Hey, this is Andrew Brown from exam Pro. And
cloud computing has now become one of the essential skills that you need to learn in order
to make it in the web development industry in AWS, Amazon Web Services is the most popular cloud
computing service used by startups. So this whole course is about getting AWS certified
for the certified cloud practitioner, which is the entry level certification. And the
idea here is that by getting the certification, you are going to be able to prove that you
can work with cloud computing, prove that you can work in AWS and you're gonna have a lot more
job opportunities available to you.
So you know, let's get to this and start learning about AWS.
Hey, this is Andrew Brown from exam Pro. And I'm going to try to answer all the questions you
might have about the CCP, which is known as the certified cloud practitioner to determine whether
it's the right certification for you. Okay, so the CCP is all about AWS foundational
knowledge. So what that means is that it can show that you know how to poke around and
you can use the service console and you know, the general offerings from AWS, it's like a lite
version of the solution architect associate, okay. But the CCP has some very unique offerings,
which no other certification on AWS has, which is they have a strong focus on billing and business
centric concepts. Okay. And that's why it's going to make a lot of sense why a lot of people
who tried to obtain the CCP are in sales and management because it's going to give them that
knowledge to help them inform VPS or CEOs, the reasons why to use AWS. Okay. Alright, so the next
thing you're probably going to ask me is, what value does the CCP hold? Well, it's not a Gilda
It can help superficially increase your a recertification count if that's something that
some companies care about. But it's not recognized as an important certification for developers
on resume. So if you think by getting the CCP, it's going to help you get a job, I probably won't
help too much. If you were a bootcamp grad, then it could be a good indicator that you're a little
bit familiar with AWS. So it can be okay in that one circumstance. But generally, for developers,
it's not going to help you too much. Alright, so maybe you're thinking so far? Hey, Andrew, this
doesn't sound that great. Why would I want to even bother getting this and you might be thinking
about skipping the CCP. But I'm going to tell you that that is not what you should do, you should
actually go get the CCP.
And why is that? Well, it's for a totally different reason. It's because
the CCP is going to help you build confidence. And it's a very easy one, because it's the easiest
certification. Because it's the most inexpensive certification, it's the perfect opportunity for
you to get comfortable for when you actually go take a real exam, okay, so the other exams, the
associates, and everything beyond that are very difficult. And you don't want that to be your
first certification you go for, because you're gonna go the exam center, you're going to be very
nervous or stressed out, or something's gonna go wrong. And so by taking the CCP and going to
the test center, you're going to learn your test center and learn how you have to be on time,
and the what the environments going to be like, okay, and that is the big value out of the CCP.
So that's why I want you to go after it. And also just some people day just to just prepare,
because they might get overwhelmed once they start with a solution architect associate.
And so it is a very easy way to ease into the associate certifications.
Alright, so let's
talk about study time, how much time do I have to put in to pass this exam. Now, if you are a
developer, so you're already working in industry, you can pass this in less than a week. If you're
a bootcamp grad, I'd say about 15 hours. So we're talking about a week and a half of study. And if
you're in sales and management, you probably don't have a lot of developer experience, or with a
cloud infrastructure. So we're looking at 20 hours of study, but the thing is, is that you
can, you know, book this exam a week ahead and use this course and you will pass because it is a
very easy certification, and it's not a huge time requirement. Okay, so that just gives you kind of
an idea of the time you need to put in. Alright, so when it comes time to take this exam, you're
going to have to go to a test center, which is partnered with AWS, and there are two test center
networks, we have psi and Pearson VUE.
And so before the only way you can take this exam, you
had to go in person to a test center. But now that Pearson VUE is part of AWS as its offering the
exam through their network, Pearson VUE is known for their proctored exams. So what is the proctor
exam that's when you have someone that who is supervising or monitoring your examination and
specifically for online Okay, so what that means is that you can sign up and schedule an online
exam and through a web camera and if you You would just take the exam and somebody would watch you to
make sure that you're not cheating. Okay. So now it's even easier to get a VA certified because you
can take this at the convenience of your own home. But I would strongly recommend that you take it at
an in person test center, if there is one nearby, just because when you go for this harder
certifications, they may not offer proctored exams.
And so I at this point, I recommend that
you try to go to a test center. But if you just want to get even certified, and you're really
excited, definitely go take it online. Alright, and now we just have some remaining questions
here. So what does it cost to take this exam, it's $100 USD is the most inexpensive eight have
a certification, it's going to take 90 minutes, that's the time that you're allocated during the
the exam, it doesn't actually take that long, you could probably get it done in under an hour
it again, it's not a very hard certification. But I do recommend that when you go to the exam,
you maximize all of your time and review your questions. Because it is a very good habit to get
into when you take exams, there are 65 questions, the passing score is 70%. I think that actually
is a hard number. With all the other exams, it's kind of a floating number. So it's never
exactly that amount.
But I'm pretty sure for the cloud practitioner, if you get over 70%, you
are going to pass, okay. And then when you get the certification, it's going to be valid for three
years. So it's going to be with you for quite a long time. So there you go. Hopefully that answers
all the questions you have about the certified cloud practitioner. Hey, this is Andrew Brown
from exam Pro. And here I have the exam guide pulled up, because I'm going to give you a quick
walkthrough of it. So you have an idea what AWS wants you to know, in order to pass this exam.
So the first thing we're going to do is we're going to scroll on down to the content outline,
and just give the domains a read and understand the weighting of the actual exam.
So we have four
domains. Here, we have cloud concepts, security, technology, and billing and pricing. And so the
largest portion of the exam is technology at 36%. And billing and pricing is the lowest amount which
is kind of funny, because I find that the most valuable thing in the entire course is billing and
pricing. Okay, we're going to learn a lot about billing and pricing, AWS here. But that's just
how they waited it out. But let's just talk about these four domains. So we understand what it is
that we need to know for each of these domains. So for domain one, we need to be we need to be able
to define the AWS cloud and its value proposition, we need to be able to identify aspects of
Eva's cloud economics list of the different cloud architecture design principles, okay.
Now for security, we need to know a variety of different AWS security services. And we need
to know the shared responsibility model, okay, you need to know that for every single exam, it's
always brought up like 100 times over.
But yeah, that's part of the security donate onto
technology, you're going to need to know all the core database services and also a bunch
of other AWS services. And you're going to need to know global infrastructure. Okay, so we're
talking regions, azs, and edge locations. All right. And then on to billing and pricing. So we
need to be able to compare and contrast various pricing models for AWS recognize the various
account structures in relation to Eva's billing and pricing and identify resources available for
billing support. So that is the content outline. So the next thing I wanted to go over with you is
the response type. So when you're taking the exam, you're going to be presented questions in one
or the other format. So we have multiple choice and multiple responses for multiple choice, you
just choose one out of four, okay, and then for multiple response, it's going to be two or more
correct responses out of five or more options, okay, but generally, I find that it's two out of
five or three out of six.
Okay. And then the last thing here is white papers. So white papers are
generally core to studying for AWS, for the CCP, however, you do not have to read a single white
paper, everything in this course covers anything that could possibly pop up in these white papers
here. And white papers are super boring. Okay. But just so you know, we have the overview of
Amazon Web Services architecting for the cloud, eight of us best practices, how AWS pricing
works, cost management in the in AWS cloud, okay, so those are your four white papers recommended
and then a fifth one, this isn't a white paper though, but they just say compare the a of a
So you go to the webpage and you read about the support plans. Okay, so there you
go. That is the exam guide in a nutshell. Hey, This is Andrew Brown from exam Pro. And we are
looking at what is cloud computing, which is the most important question on our journey to become
a certified cloud practitioner. So what I've done here is I've pulled up the textbook definition
of cloud computing. And we will read through this and then I will give you a bit more context
on what is cloud computing. So Cloud computing, from the dictionary is the practice of using a
network of remote servers hosted on the internet to store manage and process data rather than
a local server or personal computer. Okay, so what does that mean? Well, to really understand
that, we need to understand on premise and cloud providers, so now most people are using cloud
providers such as AWS, GCP, or Azure to run their actual workloads. And prior to that everyone
was doing on premise. So what you would do with on premise is you'd own the servers.
So it'd be the
hardware and the software, you'd hire the people to configure those servers and those applications,
you'd pay or rent the real estate to house all these physical servers. And you would take all
the risk. Now on premise is still well and alive today. And there's definitely good reasons to have
an on premise solution. But a lot of companies are now starting to use cloud providers. And so
cloud providers are like AWS, GCP, and Azure, as I said earlier. And so here, it's someone else
owns the servers. So you are not responsible for that hardware, and to different degrees, they
will configure the software layer for you, or you have control over yourself depends on what
kind of service you're using. They're hiring the IT people, and they're watching these servers
around the clock for you. So you do not have to pay for that. And someone else is paying for or
renting the real estate. So they are buying the real estate to house these servers, which are data
centers. And now you have a shared responsibility. So you're responsible for configuring cloud
services and the code that you deploy on to the services.
