use sessions manager,   you're going to have a bit more visibility over 
what's going on with these machines. Whereas SSH,   might not provide that same visibility without you 
manually putting that effort in there. Okay. But   we'll make our way back to the EC two console 

So just type in EC two here again. And   once we are here, I want you to go on the left 
hand side two instances. And so here we can see   our server. So we now know how to get into this 
machine. And I would say that, we probably want   to go ahead and stop this instance here. So I want 
you to go ahead and just stop it. Okay. And that   way, it's not going to cost us anything. And now 
we can do our next step, which is to create an   ami.

Alright, so now we're going to learn how 
to create an ami and you can think of an ami   as like a snapshot or like saving a copy of your 
entire server. So what you're going to do is go up   to the mixer, the instance is selected there go 
to actions, we're going to go to image here and   create an image now we could create an image, 
whether this is stopped or running, if it was   terminated, the server wouldn't exist anymore, 
so there would be nothing to create an image of,   we'll go ahead here and create an image. And we 
are going to have to provide it some information.   So I'm just going to call this fresh hyphen 
000. Okay, and then you can see that it has   an instance volume. And so that is the hard drive 
that's attached there.

And we're just gonna leave   it as the default settings and create an image. 
And so now it's creating the image and it's view   pending image creation. So we'll click on this 
blue link here. And we'll just wait until that   is created now doesn't take too long. The idea 
here is now once we have an ami if we wanted   to launch another copy of this us the server, 
we're just going to have to hit launch here okay,   but the real reason I wanted to do to set up 
this ami was because we are going to next set   up an auto scaling group and we're going to need 
an ami to do that. Okay, so I'll just see you   here in a little bit Once this is done, and I just 
wanted to show you here that it is done.

Alright,   and so now if we wanted to launch a version of the 
server, we could hit launch. And it's going to go   to the second step. So if we go back here, you 
can actually see that it chose fresh 000. So if   we were to proceed through this, it's a way for us 
to upgrade our server or make other changes to it,   or just so that we have a copy of it, so we can 
launch multiple servers. And just to get back   to the AMI there, I'm just gonna click on left 
hand side here. But yeah, that's all we need to   know for ami, and we'll move on to auto scaling 
group. Alright, so now that we've created an ami,   we are ready to make an auto scaling group. So 
down below, I want you to go to auto scaling   groups.

And so what an auto scaling group does is 
it allows you to ensure that multiple instances   or servers are running. So if you always wanted 
to guarantee that one server is running an auto   scaling group would have a rule that would check 
to say, is at least one running and if not then   launch a new server. Also, auto scaling groups 
are used to meet the demand of whatever traffic   you have. So let's say you have a web application 
or website and it's getting a lot of traffic, and   it's going to need more servers will auto scaling 
groups will determine based on certain metrics,   that the the web application needs more servers, 
and it will spin up more servers.

And when   the the demand of traffic becomes lower than it's 
going to remove servers to meet the demand. Okay,   so what we'll go ahead and do here is 
create a new auto scaling group. And oh,   they just change this ami. So I'm a little bit 
confused. But we'll just hit getting started,   I think that's just a bit of a thing there.

then we're going to choose our ami. So this is   very similar to launching a situ instance. But we 
already have our own ami. So I'm gonna go to my   am eyes, I'm just going to select that fresh one 
there. And we're going to stick with T to micro,   we'll go next, we're going to have to name it 
this launch configuration. So we'll just name   this fresh LC, we're going to use the my EC t roll 
there, we're going to go ahead and add storage.   The defaults look great there, the security groups 
look right there.

And we are going to create   launch configuration and we are going to drop the 
down proceed without a key pair. Because we don't   need one, we're going to create that launch 
configuration. So now that we've created the   launch configuration, we can go ahead and create 
the auto scaling group. So we're going to call   this one fresh as G is CS for auto scaling group, 
we're going to set the group size to one. So the   number of instances the group should have at any 
time. So at minimum how many servers should be   running, then we have to have a, a network or a 
VPC. And we need to choose some subnets. So we're   going to choose one and then we're going to choose 
a another one here. Okay, we just need a couple   there, I'm just gonna check advanced details, 
this all looks great. We're going to configure   our scaling policies, scaling policies are ways 
rules that you can use to determine how the auto   scaling group should react to changes within 
its environment, right.

So if you have a lot of   CPU utilization, maybe that's when it spins up 
servers, maybe it's only when there's a lot of   data transfer in or when there's a lot of memory. 
So that's what's going policies allow you to do,   then we'll go to notifications, then we'll go to 
tags. And then we will review. And we'll go ahead   and create that auto scaling group. Okay. So it 
says that auto scaling group has been created,   we'll hit close. and here we can see our fresh, 
fresh HSG. and choosing our launch configuration,   which is our fresh LC, currently, there are zero 
instances running, the desired capacity is one,   the minimum servers that should be running as one, 
the maximum servers that should be running is one,   okay.

So if we just move this up here and go to 
instances, it should try to start spinning up   servers to meet the minimum demand, which is one. 
So I'm going to hit a refresh here. And I'm just   kind of expecting to see a server starting here. 
If we're not seeing one here just yet. What I want   you to do is right click here on instances, and 
go here. And I bet you a server is starting up.   So I don't see any servers running here as of 
yet. Okay, so I'm just gonna hit refresh here,   because usually, they would just start spinning 
up here.

But yeah, we'll just give this here a   little moment here, because maybe it's just 
taking some time to get started. So yeah,   we just had to wait even just a minute there. 
And I just hit refresh. And already we can see   that this is now one. And under our instances, 
it is launching a new instance ID. So or sorry,   an instance that's just the ID of the instance. 
So if we go back to our instance tab, and we just   do a refresh here, we can see a another instance 
is spinning up. Okay. So what we're going to do   is we're going to just wait for that instance to 

And once once it does, we'll move on to the   next step. Alright, so after waiting a few minutes 
here, our instance is now started here. I'm just   going to select this one off here, but this is 
the instance here that is running. That's part   of our auto scaling group. So Again, we said that 
auto scaling groups, they can ensure that there's   always at least a minimum of servers running. 
And so if we were to terminate this instance,   so I'm just going to go ahead and terminate it, 
what's going to happen is, once it shuts down,   we're gonna go back to our auto scaling group, 
it's going to detect that this one is no longer   healthy.

Okay, so see over here that says healthy 
right now. But it will after a while, determine   that it is unhealthy, and then what it will do as 
a response, it's going to launch a new instance.   So we're just going to wait here for a little bit 
until this is now flagged unhealthy, okay. All   right. And so we can now see that this instance 
is unhealthy.

And so the way this auto scaling   group is going to respond is by launching a new 
instance. So now, we're just going to wait here   a little bit and just keep on hitting this refresh 
button until we see another instance spinning up   to replace this unhealthy one. Okay, so I just hit 
the refresh here. And so that unhealthy instances   gone. And so I guess what we're just going 
to wait for here is now a healthy instance,   to replace that unhealthy one. So just to get back 
to that, that minimum of one server running. Okay,   so we'll just go ahead here and just refresh. And 
so there we go. So we can see that we have a new   server that is starting up.

So we'll just wait 
until that one is totally set up here. And we've   now accomplished what we wanted with auto scaling 
groups, and we will just destroy this auto scaling   group. Alright, so our replacement instance is now 
healthy and in service. So what I want to do is go   ahead and remove this auto scaling group. Now 
I believe that when we delete this auto scaling   group, it's going to take down the instance as 
well. So we're not going to have to delete that.   So I'm just going to go ahead here and delete the 
auto scaling group. And we're going to say yes.   Okay, and so we are going to just watch that 
delete there and hit refresh there. And also,   since we have that instance, tab open, we'll 
hit refresh here. And so we have that instance   running. So what we're hoping to see is that this 
instance is torn down when we have deleted this   auto scaling group.

So we'll just wait here a 
little bit and see what happens. All right. And   so if we were to do a few refreshes there, it 
indeed is shutting down that instance, that was   spun up by the auto scaling group. So when you 
delete your auto scaling group, it's going to   take down those instances as well. So you know, 
that's it for the auto scaling group section,   and we can move on to elastic load balancer. Hey, 
this is Angie brown from exam Pro, and we are   going to learn about elastic load balancers, also 
known as EBS.

And what they do is they allow you   to put a load balancer in front of your instances. 
And the idea is that when traffic comes into your   web application, it's going to flow flow through 
the load balancer, and it's going to evenly   distribute that traffic to multiple instances. 
And your instances generally will be running in   different availability zones. So if one AZ becomes 
unavailable, then your traffic will then go to the   other AZ where you have an instance running, 
so you do not experience downtime.

And your   web application remains running. Okay, so now that 
we have an idea what lbs are, let's go ahead and   launch a few instances so that we have something 
to load balance to. And so I'm going to choose   Amazon Linux two here, we are going to stick with 
the TT micro because it is free, I want you to   select a two instances here, okay. And we're 
going to leave all the settings alone, maybe   we'll give Iam role we do not need to SSH into or 
sorry use SSM to get into that instance, but it   doesn't hurt to attach it there, we're gonna leave 
storage alone, we're going to go past tags, we're   going to go to our security groups, I'm going to 
set it to an existing one and use the default one,   every time you create an instance, it seems like 
it really encourages me to keep making new scritti   groups, we don't need to have a bunch of these. 
So we will just go and use the existing one.

And   I'm going to review and then launch, I'm going 
to drop down here and proceed without a key pair   because we don't need a key pair. And so now these 
instances are going to start up here. And I'm   just going to wait until they get into a running 
state with two status checks. And we'll go ahead   and create our EOB. Alright, so our two instances 
already here and I just want to go ahead and give   them a name. So I'm going to just call this one 
instance a and then we will call this one instance   B. Okay. And now that I have those two instances, 
let's go make our way over to load balancing   here. It's under the ECG console. And so we will 
click here. And what we will do is we will create   ourselves a new load balancer. Now there are three 
types of load balancers. We have application load   balancer, network load balancer and classic load 

We are going to be using application   load balancer here and that's generally what 
you're going to be wanting to use. We are going   to type in a lb Or maybe my al v here, it will be 
internet facing. Okay, we need to ensure that it's   running in at least two availability zones, or 
it's going to complain to us. So we will go ahead   and do that, we will go to the next step here, 
we aren't using SSL or HTTPS, so we don't have   to do anything here. For security groups, we will 
use the existing security group the default one,   so that's totally fine. And for configuring 
routing, we're going to have to create a new   target group, a target group contains a reference 
or a reference to the instances which we want to   route traffic to. So we are just going to make a 
new one, I had to say my target group here.

And we   can route things to different things. So it could 
be instances or specific IPS, or lambdas. So we're   going to stick with instances. And we're going to 
go ahead here and register those targets. so here   we can see we have instances here, I'm just going 
to select them and add to register. So now they   are registered up here, we're going to hit next. 
And then we are going to go ahead and create Okay,   and so it takes very little time for load balancer 
to create, we will then hit close here.

And this   load balancer is now just provisioning. So we're 
just going to wait here a little while until   this is provisioned. And you just have to hit the 
refresh here, and see when this is ready. Alright,   so our load balancers ready didn't really take 
that long, it took about a minute or so. And so   just to poke around here, you can see that this 
load balancer here has a DNS name, okay, so this   DNS name, just looks like a domain name. And the 
way you would route your traffic to the elastic   load balancer is you would actually point it to 
here. Okay, and so all the traffic would go here,   and then it would then go on to the listeners, 
and the listeners listen on a particular port.   So this is Port 80.

And then it's going to then 
have rules, which is going to forward this traffic   to that target group. If we click into this 
target group here, alright, what it's going to do   is it's going to show us the actual targets. So if 
we go over here and look at targets, it's going to   then route it to the registered targets. So that's 
how an elastic load balancer works. And that's all   we really need to know for this, but just to show 
you how to make an elastic load balancer. So now   that we're done here, let's go tear this stuff 
down. So we'll go ahead here and we will just   go delete this load balancer. Now, unlike the auto 
scaling group, which would actually tear down the   instances, we have to take these instances down 

And so what I want you to do is select   a and b here, and we are just going to terminate 
these here. Okay, and that is our elastic load   balancer section. Alright, so we're gonna learn 
a little bit about s3 here. So what I want you to   do is go to services here and type in s3. And we 
will go make our way over to the s3 console here.   And so the first thing I want you to notice that 
when you come to s3, that it is global here.

So s3   does not require a region selection. However, the 
buckets that we're going to create will be region   specific. And the idea here is a bucket is just 
a place to contain your files. Okay. So we will   just create a bucket here, and we're going to give 
it a name, I'm going to call this exam pro fresh.   Now these names are globally unique. It's just 
like selecting a domain name. So if the name you   have here selected is not available, you'll just 
have to change the name. And we have the option   to choose choose the region. So I'm going to go 
ahead here and create this bucket. So now I have   a bucket, and we can start uploading files to this 
bucket. So I'll go ahead here and just hit upload.   And what I'm going to do is I'm just going to add 
some files. And so for my desktop, I have a photo   of me, I'm going to hit open here, I'm going to 
upload that there. And so now we have a, a file   here in s3, okay, and so if I want to download 
it, I can just hit that download button there.   And that will allow us to download that file.

there's a variety of different things that you can   do in s3, but that is just the most basic things 
you need to know about s3, okay, but we aren't   going to delete this bucket because we're going to 
use it in combination with our next thing, which   is using CloudFront. Okay, so I'll just gonna make 
my way back here to the homepage here. And we'll   move on to the next part. Alright, so we're going 
to take a look at CloudFront. So CloudFront is   used as a CDN, a content distribution network.

the idea here is let's say you have files, static   files or video files that you want to share across 
the world. But you want those to load as quickly   as possible and make the shortest route to the 
end user. And that is where CloudFront, which is   a content content distribution network comes in. 
So it's going to take whatever your static content   is. It's going to then copy it to multiple edge 
locations around the world. And so when someone   tries to access your content, it's going to go 
to that nearby edge location, as opposed to going   really far away to get that content.

So let's 
make our way over to CloudFront here, so drop down   services and type in CloudFront. Okay. And we will 
make our way over here. And we're going to need   to create ourselves a distribution. And we'll just 
get started here. And I want you to drop this down   and just choose that s3 bucket that we created. 
Okay. And pretty much all the settings here are   totally fine. So we're just going to go down 
below here and create that distribution. Okay,   and creating distributions take quite some time 
to to happen. But the idea there is remember Hi,   upload that one file to my bucket there. 
So what this distribution is going to do,   it's going to copy that file and then move it to 
all those servers around the world. So that now   my content is a super fast, okay. And just like 
elastic load balancer, where it had a DNS name,   where you could hit it like a domain name to 
access those instances.

CloudFront is similar. So   here, we have a domain name here, so your traffic 
would hit this domain name, and then it would then   route your traffic to the nearest edge location. 
Okay. So that's all there really is to it here,   distributions take a really long time to create. 
So we don't really need to wait for this to   complete. So I'm going to just disable this here, 
okay. And it's going to just disable and once it's   disabled, you can delete it, even if you don't 
delete it, it's not going to cost you anything   here because it will be disabled. But yeah, once 
it's done disabling, you can go ahead and select   it and then delete it. Alright, so that's alright, 
so now we're going to look at RDS which stands for   relational database service.

And it is for setting 
up relational databases. So I want you to make   your way over to the RDS console. So go to the top 
here and type RDS. And we'll click that. And once   we're here in the console, we're going to create 
ourselves a new database. So on the left hand side   here, go to databases, and then create a database. 
And we're going to be presented with quite a few   options here. Okay, and so by default, it has the 
Amazon Aurora engine selected, this is one of the   most expensive options, so we definitely do not 
want to use that. So we will just use Postgres   for our case here. And the next thing is we have 
some templates to get started here.

And so we have   production, dev test and free tier. And these are 
all suited for different needs. So the idea with   production is, if you are a larger, a very, very 
large company, they're setting you up with every   Bell and whistle under the sun here, we're def 
test is for small to medium size companies. And   free tier is definitely just for a gain hands 
on experience, which is what we're doing here,   or just for testing simple application. So I just 
want to show you the price difference here. So   they have a calculation down below. So if I scroll 
all the way down below here, you can see that for   production, it's $600 a month, which is quite 
a bit of money.

And then if we have a dev test,   and we scroll down here, now it's $262, still 
quite expensive. And then we go the free tier   and now there is no cost shown because it is 
free, okay, but you only get 750 hours on RDS,   and so on for a T two micro and then once that 
is used up, then if you use the T to micro for   a month, it will cost you around $15 per month. 
And again, if you are a very small startup,   you can run on the free tier and the lowest tier 
for quite a while.

But you know, for some reason,   AWS decides to always have the most expensive 
one selected here with RDS so we just have to   be careful there. So let's go to free tier because 
it is the use case for us. We have the DB instance   identifier, we'll leave that alone, that's 
totally fine. We need to set a password so I'm   just going to type in Postgres 123. Okay, and then 
Postgres 123. Then you have your DB instance size,   we of course want to leave it on T to micro 
here, because we want to have the smallest   instance there's nothing smaller.

There's no nano 
here on RDS litc to then we choose our storage,   it's set to 20 gigabytes, there is auto scaling 
for storage, so it will automatically increase   the size of that runs out. I have to turn that 
off. Because we don't need that you have your   multi AZ you can determine where this RDS 
should launch, like what VPC, we're gonna   leave in the default. For database authentication, 
we can use the standard password authentication,   or if you want to allow Im users to authenticate 
directly. You can use that which is pretty   cool. I'm just going to leave it to password 
authentication. And then we have additional   configuration which you definitely want to set. 
So you have your initial database name.