And so these cloud providers are going
to take care of the rest for you. Okay, so that is generally what cloud computing is, Hey, this
is Angie brown from exam Pro. And we are looking at the six advantages and benefits of cloud
computing. And so this section really is about why go with a cloud provider over on premise. Okay,
and so let's jump into the first point here. So we have trade capital expense for variable expense.
So with on prem, you'd have to pay for your data centers, and the servers. And so that would be
an upfront cost where with a cloud provider, you're paying on demand, so you only pay when you
consume those computing resources, and pretty much nothing else.
Okay. Moving on to number two, we
have benefit from massive economics of scale. So when you're using cloud computing, you have usage
from hundreds of 1000s of customers aggregated in the cloud. And so you are sharing the cost
with other customers to get unbeatable savings, which you cannot get on prem. The next point here
is stop guessing capacity. So eliminate guesswork about infrastructure capacities. So instead of
paying for idle or underutilized servers, you can scale up or down to meet the current needs.
So where on prem, you just buy your servers, and they would either be underutilized because
they would just be way too big for the job, or they're just not being utilized all the time.
So moving on to number four, increased speed and agility. So with cloud computing, you can launch
resources within a few clicks, within minutes, instead of waiting days or weeks for your it to
implement the solution on prem.
Then number five, we have stopped spending money on running a
maintaining data centers. So the idea here is that if you don't have to pay for the servers,
the IT staff and a bunch of other stuff, then you can just focus on your customers, okay? So rather
than that heavy lifting of racking, stacking and powering servers, and the last point here is go
global in minutes.
So deploy your app in multi multiple regions around the world with, with
a few clicks, provide low latency and a better experience for your customers at minimal costs.
And so when you have an on prem environment, that data center is, I don't know how many people
can afford multiple data centers. But with AWS and cloud computing, you're gonna have a lot more
reach. Okay, so those are the six advantages or benefits of cloud computing. And this definitely
shows up on the exam. So you do need to know these six points. Hey, this is Andrew Brown from exam
And we are looking at the types of cloud computing we have three here for us. So we have
software as a service platform as a service and infrastructure as a service. And you can see
that we have this nice pyramid here. I promise you It's not a scheme scheme, it's just a way of
showing how one is built on top of another. Okay. So starting at the top here, we have Software as
a Service, also known as SAS. And these are for customers, okay, so the idea is that you have a
completed product that that is run and managed by the service provider. So you don't have to worry
about how the service is maintained, it just works and remains available.
So if we had some
examples of sasses here, maybe you'd have your Gmail or your office 365 or your Salesforce, okay,
going down to platform as IT services is really intended for developers, it removes the need
for your organization to manage the underlying infrastructure and focus on the deployment and
management of your applications. So the idea here is you don't have to worry about provisioning and
configuring and understanding the hardware. Alas, it just works. So you have an app, you push it. So
for AWS, you have Elastic Beanstalk. Then there's also Heroku, which is a very popular service. And
then I believe there's one called like engines for Google. And then the last one on our list here
is infrastructure service. And this is really intended for admins. And so when you're using
AWS, GCP, or Azure, this is what infrastructure as a services. So it's the basic building blocks
for cloud it. So it provides access to networking features, computers, and data storage space.
So you don't worry about the IT staff, the data centers or the hardware, but you have access to
all those resources to build whatever you want, okay, and so obviously, a, if you wanted to build
your own platform as a service, you'd build that up on top of IT infrastructure service, if you
wanted to build your own software as a service, you could build that on top of the platform as
a service, or an infrastructure as a service. So there you go.
Hey, this is Andrew Brown
from exam Pro. And we are looking at cloud computing deployment models. So there are three
different kinds here. And so we're gonna start with the cloud on the left hand side work on to
on prem, and then talk about hybrid. So Cloud is where you are fully utilizing cloud computing. So
here I have a few services such as Squarespace, Basecamp, and Dropbox. And it is very well suited
for startups, because it's extremely low cost. It's great for SAS offerings, where with on prem
or hybrid, they might never get to the size where they need to deal with regulatory bodies, or, or
it's just the nature of the applications are not that complicated. Or if it's new projects
or companies, they don't have red tape, because they have existing infrastructure,
okay, and they can design to be 100% on cloud. So now going on to on prem. So on prem is when
you are deploying resources on premise using virtualization and resource management tools, and
is sometimes called private cloud, and so on prem is still being utilized by a lot of companies
And generally, you will see public sector so the government has on prem data centers, when
you're dealing with super sensitive data, such as hospitals, you have like health records, there is
an aversion to putting that into the cloud, or you have large enterprises with heavy regulation.
So insurance companies, and I mean, these organizations are starting to soften and start
utilizing cloud, but there are still holdouts, and reasons, both technical and, and business or
political reasons as to why you cannot use Cloud, okay, then you have hybrid. And so hybrid is where
you use a combination of both cloud and on prem. So you connect the two with hybrid services.
And so we see a lot of banks. Using this, we see FinTech or investment management, or even
large professional service providers. And a lot of the reasons why is that they can adopt cloud
but they have legacy on premise environments, or some of their customers or clients still are
not comfortable with cloud computing. So in some capacity, they are using a cloud.
But it's totally
possible that if they started from day one, they would just only use cloud. So there you can
see I have C IBC, which is a bank, then you have the C CPP Investment Board, that's a Investment
Board in Canada. Then you have Deloitte, which is a large professional service. So those are the
three cloud computing deployment models. Hey, this is Andrew Brown from exam Pro. And we are
looking at ABS global infrastructure. And what we're going to figure out here is where does all
this cloud computing stuff run? Okay, so we have 69 azs, within 22 geographical regions around
the world and we have lots of edge locations more than available. azs. But what does that all
mean? So eight of us serves over a million active customers in more than 190 countries and they're
steadily expanding their Mobile infrastructure to help customers achieve low latency and higher
throughput. And so that global infrastructure, our region's azs, and edge location. So a region
is just a physical location in the world with multiple azs. An AZ is one or more discrete data
centers owned by AWS, and then edge locations or data centers owned by a trusted partner of AWS
and maybe owned by AWS themselves.
And so now that we have that overview, we're gonna jump into
those three types of infrastructure. Hey, this is Andrew Brown from exam Pro, and we are looking
at regions for the AWS global infrastructure. And so a region is a geographically distinct
location, which has multiple data centers, also known as azs for AWS. And I've highlighted in
red geographically distinct, because that is the most important thing you need to remember about
regions. Every region is physically isolated from an independent of every other region in terms of
location, power, and water supply. Every region has at least two diseases. So again, an AZ is a
data center. So it has at least two data centers running within that region, the largest region
for AWS, US East, so that is north Virginia. And new services almost always become available first
in US East. And not all services are available in all regions. Okay. So if you definitely want to
use a new feature or service via AWS, your best bet is to switch over to US East, and US East one,
which again, is north Virginia is the region where you see all your billing information.
and you can just see here on the left hand side, I have a bunch of flags. For the countries where
these regions are run in here, I might not have all of them in here. But I definitely have a lot
here. So you can see there's a lot of coverage here. So now that we know what a region is,
let's just go take a look at some of the features of regions. Okay, so I just hopped over to the
AWS website, because I just wanted to show you a little bit more about regions visually. And so
here we have our, they say region maps, but these are really just a particular continent that has
a bunch of regions. So looking at North America, you can see we have regions on the west coast and
the East Coast. And so we have Ohio or Oregon, North California. And we have Canada and North
Virginia here. Okay. And so you can see in Canada, there's only two availability zones. And they
are working on third one, it was just recently announced. So AWS can always say that they
at least have two ACS in every single region, but they're definitely coming close to being able
to say they have at least three in every region, which is very important because most companies
or enterprises have to run in at least three azs. So now going on to South America, you can see
that there is a single region here, and that is in Brazil.
And then we have over here in Europe.
So we have a few here we have London, Stockholm, Frankfurt, Paris, and Brahim, I'm sorry if I
pronounced that wrong. I've forgotten already. Oh, and then we have Ireland. Okay, sorry, Ireland. I
know you're you're there as well. Okay. And then on to Asia Pacific. So we have Mainland China,
Sydney. So I would think that that would be Australia there Tokyo such Japan, Seoul, so that
is Korea cannot see that. But that's another place in mainland China. And we have another place
in Japan. And then a Mumbai is I believe that is India. And then we have Hong Kong. So that's
Hong Kong. Okay. So yeah, those are the regions and then we just hop over here to the regional
table. This gives you an idea what services are offered. So when we said that not all services
are available, you can kind of see that like, for example that Amazon Connect is only available
in a few regions. So we have North Virginia and North Carolina, okay? And then deep lense really
is only in Northern Virginia.
So again, as I said, everything is north Northern Virginia. You can
see we have checkboxes all the way down here. And this is also broken up based on those
geographical continents. So if I go here, you can see Ireland seems to be having all the
ones in Europe, and then in Asia Pacific, it looks like I guess Singapore Singapore looks like
they have the majority of services there. Okay, so there you go.
That is hey, this is Angie brown
from exam pro and we are looking at availability zones, also known as AZ. So an AZ is a data
center owned and operated by AWS in which 80 of us services run. Each region has at least two
azs and at best is getting pretty close to being able to say that they have at least three ACS and
all regions. ACS are represented by a region code followed by a letter identifier. So US East one
is region that would be North Virginia. Na is the data center. Okay, and so from North Virginia,
there are six azs. So you'd have a, b, c, d, e, f, okay, then we want to just talk on the concept of
multi AZ. So this is when you're distribute your instances across multiple availability zones,
which allows for failover configuration for handling requests when one AZ goes down. Okay,
so that is very useful. And then one more thing to note is that the latency between availability
zones is a sub 10 milliseconds.
Okay, so there, these days, these are purposely positioned to
be exactly that far apart. Okay. And so there you go. Hey, this is Andrew Brown from exam Pro,
and we are looking at edge locations. And this is all about getting data fast or uploading data
fast to AWS. So an edge location is a data center owned by a trusted partner of AWS, which has
a direct connection to the AWS network. These locations serve requests for CloudFront, and
relativity three, and requests going to either of these services will be routed to the nearest
edge location automatically. So we also have s3, transfer acceleration and API, a gateway.
the idea here is that this is where you want to upload data quickly to AWS, you're going to use
these two services to hit a special endpoint at an edge location to then transfer stuff quickly via
the AWS network. Okay. So the whole takeaway from this is that edge locations allow for low latency
no matter where the end user is geographically located. Alright, so we're back on the AWS website
here where we were looking at regions earlier, but this time, I want to give attention to
edge locations. So edge locations are the little blue dots here, and you can see there
are a lot of them.
Okay, and so down below, we have an idea of how many edge locations there
are, you can see that there are a lot. So even just in Atlanta alone, there are five. And so they
definitely outnumber availability zones. Okay, so just to give you an idea, those are the ones
for North America, then down below, we have just a few there. Okay. for Brazil, then in Europe, we
have quite a few here. And then in Asia Pacific, we have more edge location. So there you go.
Hey, this is Andrew Brown from exam Pro. And we're going to take a look at Gov cloud. Okay.
And so Gov cloud is a very special region that allows customers to host sensitive controlled
unclassified information and other types of regulated workloads. So the Gov cloud region is
only operated by employees who are US citizens and us or on US soil. So it's definitely not
something that I can use. Because you have to be a US identity and root account holders who pass a
screening process in order to use this particular region.
So who is this very special region for
it's for customers, that need to architect secure cloud solutions that comply with FedRAMP, the
Department of Justice, the US international traffic and arms regulation, export administration
regulations, and the Department of Defense. Okay, so it just makes it a lot easier if you're working
with us with these government bodies in order to utilize cloud computing. Okay, so I just hopped
back over here on the AWS global infrastructure regions page, because I just wanted to highlight
here, those Gov cloud region.
So there actually are two, there is one on us West and US East. As
far as I'm aware of, there aren't any other Gov clouds other than for us at this time, maybe in
the future, AWS will have it for other countries, but for the time being, it's just the US. And
just to look at the Gov cloud page here in more detailed here, you can see all the nice graphics
here for that address security and compliance. So if you want to build something and sell it
to the government or govern government related industries, by using Gov cloud, you are going
to become compliant.
Okay? And that's gonna make business a lot easier for you. So yeah, that's
all you need to know. Hey, this is Andrew Brown from exam Pro, and I'm going to show you how to
get set up with your AWS account. So here I am on the AWS homepage, and we have two buttons that we
can click on, click the one here in the middle, or click the big orange button to create our account.
I like to press the orange one.
So that's what I'm going to go ahead and do here. Okay. Okay, great.
And so now we're going to be presented with a form here. So I'm going to go ahead here and just fill
in an email. We're going to do Andrew, plus fresh at exam pro.co since this is a fresh account,
okay, and I'm just going to supply Have some kind of password here, I'm going to call this the exam
Pro, a fresh account.
Okay. And I'm just going to go ahead here and continue. So, now in order
to create this account, we're going to have to provide some additional information here. So I'm
just gonna mark this as a personal and I'm going to fill in this information here. Okay, and so I'm
just gonna have to go here and fill that in. Okay. Okay, so now I have that information filled in
there. And so I'm just gonna have to check here to say that I agree to their customer agreement,
okay, and we can go ahead and create our account. Now, in order to use AWS, you have to have a valid
credit card, you cannot use AWS without a credit card. Okay? So that's just something that you're
going to have to do. So I'm going to go ahead here and provide my credit card here. Okay. All right.
So now I have all my information filled in here. So I'm just gonna go ahead and verify and add.
Okay, and then now just wants to also verify on my phone number, this is definitely something
So I'm just going to provide my phone number here. Okay, great. My phone numbers
in there, I'm just going to supply the security check here. So we'll just fill that in. Okay, and
then we will just send an SMS and confirm. Great, so that text message came in here. So I'm just
going to fill in the confirmation here. 0448. Okay. And great. So now we're verified. Okay, so
now we're going to choose our support plan, we're definitely going to go with basic here. Great. And
so now we just have a little bit of information here. Um, I don't really need to do any of this.
I'm just ready to go sign into the console.
Great. So now that we've created our account, I believe
we could probably go ahead and sign up here, I'm not sure if we have to confirm our email because
we did confirm by phone number. But let's just give it a go here and see if we can log in. Okay.
So we'll just put that in there. I'll just provide the password. Great. So we have made it into this
AWS account here. So this new account is realized. So there you go. And maybe we'll just have to
poke around here to see if there's anything else we need to do. But yeah, we're in good shape.
Hey, this is Andrew Brown from exam Pro. And what we're going to do now is make sure you do not
get overbuilt and there are three ways we're going to do that.
So there are some billing preferences,
we're going to set, we're going to set up a budget Eva's budgets, and we're also going to create a
billing alarm. Okay, I'm just going to talk to you also through as to like the advantages and
disadvantages of some of these things. And also just make sure we do not get over billed
within our account. So the first thing I want you to do is I want you to make your way over to
support or sorry, maybe under your account here, I'm going to go to my billing dashboard. And when
you get over here, I want you to click on the left hand side here and go to billing preferences,
And so we're going to have a bunch of preferences here. And they're all really good. So
the first one is receive a PDF, invoice by email, I would check that on receive free tier usage
alerts, this is definitely important. Because if you have a free account, you want to know when you
are going outside that free tier, and so then you just provide your email there. So I'm just gonna
do Andrew plus fresh at exam pro dotco there, and then we have received billing alerts. Okay,
and you definitely want to turn that on. And there is this detail billing reports down here.
is a legacy feature. This has now been replaced with cost and usage reports, okay. So it's not
necessary to turn that on, and actually do show you how to use cost and usage somewhere in this
course here. So we will cover that. But anyway, make sure these are all three ticked on, provide
your email and save your preferences. Okay. And now you're going to be in the loop of some of
your billing information. Okay. So now that we have these preferences set up, let's make our
way over to eight of us budget. So I want you to go to the top here and we're going to type in
budgets, okay. And so what budgets do is they allow you to tell you whether you are getting over
or whether you are going over your defined budget, or it's going to also provide some forecast
costs to you as well.
Okay, so now that ad was budgets here has loaded, what I want you to do
is create a new budget, you get two free budgets, in AWS. So we can definitely set to there
It's two cents per day for budgets. And so that doesn't sound like a lot. But if you made
your third budget, it's going to cost you $14 per month. Okay, so for more additional ways of
tracking costs, we're going to use billion lines, which really are inexpensive or end or free. But
we'll do budgets first, because it's good to at least have one budget set here for all costs. So
here, I'm just going to say, overall costs, okay. All right, and we will leave it monthly here,
I can't remember if overall is one or two L's, I think it's two. We want this to be a reoccurring
budget, we're going to have a fixed cost, and we're going to set it some something very
low such as $20. Okay, since we are using again, the free tier, we should not be expecting to see
a bill for quite a while.
And $20 is a good low bill there. And we definitely want all costs
unblended. So this is great. And everything is checkbox there. So we'll go ahead here and
configure alerts. And we're going to provide our email against Andrew plus fresh at exam,
pro dotco. Okay. And we'll just hit Add there, it's already been added. You could also use SNS,
but we're gonna leave that alone. And we can also get alerted when we are approaching it. So we
haven't surpassed 100%. But actually, I'm just going to set it to 100. Because $20 to me is not a
lot. And we can do this for actual or forecasted. And leave that for actual, okay. And I'm going to
go ahead there and create that budget. Alright, and so we don't have any information here. But
if I just give it a hard refresh. So if you are, if you are using an account where you're doing
stuff, if you do refresh there, you'll probably see more information. Okay, great.
created a budget. So now that we have our budget created there, let's go make a billing alarm for
a higher amount. Okay, so what I want you to do is go to services and type in cloudwatch. Okay. And
once we are over here, we are going to make our way over to alarms. All right. And so we're going
to make our way over to a billing here. And what it's going to tell us is that we need to switch
regions, because billing metrics always live in US East one, okay, so generally, it's always good
to switch to that region there.