So if you   do not specify database name RDS does not create 
a database. So I'm pretty sure we want to create   a database So we're gonna have to name this here. 
So I'm gonna call this exam Pro, fresh, okay? And   we're going to turn backups off. Okay? And oh, I 
guess apparently, I can't use a hyphen there. So   I'll just remove that. Actually, it looks like 
I can use an underscore.

And so but anyway,   so if we turn this off to zero days, that means 
it's not going to take a snapshot right away,   or a backup right away, it's going to launch a lot 
faster. And we're not doing much with a server. So   you know, let's just get through this as quickly 
as possible. We don't need performance insights,   I'm going to turn that off as well. And, yeah, we 
were all good to go.

So we'll go ahead and create   that database. Okay, and so we're just going to 
wait for the creation of that database there.   And it will just take a little bit of time here. 
And we'll be back in a moment. Alright, so now   our database is available here. And you can just 
see when clicking into it, that we get stuff such   as the CPU usage currently, and how many current 
connections are connected to this database here.   Now, in order to actually access this database, 
you'd have to assemble all the requirements. So   you'd have to use this endpoint, you'd need 
this port number, we need the database name,   username, password, which we had set earlier. 
And then you could use a traditional tool, maybe   table plus or something to make a connection and 
start using that database.

Okay. But, you know,   for our purposes, it was just a matter of showing 
how easy it is to create a database here. And so   now that we have created our own database, let's 
go ahead and just destroy that database. Okay.   And so I'm going to go ahead here, and I just 
have to type in, delete me. Okay, and that's RDS   for you. So this will just delete here, I'm just 
gonna hit refresh. And we're totally good here,   I'm just gonna go back to the management. So we're 
gonna take a look at a with lambda here and see   how to run a lambda function. So what I want you 
to do is go to the top here to services and just   type in a lambda.

And we'll make our way over to 
the lambda console. And once we're in here, I want   you to go ahead and create a new function. And we 
are going to author one from scratch. So I'm just   gonna say a my lambda, okay, and we have a bunch 
of different runtimes that we can choose here,   we have no GS, etc, I'm gonna choose Ruby, because 
that's my language of choice, we're going to drop   down here, and we are going to have it create 
us a new role with basic lambda permissions so   that it can write to cloud watch logs, and we're 
going to go ahead and create that function.

Okay,   great. So that function has now been set up 
here for us. And if we just scroll down here,   you can see that we have this nice little inline 
editor that allows us to work on our function,   okay. And so the big benefit of lambda, it's, 
you don't have to worry about the the servers,   you just write your code, and it will run. The 
trade off here is though, that these only run for   a small amount of time.

So lamda can only run for 
up to 15 minutes, but generally they're they only   run for one second or less. That's definitely how 
they're used. Let's go ahead here. And let's just   put a puts in here. So I can just say hello world, 
just so we can see that our lambda works. And what   we can do here is we can go up and make a test. 
So I'm just gonna go ahead here and make a test.   And we already have one here called hello world. 
And I'm just going to type this in again, hello,   world. Here, oh, maybe I have to do this. And I'm 
just gonna hit Create there.

So now I have a test.   And I'm just going to go ahead and hit test there. 
And we can see that it succeeded. And we got a   status code. So this is what it would return. 
And if we were to go check the logging here,   if we were to go to monitoring here, all right, 
we should be able to see that that puts that we   have there.

Okay, so we just click on this button 
here, view logs in cloud watch. And we can see   that lambda ran there. And you know, the reason I 
don't have any output here is I forgot to hit Save   there really finicky about that. And now if I hit 
test, okay, it's worked. And now the output here   actually has HelloWorld. Okay, so that's from the 
logs. And if I go back here and give this a hard   refresh here, okay, I might have to go back one 
step here because now it's in this one up here,   and we should have our, our puts, click the right 
one. Maybe just says, oh, there it is.

Okay,   so I've just been patient here, but it showed 
up. So there you go. So you can see lambdas are   pretty darn simple. And just going back here 
up To the function lambdas get triggered from   a variety of different services. So if you want 
to add a trigger, you can go here and drop down   and choose a service. So you could have it. So 
anytime something is inserted into dynamodb,   it would then trigger that lambda function or 
from a variety of things. Okay, and there's   even integration with third party, third party, 
Amazon partners. Okay. So yeah, that's all we   need to know for lambda. So we're going to take a 
look at the ECP pricing model.

And there are four   ways we can pay with EC two, we have on demand 
spot, reserved and dedicated. And we're going to   go through each section and see where each one 
it makes sense. So we're going to take first a   look at on demand pricing. And this is whenever 
you launch an EC two instance, it's going to by   default use on demand, and so on demand has no 
upfront payment, and no long term commitment,   you're only charged by the hour or by the minute 
is going to vary based on ecsu instance type. And   that's how the pricing is going to work. And you 
might think, okay, what's the use case here? Well,   on demand is for applications where the workload 
is short term spike, you're unpredictable,   when you have a new app for development, or you 
want to just run an experiment, this is where   on demand is going to be a good fit for you. 
So we're taking a look at reserved instances,   also known as r i, n, these are going to give you 
the best long term savings.

And it's designed for   applications that have steady state predictable 
usage or require reserved capacity. So what you're   doing is you're saying to AWS, you know, I'm gonna 
make a commitment to you, and I'm gonna be using   this over next period of time, and they're gonna 
give you savings. Okay, so this reduced pricing   is going to be based on three variables, we 
have term class offerings, and payment options.   And we'll walk through these things to see how 
they all work. So for payment options, we have   standard convertible and scheduled standard is 
going to give us the greatest savings with 75%,   reduced pricing. And this is compared to 
obviously to on demand. The thing here though,   is that you cannot change the ri attributes, 
attributes being like instance type, right?   So whatever you have, you're you're stuck with 

Now, if you needed a bit more flexibility,   because you might need to have more room to 
grow in the future, you'd look at convertible,   so the savings aren't going to be as great, 
we're looking at up to 54%. But now you have   the ability to let's say, change your instance 
type to a larger size, you can't go smaller,   but you can always go larger, and you're 
going to have some flexibility there,   then there's scheduled and this is when you need 
to reserved instances for a specific time period.   This could be the case where you always have a 
workload that's predictable every single Friday   for a couple hours.

And the idea is by telling 
AWS that you're going to be doing out on schedule,   they will give you savings there that's going to 
vary. The other two things is term and payment   options. So terms is how long are you willing 
to commit one year or three year contract, the   greater the terms, the greater the savings, and 
you have payment options. So you have all upfront,   partial upfront and no upfront, no friends, the 
most interesting one, because you could say, you   know, I'm going to use a server for a year, and 
you and you'll just pay at the end of the month.   And so that is a really good way of saving money. 
Right off the bat, a lot of people don't seem to   know that. So you know, mix those three together. 
And that's going to change the the outcome there.   And I do here have a graphic to show you that you 
can select things and just show you how they would   estimate the actual cost for you. A couple things 
you want to know about reserved instances that   can be shared between multiple accounts within a 
single organization and unreserved, our eyes can   be sold in the reserved instance marketplace.

if you do buy into one or through your contract,   you're not fully out of luck, because you can 
always try to resell it to somebody else who   might want to use it. So there you go. So 
now we're taking a look at Spa instances,   and they have the opportunity to give you the 
biggest savings with 90% discount compared to on   demand pricing. There are some caveats, though. So 
eight of us has all this unused compute capacity,   so they want to maximize utility of their idle 

It's no different than when a hotel   offers discounts to fill vacant suites, or when a 
plane offers discounts to fill vacant seats. Okay,   so they're just easy to answer this is lying 
around, it would be better to give people   discounts then for them to do nothing. So the only 
caveat though is that when you use spot instances,   if another customer who wants to pay on demand 
a higher price wants to use it and they need to   give that capacity to that on demand user. This 
instance can be terminated at any given time,   okay? And that's going to be the trade off. So 
just looking at termination termination conditions   down below. instances can be terminated by Avis at 
any time. If your instance is terminated by AWS,   you don't get charged for the partial hour of 

But if you were to terminate an instance,   you will still be charged for any hour that it 
ran. Okay, so there you go. That's the little   caveat to it. Um, but what would you use spot 
instances for if it can if these incidents could   be interrupted anytime? Well, they're designed 
for applications that have flexible Start and   End Times or applications that are only feasible 
at very low compute costs.

And so you can see,   I pulled out the configuration graphic 
when you make spot. So it's saying like,   Is it for load balancing workloads, flexible 
workloads, big data workloads are defined   duration workloads. So you can see there is some 
definitions as to what kind of utility you would   have there. But there you are. So we're taking 
a look at dedicated hosting, which is our most   expensive option with EC two pricing models. And 
it's designed to meet regulatory requirements when   you have strict server bound licensing that won't 
support multi tenancy or cloud deployments. So to   really understand dedicated hosts, we need to 
understand multi tenant versus single tenant.   So whenever you launch an EC two instance, and 
choosing on demand or or any of the other types   beside dedicated hosts, it's multi tenant, meaning 
you are sharing the same hardware as other AWS   customers, and the only separation between you and 
other customers is through virtualized isolation,   which is software, okay, then you have single 
tenant and this is when a single customer has   dedicated hardware. And so customers are separated 
through physical isolation.

All right. And   so to just compare these two, I think of multi 
tenant is like everyone living in an apartment,   and single tenant is everyone living in a house. 
Right? So, you know, why would we want to have our   own dedicated hardware? Well, large enterprises 
and organizations may have security concerns or   obligations about sharing the same hardware with 
other AWS customers. So it really just boils down   to that with dedicated hosts. It comes in an on 
demand flavor and a reserved flavor. Okay, so you   can save up to 70%. But overall, dedicated hosts 
is way more expensive than our other ACP pricing   options. So we're on to the CPU pricing cheat 
sheet. And this one is a two pager, but we'll make   our way through it. So EC two has four pricing 
models, we have on demand spot reserved instances,   also known as RI and dedicated looking first at 
on demand, it requires the least commitment from   you.

It is low cost and flexible. You only pay 
per hour. And the use cases here are for short   term spiky, unpredictable workloads, or first time 
applications, it's going to be ideal when you want   workloads that cannot be interrupted, whereas 
in spot, that's when you can have interruption   and we'll get to that here shortly. So onto 
reserved instances, you can save up to 75% off,   it's gonna give you the best long term value. 
The use case here are steady state or predictable   usage. You can resell unused reserved instances 
and the reserved instance marketplace the reduced   pricing is going to be based off of these three 
variables terms class offering and payment option.   So for payment terms, we have a one year or 
a three year contract.

With payment options,   we can either pay all upfront, partial upfront 
or no upfront. And we have three class offerings,   we have standard convertible and scheduled. So for 
standard we're gonna get up to 75% reduced pricing   compared to on demand. But you cannot change those 
ri attributes meaning like, if you want to change   to a larger instance type, it's not going to be 
possible, you're stuck with what you have. If you   want a bit more flexibility we have convertible 
where you can get up to 54% off, and you get that   flexibility. As long as those ra attributes are 
greater than or equal in value, you can change   those values, then you have scheduled and this is 
used. This is for reserved instances for specific   time periods. So maybe you want to run something 
once a week for a few hours. And the savings here   are gonna vary. Now on to our last two pricing 
models, we have spot pricing, which is up to   90% off, it's gonna give you the biggest savings. 
What you're doing here is you're requesting spare   computing capacity. So you know, as we said 
earlier, it's like hotel rooms where they're   just trying to fill the vacant suites.

If you are 
if you're comfortable with flexible Start and End   Times spot price is going to be good for you. The 
use case here is if you can handle interruption,   so servers randomly stopping and starting, it's a 
very good use case is for non critical background   jobs. instances can be terminated by ABS at any 
time. If your instance is terminated by ATMs,   you won't get charged for that partial hour 
of usage. If you terminate that instance,   you will be charged for any hour that it ran 
in. Okay. And the last is dedicated hosting,   it's the most expensive option and it's just 
dedicated servers okay? And so it can be can be   utilized and on demand or reserves you can save up 
to 70% off.

And the use case here is when you need   a guarantee of isolette hardware. So this is like 
enterprise requirements. So there you go. made it   all the way through ECP pricing. Alright, so there 
are many AWS services that do not incur a cost and   so these are free services. So for example I am, 
which is used for creating users and groups and   roles to access a different resources, creating 
any of those components of IBM are not going   to incur a cost.

So I am is essentially a free 
service where you have these other services which   are free, such as auto scaling cloud formation 
Elastic Beanstalk everything in this blue box,   but they can provision other AWS services, 
which costs money. So, on the exam, I would   not be surprised if you come across a question, 
which kind of implies that cloudformation might   incur a cost, but you just need to know that the 
service itself is free, but it can provision other   services. Okay, so I've highlighted in bold here, 
two services, which I think would most likely show   up on the exam. But I've given you more of a full 
list of things that definitely do not cost money.   So there you go. So each of us has four different 
support plans to help you out when you need it.   And when you first make an AWS account, you by 
default are in the basic support plan. And this is   going to give you access via email for billing and 
account information. So let's say you aren't sure   about the cost of something or you think that you 
might have been overbilled or you are suspecting   that you may be overbuild.

Because you might have 
misconfigured, something, you have this available   to you at all tiers. But yeah, that's the first 
thing that you have access to. And so you just   send them an email, and they'll help you resolve 
that. Now, coming into the paid tiers, we're   gonna start with developer starting at $20 USD, 
and this is gonna give you access to technical   support via email, okay, and generally, they will 
reply within 24 hours. But they do allow you to   choose the response time, like the nature of the 
issue, which is going to determine how fast they   reply. And so we have general guidance and system 
impaired, okay. Now in the developer tier, it does   not provide third party support. So let's say you 
had a web application, whether it's Ruby on Rails,   or Django or express GS and is running on an EC 
two instance, AWS is going to help you with easy   to instance, but they're not going to help you 
with the actual third party part, which would be,   you know, again, rails or Django and etc.

So, so you know, that's what's going to be limited   to, going into the next year business was starts 
at 100 USD, this is now where you're going to have   access to chat and phone. And this is any time, 
okay, so if you want to call them at 3am in the   morning, you can or chat with them. And generally, 
it might be a bit slower to connect with them,   but they definitely will connect with you. And 
you can work through your problems, okay. So   the other advantage here is that now that you can 
do chat and phone, you can also do screen sharing   with them, so they can actually send you over a 
link. And now they can see your screen, and they   can work through the problem with you.

And this is 
extremely useful and definitely makes the business   here, something worth purchasing, especially if 
you're running a production system. Okay, you're   also going to get faster response times, in the 
case of if you have a production system impaired   or down. Okay, so this might be important to you. 
And so also the business tier and enterprise here   does support third party, okay, so on these tears, 
they will make the best effort to try to help you   through things that aren't database related to 
solve your problem. Okay, so that is an additional   bonus, they're now coming into the enterprise 
account. This is the most expensive plan starting   at 15,000 USD, it was previously 10,000. But it 
was has increased that and this plan is special   because you actually get to dedicated resources, 
these nysa resources, I mean people and so you get   a personal concierge and a Tam which stands for 
technical account manager.

And also you have a   new response time where they can respond within 
15 minutes. In the case for a business critical   system down. Okay. So um, there's that and then we 
have advisor checks. Okay, so for advisor checks   for the basic developer, we have seven, and then 
for business enterprise, we get all checks. Do we   have another section in this course here where 
we covered trusted advisor so you can see what   all those checks are. But for the exam, you're 
going to need to know the difference. pricing   for the different tiers, you're going to need to 
know those response times the 2412 for one hour,   15 minutes, you need to know when are people 
assigned your accountants only in the enterprise.   You're going to need to know when third party 
support is is there or not Yeah, so there you   go. So here in this follow along, I want to show 
you how you would go ahead and create a case,   in AWS support, I am using the business support 
plan here.

And you can see that I have a bunch   of different support cases, I definitely have a 
lot on cloud front, because it's given us a lot   of trouble. But anyway, let's work our way through 
this and create a new case here. And then you're   going to be presented with a type of case you 
want to choose. So if you were on the basic tier,   technical support would be grayed out, you'd 
have access to both account a billing support   and service limit increase.

So if I just click 
here, you can see here, if I want to report a   billing thing, I can choose the type. So I'd say 
billing, I would choose the category. So I could   say I have a question about the free tier. And 
then you could specify the response time here,   okay, Lord, I guess they call it the severity 
and you'd write your subject description, you   can attach up to three attachments there. And you 
can only choose to talk to them via email. Okay,   so we have chat and phone, but these are disabled. 
But I think the real interesting thing to show you   in support here is technical support. Okay? So 
with technical support, this is where we're going   to be able to ask technical questions about Ada 
services. So if I wanted to drop something down,   and we would type in a cloud front here, because 
again, I say cloud front is something we spent a   lot of time on. And then you choose the category. 
And so now the category is going to narrow down   based on the service.

And on the right hand side, 
there are going to give you suggestions, okay,   but we can go through here and say I'm having 
an issue with caching, okay. And then you could   choose the severity. So we'll just leave it 
general. And then sometimes they ask you to   provide additional information, it's optional, 
but it's going to save them time to help you out,   you'd have to go through your account to find 
those values, it's going to change based on the   service. And then down below, we can write in 
whatever we want.

So I could say, I'm having   issues with my distribution. Okay. My cash values 
aren't showing up, aren't being served. Okay. And   so you can choose the preferred contact here. 
Now, this is very simple, you don't get any   type of formatting or bolding. So you have to be a 
bit creative to display that information. But you   definitely want to try to create all the steps for 
them to replicate it. Okay. And then down below,   we have web chat or phone. So we'll give chat a 
try here. Okay, and I'm just going to hit submit,   and then we will we will get here is, um, a chat 
window pop up there. Okay, and so we'll just wait   here for a little bit. Well, I just wanted to give 
you actually a better example here.

So I just left   that window there and opened up a previous case I 
had here on this one actually is with CloudFront,   lambda edge. And so once you are chatting with 
the cloud engineer, it will actually save all   this within the case later on. So if you need to 
read what you were talking about, that's going to   be saved there later. If for whatever reason, the 
cloud engineer cannot solve it, and they need to   go off and try to replicate it or reach out to 
someone else in the team, they will do so and   then they will come back to you with the answer 
later on.

And so they will provide that there.   And that's what happened in the case here. Okay, 
um, and generally, sometimes they will go out and   actually bring back even more information for you 
there. Okay. So you can even see that this cloud   engineer had to go talk to the cloud formation 
team to resolve this case here. So you definitely   can really reach the experts within AWS to solve 
your problem. So there you go. That's generally   the follow along here in a nutshell, for crina 
case, okay. So now we're taking a look at AWS   marketplace, which is a curated digital catalog 
with 1000s of software listings from independent   software vendors, and allows you to easily find 
by test and deploy software that already runs   on AWS. So on the right hand side, there, you 
can see we have a bunch of categories such as   operating system security, machine learning, and 
the idea is that you would click into one of those   categories.

And now you have a bunch of products 
that are being offered to you in the form of   Amazon machine images, cloudformation, templates, 
SAS offerings, laughs rules and a variety of more.   And these products can either be free, or they 
could have an associated charge, more likely   the ladder and discharge will become part of your 
AWS bill. And if you want to sell things yourself,   there is a sales channel for ISVs and consulting 
partners. So you definitely It cannot just be the   one buying but also selling, okay. So in this fall 
long, I want to show you the AWS marketplace and   the things that you could possibly buy in here. 
So just looking here, on the homepage, here,   we have a bunch of categories where we can narrow 
down the thing that we're looking for. Or we could   choose a vendor, if we knew in particular, what we 
want, you can see there's 1361 vendors. So there's   quite a few here. Or if you want to determine 
your pricing plans or delivery methods, okay,   and then you have those popular categories, 
which is a very easy way to start exploring,   maybe we would be interested in machine learning. 
So I'll go ahead and click there.

Okay. And now   that we are in machine learning, we can see that 
we have a variety of different offerings here. So   let's say we wanted to do some deep learning. 
with Python three and TensorFlow, I'm just   going to click into here. And it's going to give 
you an idea what kind of product we have here.   I believe this is an Amazon machine image, I'm 
just kind of trying to find where it says that,   and right down there.

So we see that the delivery 
methods is an Amazon machine image. So it's going   to determine what that is. And we have a variety 
of information here, such as the product overview,   it'll do price estimating estimations based on the 
easy to instance that you choose. And there can   be useful information such as how to actually use 
this. Okay, so yeah, so if you wanted to do that,   I mean, you could create a subscription from 
here. But generally, when you're launching Amazon   machine images, you'd want to go ahead and launch 
that with in the EC two, console there.

So let's   hop our way over there and try to find something 
in the marketplace. Okay. All right. So here I am   in my AWS account, and I'm going to make my way 
over to EC two. Okay. So a lot of times when you   want to use a marketplace resource, generally, 
you're going to launch it within the context of   what service you're using. So there are laughs 
rules that are sold in the marketplace. So when   you're using laughs in the last console, you can 
purchase them there. And when it's going to be   an ami, it's going to be via EC two. Okay, so I 
would just go ahead here and launch an instance.   And as soon as I launch an instance here, or you 
get to the option to choose to watch it instance,   whatever it decides to load, we are going to be 
presented with the AMI that we need to choose,   okay.

Alright, so now we can choose our ami, 
on the left hand side, you're going to see AWS   marketplace. And so this is where it's going to 
make it easy for us to choose a service there and   subscribe to it. So if we wanted that machine 
learning one, I think it was TensorFlow. Okay,   so we typed TensorFlow there. I'm not quite 
exactly the same one. But if we just wanted   to launch one here, so here we have deep learning 
ami, which is an Ubuntu image.

And it would have   some kind of associated cost here. So I go 
here and select it. Okay. And right away,   it's going to show me the pricing here. I don't 
see any additional costs, probably because this   one is an AWS, deep learning ami, it probably 
doesn't have any additional cost, but it does   estimate that stuff out there. So maybe we'll 
go back and actually choose something where I   know there will definitely be a cost. Maybe we 
try launching guacamole. Okay, so guacamole is   a if you can spell it is a is a bastion, I'll 
just type in Bastion, that's an easy way to find   it. And so here's guacamole, it gives you a free 
trial. And here you can see the pricing here. So   you see 0.3 cents to 33 point 52 cents per hour. 
And so I will just go ahead and select that, okay,   and choose that ami and it can tell you that it 
has a free instance. And then you'd hit continue,   okay. And then you just launch your instance. 
So based on this here, I'm restricted to that.   So I'll just do a small here, and I'm just 
going to go ahead and review and launch.

Okay,   and this is definitely not part of the free 
tier. So I'm going to definitely want to destroy   this immediately after creating it, okay. But I 
just want to show you how easy it is to create   something from the aect marketplace here. Okay. 
We'll just download that and launch that. Alright.   And so now I actually have a subscription to that 
market. Place service. Okay. So as is launching   there usually doesn't take this long, but today, 
it seems to be a bit slower. I want to show you   the actual ABS marketplace subscription. So 
when you start accumulating subscriptions,   you can go to ABS marketplace subscriptions here 
and see that apparently it's not supported in the   Canada region. So we'll have to move over 
to US East. That's not uncommon for AWS,   because a lot of times with billing and other 

They are only available in the US East   region. But here you can see we have guacamole, 
okay, it's saying trial ends in five days. And   then I have over here a lamp certified by bitnami. 
And it has no additional costs. So if you are   using a bunch of things from the marketplace, and 
you're trying to keep track of them, this is where   you're going to find that information. Okay? So 
I mean, that's pretty much all you need to know,   for the ABS marketplace. And I'm just going to 
make sure to shut down that instance, there,   since I do actually not want to do anything with 

Okay. But I just wanted to show you how easy   it was to start subscribing to a resource there. 
So I'm just going to go here and quickly shut down   that instance there. So if you're following along, 
you do the same. So I'll just go ahead here and   terminate that instance. Okay. And there we go. 
Hey, this is Angie brown from exam Pro. And we   are looking at trusted advisor which advises 
you on security, saving money performance,   service limits and fault tolerance. The reason 
I have that saving money in red is because we   are looking at billing and pricing. Okay. And 
for trusted advisor for every single account,   you're going to get for free seven trust advisor 
checks, if you have either business or enterprise   support, you're going to get all trusted advisor 
checks. And an easy way of thinking of what   trusted advisor is, is think of it as an automated 
checklist for best practices on AWS. So trusted   advisor has five different categories where it can 
advise you on and it has a checks.

And these are   all the checks that are possible that are at the 
paid tiers, okay, for the free tier, there's quite   a few less, I honestly can't remember what they 
are. So I'm not going to show them here to you.   And we're just going to focus on the fullest here 
going through each category. So first looking at   cost optimization, where you're going to be able 
to save money. The two most common ones where it   will recommend you on is idle load balancers, and 
on associate AIP. So for idle load balancers. So   if you spin up an elastic load balancer, the 
minimum cost per month is $15. Okay, but let's   say you just don't happen to have any easy two 
instances that are being balanced on there, it's   going to say, hey, this load balancer is not doing 
anything, maybe you should get rid of it to save   some money. Another one is IPS. So that's elastic 
IP addresses. Okay. And so the idea is that if you   have an easy to instance, and you want to give it 
a static IP, you can reserve an E I, II, II p from   AWS.

But the thing is, is that it's not attached 
to EC two and says it's associated, it costs you   money, because AWS wants you to release that 
that IP address so someone else can use it.   So that's a recommendation that will make to you 
looking at performance. Let's say we look at high   utilization Amazon ECS instances. So for that one, 
I believe that it's let's say you have a very high   CPU usage on an on a CPU instance, it's going to 
say, hey, maybe you should use a larger instance,   okay, to get better performance out of this, 
this machine here, okay? Now, for security,   we have MFA on root account. And this is not 
only trusted advisor tells you to do this,   but so many other services tell you to do it, 
because it's such a important security measure   within your AWS account. Another thing could be 
Iam access key rotation, so you have access keys   that are used by users.

And it might suggest, hey, 
it's time to rotate these out to make sure things   stay secure. Okay, so looking at the last two 
categories, we have fault tolerance and service   limits. So for fault tolerance, it would recommend 
that, let's say something for RDS backups, okay,   so just to make sure that you have backups in 
place, or have them turned on. So in the case   that your database goes down, you can recover 
it, okay. And then you have service limits,   and there's none in particular chosen here. But 
there are limitations on the certain amount of   things that you can use enables allows you to 
increase those limits. So it's just kind of like   a safeguard for you to be less be allowed to go 
beyond that, I guess a really good one would be   SEO.

So SEO allows you to send out emails, and 
probably by default, it caps you at like 5000 or   10,000 emails. And if you had to go beyond that, 
you would ask for a service limit increase. Okay,   so those are all the checks there and the five 
categories to give you an idea of what trust   advisor can help you with. So in this follow 
along, I want to show you, the trusted advisor   dashboard and how it makes recommendations to 
you, and how you can keep up to date when it   discovers new things. Okay, so here in this 
exam pro account, we have business applied,   so we have all the AWS advisor checks.

So let's 
go take a look at cost optimization here. And   you can see that we have things in green. So these 
things are a Okay. And then you have things with   warnings. And one thing we explored earlier was an 
associate associated elastic IP addresses. If we   expand there, it's going to show us that we have 
one IP address and our US East region that's not   currently associated with any running instance. 
So this thing is costing us money, okay? So so   then you'd have to go take action and go over to I 
believe it's VPC, the VPC console and then just an   associate that and you start saving money, okay. 
And so we have that for a bunch of categories   here.

pexels photo 7282818

If you wanted to download a report, I 
believe you could go up here and download an   XLS. Yep, that's an XLS there. So you can bring 
that into Excel and look at that information.   But the number one thing I'm going to show you 
is preferences. And under preferences, you can   actually set up email notifications on a weekly 
basis. So you would just set those email addresses   checkbox and save those preferences. And you would 
get these notifications, anytime there would be a   change, where it has recommendations for you, you 
can take action on that. So that is all you really   need to do for trusted advisors. So there you go. 
So we're gonna take a look here at consolidating   billing, which is a feature that is turned on by 
default when you're using a service organizations   and you have multiple member accounts. So you're 
going to have one account, that's considered your   master account within your organization.

And then 
you'll have all these member accounts underneath.   And all of their billing information is going 
to be sent to the master account, as well as   the master account is going to be responsible for 
paying the charges for all its member accounts.   Okay, so it makes billing a very simple and 
straightforward. And also, you'll be able   to use cost explorer to visualize the usage of the 
billing per account. So if you wanted to see all   the expenses, just for the developer account, or 
the data science science account or the security   account, you're going to be able to segment that 
data within cost Explorer. consolidate billing   is offered at no additional cost, okay. And if 
you do have a member account, and you have it,   leave the organization that cost export data is 
going to be no longer available. So just keep that   in consideration. Okay. So another thing we want 
to touch on about consolidating billing is volume   discount.

So each of us has volume discounts for 
many services. So what that means is, the more you   use something, the more you are going to save 
Okay, and so consolidate consolidated billing   lets you take advantage of volume discounts, 
because it's going to take the usage from multiple   accounts and treated as one and then whatever 
that surplus of from another account is going   to end up in another bracket of lower discount. So 
just to really illustrate this here, we have usage   from two different accounts we have odos usage and 
data's use, DAX is usage for data transfer, okay,   instead of the data transfer is going to cost at 
the first 10 terabytes 17 cents per gigabyte. And   the next 40 gigabytes is going to be a 13 cents 
per gigabyte. Okay? So if you were just paying   for odos usage and daxue separately, which would 
be unconsolidated, you could see that comes out to   2088 and 96 cents, okay.

But when you consolidate 
the billing and group, the total usage, you're   going to have that usage overflow into tier two, 
which is where you're going to save that money,   okay. And so now you can see the consolidated 
billing, it's going to be $2,007.04. So we have   roughly there about $80 worth of saving, okay, and 
so, if you if those costs weren't consolidated,   we wouldn't get those savings. So that's one 
motivation for you to take your individual   accounts and make sure they're in an organization. 
Okay. Hey, this is Andrew Brown from exam Pro. And   we are looking at AWS cost Explorer, which helps 
you visualize, understand and manage your AWS cost   and usage over time.

So with cost Explorer, if you 
have multiple AWS accounts within an organization,   all the costs will be consolidated into the master 
accounts of cost Explorer is very good at giving,   getting an overview of all your costs, no matter 
what accounts they're in. Within Eva's cost   Explorer, you have these things called reports, 
okay? And Asus gives you a bunch of reports,   by default that you can use. So if you need to 
start breaking costs down based on services,   or excetera, they're just one click away. And you 
of course, can make your own reports. Within cost   Explorer, it has a feature called forecasting, 
which allows you to see future costs, so you can   plan for the future or maybe make adjustments so 
you can lower your bill.

Within cost explorer if   you want to view the data monthly or daily, that 
is an option that is available to you. And you   get these nice graphs within class Explorer. 
So you can group the information in a variety   of different ways. You can see there's tons of 
different ways and you can also filter based on   a lot of options there. So if you want to filter 
out very specific services or Yeah, very specific   regions or based on tags, or maybe you just 
want to look at one particular, like accounts,   maybe you have a developer account, you just want 
to see what they're spending, then you, you can   use those filters to narrow that stuff down. All 
right? Hey, this is Angie brown from exam Pro.   And we are going to do a quick follow along here 
in Eva's cost explorer here. Okay. And so here,   I have an exam pro at ghost account, which has 
some expenses within it. So hopefully, we will   find some useful information here to look at as 
an example, on how would you use cost Explorer.

So   here I am on the home, right. So if I was to click 
here, this is what we would see. And right away,   we're going to get month by month today cost. So 
here so far, we've spent $185, this month, and   then it's forecasting $466.18, I do need to point 
out that these forecasts, forecasted monthly costs   can be misleading. So if you have a large spike, 
or bill at the start of a month, because you might   have large services, so like you're paying for EDA 
support, or you're registering domains, like one   time fixed costs, this value here can be extremely 

So next month, I'm not paying $466. I   definitely know that. But you know, just be aware 
of that, if you see that it might shock you. Okay,   so just to start looking at information, we 
go to explore costs, okay. And right away,   now we have our nice graph here. And it allows us 
to now filter this data however we want. So here   we have that group by and so the most convenient 
one is generally by service, okay. And so what   you'll get is a stacked bar graph here, which 
will break down service costs. Now, it doesn't   always show everything.

As you can see, here, we 
have our business support RDS, some other EC two   instances that are probably managed by AWS, maybe 
ECS or something, then we have kinesis analytics,   and then we have others, okay, so you don't get a 
full picture there. But they do have a cost listed   down below, you can download the CSV and work with 
this raw data here. Okay, and you could break this   down monthly, so I can go to monthly here. Okay, 
and then this will just change the graph. So now   it's a monthly breakdown. And you can change the 
scope of how far you want to go back there. Okay.   But we'll just go back there and change it to 
daily. And apparently, we have some other options   here. So if you don't, like stacked and you like 
line graphs, you can have that or if you'd like   bars, okay, but stack stack is my preference 
there. Okay.

And then on the right hand side,   we have filters. So if you want to start 
filtering, it might look like this is grayed out,   but what you do is you actually click here, okay, 
and so then I could type something like register,   okay. If I can remember how to spell it, there we 
go. And that's for registering domains on Route   53. And if I just apply that filter there, you can 
see I have one class there, okay. And there's tons   of different filters in here, okay, tons and tons. 
But like, the one that you'll notice the most is   like linked accounts.

So if you wanted to filter 
out for like a developer account, like a discount,   or something like a variety of different accounts, 
you can do that to figure out the exact costs of   particular teams. Okay, and so that's that there. 
Now, just to show you those reports, there are   those default reports here, if you go on the left 
hand side here, we can go to save reports. Okay,   and so here are a bunch of them there, and you 
can get an idea of what's inside of them. Okay.   But yeah, you basically would just create whatever 
configuration you want, oops, I went into reserved   utilization there. I don't care about that. But 
yeah, whatever, whatever filters you want, you   just go ahead and make any report. You go cost and 
usage, okay. And from there, once you pick, choose   your configuration, you hit save, and you can have 
this report for later. Okay, so if you really want   to monitor, like CloudFront. So CloudFront is 
something that we heavily use that exam Pro,   and it can fluctuate based on how many people are 
consuming videos on our platform, we might want   to just create a report for CloudFront.

Okay, so 
yeah, there you go. Hey, this is Angie brown from   exam Pro. And we are looking at AWS budgets, which 
is a service that helps you plan service usage,   service costs and instance reservations. I like 
to think of it as billing alarms on steroids.   And when you use AWS budgets, each budget costs 
about two cents per day. Okay, and you have up   to a limit of 20,000 budgets, but the first two 
budgets are free of charge. So if you have any   adverse account, you definitely want to go ahead 
and create yourself a couple of budgets. Okay.   All right. So we're looking at his budgets here, 
a little bit more detail. And so the idea here is   that you can set up alerts if you exceed or are 
approaching your defined budget. There are three   types of budgets you can create. You have cost 
usage and reservation, okay, so costs is where   you're just plugging in $1 amount There, okay? 
For usage, it's going to be based on a usage   unit. So you could choose something such as EC to 
running hours. And then you're going to use supply   whatever the unit is.