So what we'll do is we'll go up to the top here and switch to
US East one. Okay. So now if we go to billing, we can now set our billing alarm. Okay. So, notice
down here that we get 10, free alarms, and 1000 free email notifications. So it's definitely more
free than budgets. Okay. But budgets does have a lot more functionality there. But you can use
definitely use both. Okay, so here, I'm creating a new ability alarm. And I'm just going to scroll
down here. And we can set the amount. So here, I'm just going to set a larger amount such as
$100. And so if it's greater or equal to that, then is going to alert me. Okay, and we'll
leave cat and estimated charges there alone, we'll look at some additional configuration.
is all good. We'll hit next. Okay. And then the next thing is, we need it to actually notify us.
So we're going to say add notification here. And oh, I think I already had one here. So it was not
necessary, but we needed to send it to something. So it's going to need an SNS topic, we don't
have one. So we'll create a new one. Okay, and we'll call this notify me. Okay, and then
I'll just provide my email there again. Okay, and we will hit Create topic. And then we'll go ahead
and hit next. And we'll just say, so this $100 100 Bill 100 building alarm. I don't know if it'll let
you do spaces there. So I'm just out of habit, I always leave out spaces. Great. And so we're just
previewing it here.
So just scroll down. This all looks good. And so now we have a billing alarm.
So you know, it's not uncommon to create multiple billing alarms. So you could have one at 100 and
150 and 202. So you can keep track of that stuff. And of course, you definitely want to make use of
a diverse budgets. So you have to there that you can utilize. So maybe once you start using your
account and you use the live we see two instances you just want to monitor that you create a budget
for that. But yeah, we have all bases covered here. And the only thing that is left to do is we
need to confirm this, the email that was sent out to this so that our billing alarm it will take
effect Okay. All right. So um, that notification was sent to me for the billing alarm there for
notify me, so it's just me subscribing to that SNS topic. I guess we only have to do this once.
I think we add additional ones we won't have to confirm but I'm just gonna go ahead here and hit
And so, now that is confirmed there, okay. And I think if I do a refresh here,
it should say that this is now different state Okay, so just has nothing there, which is good.
So yeah, we are all set up and we don't have to worry about getting overbuilt. Alright, so there's
a little bit more work we need to do to have our account fully set up. So we can start working with
AWS. And what I want you to do is make your way over to IBM. So just go up here and type in IBM.
If you click that there, you'll end up in the same place that I am here. And so we have a bunch of
recommendations here that ABS wants us to do. So we need to turn MFA on our root account, we need
to create individual users, because we generally do not want to be using the root account, which
is what we're logged in as right now.
We'll have to set some groups and assign permissions and
apply an IM password policy. So let's go ahead and do that. But just before we do, I just want
to make it easier for us to sign in. So what we can do here is changed this URL. So just go ahead
here and customize. And we're just gonna say exam pro fresh, okay. And that is a unique name. So
if you type in something, and it says it's not or it's taken through, just have to change it until
you get something that you like.
So now that we have that set up, let's go turn on MFA. So we're
going to want to turn on MFA for this account, specifically, the root account here. And the
reason why is that let's say someone stole your email and password to this root account, then
they would be able to do some serious damage. So by turning on MFA, there's going to be an
additional layer of security. So the idea is, when somebody logs in, they're gonna have to
provide an additional code based on the MFA delivery mechanism. So just let's go here and
hit manage MFA.
Okay, and so it's gonna pop up here and just say what we're already doing, which
is to start securing our account. And so I'm just gonna click off there, go to MFA and activate MFA.
And so now we're going to be presented with three options. We have virtual you, UTF, and other
hardware. So virtual is going to be for mobile devices. That's what we're going to do. So we're
just going to go ahead there and hit Continue. Okay, and what we want to do is we want to install
a compatible application on our phone. So just going over here, if we scroll down, it's going to
tell us which ones are compatible. I definitely know authenticator is one, so I'm just going
to search for that there. Where are you? Yeah, down here. So if you're on Android or iPhone,
you have authy, too, or Google Authenticator. I'm using Google Authenticator, I find
that more easy to use. And then the idea here is you'll just hit show QR code.
using once you have authenticator installed, you're going to open up the authenticator app. I
know, you can't see me doing this. So I'll just have to talk my way through it here. And there's a
plus button in Google Authenticator, and it says, scan a barcode. And so now I'm holding my, my
phone up to the computer there, it's grabbed the code, it saved the secret. So now what I
need to do is enter in two consecutive codes. So going down here, I'm going to enter this code in
before it expires. So this one is 786763. And then there's a little wheel that is spinning, and it's
going to then give us a new set of numbers. Okay, and so now it is now 984816. And so I'm just going
to hit assign MFA there, and now it MFA is turned on.
So now that we have MFA turned on, we can
make our way back to our dashboard and proceed to the next step. So now we're going to proceed
to create ourselves our own user, because again, we do not want to be using the root account, which
should be rarely used. And we should just create ourselves a user. So we'll hit Manage Users here,
we're going to hit Add User, I'm going to create a new one called Andrew Brown, we're going to give
it programmatic access and access to the console, we're going to let it auto generate a password
for us. And we're going to make sure that it requires a password reset the next time this user
logs in going to permissions we don't have any groups.
So we're going to create a group here. And
we're going to call this group admin or admins, I should say, and we're going to give it
administrator access. Now, generally, you don't want to be giving too many users admin access,
because it gives you full access just like your root account. But for our purposes here, this is
totally fine. It's not unusual to have one or two admins within your entire account. But generally
you want to set most people as power user. Okay, and this is it gives you full access. But there
are some limitations such as you don't have the ability to manage users and groups. So power user
is a very good one here, but for this one here, we are going to stick with admin. I'm going to
hit Create group and we are going to go ahead hit next Review. And we will hit create user.
so now what we'll do is we're going to get an access key ID a secret and a password. So I'm
just going to expose those here. And I'm just going to copy these off screen. Alright, and then
we will just proceed here. Okay, so I just copied at least my password off screen here. And what
I'm going to do next is I'm going to make my way back to the IM console. So just go up here
services, and we can just type in I am. Okay, and so now we have done pretty much everything
here except for setting a password policy. So just before we go ahead and set a password policy,
what I want to do is I want to log into this new user. So we have this nice long URL here. So I
want you to copy that URL. And what we're going to do is we're going to log out and now a log
in as that new user, okay, so I'll just go ahead here and log out.
Great. So I'm logged out here.
And so the way we can get to that page is we can paste in that URL up here, which will bring us to
the console. And so you can, you can always use that link. Or if you can remember that alias, you
can always just go to the console and type it in there. So my name was Andrew Brown here, I'm just
going to go off screen and grab my password. And I'm just going to hit sign in here. Alright, and
so now I just need to reset my password here. So I'm going to provide the old password and we are
going to set a new password. Great. And so now I'm logged in, not as the root user, but as a new
user I've created. And just one more thing here, I want to go back to you I am here.
And the reason
I want to go back here is that I exposed my access key and password to you. And anytime that actually
happens, we're going to want to do is go to your user there. And I'm gonna go to Andrew Brown here,
and we're gonna go to our security credentials. And you can see that was that access key and you
saw that password. So what I can do is I can make it inactive, and then I can create myself another
access key. And I'm not going to show you the secret this time around. But it's just, you know,
anytime you accidentally share your credentials, you're definitely going to want to reset them
there and the password that you saw earlier, it doesn't matter because I reset my password
when I logged in here. Okay, so now that is all set up. What we will do is we will log out of
this account, and we will log back in as the root account to set up a password policy.
Okay, and I
just want to show you when I go to sign into the console, it's going to show me this filled in. And
so whenever we're logging in as the root account, we actually have to click this link down below.
And so we would just type in our email here. But if I wanted to log back in as that user,
I could just type in here exam pro fresh, and it would bring me back to here and I would
fill in this information. But if you're always logging in as the root user, I'm just gonna click
back there. It's always your email. I know that's a little bit confusing, but that's just how it
works. And so this time around, I got the MFA, so I can't just log in willy nilly.
So I'm just
going to use my phone, and I'm going to open up authenticator, and I have to provide it that code.
Okay, so it's those numbers again. So this one's gonna be 904361. I'm gonna hit submit. And so
now I'm back into my account. And we'll make our way back to I am and do that last step. And so we
just have one more thing that AWS wants us to do. And let's apply an IM password policy.
So we'll go
down here and click Manage password policy. And so what we can see is a bunch of stuff. And we really
just care about this part up here. So I'll set password policy. And now we can see some rules.
So you can enforce the minimum characters, you can require at least one uppercase one lowercase,
at least one number require at least one of these enable password expiration. Yeah, I could do
that. I suppose password expiration requires admin reset, maybe not allow users to change their own
password, definitely prevent password reuse. So ensure they don't use the same password, I would
probably just crank this up as high as possible, we'll leave it as five. And we'll save changes.
And so now, if we go back to our dashboard, we should satisfy that entire list.
And so we have so
we've met every requirement of AWS. So generally, from now on, you should just log in as that
user and stay out of your account. Okay. Hey, this is Andrew Brown from exam Pro. And now
that we've set up our account, I want to go through the motions Using some of the most common
database services with you here, so you can gain some confidence here on the platform itself.
just to have some practical hands on experience, this is not going to be a very difficult section,
it's not important for you to remember anything, but just to again, gain confidence. And just
before we get started here, I want to make sure that you are in the north Virginia region. Okay.
So North Virginia, also known as US East one. The reason why it's one is because there's another
USC, which is USC two, this one is US East one, because it came first. But based on the region
you're in, is going to change the the offerings that you have, because not everything is available
in every single region. Generally, they are across all regions. But like, if I was in Canada Central,
we have a fewer availability zones, those are data centers, where in North Virginia, we have like
six, and if there are any new features, they're definitely going to be in North Virginia. So I'm
just gonna ask you to change over to that region and follow along with me there. Okay. So the first
thing I want you to do is I'm going to show you how to launch a server.
So a server is going to
be using EC two. So going up to services here, we will type in EC two. And we will make our way
over to the EC two console. So once we are here, I want you to go ahead and launch a new instance.
So there's a big blue button here. So we'll just hit launch instance. And now we're going to be
presented with a bunch of options to configure our server. So we are going to choose what OS
we want to use, we're going to stick with Amazon Linux two, because it's part of the free tier.
And saving money is a great thing when we are learning. The next thing we need to do is choose
the size of our of our server here. So these are called instance types. And so you can see that
the memory gets larger in the amount of CPUs get larger, we're going to stick with TT micro
because again, that's part of the free tier and we want to save some money. going next to instance
details, we can choose how many instances we want to start an instance is a server.
So if you have
attendances that's 10 servers, and we have a lot of options here, we're going to launch it in
our default VPC and into the default subnet, it is going to be auto assigned a public IP. So it's
going to be public facing. And we're going to want to create an IM role here. So what I want you to
do is go ahead and just right click here and make a new tab, because we want to give this a bit of
permissions. So up here, I'm just going to go to the IM Management Console. And I want you to make
your way down and create a new role. And so we are going to be presented with a bunch of options. So
we are creating a role for EC two. So we'll select TC two, we're going to go to next to permissions.
And I want you to type in SS M and I want you to use Amazon easy to roll for SSM.
SSM is simple
SYSTEMS MANAGER. And that's going to be a way for us to actually log into that machine. Okay. And so
we're going to get here and I'm just gonna say a my easy to roll. And I want you hit Create roll.
And so now that roll has been created. And we will just go ahead and close that tab there and we
will drop this down, you can see that says none, so we'll hit the refresh button here.
choose my EC to roll. So now we have that, that set up, we are going to leave everything
else blank. And I want you to go to storage. So here you can choose how much storage you want.
It's gonna have eight gigabytes by default, you change the volume type, we're gonna stick with
general purpose. And we're going to go review and launch. And we are going to hit launch. And it's
going to ask you to create a key pair. And so key pairs are used to get into the server. But we
actually don't need one because we are using SSM, which is another way of logging into the server.
So we're going to proceed without a key pair. Okay, I will just say I acknowledge that I will
not be able to connect to this instance, unless I already know the built in password, which is not
true because we can get through SYSTEMS MANAGER, but we will go ahead and launch this instance.
Alright, and so this instance is now launching. In order for us to see it, you can either go view
instances, we'll just click that down below here. Alright, and so now this instance is launching,
and you're gonna see a pending state, and we're waiting for two status checks to pass.
So this is
going to turn from yellow to green. And then we're going to wait for this to initialize. And once
that's done here, I'll see you here in a moment, go. Okay, so after a short Wait here, I think I
waited about three to four minutes. Our server is now running and it also has two checks. So that
means that the server is in good shape. So now that our server is running, we'll just take a peek
down here, because we get a variety of different information such as when it was launched. The
Im role, the security group that is in which was the default one what size it was, and we can
see that it has a public IP address and private IP addresses. Okay, so now that the server is
ready Running, this is a costing us money.
Now we are on the free tier. So I guess technically
it's not. But if we wanted to shut this down, and we're not going to shut it down just yet, but
I'm just showing here that we would just go here to terminate, and that would shut the server down.
And then we would no longer be paying for it, we could also stop the instance. And that wouldn't
destroy it, but it would not have it not running more. And we'd also be saving money, okay, so
whether you stop or terminate that instance, will ensure that you save money.
So now that this
is done, let's actually learn how to get access to this instance. Alright, so there's a couple
different ways we can get into this instance. One way is using SSH. So if we had created that
key pair, we could have used it to get into that server here. Or we can use simple SYSTEMS MANAGER,
sessions manager, which is the my preferred way, and AWS, AWS is recommended way, which is what
we're going to do. But just before we go head over to SSM, I want you to right click here and just
go to connect. And you can see that it's actually giving you instructions. So if you had downloaded
that key pair, you would have to jump on it, you would have had to do a bunch of other stuff.
So you have to use SSH and provide that key to get into it.
So there are instructions there.
There's also this easy to instance Connect. And so this is another way to connect, I'm not sure if
it would let us in here without our our key pair, but I'll just give it a go here. And it did. So
this is one way this is actually I guess the third way to access it. So actually, I'm in the server
right now. But the way I want to show you how to get in is via simple SYSTEMS MANAGER. So I'm just
gonna go ahead there and close that I want you to go the top here and type in SSM, which is for
simple SYSTEMS MANAGER, even though they never display the simple word there anymore, definitely
as part of the name.
And then once we are over here, I want you to go to the left hand side and
go to a session manager. And we're going to start a session. And so we can see we have our instance.
So remember when we created that Im role and we set it with that SSM UCT roll that was so that
we could use sessions manager. And the advantage here of using sessions manager, it's going to log
every time somebody uses a session.
So I just hit start on that session there. And so it's very
similar to that other Connect screen here. And it actually logs in as the root user not too easy
to user, which is a bit frustrating. So we'd have to do sudo Su, EC to hyphen user. And now we are
the correct user. And we are within this instance. So you know, that's how you gain access to it,
we're not really going to be doing much with this instance, today. So I want you to go ahead and
terminate this instance, or sorry, that session there. But that session history is recorded.
So by forcing everyone to use sessions manager, you're going to have a bit more visibility over
what's going on with these machines. Whereas SSH, might not provide that same visibility without you
manually putting that effort in there. Okay. But we'll make our way back to the EC two console
So just type in EC two here again. And once we are here, I want you to go on the left
hand side two instances. And so here we can see our server. So we now know how to get into this
machine. And I would say that, we probably want to go ahead and stop this instance here. So I want
you to go ahead and just stop it. Okay. And that way, it's not going to cost us anything. And now
we can do our next step, which is to create an ami.
Alright, so now we're going to learn how
to create an ami and you can think of an ami as like a snapshot or like saving a copy of your
entire server. So what you're going to do is go up to the mixer, the instance is selected there go
to actions, we're going to go to image here and create an image now we could create an image,
whether this is stopped or running, if it was terminated, the server wouldn't exist anymore,
so there would be nothing to create an image of, we'll go ahead here and create an image. And we
are going to have to provide it some information. So I'm just going to call this fresh hyphen
000. Okay, and then you can see that it has an instance volume. And so that is the hard drive
that's attached there.
And we're just gonna leave it as the default settings and create an image.
And so now it's creating the image and it's view pending image creation. So we'll click on this
blue link here. And we'll just wait until that is created now doesn't take too long. The idea
here is now once we have an ami if we wanted to launch another copy of this us the server,
we're just going to have to hit launch here okay, but the real reason I wanted to do to set up
this ami was because we are going to next set up an auto scaling group and we're going to need
an ami to do that. Okay, so I'll just see you here in a little bit Once this is done, and I just
wanted to show you here that it is done.
Alright, and so now if we wanted to launch a version of the
server, we could hit launch. And it's going to go to the second step. So if we go back here, you
can actually see that it chose fresh 000. So if we were to proceed through this, it's a way for us
to upgrade our server or make other changes to it, or just so that we have a copy of it, so we can
launch multiple servers. And just to get back to the AMI there, I'm just gonna click on left
hand side here. But yeah, that's all we need to know for ami, and we'll move on to auto scaling
group. Alright, so now that we've created an ami, we are ready to make an auto scaling group. So
down below, I want you to go to auto scaling groups.