So that's going to be ours 
in this case. So here I've supplied 100. And you   can track budgets based on monthly, quarterly 
or yearly levels, okay? And so just if you set   it for a year, then that alert is really going 
to be designed to be delivered at the end of   the year. Okay. So for reservations, that is for 
reserved instances, and it is budget supports,   etc, to redshift or RDS and elastic cash, 
okay? Now, when you are defining your budgets,   you can define them based on a fixed cost, or you 
can plan planning upfront based on your chosen   level. So you could say for, for each, so for next 
six months, you could say for this month, I want   to spend this and for this month, I want to spend 
that etc, etc.

Okay, and if it was quarterly,   you could say what you want those budgets to be 
for those quarters. Okay. You can also easily   manage Eva's budgets via the dashboard. And they 
also have an API. So if you need to do something   programmatic, you can definitely do something 
there. And normally, you'd get notified by email,   but you could also have the notification 
sent to chatbot. Okay, so for chatbot,   that is a newer service for AWS integrates 
with common services such as slack or chime,   so those could, your budget information will be 
pushed out to there, okay.

Hey, this is Angie   brown from exam Pro, and we are going to look at 
Avis budgets in this follow along and learn how   to set our own budget. So we'll go ahead here and 
create our our budget here. Alright, and so we're   gonna be presented with either a cost budget, 
or usage budget, or a reservation budget. So I'm   going to choose cost. And we're going to set your 
budget. And so they give you a suggestion, like   monthly easy to budget, okay. And I could just say 
all my costs, so overall, overall costs, okay. And   then we can choose the period. So monthly seems 
good to me, but you have monthly, quarterly and   annually here, alright, you can have a recurring 
budget or expiring we want this for every single   month. And then you can choose your budget amount. 
So we have a fixed or a monthly budget planning,   this is a little bit more complicated.

So I guess 
if you're a startup and you assumed your costs   were going up, you'd want to fill this go up and 
up and up. Or if you were a seasonal business,   and you assume your budget would change based on 
the demand, it would definitely make sense to a   set monthly budget planning, okay, but we'll go 
back to fixed here and we can just have a cost,   you can see it shows my last month cost was $126. 
Let's just say I wanted my cost to always be $100   per month, it will draw this line here and give 
me an idea of whether I'm over or under, okay,   and we could filter services. So if I wanted to 
go here, I could just choose EC two, okay.

And I'm   just going to look for EC two, I'm not sure why 
I didn't show up in search ghosts already. Yes,   instead, because that was a bit easier to find 
here. So apply filter. So but just an idea to show   you just how that works there. Okay, and I'm just 
going to remove that filter there. If I figured   that out, there we are. Okay, and we'll just apply 
that filter again. And we do have some advanced   options there.

But everything seems pretty good. 
So I'm just going to go ahead and configure   alerts. Okay, and so you can get alerted if you're 
if you go over the budget, so you can get it based   on the actual cost or forecasted, I would get so 
many emails, if I or at least I'd always get a   email if I had forecasted because forecasts within 
my account are always spiked, okay, but here,   you could set the alert threshold. So when you're 
approaching that budget, so let's say you're 80%   On the way there, it should send you an email, 
and then you'd add your contact here. So I could   just say Andrew at exam Okay, um, maybe I 
did that button.

Yeah, just the one there. Okay,   and you could also notify via Amazon SNS so if you 
already have a topic Arn, you could provide that   there. But apparently, you do not have to do that 
here, which is kind of nice. But apparently they   have a new feature, which is the chat bot. So I 
suppose if you're using Slack, you could integrate   that alert there. So nothing super exciting there. 
But yeah, so if you were using Slack, or I'm sure   it integrates with AWS version of slack, which is 
called chime in, there's probably another service   there. So that's kind of interesting there.

we'll go ahead and we will confirm our budget.   We're going to get an overview of that. And we'll 
go ahead and create that budget. Okay. And so now   we have this budget, and we just have to wait some 
time before we can actually see some information   here. But generally what would happen is it will 
Oh, here we go. I just did a refresh there. So it   showed my budgeted my forecasted the current 
versus budgeted and then the forecast. Okay,   so yeah, there you go. That is a budget. So I 
just wanted to show you that the email here came   through for those budgets and just what it looks 

So here, you can see that it says that I   exceeded the amount of $80. So when we entered in 
that 80%, it calculated the dollar amount for us   there. It just shows us that information. Okay, 
so there you go. That's all you need to know for   those budgets. Hey, this is Angie brown from exam 
Pro. And we are looking at the decio calculator,   which stands for the total cost of ownership. And 
this allows you to estimate how much you would   save when moving to a dress from on premise. So it 
provides you a detailed set of reports that can be   used in executive presentations, the tool is built 
on underlying calculation models that generate   fair assessments of value that you can achieve 
given the data provided, okay? And the TCL helps   by reducing the need need to invest in large 
capital expenditures. Of course, this tool is   for approximation purposes only. So it's really a 
persuasion tool to use for at the executive level,   okay.

But the idea is that you just launch the 
TCL calculator, you describe your environment,   you're going to get a three years summary of 
cost comparisons, and then you can download that   detailed report, okay. All right, so we're going 
to take a look at the total cost of ownership   calculator here. So just Google and find your way 
to the TCL calculator on AWS, when you arrive,   this page, you know, you're in the right place, 
and you're gonna be looking for this big yellow   button. Now, it does take sometimes quite a bit 
of time for this to load. So I've already clicked   that button and have it open here on a new tab. 
Okay. And so you get here, and the idea is you   choose your currency, we're gonna stay with us 
dollars. And you can choose whether you're on a   premise or colocation, we're gonna say on prem. 
And you can decide whether they are physical   servers or virtual machines, you can see some 
options there. And now you're going to go ahead   and fill some stuff in here.

So let's see if I can 
figure something out here. That is a good example.   So maybe you'd have a non database server. So you 
have your own web application. Okay. And let's say   it is using whoops, it is using the number of VMs, 
you have six running, and each have, I don't know,   eight cores, and you're using that's 1024242048 
amount of memory, oh, that's gigabytes. That's   too high, we'll just say eight gigabytes there. 
Okay, we can choose the hypervisor, the OS there,   I'm going to add another row here. And we'll 
choose a database this time, and we'll just say   Postgres here, okay. We'll say Postgres. And 
maybe we don't have as many Postgres servers   running here. So we'll say two, and we will say, 
four cores. And we will say, have four gigabytes   of memory here.

And that's running on VMware. And 
then we can choose storage here. So we have some   storage here. I guess we could just put something 
in here. So we could say, we'd have 500 gigabytes,   maybe 500 gigabytes of storage. Okay. And so now 
that we have all those things, we're going to go   ahead and hit Calculate the TCL. And we are just 
going to wait here for this report to generate   all right. All right. So after a little wait 
there, we can see this report has generated and   we have a comparison between on prem and AWS. And 
it's saying that we could save up to 70% a year,   which would give us a total savings of $200,000 
over the course of three years. Okay, so here,   we get a cost breakdown, and we get the total 
cost of ownership there. So we have the server,   the storage, the network, and now we have this 
additional cost, which is it labor, okay, because   this is, in the case that you have on prem, you're 
gonna have to hire it to manage the infrastructure   on AWS, it's, it's taken care of for you, okay, 
so you're not paying for that cost.

And then it   shows you your on prem environment, and then it 
shows you the equivalent in AWS. So if you had   if this is what you're using, this is what you'd 
want to use on AWS. Okay. And then down below,   we have some additional information, okay, 
and then we have a cost breakdown. So it just   compares those breakdowns for you. Okay, and then 
we got other things here, like calculations. Oh,   boy, that's a lot of stuff. methodology. Okay. 
So a lot of stuff that you can use within a   presentation to make the case to move to AWS. 
Okay. And then up here, we can just download   that report. Okay. And that would download it as a 

Alright, but there you go. So that's the the   TCL calculator. Hey, is Andrew Brown from exam 
Pro, and we are looking at Ava's landing zone,   which helps enterprises quickly set up a secure 
Avis multi account. Now I have enterprises in   red there because if you read them Marketing 
page, it doesn't say that it's for enterprises,   but it definitely is because from what I remember, 
it has a very expensive upfront cost, okay,   which but for enterprises would be a very little. 
So it's not gonna be for the small to medium sized   startups. But the purpose of Eva's landing zone is 
to provide you with a baseline environment to get   started with multi account architecture. So what 
does that mean? Well, the idea is that you have   these companies and at best recommends that you 
run in multi account, but they don't know how best   to the company itself doesn't know how best to set 
up multi account and make sure it's secure.

And,   and, and good for future growth. And so landing 
zone is basically that setup for you. Okay. And   the way this all works is through a service 
account vending machine, also known as a VM,   which automatically provisions and configures 
new accounts via a service catalog template.   And the way you're going to access these accounts 
is going to be using single sign on. Okay, and so   the environments here are customizable to allow 
customers to implement their own account baselines   through a landing zone configuration and update 
pipeline. Okay, so now that we have an idea, let's   go take a peek at the landing zone page.

So here 
we are on the Ava's landing zone marketing page,   I just want to scroll down here for you. So I can 
just show you that they have some architectural   diagrams here to give you an idea what you are 
getting with landing zone. So here it says the   solution includes four counts, add on products can 
be deployed using a service catalog. So when you   get this you're going to get four accounts 
are going to get this master account here,   they're going to have a shared service account 
log archive account and secret account. So when   you are setting up your organization's you should 
always have a login account and should also have a   security accounts that are isolate from your other 
accounts, because it's just good for for auditing   purposes, okay, and so at best is giving you the 
best setup possible by doing that for you.

All   right. And so when you need additional accounts, 
then you use that account vending machine, okay,   and so that account vending machine will just 
create new accounts for you. And so that's   really all you need to know about a landing zone 
that it is giving you a baseline environment,   and then it's going to allow you to add additional 
accounts that are going to be secure, with a lot   of other good best practices baked into the Okay. 
Hey, this is Angie brown from exam Pro, and we are   looking at Ava's resource groups and tagging.

we've got two different things here. But they are   strongly related. So we need to learn them both at 
the same time. So tags are words or phrases that   act as metadata for organizing your AWS resources. 
And then you have resource groups are a collection   of resources that share one or more tags. Okay, 
and so the way you'd access those resource groups,   is there's a drop down right beside services where 
you get to create a group and manage your tags.   Okay. So the whole purpose of resource groups is 
to help you organize consolidate information based   on your, your project, and the resources that you 
use. And resource groups can display details about   a group of resources based on metrics, alarms, 
configuration settings, okay. And at any time, you   can modify the settings of your resource groups to 
change what a resources appear. Okay, so let's say   you had a database server, and maybe an s3 bucket 
and you wanted to group them all together, you'd   give them all the same tag, and then you could 
put them in a resource group.

And so that's the   concept there. Okay. So in this follow along here, 
I'm going to show you how to use resource groups   and tagging. So we're going to spin up a couple of 
servers, give them some tags, and associate those   to a resource group see that they are in a group, 
and then we'll turn down those servers. Okay,   so what I want you to do is make your way to EC 
two. So we'll go to services at the top here and   type in EC two. Okay. And we'll just make our way 
over to the EC two console. So once we are here,   we'll have to go ahead and launch some instances. 
So let's press the Big Blue Button.

Okay. And now   that we're in here, I will just choose Amazon 
Linux two, okay. And we'll stick with the micro   tier because that is the free tier. And then we're 
just going to set up two servers, okay. And we're   going to go on to storage and pass onto storage 
onto tags, and we're going to add a new tag and   I'm going to call it project and I say tarok 
nor okay tear rock nor, and that is a Star Trek   reference. If you're wondering, okay, and we don't 
have to worry about secure groups, we'll have to   review and launch we're gonna hit launch here and 
I'm going to drop down Percy without a key pair.   We're not doing anything with these servers, just 
tagging them okay. And so, they are launching,   we're gonna go down to view instances in the right 
hand side there and then they are launched. I'm   just going to click on one of these, even though 
there's a loading thing, you can still click the   checkbox. And we're going to go to tags here just 
so we can see our tag.

And then what I want you to   do is ROP resource groups down here and I'm just 
going to create a new group, I'm going to open   a new tab to make my life a little bit easier 
here. And we'll just wait for this to load. Okay,   and so here, we are creating a new group. And we 
need to choose our group types. So we have tag   based and cloud formation stack based, so we're 
going to be going with tag base today, okay,   and so then we have our grouping criteria, this 
is going to determine how things will be grouped.   And so we can choose a resource type, but we'll 
just leave it to all supported resource types,   okay, so that allows it to be anything easy to 
or anything, okay, and we will need to supply our   tags. So going back over here, I just want to make 
sure it's 100% the same, so I'm just going to copy   and paste that there. So we got project, and 
then we have tarok noer. Okay, and I'm just gonna   hit Add.

And so now we have our criteria set up. 
This is where we would see those group resources,   we don't see any as of yet, okay, I'm just going 
to click here to see what we see. Oh, sorry. So   you hit that there. And now, those instances have 
been found, and also the volumes the EBS volumes   attached there also have the tag applied appears 
to be, so we actually have four resources. And   that's why and so I'm just going to type in tarok. 
Nor here, okay.

And we have some options, here to   tag the actual group here. That's not necessary, 
we'll just hit Create group. Okay, and so now we   have grouped resources, okay, so whenever we want 
to look at our saved groups, okay, we can go here,   we can see terok nor, and we can see all the 
resources and then quickly click through to   find other resources with those tags.

All right. 
All right. And so now that we know how to create   a resource group, let's actually go look at manage 
tags, okay? Because this is a very convenient way   to find resources. All right, based on tag, so 
what we can do is we are, it's certain it adds   the region that we're in, so we're in Ohio right 
now. And we could choose the type of resource   I'll say all resource types, and I'm gonna just 
type in projects, see how it autocompletes there,   and I can use tarok, nor Okay, I'm going to add, 
I'm gonna hit Search resources, okay. And so what   that has done for me is it's actually found them 
all for me. And if I want to export them as a CSV,   those resources I could do so. And I think I 
have a checkbox here and go to Manage tags,   selected resources, I can now remove the tag from 
all these resources here, or add additional tags,   okay, so I can go here and then say, Federation, 
Starfleet, okay.

All right. And I believe,   if I hit review and apply tags, it's going to go 
now apply those tags to those four resources. So   we go back to EC two instance here, we might have 
to do a manual refresh up here. And so now we have   an additional tag applied. If we wanted to remove 
those on mass, it's going to be the same story,   right? So we're gonna go to project we're going to 
go to terok. Nor we're going to hit all resources   here, search for those resources. And I can select 
them all manage them, and remove that tag. Okay.   So um, yeah, it's pretty darn straightforward.

think I actually removed our original tag there.   So if I go back here and do a refresh, now we just 
have Federation Starfleet. Okay. So, you know,   that's as simple as it is. And there's tagging 
found out throughout so many services within   AWS. Okay. And I'm just going to go and shut down 
these instances, because we are done with them.   So we want to terminate them. And we want to say 
yes, okay, and so that's all of our cleanup there.   So there you go. Hey, this is Angie brown from 
exam Pro. And we are looking at AWS quickstarts,   which are pre built templates by Ava solution 
architects, and Amos partners to help you deploy   popular stacks on AWS.

And so the benefit here is 
that it can reduce hundreds of manual procedures   into just a few steps. Okay, so quickstart is 
composed of three parts. So you're going to get   a reference architecture for the deployment. So 
it's going to be like an architectural diagram and   description. And then the actual quickstart 
itself is just a cloudformation template,   and cloudformation templates are used for 
provisioning multiple AWS resources.

So   it's going to automate configured that deployment 
for you. And it will have also a deployment guide   explaining the architecture and implementation in 
detail. Okay, so most quickstarts are reference   deploy deployments enable you to spin up a fully 
functional architecture in less than an hour.   Okay, so you can get operational pretty quick with 
these things. And on the right hand side there,   you can see that I've cherry picked one out there 
from onica and that's one is for setting up an IoT   camera connector. Okay. So here I just wanted to 
give you a quick tour of Eva's quickstarts just   so you have an idea of what there is available to 
you here.

And so on the left hand side we have a   bunch of filtration options to choose Or to narrow 
down some nice templates here for us. And on the   right hand side, we already have some templates, 
let's go into analytics here. And right away,   we have a one here by Cambridge technology, which 
automatically deploys a clickstream analytics   environment for you. So that sounds pretty 
cool. So if we just click into this actual   quickstart here, what we're going to see 
down below is that architectural diagram,   I was talking about how we're like a bunch of 
descriptions as to what it is doing, this stuff   varies based on quickstart templates that don't 
expect to see the same stuff everywhere.

But   they'll generally give you instructions on how to 
deploy, and then the costs or licenses involved.   And so if we wanted to launch this, we go view 
deployment guide details, maybe here. Okay. And,   oh, we got a big white paper. So this one's a 
bit different here. Sometimes, the buttons are a   little more clear. Oh, yeah, here it is. So again, 
this will vary based on each one. So I've never   done this one before. But we'll say deploy into a 
new VPC. Okay, and what that's going to do is set   up that cloudformation template for you.

what I'm expecting anyway, so yep, there it is,   it's going into cloudformation. Okay. And we're 
not going to go through this whole process, I'm   just showing you, at least to this stage, okay. 
And so here, we have that template, we go next.   And I'm just going to see if it asks us to provide 
some information. So yeah, these a cloudformation   template has a bunch of variables that you fill 
in. So based on the Quickstart template you have,   it's just going to have different options here. 
As you can see, this one has a variety of options,   but we would just fill that in, go next review and 
launch and then it would spin up that clickstream   for it. So there you go, that is a quickstart. 
Hey, this is Andy brown from exam Pro. And we are   looking at AWS cost and usage report. And this 
is a service which will generate out a detailed   spreadsheet enabling you to better analyze and 
understand your AWS costs. So just as it says, you   have a big button and you download a spreadsheet 
and there you get a nice big breakdown,   the report gets placed into an s3 bucket, you can 
use Athena to turn that report into iqueryable   database hour, or you can use quick sight to 
visualize your billing data as graphs.