And so what an auto scaling group does is
it allows you to ensure that multiple instances or servers are running. So if you always wanted
to guarantee that one server is running an auto scaling group would have a rule that would check
to say, is at least one running and if not then launch a new server. Also, auto scaling groups
are used to meet the demand of whatever traffic you have. So let's say you have a web application
or website and it's getting a lot of traffic, and it's going to need more servers will auto scaling
groups will determine based on certain metrics, that the the web application needs more servers,
and it will spin up more servers.
And when the the demand of traffic becomes lower than it's
going to remove servers to meet the demand. Okay, so what we'll go ahead and do here is
create a new auto scaling group. And oh, they just change this ami. So I'm a little bit
confused. But we'll just hit getting started, I think that's just a bit of a thing there.
then we're going to choose our ami. So this is very similar to launching a situ instance. But we
already have our own ami. So I'm gonna go to my am eyes, I'm just going to select that fresh one
there. And we're going to stick with T to micro, we'll go next, we're going to have to name it
this launch configuration. So we'll just name this fresh LC, we're going to use the my EC t roll
there, we're going to go ahead and add storage. The defaults look great there, the security groups
look right there.
And we are going to create launch configuration and we are going to drop the
down proceed without a key pair. Because we don't need one, we're going to create that launch
configuration. So now that we've created the launch configuration, we can go ahead and create
the auto scaling group. So we're going to call this one fresh as G is CS for auto scaling group,
we're going to set the group size to one. So the number of instances the group should have at any
time. So at minimum how many servers should be running, then we have to have a, a network or a
VPC. And we need to choose some subnets. So we're going to choose one and then we're going to choose
a another one here. Okay, we just need a couple there, I'm just gonna check advanced details,
this all looks great. We're going to configure our scaling policies, scaling policies are ways
rules that you can use to determine how the auto scaling group should react to changes within
its environment, right.
So if you have a lot of CPU utilization, maybe that's when it spins up
servers, maybe it's only when there's a lot of data transfer in or when there's a lot of memory.
So that's what's going policies allow you to do, then we'll go to notifications, then we'll go to
tags. And then we will review. And we'll go ahead and create that auto scaling group. Okay. So it
says that auto scaling group has been created, we'll hit close. and here we can see our fresh,
fresh HSG. and choosing our launch configuration, which is our fresh LC, currently, there are zero
instances running, the desired capacity is one, the minimum servers that should be running as one,
the maximum servers that should be running is one, okay.
So if we just move this up here and go to
instances, it should try to start spinning up servers to meet the minimum demand, which is one.
So I'm going to hit a refresh here. And I'm just kind of expecting to see a server starting here.
If we're not seeing one here just yet. What I want you to do is right click here on instances, and
go here. And I bet you a server is starting up. So I don't see any servers running here as of
yet. Okay, so I'm just gonna hit refresh here, because usually, they would just start spinning
But yeah, we'll just give this here a little moment here, because maybe it's just
taking some time to get started. So yeah, we just had to wait even just a minute there.
And I just hit refresh. And already we can see that this is now one. And under our instances,
it is launching a new instance ID. So or sorry, an instance that's just the ID of the instance.
So if we go back to our instance tab, and we just do a refresh here, we can see a another instance
is spinning up. Okay. So what we're going to do is we're going to just wait for that instance to
And once once it does, we'll move on to the next step. Alright, so after waiting a few minutes
here, our instance is now started here. I'm just going to select this one off here, but this is
the instance here that is running. That's part of our auto scaling group. So Again, we said that
auto scaling groups, they can ensure that there's always at least a minimum of servers running.
And so if we were to terminate this instance, so I'm just going to go ahead and terminate it,
what's going to happen is, once it shuts down, we're gonna go back to our auto scaling group,
it's going to detect that this one is no longer healthy.
Okay, so see over here that says healthy
right now. But it will after a while, determine that it is unhealthy, and then what it will do as
a response, it's going to launch a new instance. So we're just going to wait here for a little bit
until this is now flagged unhealthy, okay. All right. And so we can now see that this instance
And so the way this auto scaling group is going to respond is by launching a new
instance. So now, we're just going to wait here a little bit and just keep on hitting this refresh
button until we see another instance spinning up to replace this unhealthy one. Okay, so I just hit
the refresh here. And so that unhealthy instances gone. And so I guess what we're just going
to wait for here is now a healthy instance, to replace that unhealthy one. So just to get back
to that, that minimum of one server running. Okay, so we'll just go ahead here and just refresh. And
so there we go. So we can see that we have a new server that is starting up.
So we'll just wait
until that one is totally set up here. And we've now accomplished what we wanted with auto scaling
groups, and we will just destroy this auto scaling group. Alright, so our replacement instance is now
healthy and in service. So what I want to do is go ahead and remove this auto scaling group. Now
I believe that when we delete this auto scaling group, it's going to take down the instance as
well. So we're not going to have to delete that. So I'm just going to go ahead here and delete the
auto scaling group. And we're going to say yes. Okay, and so we are going to just watch that
delete there and hit refresh there. And also, since we have that instance, tab open, we'll
hit refresh here. And so we have that instance running. So what we're hoping to see is that this
instance is torn down when we have deleted this auto scaling group.
So we'll just wait here a
little bit and see what happens. All right. And so if we were to do a few refreshes there, it
indeed is shutting down that instance, that was spun up by the auto scaling group. So when you
delete your auto scaling group, it's going to take down those instances as well. So you know,
that's it for the auto scaling group section, and we can move on to elastic load balancer. Hey,
this is Angie brown from exam Pro, and we are going to learn about elastic load balancers, also
known as EBS.
And what they do is they allow you to put a load balancer in front of your instances.
And the idea is that when traffic comes into your web application, it's going to flow flow through
the load balancer, and it's going to evenly distribute that traffic to multiple instances.
And your instances generally will be running in different availability zones. So if one AZ becomes
unavailable, then your traffic will then go to the other AZ where you have an instance running,
so you do not experience downtime.
And your web application remains running. Okay, so now that
we have an idea what lbs are, let's go ahead and launch a few instances so that we have something
to load balance to. And so I'm going to choose Amazon Linux two here, we are going to stick with
the TT micro because it is free, I want you to select a two instances here, okay. And we're
going to leave all the settings alone, maybe we'll give Iam role we do not need to SSH into or
sorry use SSM to get into that instance, but it doesn't hurt to attach it there, we're gonna leave
storage alone, we're going to go past tags, we're going to go to our security groups, I'm going to
set it to an existing one and use the default one, every time you create an instance, it seems like
it really encourages me to keep making new scritti groups, we don't need to have a bunch of these.
So we will just go and use the existing one.
And I'm going to review and then launch, I'm going
to drop down here and proceed without a key pair because we don't need a key pair. And so now these
instances are going to start up here. And I'm just going to wait until they get into a running
state with two status checks. And we'll go ahead and create our EOB. Alright, so our two instances
already here and I just want to go ahead and give them a name. So I'm going to just call this one
instance a and then we will call this one instance B. Okay. And now that I have those two instances,
let's go make our way over to load balancing here. It's under the ECG console. And so we will
click here. And what we will do is we will create ourselves a new load balancer. Now there are three
types of load balancers. We have application load balancer, network load balancer and classic load
We are going to be using application load balancer here and that's generally what
you're going to be wanting to use. We are going to type in a lb Or maybe my al v here, it will be
internet facing. Okay, we need to ensure that it's running in at least two availability zones, or
it's going to complain to us. So we will go ahead and do that, we will go to the next step here,
we aren't using SSL or HTTPS, so we don't have to do anything here. For security groups, we will
use the existing security group the default one, so that's totally fine. And for configuring
routing, we're going to have to create a new target group, a target group contains a reference
or a reference to the instances which we want to route traffic to. So we are just going to make a
new one, I had to say my target group here.
And we can route things to different things. So it could
be instances or specific IPS, or lambdas. So we're going to stick with instances. And we're going to
go ahead here and register those targets. so here we can see we have instances here, I'm just going
to select them and add to register. So now they are registered up here, we're going to hit next.
And then we are going to go ahead and create Okay, and so it takes very little time for load balancer
to create, we will then hit close here.
And this load balancer is now just provisioning. So we're
just going to wait here a little while until this is provisioned. And you just have to hit the
refresh here, and see when this is ready. Alright, so our load balancers ready didn't really take
that long, it took about a minute or so. And so just to poke around here, you can see that this
load balancer here has a DNS name, okay, so this DNS name, just looks like a domain name. And the
way you would route your traffic to the elastic load balancer is you would actually point it to
here. Okay, and so all the traffic would go here, and then it would then go on to the listeners,
and the listeners listen on a particular port. So this is Port 80.
And then it's going to then
have rules, which is going to forward this traffic to that target group. If we click into this
target group here, alright, what it's going to do is it's going to show us the actual targets. So if
we go over here and look at targets, it's going to then route it to the registered targets. So that's
how an elastic load balancer works. And that's all we really need to know for this, but just to show
you how to make an elastic load balancer. So now that we're done here, let's go tear this stuff
down. So we'll go ahead here and we will just go delete this load balancer. Now, unlike the auto
scaling group, which would actually tear down the instances, we have to take these instances down
And so what I want you to do is select a and b here, and we are just going to terminate
these here. Okay, and that is our elastic load balancer section. Alright, so we're gonna learn
a little bit about s3 here. So what I want you to do is go to services here and type in s3. And we
will go make our way over to the s3 console here. And so the first thing I want you to notice that
when you come to s3, that it is global here.
So s3 does not require a region selection. However, the
buckets that we're going to create will be region specific. And the idea here is a bucket is just
a place to contain your files. Okay. So we will just create a bucket here, and we're going to give
it a name, I'm going to call this exam pro fresh. Now these names are globally unique. It's just
like selecting a domain name. So if the name you have here selected is not available, you'll just
have to change the name. And we have the option to choose choose the region. So I'm going to go
ahead here and create this bucket. So now I have a bucket, and we can start uploading files to this
bucket. So I'll go ahead here and just hit upload. And what I'm going to do is I'm just going to add
some files. And so for my desktop, I have a photo of me, I'm going to hit open here, I'm going to
upload that there. And so now we have a, a file here in s3, okay, and so if I want to download
it, I can just hit that download button there. And that will allow us to download that file.
there's a variety of different things that you can do in s3, but that is just the most basic things
you need to know about s3, okay, but we aren't going to delete this bucket because we're going to
use it in combination with our next thing, which is using CloudFront. Okay, so I'll just gonna make
my way back here to the homepage here. And we'll move on to the next part. Alright, so we're going
to take a look at CloudFront. So CloudFront is used as a CDN, a content distribution network.
the idea here is let's say you have files, static files or video files that you want to share across
the world. But you want those to load as quickly as possible and make the shortest route to the
end user. And that is where CloudFront, which is a content content distribution network comes in.
So it's going to take whatever your static content is. It's going to then copy it to multiple edge
locations around the world. And so when someone tries to access your content, it's going to go
to that nearby edge location, as opposed to going really far away to get that content.
make our way over to CloudFront here, so drop down services and type in CloudFront. Okay. And we will
make our way over here. And we're going to need to create ourselves a distribution. And we'll just
get started here. And I want you to drop this down and just choose that s3 bucket that we created.
Okay. And pretty much all the settings here are totally fine. So we're just going to go down
below here and create that distribution. Okay, and creating distributions take quite some time
to to happen. But the idea there is remember Hi, upload that one file to my bucket there.
So what this distribution is going to do, it's going to copy that file and then move it to
all those servers around the world. So that now my content is a super fast, okay. And just like
elastic load balancer, where it had a DNS name, where you could hit it like a domain name to
access those instances.
CloudFront is similar. So here, we have a domain name here, so your traffic
would hit this domain name, and then it would then route your traffic to the nearest edge location.
Okay. So that's all there really is to it here, distributions take a really long time to create.
So we don't really need to wait for this to complete. So I'm going to just disable this here,
okay. And it's going to just disable and once it's disabled, you can delete it, even if you don't
delete it, it's not going to cost you anything here because it will be disabled. But yeah, once
it's done disabling, you can go ahead and select it and then delete it. Alright, so that's alright,
so now we're going to look at RDS which stands for relational database service.
And it is for setting
up relational databases. So I want you to make your way over to the RDS console. So go to the top
here and type RDS. And we'll click that. And once we're here in the console, we're going to create
ourselves a new database. So on the left hand side here, go to databases, and then create a database.
And we're going to be presented with quite a few options here. Okay, and so by default, it has the
Amazon Aurora engine selected, this is one of the most expensive options, so we definitely do not
want to use that. So we will just use Postgres for our case here. And the next thing is we have
some templates to get started here.
And so we have production, dev test and free tier. And these are
all suited for different needs. So the idea with production is, if you are a larger, a very, very
large company, they're setting you up with every Bell and whistle under the sun here, we're def
test is for small to medium size companies. And free tier is definitely just for a gain hands
on experience, which is what we're doing here, or just for testing simple application. So I just
want to show you the price difference here. So they have a calculation down below. So if I scroll
all the way down below here, you can see that for production, it's $600 a month, which is quite
a bit of money.
And then if we have a dev test, and we scroll down here, now it's $262, still
quite expensive. And then we go the free tier and now there is no cost shown because it is
free, okay, but you only get 750 hours on RDS, and so on for a T two micro and then once that
is used up, then if you use the T to micro for a month, it will cost you around $15 per month.
And again, if you are a very small startup, you can run on the free tier and the lowest tier
for quite a while.
But you know, for some reason, AWS decides to always have the most expensive
one selected here with RDS so we just have to be careful there. So let's go to free tier because
it is the use case for us. We have the DB instance identifier, we'll leave that alone, that's
totally fine. We need to set a password so I'm just going to type in Postgres 123. Okay, and then
Postgres 123. Then you have your DB instance size, we of course want to leave it on T to micro
here, because we want to have the smallest instance there's nothing smaller.
There's no nano
here on RDS litc to then we choose our storage, it's set to 20 gigabytes, there is auto scaling
for storage, so it will automatically increase the size of that runs out. I have to turn that
off. Because we don't need that you have your multi AZ you can determine where this RDS
should launch, like what VPC, we're gonna leave in the default. For database authentication,
we can use the standard password authentication, or if you want to allow Im users to authenticate
directly. You can use that which is pretty cool. I'm just going to leave it to password
authentication. And then we have additional configuration which you definitely want to set.
So you have your initial database name.
So if you do not specify database name RDS does not create
a database. So I'm pretty sure we want to create a database So we're gonna have to name this here.
So I'm gonna call this exam Pro, fresh, okay? And we're going to turn backups off. Okay? And oh, I
guess apparently, I can't use a hyphen there. So I'll just remove that. Actually, it looks like
I can use an underscore.
And so but anyway, so if we turn this off to zero days, that means
it's not going to take a snapshot right away, or a backup right away, it's going to launch a lot
faster. And we're not doing much with a server. So you know, let's just get through this as quickly
as possible. We don't need performance insights, I'm going to turn that off as well. And, yeah, we
were all good to go.
So we'll go ahead and create that database. Okay, and so we're just going to
wait for the creation of that database there. And it will just take a little bit of time here.
And we'll be back in a moment. Alright, so now our database is available here. And you can just
see when clicking into it, that we get stuff such as the CPU usage currently, and how many current
connections are connected to this database here. Now, in order to actually access this database,
you'd have to assemble all the requirements. So you'd have to use this endpoint, you'd need
this port number, we need the database name, username, password, which we had set earlier.
And then you could use a traditional tool, maybe table plus or something to make a connection and
start using that database.
Okay. But, you know, for our purposes, it was just a matter of showing
how easy it is to create a database here. And so now that we have created our own database, let's
go ahead and just destroy that database. Okay. And so I'm going to go ahead here, and I just
have to type in, delete me. Okay, and that's RDS for you. So this will just delete here, I'm just
gonna hit refresh. And we're totally good here, I'm just gonna go back to the management. So we're
gonna take a look at a with lambda here and see how to run a lambda function. So what I want you
to do is go to the top here to services and just type in a lambda.
And we'll make our way over to
the lambda console. And once we're in here, I want you to go ahead and create a new function. And we
are going to author one from scratch. So I'm just gonna say a my lambda, okay, and we have a bunch
of different runtimes that we can choose here, we have no GS, etc, I'm gonna choose Ruby, because
that's my language of choice, we're going to drop down here, and we are going to have it create
us a new role with basic lambda permissions so that it can write to cloud watch logs, and we're
going to go ahead and create that function.
Okay, great. So that function has now been set up
here for us. And if we just scroll down here, you can see that we have this nice little inline
editor that allows us to work on our function, okay. And so the big benefit of lambda, it's,
you don't have to worry about the the servers, you just write your code, and it will run. The
trade off here is though, that these only run for a small amount of time.
So lamda can only run for
up to 15 minutes, but generally they're they only run for one second or less. That's definitely how
they're used. Let's go ahead here. And let's just put a puts in here. So I can just say hello world,
just so we can see that our lambda works. And what we can do here is we can go up and make a test.
So I'm just gonna go ahead here and make a test. And we already have one here called hello world.
And I'm just going to type this in again, hello, world. Here, oh, maybe I have to do this. And I'm
just gonna hit Create there.
So now I have a test. And I'm just going to go ahead and hit test there.
And we can see that it succeeded. And we got a status code. So this is what it would return.