Okay,   so you have a lot of options here to work with 
this data. All right, but maybe you just want   the spreadsheet. Okay. So that is Ava's cost usage 
report. So in the following, I just want to show   you how to use Amos costing usage report to get 
that spreadsheet, okay. And so what you're gonna   do is you're gonna go up the top right corner 
here, you're gonna go to my billing dashboard,   and you're going to make your way to the cost 
of usage reports here on the left hand side,   okay, and then once you get here, we're gonna 
have a nice big blue button that we can press   to create our reports, let's go ahead and do 
that. So we're gonna need to give us a name. So   we're gonna say my, my use cost and usage, okay. 
And we can include additional resource IDs here,   I'm gonna just hit next.

And then we need to 
configure where it goes. So I'm going to create   a new bucket. So I'm just gonna say, ESP for 
exam Pro, cost and usage, okay. And it's going   to put that in the US East. One region there. 
Okay, I'll hit next. And we have this nice,   big policy wants will say, save that, okay. And 
then we can choose to what detail that we want.   I'll leave it for hourly, that's totally fine. I 
will say daily, that's probably more ideal there,   we'll create a new version of support. And now for 
easy integration, we do have those options there,   Athena redshift and quick site, but we are just 
going to leave this as be I'm gonna make a zip   because I want to make my life really easy here. 
Just because if I download to my local computer, I   won't be able to unzip that with very little 
effort here. I'm gonna hit next. And what we   can do here is go hit review and complete. Okay, 
and so now, it is going to deliver that. So in the   next 24 hours, your first report will be delivered 
to an Amazon s3 bucket you configured during this   report creation.

So we're just going to have 
to wait for this creation. And I will come back   here and download it and show you that report. 
Okay. All right. So it's been 24 hours, and I   went over to my s3 buckets here, and I searched 
for that bucket that I created. And then I just   drilled down so if you just click through to that 
bucket, okay, so I go into here, and then there's   this folder that has no name, okay? And then you 
go into the cost and usage. And then you go into   here, then you're going to see another folder, you 
click into there, and then we can get that CSV,   zip.

Okay. So that's going to have a zip, which 
contains a CSV file. And that's going to give us   that raw data, which I've opened up here in Excel. 
And so you can see there's a lot of data here and   so it's up to you To make sense of this data, but 
at least you can see you get all the raw data from   cost and usage. And of course, I mean, the huge 
advantage here is that you can integrate this into   quick site and Athena to analyze it within AWS. 
Okay. So there you go, that is a cost of usage.   Hey, this is Angie brown from exam Pro, and we're 
looking at organizations and accounts. So when you   first sign up for AWS, you are creating a single 
account. And that first user you're logging in,   as is the root user. Okay, so just look over 
here on this diagram, see where we have a master   account. So just, let's pretend that this was the 
account that we created, and we were logging is   that root account user.

So what you can do is you 
can promote your account into an organization. And   so what that's going to allow you to do is it's 
going to allow you to create multiple accounts   within that organization. So now, that original 
account is now a master account, and underneath   it, you can create multiple accounts. Okay, 
so why would you want to do this? Well, if   you're an organization, you might want to, like, 
isolate different departments within your company,   and also to have fine tuned control over what they 
have access to on mass. Okay, so the idea here is   like, let's say you have a development team on one 
side, and there's multiple accounts, you can put   them within an organizational unit, and then use 
a service control policy to apply rules about what   services they can or cannot use on math.

So I mean, that's pretty much all there is to it.   But I think this would be a lot more clear when we 
do a quick follow along, okay. Hey, this is Angie   brown from exam Pro. And in this follow along, 
I'm going to show you how to use organizations and   create some member accounts. Okay. So there are 
two places where you can manage your organization.   It's within the IM console here. So you just type 
in Im to get to that console. But you can see here   that it says organization is not in use, because 
we have yet to create an organization. So what   we'll have to do is in a new tab, we'll have to go 
to the organization's console here, which is where   I'm at currently. And we have this nice little 
wizard here to get started. So I'm going to go   ahead here and hit Create organization, it's 
going to ask us to create an organization where   we have all these features, or we could just have 
one consolidated billing, we definitely want to   create this one here.

So I'm gonna hit Create 
organization. Great. And so here I have created   organization. And you can see that it sent me an 
email to finish verifying your master account,   because the original account we have here has 
now been turned into a master account. So I'm   going to go ahead and just go confirm that email 
here. So now I'm in my email here. And here's   that verification email. So I'm just going to go 
ahead and press that button. And now this has been   verified. Okay, so I'm just going to close that 
here. I'm just going to refresh. And you can see   we are now verified, okay, and we can see, that's 
our master account, I think it might be Yep, the   star emphasizes that that is a master account. So 
if I go back to Im console here and do a refresh,   let's see if there's any kind of change.

Okay, and 
there definitely is. So you can see that we have a   root organization here. And then we have the exam 
pro fresh account, which is the master account. So   we can't create additional accounts. From here, 
it's just more of an organizational structure,   what we can do is go back to the organization's 
console here, and do some organized organizing.   So before I actually go ahead and create any 
accounts, let's actually go look at some,   some organizations are sorry to organize this 
account. So we'll go to organize accounts. And   so over here, this is where we'd see all of our 
accounts. And we can create some organizational   units.

So I'm going to create a new organizational 
unit called developers. Okay. And so now I have   that organizational unit, and there is some 
way for me to set them in the tree. Actually,   by default, it has already set it here. So we 
already have that. Okay, so I suppose it already   is associated to the root there. Okay, so now 
what we'll want to do is we'll want to actually   create an account under this organizational unit. 
So let's go back to accounts here and let's make   a new account. I'm going to create a new account 

And I'm going to do Andrew plus fresh plus   developer at exam Here, okay, I just gotta 
be here. And we'll just say Andrew Brown, okay,   because every account has to have a unique, unique 
email for the root account. And there is this   Im role, I'm just gonna leave that blank and hit 
Create. And what's that? What that is going to do?   It's going to get us set up with a new account. 
And so I'm just waiting here for this to send us   an email to tell us that our account is ready. 
Okay, so we'll just wait here for a little bit.   Alright, so after waiting a few minutes here, I 
got a new email saying my account is ready.

Okay.   And just back in here, if you do a hard refresh 
here, you'll see that the account is set up,   you probably don't want to name the account 
based on someone's name, I just inherently   had put my name in there. Generally, you'd want 
to name this developers or whatever the account   is called here. But this account is now ready. 
So how do we actually access this account? Well,   the way you do it is you actually just log in as 
the root user. So I'm going to just close this tab   here. And I need to remember what this email is 
here. So it's Andrew plus fresh plus developer.   And we're just going to log out here and just sign 
back in with this as the root user.

So what we'll   do here is we'll just go ahead and go sign in 
to console. And we're just going to provide that   email there. And we're just going to hit next. 
Okay, and what we're going to do is we're actually   going to hit forgot password is the only way to 
set up new accounts, you have to just reset the   password. And so we have to enter into this code 
by three by m, q q, that's really hard to see,   but I think that's what it is. Okay, we'll try 
this again, eight, seven, E, eight, y p. Great.   And so now we're gonna get an email here. And so 
we'll just wait for that email. Okay. All right.   And so here is that email to reset her password. 
So we just got to go ahead here and click this   link here. Okay. And so now we're just going to 
have to provide a new password, so I'm just going   to fill something in there.

Okay, and so now our 
password has been reset. Great. So now we'll just   have to proceed to sign in here. So we'll just 
put in that new password, and we should be in   our new account. Great. And so now we are in with 
within this new account. So it's not easy to get   new accounts set up. And so I guess the next thing 
is, we'll look at how we can organize this account   with the organization. So we're gonna have to 
log in and go back into the root account of   our master account. Okay. So that's what I'm just 
doing here. Okay. So I believe I called it fresh.   And we will just supply that a password. Okay, and 
so what we'll do here is we'll make our way over   to organizations.

And we see we have our account 
there. And so what we want to do is we want to add   our account to an organizational unit. And so I'm 
just going to see how we can do that if I remember   how. So I'm just going to check boxes here. And 
I believe over here, if we right click here,   this account is currently in the route to move 
this, choose the move account option. Okay,   so I guess that's what we need to do here. 
So we'll just click on move. And we'll just   choose that to be in the developers route. And 
so now, this account is under the developers   organizational unit. Okay. So if we click in 
there, we can see that account. So the reason   you'd want to move things into organizational 
units is so you can attach policies, okay. And   service control policies.

And that's what they 
are, helps you limit access to certain resources.   So if we only wanted that account to only be 
allowed to use EC two, that's what we can do.   So we'd say only EC two, here as the policy name. 
And then we'll just filter out what it is that we   want to allow. So we'll say EC two, and then we 
have to choose actions. So we'll say all Okay,   and then we can move on to resources, I suppose, 
specify the resource type EC to will say, all   resources here, and then we'll hit add, and then 
we'll move on to the conditions. And so we don't   need to change any of this here. I'm pretty sure 
I'm happy with that.

And we're going to say allow,   so we're just going to allow access to all the 
VC to Okay, so that way, everything else will   be implicitly denied. So the only thing we'll have 
access to is easy to and hopefully, the statement   is valid. And we'll just go hit Create policy. 
And now that we have our policy created here,   which gives us only easy to access, we now you 
can apply it to that organization, you have to do   everything from the root. So you'd have to enable 
service control policies so that you're allowed to   use them. Okay. And so now that is enabled, and 
I believe, if we go into developers, we should   be able to set that policy. So I'll go here, and 
I'm going to just choose attach. Okay, and I'm not   sure if I can detach it, but let's give it a go. 
Okay, and so now this one should only have access   to EC two, and, but the root will still have 
access to everything.

Okay. So there we go. So now   that we have an idea how we can apply permissions 
to accounts, let's actually go back to the other   account and just go ahead and just shut it down or 
terminate it because we're not going to be using   This other account for anything, we don't want 
to leave this other account laying around. Okay,   so what we'll do is we will just log out here, 
and I'm just going to log back into this other   account. Okay, so I'm just proceeding to log into 
that other account there. And I just got to type   the password in here. Okay, great. So we're back 
into our member account there. And we did say we   were only allowed to launch EC two. So actually, 
let's go ahead and try to just create something   else just to see if our service control policies 
working and right away, so you're not authorized   to perform lambda. So our policy is working as 
expected, okay.

And I didn't mention this before,   but every time you create an account, they all 
have their own root account. Okay, so right now   we are logged in as the root account into this 
member account. And let's say you wanted to get   rid of this account, you can actually suspend this 
account. So let's go ahead and do that now. So I   believe to suspend accounts, we have to go to up 
up here, and we have to go to my account. Alright,   so but there's only one problem here is the 
fact that we don't actually have the ability to   close our own account, because we don't have the 
permission. So we're going to have to go back into   our master account and give us better permissions 

So we can actually go ahead and get rid of   this account. So I'm just going to log out here, 
we're gonna go back into our master account there.   And we will make our way back to organizations 
here. And so you might think that you could   just remove the account here, but the problem with 
that is that it would just leave the organization.   And in order to leave the organization, 
you'd have to attach a new credit card,   and account wouldn't be would actually wouldn't 
be deleted or suspended, you actually can't delete   accounts in AWS, you can just suspend them, which 
makes sure that no resources are being billed for   within those accounts anymore. And that's what 
we want to accomplish here.

So we're going to go   back to our organization accounts here, right 
click on developers, and we're going to go to   service policies, and I'm going to attach the 
full access and then detach on the EC two, and   we're going to log out and go back into that 
member account. Alright, so here we are going   back into that member account. And we'll just do 
was at Andrew plus exam Pro Plus developers. Oh,   no, it's fresh, okay, fresh plus developers at 
exam Maybe it's just developer. There we   go. We'll enter that password in. Okay, great. And 
so now we should be able to get rid of our account   here. So I'm going to go up and go to my account. 
Okay. And so we do have some sensitive information   here, which I have blocked out.

But within here, 
we are going to go ahead and close our account.   So we'll just do that. So what I did here is I 
just scrolled all the way to the bottom, and you   can see that we can close your account. And we 
have a big long disclaimer about it. But again,   the advantage here of closing our account, which 
just suspends it is that it's going to ensure that   we're not being billed for anything else within 
our account. Okay, and I'm just going to go ahead   here and say I understand for the three things 
here and go ahead and close my account. And so   this account has now been closed, and I can just 
proceed to logging out here. So just scroll up   and just log out and we'll go back into our master 
account. Alright, and so now we'll just go ahead   and log back into our master account and go just 
check on the status of that organization. And we   will just make our way back to organizations 
here. And you can see now this is suspended.   So this account is no longer active. Okay. And so 
that's all there is to it.

Okay, so yeah, that's   eight us organizations. And yeah, there is some, 
some visibility there on organizations within the   IM console, there's not a lot there to do, you can 
just see the structure and look at service control   policies. But just be aware that each of us is 
developing that in Iam. Yeah, there you go. Hey,   this is Andrew Brown from exam Pro. And we are 
going to learn a bit about 80 of us networking   here. So I have this nice big architectural 
diagram. And we're gonna work our way through   it. Okay. So the first thing you'll want 
to do when you want to launch resources,   you're going to have to choose a region to 
launch them in. And so a region is a geographical   location of your network.

So that could be US East 
one, which is north Virginia, or maybe you would   choose Canada Central, which is based in Montreal. 
Once you've decided what region you want to launch   resources in, you're going to need a VPC. And 
a VPC stands for virtual private cloud. It is   a logical isolated section of the cloud, where you 
can launch at best resources. So it's just a slice   of the ADA based network. Just for you. Okay, and 
then once you have your VPC, you're going to want   to subdivide it up into subnets. And so subnets 
are logical partition of IP network into multiple   smaller network segments. Okay, so you could have 
public and private subnets. The difference between   a public and a private subnet a public one is 
generally accessible to the internet, whereas a   private subnet is where it is not. Okay. So when 
you have things that need to be super secure,   are you going to put those in a private subnet? 
All right.

And so subnets are defined within an   availability zone. And an availability zone 
is just a data center for your where you're   going to launch your AWS resources. And those 
azs are contained or are specific to specific   regions. Okay. So now we have a region we have a 
VPC, we have our subnets. And so we can go ahead   and start launching resources into our subnets 
here. So we could launch an EC two instance,   or an RDS instance. But how are how is that EC two 
instance going to reach the internet. So in order   to do so we're going to need a gateway to the 
internet. And that's where internet gateway comes   into play. So it enables access to the internet, 
you can think of it up as a door to the internet,   from your VPC, outward, okay. But just having 
internet gateway is not enough, because the   subnet has to know how to reach that internet 
gateway to reach the internet. And that's where   route tables come in.

So route tables determine 
where network traffic from your subnets are,   are directed. So you'd create a a route in your 
route table to say, hey, row table, go here and   go out to the internet. Alright, now that we have 
a way to the Internet, and we can launch resources   into our subnets, what about security, and that's 
where security groups and knackles are going to   come in. So security groups is acts as a firewall 
at the instance level. So here, you can see that   we have an EC two instance in RDS, and they span 
subnets. And we have a border drawn around it to   say that the security group is protecting those 
two instances. So that's how that works. And   you have knackles and knackles is another form of 
security, but it's at the subnet level. So it sits   in front of subnets. And controls access in and 
out of those. Okay, so I mean, those are the most   important components of AWS networking, there's 
definitely a lot more. So that's all we need to   know for now.

Okay. Hey, this is Andrew Brown from 
exam Pro, and we are looking at database services.   And so you can see we have a variety of different 
services, for databases on AWS. And for the actual   exam, you probably just need to know Dynamo dB, 
RDS, Aurora, and redshift. But when you're taking   the exam, they might throw in these other ones to 
just throw you off. And so by knowing all of them   through process of elimination, you can determine 
what the correct answer is. Okay. So I think it's   going to be good for us to learn them all. And 
so just starting at the top here with Dynamo dB,   which is a no SQL key value database.

so I always like to say that it's Cassandra,   like or Cassandra based, because I think 
at one point it was, or at least is very   similar to it. And so this is a very flattened 
simple database, which can scale to millions of   records. And we'll give you a guarantee of reads 
and writes per second. Okay. So if you needed to   say 200 reads per second, you just enter that 
in and you'd get a guarantee of it. All right,   moving on to document dB, which is a no SQL 
document database that is MongoDB compatible.   So if you need MongoDB, you're going to be using 
document dB. Then we have RDS, which stands for   the relational database service, okay. And it's 
probably the most popular database on AWS, and   the most commonly used and it supports multiple 

So you can use MySQL, Postgres, Maria,   db, Oracle, or Microsoft SQL Server, alright. And 
it happens to have one other engine called Aurora.   And so Aurora is really its own thing. And it 
is a fully managed relational database, okay.   And within it, you can choose to either run MySQL 
or Postgres. And so because it's fully managed, it   has a greater performance over the regular MySQL 
Postgres RDS, and you're gonna see my school,   it has a better performance of up to five times, 
whereas Postgres has up to three times. Now,   Aurora, again, is highly available and durable. 
And so when it when you spin up, an aurora   cluster is going to be running six copies of your 
database across three availability zones. Okay,   so with that, it definitely is more expensive 
than using RDS.

But if you are an enterprise   or you need that guarantee of availability and 
durability, you're definitely going to want to   use a worra. Now moving on to Aurora serverless. 
It's pretty much the same thing as Aurora. With   less features, but the huge advantage here is 
that it's, it's way more inexpensive. So this is   kind of like a relational database where it's on 
a need B basis. Okay? So the idea is that you're   only paying for when you're using it just like 
kind of like a lambda, okay? And it's really good   for development workloads or web apps that are not 
frequently used. Or if you're using a serverless   architecture, okay, so it makes it really easy 
to connect lambdas to Aurora serverless. Now,   moving on to Neptune. It is a managed graph 
database. That's all you need to know. them.   We're onto a redshift. So redshift is a columnar 
store database. Okay, so instead of reading via   rows, it reads via columns.

And so it's really, 
really good. Working with a huge amount of data,   where you need to generate maybe, like reports 
or analytics, like a business intelligence tool,   and it can handle petabytes worth of data. Okay, 
so there's like 1000 terabytes in one petabyte.   So that is x significant amount of data. Moving on 
to elastic cache, it is a caching solution. So you   can either choose to use the open source caching 
databases here, Redis, or memcached. Okay, so if   you need caching, that's going to be your choices 
here. So there you go.

That's all the database   services. Hey, this is Andrew Brown from exam 
Pro. And we are looking at provisioning and so   provisioning is just an easy way to set up a bunch 
of AWS resources for you or your servers in an   automated way. And this could be done via code, or 
it could be done via a graphical user interface.   Okay. And so AWS has a variety of different 
services that can help us with provisioning.   So let's just learn the difference between all 
these services starting with Elastic Beanstalk. So   Elastic Beanstalk is really good at deploying web 
applications, where you don't have to think about   the underlying infrastructure at all. So what 
you're going to do is you're just going to prepare   your code, you're going to upload it to Elastic 
Beanstalk choose the container you want to use   with the language of choice.

And it will more or 
less work with very little to no configuration. So   if you're using Ruby on Rails, you just choose the 
Ruby container, upload your code, it would work.   And you know, if you wanted to use Django, then 
you just use the Python container, etc, etc. Okay,   I like to think of Elastic Beanstalk as the 
Heroku for AWS, if you've ever used Heroku, it's   just a service where you not part of AWS, but you 
just upload your code, and it just works. Okay,   moving on to opsworks. opsworks is a configuration 
management service. And it's going to help you the   management help you with the configuration of 
your instances, using either Chef or Puppet. So   those are just two different tools, developer 
tools that you can use to manually or sorry,   programmatically set up a server. So for, for 
chef, you're actually using Ruby, that's what   it's written in. And so you would define these 
things called recipes. And those recipes would   go out and set up things on your actual easy to 
server. So if you had to install dependencies,   or pull the code or do a bunch of other stuff, 
that's what those tools are going to do.

And   officeworks also has a concept called layers. 
So you can define your infrastructure as like   three tier or two tier layers. And so you could 
have like an application layer, a database layer   and networking layer. And it just makes things 
very clear. Okay. Moving on to cloud formation,   cloud formation is infrastructure as code. 
And so the idea here is that you are creating   a JSON or yamo file, and what you're going 
to do is you're going to define all of your   AWS resources that you want to provision and 
how exactly how you want to configure them,   you're going to upload that template and then 
it's going to set everything up for you in one   go.

Okay, so cloudformation is an extremely 
powerful provisioning tool. And so compared to   opsworks opsworks, has some limitations as to what 
it can do. So it can set up some things for you,   but cloudformation can do anything pretty much 
in AWS. Okay, so it is the most complex option,   but it is also the most flexible option in our 
provisioning tool set here. Moving on to Eva's   quickstarts. These are just pre made packages, 
which actually are just cloudformation templates.   And they are created by AWS or with AWS third 
party providers through the APN network, okay,   and so, they are going to have these pre packaged 
templates for a variety of different things. And   we do cover quick sidebar. quickstart in more 
detail here in this course. But the idea is like,   let's say you wanted to get started with ml, 
you'd go to the ML category, and there would be   a bunch of premade configured cloudformation 
templates and you just launched one.

Okay,   so you'd have to take a look to see what there is 
there. But it is a provisioning tool. Moving on to   80 of us marketplace, this is a digital catalog 
of 1000s of software listings from independent   software vendors, where you can find by test 
and deploy software. Okay, and so, generally,   you're gonna be using the marketplace to buy 
managed EC two instances. So let's say you needed   to set up a WordPress, you could go into the Ava's 
marketplace and find an ami, for wit, WordPress,   so one that is very popular is by bitnami. And 
so the advantage here is that it's just pre   configured for you. And maybe it has additional 
security hardening. And so you would pay a monthly   subscription to use that.

Okay, so those are all 
of our provisioning options on AWS. Hey, this is   Andrew Brown from exam Pro. And we are looking at 
computing services on AWS, starting with geesey,   which stands for elastic Compute Cloud. And you 
can see that I've made a division there. And   that's just to emphasize how important EC two is. 
And the fact that basically, every service under   the hood is using EC two. So no matter what you're 
using, whether it's a lambda RDS, or redshift,   they're all running on EC two instances, they're 
just what might be abstracted away from you,   because eight of us is managing those EC two 
instances. Okay. And so what is EC two? Well,   it's a highly configurable server, where you get 
to choose your CPU, memory network and operating   system. Okay, so now moving on to the other 
computing services, we have ECS, which stands for   elastic container service.

And this is basically 
Docker as a service. So if you need to run micro   services, or a, a dockerized, application, you're 
going to be launching it on ECS. So with ECS,   what you would do is you would just choose the 
type of easy to instance you you want. And that   easy to instance will come pre configured with 
Docker running on it. And then it has a really   nice interface, so that you would just define 
your containers within something called a task   or a service, and then you would just run them on 
ECS. Okay, next on this list, you have fargate.   And this is also for micro services.

And this is 
kind of like the evolution of ECS. So, with ECS,   you choose what easy to instance, you, you need 
to use fargate, you don't choose easy to instance,   you just would define your, your containers within 
a task or service. And you would just tell them   to run and AWS would just have it run, okay. And 
so the difference here is that you aren't paying   for the EC two instance, you're just paying 
for the runtime and the CPU utilized. Okay,   so it's kind of like lambdas, where you're 
just paying for the time performed and the   resources used. Okay, moving on to Eks, which is 
Kubernetes as a service. And so if you've never   heard of Kubernetes, it's becoming the de facto 
standard for micro services within the industry.   And so since it's so important, AWS has decided 
that it needs to have a service to run Kubernetes   and it's called Eks.

Okay, so it gives you all the 
benefits of ECS. That allows you to run the open   source Kubernetes. Okay. And again, this is just 
for micro services, moving on to lambda lambda,   lets you run serverless functions. So the idea 
here is that it you just upload your code in the   form of function, and it just runs, you don't have 
to think about the servers, there's nothing to   provision everything is taken care of for you. 
And you are just paying for the compute time   based on how long it runs. Okay, so that's all 
there is with lambda. Okay, moving on to Elastic   Beanstalk. And so Matt blastic, beanstalk is going 
to orchestrate a various amounts of Eva services   for you.

So the idea is it will set up up to s3, 
SNS, cloudwatch RDS, load balancers, whatever you   need to run your web application. And the idea 
behind Elastic Beanstalk, it allows you to set up   developer environments, that's what it's intended 
for. It's not really for production use. So the   idea is like, let's say you're a developer, and 
you have a web app. And it's running on Ruby on   Rails, or Django, or love rail, and you just want 
to get it running. But you don't want to have to   think about all the services you have to set up. 
You just upload your code to Elastic Beanstalk,   it would do the rest for you. So that's all there 
is there to that service. And it really just is   using EC two again, so it's just going to set up 
EC two instances for you, but you just don't have   to worry about it. Moving on to AWS batch.

So Avis 
batch, as the name implies for batch processing,   so you can plan schedule and execute your batch 
computing workloads across the full range of Eva's   compute services and features. And so what it's 
doing is it's just launching EC two instances   for you using spot pricing so that you can save 
a lot of money. So there you go, that is all the   computing services, you need to know. Hey, this 
is Angie brown and exam Pro. And on AWS, we have   a variety of different storage services that are 
available to us. So let's quickly go through them.   So the first one on our list here is s3, which 
stands for simple storage service. And it's an   object store, I like to think of it as a hard 
drive in the cloud, where I don't have to think   about the actual hard drive, I can just upload 
files, and I don't have to worry about running out   of space, because there's unlimited space.

So it 
really is a no brainer, okay. And then you have s3   Glacier. And so it's like s3, but it's extremely 
inexpensive. But the trade off here is that you   have to be okay with waiting for several minutes 
up to hours to access those files. And when you   do access those files, there is a retrieval 
cost. So it is a really good use case for large   enterprises who have lots of sensitive data. But 
they have to hold on to it for seven to 10 years,   but they're very unlikely to actually ever look at 
that data. Okay, so that's where s3 Glacier comes   in. Then you have storage gateway. And so I like 
to think of storage gateway as an extension of   your on premise storage into the cloud. You could 
also use storage gateway as a backup solution. So   for your local storage, you would just back 
it up onto s3 there. Okay. And so basically,   storage gateway is a hybrid solution for on prem 
to cloud for storage. And then you have EBS,   which stands for elastic block store. And this is 
essentially a virtual hard drive in the cloud that   you can attach to EC two instances, and you get 
to choose what kind of hard drive you want it to   be.

Okay, so if you want it to be a solid state 
drive, which are optimized for higher I ops and   better throughput, or you could use an H HD, which 
is going to be more inexpensive solution, okay.   And then you have Fs, which stands for elastic 
file store, and it is a file storage solution.   So it's like having a file system that you're 
able to mount to multiple EC two instances at   the same time. Whereas with elastic block store, 
you're only able to attach that to one EC two. So   that is a huge advantage there. Okay. All right. 
And so now we're looking at snowball, and it   is a way of moving a lot of data around very 
quickly from your on premise network into AWS,   or vice versa.

So let's say you have terabytes 
worth of data, uploading that directly to this   would be extremely slow and painful. So what it 
goes will do is you order a snowball, they'll send   it to you, it's basically a computer in the form 
of a suitcase with a lot of hard drives in it. And   what you're going to do is you're going to quickly 
load your data onto that snowball, and then it's   going to be delivered to AWS directly into s3, 
okay. And then we have snowball edge, which   happens just to be like a snowball with additional 
features, and more storage so that it actually can   also process data as it's being inserted into the 
snowball. Okay, and then on last on our list here   is snowmobile, which is super cool. And it 
allows you to move petabytes worth of data.   So it's actually just a giant cargo container or 
shipping container on a semi trailer truck. Okay,   so it's basically like a data center on wheels. 
So AWS will drive it to your on premise, location,   and you're going to basically just hook up to 
that, and you're going to move all of your data   onto there, and then it's going to be driven back 
to AWS and then loaded into s3.

So there you go,   that is the storage services on AWS. Hey, this is 
Andrew Brown from exam Pro, and we are looking at   business centric services. So starting at the 
top of our list here, we have Amazon Connect,   which is a cloud based call center service, you 
can set up in just a few clicks, and based on   the same proven system used by amazon customer 
service teams, okay. So what you can do with   Amazon Connect is you can accept inbound, inbound 
calls and dial outbound, you can record your calls   and then store them into s3. So maybe you could 
then run them for analysis maybe through Amazon   comprehend or something like that. And you can 
also set up workflows within Amazon Connect. So if   you want to route a call based on a set of rules, 
you can definitely do that there. Next on our   list here is workspaces, which just boils down to 
being a virtual Remote Desktop.

So secure managed   services for provisioning either Windows or Linux 
desktops in just a few minutes, which quickly   scales up to 1000s of desktops. So you just would 
have bring your own license and you'd be able to   spin up a Windows 10 server that you can now log 
in from the convenience of your AWS account. Okay,   then we have worked docs, which is a content 
creation collaboration service, easily create,   edit and share content, save centrally AWS. So 
this is a this is version of SharePoint, then   you have chimes. So this is a service platform 
for online meetings, video conferencing and   business call business calling which elastically 
scales to meet your capacity needs. So chime here   is like, it's like having slack and also Skype. 
Okay. Now we're on to work mail. And this is just   managed business, emails, Contacts and Calendar 
service, which supports for existing desktop and   mobile email client applications.

So this is just 
Gmail for but like on AWS, then you have pinpoint.   So this is for marketing campaign management 
systems, you can use for sending targeted emails,   SMS push notifications, and voice messages. So 
we actually use pinpoint here at exam pro to   send out our campaign emails. So here, you can 
import a bunch of contacts, create campaigns,   and do like a B testing on your your emails. Okay, 
so that's a useful tool there.

Then you have FCS   simple email service. And this is a cloud based 
email sending service doesn't a for marketers,   and application developers who send marketing 
notification in emails. So we just had mentioned   pinpoint, which is for marketing campaign 
management system. And this can send emails   but FCS is more for like when you are building 
your web application, and you want to send out   emails from that application. So let's say you 
had someone who registered on your platform,   and you want to send them a confirmation email, 
you send them out through FCS and FCS supports,   HTML emails.

So there's another service called 
SNS, which also can send emails, but that can   only send plain text. So that's why ICS is more 
designed for marketers because it has that HTML   component. And last on our list is quick sight. 
And this is a business intelligence service. And   so the idea here is you can connect multiple data 
sources and quickly visualize data in the form of   graphs, little to no programming knowledge, 
okay, so you can connect a data from s3,   you're probably Aurora and RDS. And you just click 
it. And then with a bunch of other clicks, you now   have these beautiful graphs, okay. And I believe 
that there's also like an ml component and quick   site. So there's a lot of cool things you can do 
there. And you can also share those visualizations   in the form of dashboards to other people.

So there you go. Those are the business centric   services. Hey, this is Andrew Brown from exam Pro, 
and we are looking at enterprise integration. This   is all about going hybrid, bringing your on prem 
and your cannabis network together. Okay. So the   first service we're gonna look at here is direct 
connect. And this is a dedicated a gigabit network   connection from your on premise to AWS. So imagine 
having a direct fiber optic cable running straight   to AWS. So it's a really good way of having low 
latency and a dedicated connection. Okay. The next   thing is VPN. So the idea here is that you can 
establish a secure connection to your network. And   we have two ways of doing this. We have site to 
site VPN and client VPN. So site to site is when   you are connecting on prem to your network, and 
you have client VPN.

So imagine you have someone   that works for you. Maybe they are maybe they work 
from home and they have a laptop and you just want   to connect them to your network. Okay, then you 
have storage gateway. So this is a hybrid storage   service that enables your on prem applications 
to use Eva's Cloud Storage. I always think of it   as extending your hard your on prem hard drives 
onto AWS. So this can be also used for backing   up and archiving, disaster recovery, cloud data 
processing, storage tiering and migration. Okay,   and then down below, we have Active Directory. 
So we have a directory service for Microsoft   Active Directory, also known as Eva's managed 
Microsoft ad.

And this enables your directory   where workloads and Amos resources to use manage 
Active Directory in the cloud. Alright, so I know   that last one was pretty boring. But if you are 
using Active Directory, there are definitely ways   to integrate that on AWS. Hey, this is Daniel 
brown from exam Pro. And we are looking at two   logging services. Here we have cloud trail 
and cloud watch, starting with cloud trail,   it logs all API calls, generally via the SDK or 
AWS COI between Ada services.

So this is a really   good service to determine who we should blame for 
something. So if you wanted to say who created   this bucket, who spun up that expensive easy to 
instance, who launched the sage maker notebook,   that's where cloud trail is going to come 
into play. And so some of the other use cases   here is that we can use it to detect developer 
misconfiguration, which we just talked about,   but we could also use it to detect malicious 
actors. So someone got into our account,   cloud trail is going to maybe give us an idea 
What is going on? And then we could also automate   responses. So maybe every time someone created 
a bucket, you wanted to trigger something. And   so that is something that we could do maybe with 
cloudwatch events using cloud trail. Okay. So now   on to cloud watch. So Cloud watch is a collection 
of multiple services. But generally, when people   say cloudwatch, we're talking about cloud watch 
logs. And all the other cloud watch services are   really based off of logs.

Okay? So Cloud watch 
logs is just a durable storage solution for your   logs. And so logs could be performance data about 
your database services, such as CPU utilization,   memory, or network in, you could also store your 
application logs here. So if you are running Ruby   on Rails, you could send the logs there or nginx. 
Just as that as well. Or let's say you're using   lambda lambda, you would, you can put within your 
functions, a lot of console log calls. And so that   would then pass that on to cloud watch. And that 
is just in itself, application logs for lambdas.   Okay, and so moving on to the other cloud watch 
services, we have metrics, and they represent a   time ordered set of data points. And so you want 
to think of cloudwatch metrics as a variable to   monitor.

And if that's still confusing, just think 
of it as like taking data from Cloud watch logs   and turning it into a graph, okay, then you have a 
cloud watch events. And this allows you to trigger   an event based on a condition so when, when you 
have logged data, or you can trigger based off of   a metric, or other other kinds of rules. But like, 
the most common thing you might use cloudwatch   events for is, let's say, every hour, you want 
to take a snapshot of your elastic block store,   like the volume that is attached to your 
server, you can do that with cloudwatch events,   then you have cloud watch alarms, and these 
trigger notifications based on a metric. And   so you would specify a threshold and when that 
threshold is breached, that alarm gets triggered,   and then it would send you an email or a 
text message however you specify, okay,   then you have cloud watch dashboards. And this 
just creates visualizations based off of metrics.   So when I said earlier that metrics, you can think 
of them as graphs, that's exactly what they are.   And so you could take those graphs, and then put 
them onto a dashboard.

So you could represent   a lot of data at a glance. So there you go, 
those are the two logging services in AWS. Hey,   this is Andrew Brown from exam Pro, and we're 
looking at know your initialisms. And so there's a   lot of ad bus services and some other things that 
are represented by these short form of initials.   And the reason why it's good to know these is 
that on the exam, if they were to just give you   the full name of the service, it might give away 
the answers. So they might use the initialized   version. Okay, so if you had a question about 
sending emails, and one of the options was sex,   and you knew that he sued for email, that's a dead 
giveaway of what the correct answer is, it's also   just going to help you comprehend things a lot 
faster, if every time you see auto scaling groups,   you just think as G because in your mind, you're 
going to read that a lot quicker.

Okay. So we do   have a lot of initialisms here, and four services. 
But there's also some things such as Tam, which   is actually a type of person that gets assigned 
your account. Or we have IoT, which is just a more   generic tech technology term, which stands for 
Internet of Things. Okay, so there just are a lot   of things on here. And these are the most common 
ones that I could think of. And so I figured,   you know, you should study up on these and just 
make sure you are familiar with them, okay. Hey,   this is Andrew Brown from exam Pro. And we're 
looking at the shared responsibility model.   And this is going to deal with security of an in 
the cloud. So when we're talking about customers,   they are responsible for security in the cloud. 
So what does that mean? Well, whatever data you   put on AWS, you are responsible for it. So if you 
do not secure it, that is your fault.

Or if you   do not turn on monitoring services to monitor 
sensitive data, that's going to be your fault   as well. Or there's a variety of different Ada 
services that you can use, and it's up to you to   configure them. So if there is a misconfiguration, 
that fault is going to be with you. Okay, so those   are your responsibilities. Then we have AWS and so 
AWS is has is responsible for the security of the   cloud. So the hardware, the operations of managed 
services, and the global infrastructure, okay,   so all the things that you can't touch is what AWS 
is responsible for. And so this is actually just a   pared down version of the shared responsibility 
model. The full one actually looks like this.   Okay, and so you can just see that there's a 
lot more information here. So for the customer,   we got customer data platforms application 
on As the network the fire configuration,   client side dating encryption, server side 
encryption network traffic protection,   and on AWS we have software and hardware rights 
over the software, you have your compute your   storage, your database, your networking, if your 
hardware you have an Davis global infrastructure,   you have the regions and the edge locations.

so I mean, this is the full list, but really, you   just need to remember, again, for the customer, 
it's dating configuration for AWS, its global   infrastructure and hardware. Okay. Hey, this is 
Angie brown from exam Pro, and we are looking at   ETS compliance program. So what is a compliance 
program? It's a set of internal policies and   procedures of a company to comply with laws, rules 
and regulations or to uphold business reputation,   okay. And so we have a bunch of these cool looking 
badges. And the idea here is that if you need to   conform to one of these compliance programs, 
eatables has a big list of them. So it makes   it easier for you to adopt cloud computing.

that I want to point out is HIPAA and PCI. So so   for HIPAA that is the Health Insurance Portability 
and Accountability Act of the United States, and   is a legislative legislation that provides data 
privacy and security provisions for safeguarding   medical information. So if your hospital you're 
going to want to be HIPAA compliant, okay? And   then you have PCI DSS and so this is the Payment 
Card Industry data security standard. So when you   want to sell things online, and you need to handle 
credit card information, you're going to want to   be PCI compliant, okay? And there's a variety of 
compliance programs, this is not the full list,   but just to give you a taste of what that is, 
okay? Alright, so I just hopped over here to the   AWS website, because I just wanted to show you the 
full range of compliance programs that AWS has,   and if you had to find out if they had some kind 
of compliance program, how to investigate that.   So here I am, you can see we have a bunch of 
different logos more than what I was showing   you prior there.

And you can see that there are 
offerings in multiple countries. So if we just   scroll down here, you can see there's a lot for 
the US. We even have some here for Canada, okay,   which is where I am, Asia, Pacific Europe. Okay, 
so there is a variety of things there. All right.   Now, if you wanted to find a little bit more about 
any of these certifications, if you just click   into them, they'll tell you what it's for. And a 
lot of additional information, okay. So there is   a considerable amount of information here.

So when 
you do need to explore a bit more about compliance   programs, definitely check this out. Now actually 
getting access to the reports for how AWS meets   those compliances is another story. And so 
that's what we're going to look at next, which is   at this artifact, okay? Hey, this is Andrew Brown 
from exam Pro, and we are looking at a database   artifact. And the purpose of this service is to 
really help us determine whether a database is   meeting a compliance program, because just because 
they have the logo on their website, doesn't   necessarily mean that they are compliant, you 
need to prove that via a very long checklist and   explain how you are meeting those, all those rules 
within a compliance program. So if you wanted to   get access to that, you actually have to go into 
a bit of a roundabout way. And so 80 of us has   made a service in order to generate out the report 
that shows that they're compliant. So what you do   is you would go into at this artifact, you would 
choose the package, or artifact you're looking   to get, it's going to generate out a PDF, and 
then within that PDF, you have to click a link,   which will then get you the actual files that 
you that you are seeking.

Okay, so that's what   Eva's artifact is, and I'm going to show you how 
to generate an artifact and get to those files.   Alright, so in this follow along here, I'm going 
to show you how to use AWS artifacts so that you   can get access to a compliance report. So what I 
want you to do is go to the top here to services,   and we will type in artifact, like remember how to 
spell it here. We just type in art. There we go.   And so now in artifact, we're going to get a huge 
list of all the possible compliance programs that   AWS has. And so what we'll do is we'll just look 
for one so since I'm in Canada, let's look for   the Canada GC partner package. And what you'll do 
is you'll hit get this artifact, okay, and you'll   be presented with a bunch of information. And what 
we'll do is you should probably read it and then   once you've read it, check that box there and say 
accept and download and what that what's that that   is going to do is it's going to download this PDF 

So in order for you to access to files   within this PDF, you're going to have to make 
sure you have Adobe Acrobat Reader installed,   because it will not work with any other reader. 
If you're on a Mac like I'm on right now, if you   open it up in preview, it's not going to allow you 
to download those files. But I'm going to open up   Adobe Acrobat, and we're going to give this a go. 
Alright, so I have this document opened up here in   Adobe Acrobat Reader. And it even tells you right 
off the bat, open the artifact using Adobe Acrobat   Reader. Other PDF readers are not supported.

So now that we have this open, what we have to do   is follow the instructions. So this is click the 
paperclip paperclip icon in the top left corner,   so which is up here, okay, and then what it's 
going to tell you is a double click the file   you'd like to open. So there could be a variety 
of different files in here. It could be PDFs,   or csds, or excels. But we'll just go ahead and 
just double click this one here. And so now we   actually have access to even more content. So now 
we have an XLS. So here, I guess it's just kind of   a summary of what's going on. And then, within 
this XLS file is the file that we're actually   trying to get to. So we're gonna go ahead and open 
this file. Okay. And here's that file open there.   And so, you know, this is what we're looking 
for, you can see it's a very long file. Okay,   so the, these documents are gonna vary based 
on each compliance program, because they're   all different.

But this is that one. And this is 
the file that you are trying to get to that proves   that AWS is meeting this compliance program. So 
there you go. Hey, this is Andrew Brown from exam   Pro. And we are looking at Amazon inspector. 
And the question we are asking here is how do   we prove an EC two instance is harden? And so 
to really understand that question, we need to   know what a hardening is. And so hardening is 
the act of eliminating as many security risks   as possible. Okay. And so that is what Eva's 
inspector is helping you do. So Avis inspector   runs a security benchmark against specific EC two 

So you choose which ones you want. And   you can run a variety of security benchmarks. 
Okay. And so it can run both a network and host   assessment. So for network, it's checking to see 
if you're, if any ports are open, and if they're   reachable to the internet. And then the host is 
actually checking the actual OS, and any of the   applications there, based on the benchmark or 
security best practices that you choose, okay.   So the way inspector works is that it's going 
to install the agent on your EC two instance,   which just does this, I believe through a run 
command, then it's going to run an assessment   for your assessment target. And then it's going 
to, then you get to review your findings and   remediate those security issues. Okay. And so 
one very popular security benchmark is the CIS,   which stands for center of internet security. And 
they have over 699 checks. And that's what we are   going to be using through our follow along. So 
let's get to that. Hey, this danger brown from   exam Pro. And we are looking at AWS whap, 
which stands for web application firewall,   and it's going to protect us, or specifically our 
web application from common web exploits.

Okay,   so the idea here is you're going to write your 
own rules that are either going to allow or deny   traffic based on the contents of an HTTP request. 
And if you didn't want to create your own rules,   and you wanted to just use one from a trusted 
Eva security partner, you could purchase one very   cheaply in the at best laugh rules marketplace. 
And so they call it a rule set, because it's a   bunch of rules included. And generally, those rule 
sets will protect you against the a wasp top 10,   which are the most dangerous attacks for web 
applications. And so whether it's SQL injection,   or cross site scripting, or a host of other ones, 
again, those rule sets are easy to purchase and   protect you against everything. Now, in order to 
use laugh, it has to be attached either in front   of CloudFront, or an application load balancer. 
And so there you go, that is all you need to know   for a nervous laugh. Hey, this is Andrew Brown 
from exam Pro.

And we are looking at AWS shield,   which is a managed DDoS protection service that 
safeguards applications running on AWS. So just to   understand what the offering for the services, we 
need to know what a DDoS attack is, which stands   for distributed denial of service and this is 
a malicious attempt to disrupt normal traffic   by flooding a website with a large amount of fake 
traffic, okay. And so, in order to use a shield,   it's actually already turned on for you, and 
it's given to all eight of us customers. at no   additional charge at least the shield standard 
is and So, in order to take advantage of shield,   you just have to make sure that you are routing 
your traffic through rough d3 or through cloud   front. Okay? Now I said that there is a paid tier 
and that is shield advanced. Okay, so for shield a   standard, this is going to protect you against the 
most common DDoS attacks, and it's already turned   on automatically for you.

And it's available for 
a lot of different database services. And then   you have shield advanced, which cost $3,000 per 
year and you have to pay that upfront, I believe   are these you have to make the commitment to pay 
that. And this is going to protect you against   additional types of attacks, larger attacks, 
more sophisticated attacks, okay, and it's also   going to give you visibility into those attacks, I 
believe you get like a dashboard. And you also get   24 seven access to some DDoS experts. For those 
complex cases, I myself have experienced DDoS and   have paid for such a services shield advanced, 
so I can definitely understand the value there.   And it's only available for a limited amount of 
services. So it'd be for roughly three CloudFront   lb their global accelerator and putting things in 
front of or on to tip there.

Okay, so that's all   there is there. And I probably will just go to the 
website and just pull up the big comparison so we   can take a quick look through it. Alright, so I've 
hopped over here to the AWS website to give you   a comparison between shield standard and shield 
advance. And so as we saw earlier, shield standard   is turned on for all AWS services, where shield 
advanced, it's going to have the same coverages   of standard but have additional functionality for 
these specific AWS services. Okay, so if we just   scroll down here, you see we have a nice large 
comparison, the most important thing to note is   that shield advance is for mitigating large, DDoS 

So if someone is specifically targeting   you, and sending a lot of traffic your way, you're 
going to want to pay for shield advance. Okay?   Another thing about shield advanced is that we get 
that visibility reporting, so we're gonna get a   lot more information as to the nature of these 
attacks, we're going to have response team and   support. So we're going to be able to talk to 
people to work through that problem. And then   we're also going to get DDoS cost protection, 
okay, so this is going to make sure because we're   getting a lot of traffic's going to be hitting 
the servers that roughly three CloudFront EOB.   And if you have a lot of traffic that would 
cause you to spend a lot of money.

So AWS   gives you these guarantees that you're not going 
to be going overboard and cloths. Okay, so yeah,   that's the stuff I wanted to highlight there for 
advanced. Yeah, there we go. Hey, this is Andrew   Brown from exam Pro. And we are looking at the 
concept of penetration testing. And so it's pen   testing for short. So what is pen testing? It's 
an authorized simulated cyber attack on a computer   system performed to evaluate the security of the 
system. So the question here is, can you perform   pen tests on AWS? And the answer is yes, there 
are some limitations around it.

And there are   some prohibited activities. But you can definitely 
do pen testing on AWS, AWS. So there are eight   services you are permitted to do pen testing on. 
So you have you see two instances, Nat gateways   and lbs, you have RDS, you have CloudFront, you 
have Aurora, you have API gateway, you have Eva's   lambda and lambda edge, you have lightsail 
resources, which are just using a variety   of other services underneath such as EC two, and 
then you have Elastic Beanstalk. So those are   the eight permitted services. And then you have 
prohibited activities. So you definitely cannot   perform DDoS attacks, you can't do port flooding, 
you can't do protocol flooding, you can't do   request flooding, anything of the flooding nature, 
okay, and you cannot do DNS zone walking. So   there's that now if there's something else that 
you wanted to do, I need us to run a simulated   cyber attack or test, you can submit a request to 
AWS and they will reply up to seven days to say   whether you are allowed to do so or not a year or 
so ago pentesting wasn't allowed at all on AWS.

So   they have definitely opened this up. So you can do 
a lot more stuff here. And just be aware that yes,   you can do pen testing on AWS. Hey, this is 
Andrew Brown from exam Pro, and we are looking   at Amazon guard duty and so the question I want 
to pose to you is how do we detect if someone is   attempting to gain access to our AWS account or 
resources, and that's where Amazon guard duty is   going to come into play. So guard duty is a threat 
detection service that continuously monitors for   malicious suspicious activity and unauthorized 
behavior. It uses machine learning to analyze   the following 80 plus logs so you have cloud trail 
logs, your VPC flow logs and your DNS logs.

Okay,   and it will alert you of findings which you can 
automate an incident response via cloud watch   events or with a third party services. And 
just to add a bit of additional information,   if you've ever heard of an IDS or an IPS, those 
stands for intrusion detection systems and   intrusion protection system. And that is a device 
or software application that monitors and network   or systems for malicious activity or policy 
violations. So that's what Amazon guard duty is.   It's an IDS IPS for AWS. Okay. Alright, so I just 
wanted to quickly show you what findings look like   in guard duty. So I have guardi turned on, and 
I have a few EC two instances that are launched,   which are just in public v PCs with with very 
exposed security groups.

And you can see right   away that people are already trying to SSH 
brute force into my instances, because if you   do have instances that are public facing with SSH, 
where you do not restrict the IP to only your IP,   you're very likely to see a brute force attacks. 
But you can see here it describes what, what the   finding is, and a bunch of additional information 
about this attack here. So yeah, there you go.   That's just a guard up there. Okay, this is Andrew 
Brown from exam Pro. And we are looking at key   management service, also known as kms. And it is 
a managed service that makes it easy for you to   create and control encryption keys used to encrypt 
your data. And there's three things I want you to   know about kms. And that is it's a multi tenant 

HSM stands for hardware security module,   and this is a piece of hardware that's at the AWS 
data center. I mean, there's lots of them. But   this piece of hardware is specifically designed 
for storing keys within memory. So they're never   written to disk. And that piece of hardware is 
extremely secure. It's multi tenant in the sense   that there's other customers that are utilizing 
that same piece of hardware, and you all are   virtually isolated from each other via software. 
Okay. And the other two points I want you to know   is that many Eva services integrate with kms 
to encrypt your data with a simple checkbox. So   in this screenshot here, we have RDS where we're 
enabling encryption, and that is using kms. Okay,   so a lot of services have that checkbox, and 
then you just choose the key from kms.

And kms   uses envelope encryption. Okay, and so envelope 
encryption, we have an example down below, on the   idea here is you might have a you have a key that 
encrypts your data, but what is going to protect   your data key from from being encrypted. Okay, so 
that's what we're doing is that we're encrypting   the key that we use to encrypt our data with 
and that's why it's called envelope encryption.   Because it's like putting your key within an 
envelope so people can't see that key. Alright.   And yeah, that is kms. Hey, this is Angie brown 
from exam Pro. And we're looking at Amazon Macy,   which is a fully managed service that continuously 
monitors s3 data access activity for anomalies,   and generates detailed alerts when it detects 
risks of unauthorized access or inadvertently data   leaks. So that was a very long sentence. So if you 
weren't following along, I wasn't either.

So just   to reiterate, Amazon may see it, the idea is here 
is that you put data in your s3 bucket. And that   data can be it could be sensitive data, such 
as credit card numbers, or personally identify   identifiable information, or it could be health 
record information. And so what Amazon Macy does,   using the power of machine learning, and also 
analyzing your cloud trail logs, it's going to   detect that sense of data and whether that data 
has a risk of being compromised or exposed. Okay,   so if you put a file full of credit cards in plain 
text, and you upload it to your s3 bucket, Amazon   is gonna say, Hey, we found some credit cards, and 
it's plain text, you should probably I don't know,   encrypt this and and archive it and make sure 
nobody has access to it. Okay. So that's the   role of Amazon Macy.

Now, Macy has a variety 
of alerts. And this kind of gives you an idea,   the kind of things that can detect so ransomware 
someone trying to lock you out your data and make   you pay for it privilege escalation for someone 
trying to get access to stuff that they're not   supposed to, at the entity enumeration somebody 
that is trying to enumerate over the list of   stuff that you have to figure out what they can 
steal information loss, if you've lost data,   credit credentials loss.

So if you have stored 
credentials there, and they were lost. So there's   a bunch of alerts that it can alert you on. The 
other thing that it can do is it will identify   your most at risk users, which could lead to 
a compromise. Okay, so if you have someone on   your team, and you know, they're just having very 
poor practices and access to sensitive files very   often, they're going to rank it based on this. 
These badges, okay. And it's funny because you   think bronze would be the worst user, but Platinum 
is actually the worst user. So the nicer the badge   is the worse this user is. You got to give them 
that attention. Okay. But anyway, that is what   Amazon may see is, Hey, this is Angie brown from 
exam Pro, and we are looking at security groups   versus a knackles. Okay, and so these are both 
used to act as firewalls within your VPC. But the   utility of these are slightly different. Okay, so 
just knowing the difference here is a good thing   to cover, especially when we are in the security 
section here.

So looking at security groups, they   act as a firewall at the instance level, whereas 
knackles act as a firewall at the sub net level.   So in that diagram, you can see that all those 
instances are contained within a security group,   and they can span multiple subnets. Whereas the 
knackles sit in front of the subnets. And they're   gonna control access in and out from subnets. 
Okay. Now, security groups implicitly deny all   traffic, and so you have to create allow rules 
to get access to things.

Okay. And so that's   both for inbound and outbound. Okay. So the 
idea is that if you wanted to open up Port 22,   so you could SSH into an instance, that's an allow 
rule you'd create on that security group. Now,   with knackles, you can allow an end deny rules, 
okay. But the real utility here with knackles,   is that you can block a specific IP address 
known for abuse, okay? Because you can have   deny rules. And you can say exactly, I want to 
deny exactly this IP address. So the reason you   can't do this with security groups is that because 
implicitly denies everything in order for you to,   to deny a single IP and allow everything else, 
imagine all the IP addresses in the world, right,   you'd have to create allow rules for everything 
for those IP addresses, and just exclude that   one IP address, which is like almost impossible. 
So for knackles, the best use case here is again,   block a specific IP address known for abuse.

so hopefully that helps you understand security   groups, versus knackles. And that's all we need 
to know here. Hey, this is Andrew Brown from exam   Pro. And we are looking at a universal VPN, which 
stands for virtual private network. And what this   service does is it lets you establish a secure 
and private tunnel from your network or device   to the AWS global network. And so it comes in two 
variations, we have site to site VPN and a client   VPN. So what is the difference here, so for site 
to site, this is where you securely connect on   premises networks, or a branch office to your 
AWS VPC. And then for the client VPN, this is   where you securely connect users to AWS, or on 
premise networks. Okay, so the idea here is that   you are for site to site, you're connecting an 
entire office, or network to AWS.

And the client   is just like, imagine you have some employees, and 
they have laptops, and they're, or they're working   from home, and you want them to connect them to 
the ADA bus network. That's what you're going   to be using. So just know that you can do that. 
And it is a private tunnel, and it is secure. And   that there are these two variations here. Hey, 
this is Andrew Brown from exam Pro. And we're   doing a bit of variation study.

And we're going 
to look at services that have cloud in the name   because I want you to know that even though they 
have similar names, they're completely different   services. And I just don't want you to get mixed 
up with these things. So we're going to learn   about all the services that start with cloud 
starting with cloud formation. cloud formation   is infrastructure as code. And it sets up services 
via templating scripts such as gamle, or Jason,   it is used for provisioning lots of resources on 
AWS. Okay, moving on to cloud trail, this is for   logging all API calls between Ada services. So 
I would say it's about who you can blame, okay,   then on to CloudFront. CloudFront, is a content 
distribution network creates a cached copy of your   website and copies that content to servers located 
near people trying to download your website, okay,   it's going to be using edge locations to do 
that. Then moving on to cloud watch, which is   a collection of multiple services, okay. And so 
starting with cloud watch logs, any custom data   or log data, so memory usage, rails logs, or nginx 
logs, then you have cloudwatch metrics.

And these   are metrics that are based off of the logs. I like 
to think of metrics as graphs, because that's how   they're represented. So it's like your log data. 
So like, if you want a memory usage graph over   time, that's cloud watch metrics, okay? Then you 
have cloud watch events. And this is triggers,   triggers an event based on a condition. So 
you could have a condition where every hour   it takes a snapshot of the server, and these 
can be based off of metrics or other log data,   okay? Then you have cloud watch alarms, and 
these trigger notifications based on metrics.   Then you have cloud watch dashboard, and this 
creates visualizations based on metrics. And the   last one here on our list is cloud search. It 
is a search engine, so Let's say you had an e   commerce website and you wanted to add a search 
bar to search across all products on your website.   Unlike just or just like, that's 
what you would use, okay? Hey, this is Andrew   Brown from exam Pro. And now I just want to cover 
services that have connect in the name.

Alright,   and so there are three services with Connect, 
they are totally all unrelated. But let's learn a   little bit about these three so we can distinguish 
them. Okay, so the first on our list is direct   connect. And it is a dedicated fiber optics 
connection from your data center to AWS. So this   is ideal for large enterprises that own their own 
data center. And they need to have insanely fast   connection directly to AWS. If you need to secure 
these connections, you can also apply a VPN,   it was VPN on top of direct connect. Okay, 
next is Amazon Connect. And this is basically   a call center in the cloud. So you get a toll free 
number, it can accept inbound and outbound calls,   and you can automate, automate like a phone system 
within it. Last on our list here is media Connect,   and it is the new version of elastic transcoder. 
It converts videos to different video types. So if   you have 1000 videos, and you need to transcode 
them into different video formats, then, or if   you had to apply like a watermark or insert in an 
introduction video, this is what you would use,   okay.

Hey, this is Andrew Brown from exam Pro, 
I just quickly want to do a comparison between   elastic transcoder and media convert the both 
these services transcode videos. So it's a little   bit confusing, but I'll just tell you a bit of the 
story here. So elastic transcoder is the old way   it was the first service that came out that could 
transcode videos into streaming formats, and you   have a video one format, and you want to turn it 
into another format.

And so eight of us came up   with another service called Eva's elemental media 
convert. And it is the new way of transcoding   videos. I don't know if they rebuilt it from 
scratch. But it has the exact same use case except   it has additional features that elastic transcoder 
cannot do. So you can overlay images, you can   insert video clips, you can do extracts for 
caption data, it has a much more robust UI. So at   one point, I believe that people were still using 
elastic transcoder because it just had better   integration with the AWS API, but I'm pretty sure 
media convert has caught up. And anytime you're   using elastic transcoder Avi bus is always 
telling you Hey, go use media convert, okay,   but elastic transcoder is still around, because 
I'm sure they have customers that are pretty much   used to it.

And these things are priced pretty 
much the same. Okay, so you're not going to really   save money by using elastic transcoder. But there 
is a comparison for you. Hey, this is Andrew Brown   from exam Pro. And I want to just do a quick match 
up here of SNS versus Sq s, because these are easy   services to get mixed up because they both have 
something to do with messaging. And they both are   used for application integration. So they connect 
apps together. So let's look at SNS first so SNS,   which stands for simple notification service it 
uses using pub sub, which is publisher subscriber   messaging model. And so with it, it passes along 
messages, whereas with simple queue service, it is   a messaging service, but it's all about queuing 
up messages. Okay, and so simple notification   service, it's just passing them along, whereas Sq 
s you can get a guaranteed of delivery, okay.

Now   going back to SNS, SNS sends notifications to 
subscribers of topics via multiple protocols.   So it can use HTTP email, it can also send it to 
Sq s, you can also send text messages, and it can   send to lambda, as well there which don't have 
listed, okay, whereas simple queue service, you   place messages in the queue and the and you have 
applications pull the queue using the AWS SDK. All   right back on the SNS. So SNS is generally used 
for sending plain text emails, I really got to   emphasize that because it cannot do HTML emails, 
which is triggered via other AWS services.

So   the best example is building alarm. So if you've 
ever had a building alarm and it's been triggered,   it's going to send you a plain text email. Okay, 
so that's the exact use case there. SNS does   have the ability to retry sending in the case for 
HTTPS. So that's when you are sending web hooks,   okay. So that there is some kind of retry 
functionality there. Now moving over to SQL, so   SQL can retain a message for up to 14 days. They 
can send them in sequential order or in parallel,   they can ensure only one message is sent, they can 
ensure messages are delivered at least once. Okay,   and so there's the comparison there and just the 
last part here, so SNS is really good for web   hooks. Simple internal emails are triggering 
lambda functions, and we have Sq S is really   good for delay tasks, and queuing up emails. 
All right, if you needed a comparison of other   similar services for SNS, if you've ever heard of 
pusher or pub nub, that is basically what SNS is.   And for Sq s, if you've ever heard of rabid mq 
or sidekicks, that's what Sq S is, there you go,   Hey, this is Andrew Brown from exam Pro, I want 
to do a comparison here between inspector and   trusted advisor, because both of these services 
have a security component involved in them.   And so they're easy to mix up.

Okay? So Amazon 
inspector is designed to audit easy two instances.   So you can audit a single instance or all the 
instances within your region. And, and so it   would run a script, which would then run against 
a security checklist, and it will come back and   report to you what checks have passed or failed. 
So there is one very popular benchmark by the CIS,   which will do 699 checks, okay. And the other 
side, we have trusted advisor and trusted advisor   doesn't generate PDF report, there probably is 
a way to export a CSV or something. But it's not   like something that is promoted with trusted 
advisor. But it gives you a holistic view of   recommendations across multiple service services 
and best practices. And so it has a whole section   on just security, okay, so it would tell you 
something like, Hey, you should really enable   MFA on your root account.

So inspector is really 
just about EC two instances and and making them   secure or hardened. And trusted advisor is all 
about multiple services and security practices,   okay. Hey, this is Andrew Brown from exam Pro, 
I just want to quickly cover the three different   types of load balancers. So you have an idea 
of their use case. So before application,   network load bouncer existed, all there was was 
elastic load bouncer, and now it's been renamed   to classic load balancer. And it basically does 
the job of both application network load bouncer,   but it has a way fewer features, and it works 
slightly different. Okay, so classic load   balancer does not use target groups. And it's 
intended for applications that were built with   the EC two classic network in mind, okay, so 
generally, you do not want to launch a classic   load balancer you, you still can, but you're 
going to want to use application and network load   balancer because they are specialized for their 
individual use case.

So for the application loads,   load balancer, it's working at layer seven, 
layer seven is the application layer. So it's   dealing with HTTP and HTTPS traffic. Okay. And so 
if you're running a web application, this is what   you're going to want to use. It has some advanced 
routing rules. So it allows you to get more   usability out of your load balancer. So prior to 
this, if you needed a load bouncer for subdomain,   you'd have to launch a load bouncer for each one. 
But now you with routing rules, you can route all   subdomains to the single load balancer and make 
sure that it goes to the right instances that you   want to target. Okay. And so with application load 
balancer, you are able to attach a laugh. Laugh   stands for web application firewall. And so since 
its application load balancer and web application   firewalls just for applications, it makes sense 
why you would be able to attach it, okay.

Now,   on to the network load balancer. This operates at 
layer four, which is the transport layer, and it's   dealing with IP protocol data. So this is where 
you are dealing with TCP and TLS traffic where   extreme performance is required. So think video 
games think real time. So think about handling   millions of requests per second will maintain 
ultra low latency, okay. It's also optimized   for sudden and volatile traffic patterns. So 
that is another advantage there. Okay. And   then all these load balancers, you can attach the 
Amazon certification manager so you can apply SSL   certificate so you have HTTPS traffic. Okay, so 
there you go. Hey, this is Andrew Brown from exam   Pro. I'm just gonna do a quick matchup of SNS vs 
FCS. And so these two services are easy to confuse   because they both send emails Okay, so let's learn 
the difference. So SNS, which stands for simple   notification service. It is really intended for 
practical use cases and internal use cases when   it comes to sending emails. All right. So with 
SNS you can send notifications to subscribers   of topics via multiple protocols, so we're not 
just limited to email, but we have HTTP email,   sq s SMS and we can also do lambdas.

on the other side, we have se s which stands for   simple email service. And this is really utilize 
for professional emails, marketing, emails, all   right. And so it basically is a cloud based email 
service. Have you ever heard of sendgrid that is   what FCS is All right. So going back to SNS, SNS 
is generally used for sending plain text emails,   which is triggered via other Ada services. The 
best example here is building alarms. Okay,   so if you ever had a billing alarm, and it's 
been triggered, it would send you an SMS plain   text email. It's an ugly email, but it does the 
job. Okay. over onto FCS FCS sends HTML emails,   and can also send play up plaintext emails, 
whereas SMS cannot do that. So SMS cannot send   HTML email. So if you want something that's going 
to look good, you're going to have to use sts sts   can also receive inbound emails, SMS can create 
email templates, you can use a custom domain name,   or domain name for your email, and you can monitor 
your email reputation. So there's a lot of other   stuff that is going on there with SEO.

As you can 
see, it's really optimized for emails. So yeah,   there you go. So that is the comparison there. 
Hey, this is Andrew Brown from exam Pro,   I just want to do a quick comparison between 
artifact and inspector. And the reason why   is that they both compile up PDF reports. So 
that is where some confusion can can happen.   So I just want to clarify the difference between 
these two services. So artifact is all about why   should enterprise trust at West. So does 
AWS meet specific compliance frameworks,   such as sock or PCI? And inspector is all 
about how do we know this easy to instance   is secure? Can you prove it? And so it runs a 
script that analyzes your EC two instance, and   then generates out a PDF report telling you which 
security checks have passed.

Okay, so that is the   difference between these two services, but just be 
aware that they both compile up PDFs. Hey, this is   Andrew Brown from exam Pro. And I congratulate you 
for making your way through the journey content.   And so now all that's left to do is to do some 
practice exam questions. And if you're scoring,   all right, that means you're ready to go book 
your exam, which I'll show you here in the next   section shortly. Okay, so there you go.

All right. 
So now it's time to book our exam. And it's always   a bit of a trick to actually find where this page 
is. So if you were to search at a certification   and go here, alright, and then maybe go to the 
training overview, and then click get started,   it's going to take you to at bis dot training, 
and this is where you're going to register to   take the exam. So in the top right corner, we are 
going to have to go ahead and go sign in. And I   already have an account. So I'm just going to go 
and login with my account there. So I'm just gonna   hit sign in there. Okay, and we're just going 
to have to provide our credentials here. So I'm   just going to go ahead and fill mine in.

And I 
will see you on the other side and just show you   the rest of it here. Alright, so now we are in the 
training and certification portal. So at the top,   we have a one stop training. And to get to booking 
our exam, we got to go to certification here. And   then we're going to have to go to our account. 
And we're going to be using the certain metrics,   third party service that actually manages the 
certifications. So we're going to go to our   certain metrics account here. And now we can go 
ahead and schedule our exam. So we're going to   schedule a new exam. And down below, we're going 
to get a full list of exams here. So it used to   just be psi. And so now they all have psi Pearson 
VUE, these are just a network of training centers   where you can actually go take and sit the exam, 
for the CCP, you can actually take it from home   now it's the only certification you can take from 
home, it is a monitored exam.

But for the rest,   they have to be done at a data center. And so I'm 
just going to show you how to book it either with   psi or a Pearson VUE here. And again, they have 
different data centers. So if you do not find a   data center in your area, I'll just go give 
Pearson VUE a look so that you can actually   go book that exam. So let's go take a look at 
an exam. So maybe we will book the professional   here. So I'm just going to open this in a tab and 
open that in a tab and we're going to review how   we can book it here through these two portals. So 
let's take a look at psi, this is the one I'm most   familiar with. Okay, because Pearson VUE wasn't 
here the last time I checked, but so here you   can see the duration and the confirmation number, 
you want to definitely make sure you're taking the   right exam. Sometimes there are similar exams like 
the old ones, that will be in here. So just be   100%. Sure, before you go ahead and do that and go 
and schedule your exam.

And so it's even telling   you that there is more than one available here and 
that's fine. So we'll just hit Continue. Okay. And   then from here, we're going to wait here and we're 
going to select our language, okay. And then we   get to choose our data centers. So the idea is you 
want to try to find a data center near you. So if   I typed in Toronto here, so we'll get sitting 
here like Toronto, I don't know why thinks I'm   over here. And I'm just going to hit Toronto here. 
And we're going to search for exam centers.

Okay,   and then we are going to have a bunch of over 
here. So the closest one in Toronto is up here.   So I'm gonna click one. Alright, and it's going 
to show me the available times that I can book. So   there's not a lot of times this week, generally 
you have to, it has to be like two, three days   ahead. Every time I booked exam, it's never been 
the next day. But here, we actually have one, it's   going to vary based on the test center that you 
have here. We're going to go ahead here and this   one only lets you do Wednesdays and Thursdays.

if we had the Thursday here at 5pm, okay, and then   we would choose that and we would continue. Okay, 
and then we would hit Continue again. Alright,   and so the booking has been created. And in order 
to finalize that, we just have to pay that it is   in USD dollars, okay. So you'd have to just go and 
fill that out. And once that's filled out and you   pay it, then you are ready to go sit that exam. So 
that's how we do with psi and then we're gonna go   take a look over at Pearson VUE. So I'm just gonna 
go ahead and clear this, because I'm not serious   about booking an exam right now. Okay, and we'll 
go take a look how we do it with Pearson VUE. So   here we are in the Pearson VUE section to book and 
you first need to choose your preferred language.   I'll choose English because that's what I'm most 
comfortable with.

And we're going to just hit next   here. And the next thing it's going to show us is 
the price and we will say schedule this exam. All   right. And now we can proceed to scheduling. Okay, 
so we'll just proceed to scheduling it's given   me a lot of supervillains often Alright, okay, 
hello, let's go. and here we can see locations   in Toronto. Okay, so here are test centres. And 
we do actually have a bit of variation here. So   you can see there are some different offerings, 
you might also see the same data center, so I can   choose this one here.

Okay, and it lets you select 
up to three to compare the availability. So sure,   we will select three, and we will hit next. Okay, 
we'll just wait a little bit here. All right.   Okay. Hello, let's go. And now we are just going 
to choose when we want to take that exam there.   So we do have the three options to compare. And so 
you know, just choose that 11 time, okay. And so   then we would see that information, and we could 
proceed to checkout. Hey, this is Andrew Brown   from exam Pro, and we are at the end here. So I 
hope you set your exam and you pass and when you   do I definitely want to hear your feedback. I do 
appreciate any kind of criticisms. You do have of   the the course curriculum here of any regards 
and definitely be sure to share with me your   success on social media, whether it's LinkedIn, 
Twitter, Instagram, I want to hear from you. Okay..

As found on YouTube

You May Also Like