And if we were to go check the logging here, if we were to go to monitoring here, all right,
we should be able to see that that puts that we have there.
Okay, so we just click on this button
here, view logs in cloud watch. And we can see that lambda ran there. And you know, the reason I
don't have any output here is I forgot to hit Save there really finicky about that. And now if I hit
test, okay, it's worked. And now the output here actually has HelloWorld. Okay, so that's from the
logs. And if I go back here and give this a hard refresh here, okay, I might have to go back one
step here because now it's in this one up here, and we should have our, our puts, click the right
one. Maybe just says, oh, there it is.
Okay, so I've just been patient here, but it showed
up. So there you go. So you can see lambdas are pretty darn simple. And just going back here
up To the function lambdas get triggered from a variety of different services. So if you want
to add a trigger, you can go here and drop down and choose a service. So you could have it. So
anytime something is inserted into dynamodb, it would then trigger that lambda function or
from a variety of things. Okay, and there's even integration with third party, third party,
Amazon partners. Okay. So yeah, that's all we need to know for lambda. So we're going to take a
look at the ECP pricing model.
And there are four ways we can pay with EC two, we have on demand
spot, reserved and dedicated. And we're going to go through each section and see where each one
it makes sense. So we're going to take first a look at on demand pricing. And this is whenever
you launch an EC two instance, it's going to by default use on demand, and so on demand has no
upfront payment, and no long term commitment, you're only charged by the hour or by the minute
is going to vary based on ecsu instance type. And that's how the pricing is going to work. And you
might think, okay, what's the use case here? Well, on demand is for applications where the workload
is short term spike, you're unpredictable, when you have a new app for development, or you
want to just run an experiment, this is where on demand is going to be a good fit for you.
So we're taking a look at reserved instances, also known as r i, n, these are going to give you
the best long term savings.
And it's designed for applications that have steady state predictable
usage or require reserved capacity. So what you're doing is you're saying to AWS, you know, I'm gonna
make a commitment to you, and I'm gonna be using this over next period of time, and they're gonna
give you savings. Okay, so this reduced pricing is going to be based on three variables, we
have term class offerings, and payment options. And we'll walk through these things to see how
they all work. So for payment options, we have standard convertible and scheduled standard is
going to give us the greatest savings with 75%, reduced pricing. And this is compared to
obviously to on demand. The thing here though, is that you cannot change the ri attributes,
attributes being like instance type, right? So whatever you have, you're you're stuck with
Now, if you needed a bit more flexibility, because you might need to have more room to
grow in the future, you'd look at convertible, so the savings aren't going to be as great,
we're looking at up to 54%. But now you have the ability to let's say, change your instance
type to a larger size, you can't go smaller, but you can always go larger, and you're
going to have some flexibility there, then there's scheduled and this is when you need
to reserved instances for a specific time period. This could be the case where you always have a
workload that's predictable every single Friday for a couple hours.
And the idea is by telling
AWS that you're going to be doing out on schedule, they will give you savings there that's going to
vary. The other two things is term and payment options. So terms is how long are you willing
to commit one year or three year contract, the greater the terms, the greater the savings, and
you have payment options. So you have all upfront, partial upfront and no upfront, no friends, the
most interesting one, because you could say, you know, I'm going to use a server for a year, and
you and you'll just pay at the end of the month. And so that is a really good way of saving money.
Right off the bat, a lot of people don't seem to know that. So you know, mix those three together.
And that's going to change the the outcome there. And I do here have a graphic to show you that you
can select things and just show you how they would estimate the actual cost for you. A couple things
you want to know about reserved instances that can be shared between multiple accounts within a
single organization and unreserved, our eyes can be sold in the reserved instance marketplace.
if you do buy into one or through your contract, you're not fully out of luck, because you can
always try to resell it to somebody else who might want to use it. So there you go. So
now we're taking a look at Spa instances, and they have the opportunity to give you the
biggest savings with 90% discount compared to on demand pricing. There are some caveats, though. So
eight of us has all this unused compute capacity, so they want to maximize utility of their idle
It's no different than when a hotel offers discounts to fill vacant suites, or when a
plane offers discounts to fill vacant seats. Okay, so they're just easy to answer this is lying
around, it would be better to give people discounts then for them to do nothing. So the only
caveat though is that when you use spot instances, if another customer who wants to pay on demand
a higher price wants to use it and they need to give that capacity to that on demand user. This
instance can be terminated at any given time, okay? And that's going to be the trade off. So
just looking at termination termination conditions down below. instances can be terminated by Avis at
any time. If your instance is terminated by AWS, you don't get charged for the partial hour of
But if you were to terminate an instance, you will still be charged for any hour that it
ran. Okay, so there you go. That's the little caveat to it. Um, but what would you use spot
instances for if it can if these incidents could be interrupted anytime? Well, they're designed
for applications that have flexible Start and End Times or applications that are only feasible
at very low compute costs.
And so you can see, I pulled out the configuration graphic
when you make spot. So it's saying like, Is it for load balancing workloads, flexible
workloads, big data workloads are defined duration workloads. So you can see there is some
definitions as to what kind of utility you would have there. But there you are. So we're taking
a look at dedicated hosting, which is our most expensive option with EC two pricing models. And
it's designed to meet regulatory requirements when you have strict server bound licensing that won't
support multi tenancy or cloud deployments. So to really understand dedicated hosts, we need to
understand multi tenant versus single tenant. So whenever you launch an EC two instance, and
choosing on demand or or any of the other types beside dedicated hosts, it's multi tenant, meaning
you are sharing the same hardware as other AWS customers, and the only separation between you and
other customers is through virtualized isolation, which is software, okay, then you have single
tenant and this is when a single customer has dedicated hardware. And so customers are separated
through physical isolation.
All right. And so to just compare these two, I think of multi
tenant is like everyone living in an apartment, and single tenant is everyone living in a house.
Right? So, you know, why would we want to have our own dedicated hardware? Well, large enterprises
and organizations may have security concerns or obligations about sharing the same hardware with
other AWS customers. So it really just boils down to that with dedicated hosts. It comes in an on
demand flavor and a reserved flavor. Okay, so you can save up to 70%. But overall, dedicated hosts
is way more expensive than our other ACP pricing options. So we're on to the CPU pricing cheat
sheet. And this one is a two pager, but we'll make our way through it. So EC two has four pricing
models, we have on demand spot reserved instances, also known as RI and dedicated looking first at
on demand, it requires the least commitment from you.
It is low cost and flexible. You only pay
per hour. And the use cases here are for short term spiky, unpredictable workloads, or first time
applications, it's going to be ideal when you want workloads that cannot be interrupted, whereas
in spot, that's when you can have interruption and we'll get to that here shortly. So onto
reserved instances, you can save up to 75% off, it's gonna give you the best long term value.
The use case here are steady state or predictable usage. You can resell unused reserved instances
and the reserved instance marketplace the reduced pricing is going to be based off of these three
variables terms class offering and payment option. So for payment terms, we have a one year or
a three year contract.
With payment options, we can either pay all upfront, partial upfront
or no upfront. And we have three class offerings, we have standard convertible and scheduled. So for
standard we're gonna get up to 75% reduced pricing compared to on demand. But you cannot change those
ri attributes meaning like, if you want to change to a larger instance type, it's not going to be
possible, you're stuck with what you have. If you want a bit more flexibility we have convertible
where you can get up to 54% off, and you get that flexibility. As long as those ra attributes are
greater than or equal in value, you can change those values, then you have scheduled and this is
used. This is for reserved instances for specific time periods. So maybe you want to run something
once a week for a few hours. And the savings here are gonna vary. Now on to our last two pricing
models, we have spot pricing, which is up to 90% off, it's gonna give you the biggest savings.
What you're doing here is you're requesting spare computing capacity. So you know, as we said
earlier, it's like hotel rooms where they're just trying to fill the vacant suites.
If you are
if you're comfortable with flexible Start and End Times spot price is going to be good for you. The
use case here is if you can handle interruption, so servers randomly stopping and starting, it's a
very good use case is for non critical background jobs. instances can be terminated by ABS at any
time. If your instance is terminated by ATMs, you won't get charged for that partial hour
of usage. If you terminate that instance, you will be charged for any hour that it ran
in. Okay. And the last is dedicated hosting, it's the most expensive option and it's just
dedicated servers okay? And so it can be can be utilized and on demand or reserves you can save up
to 70% off.
And the use case here is when you need a guarantee of isolette hardware. So this is like
enterprise requirements. So there you go. made it all the way through ECP pricing. Alright, so there
are many AWS services that do not incur a cost and so these are free services. So for example I am,
which is used for creating users and groups and roles to access a different resources, creating
any of those components of IBM are not going to incur a cost.
So I am is essentially a free
service where you have these other services which are free, such as auto scaling cloud formation
Elastic Beanstalk everything in this blue box, but they can provision other AWS services,
which costs money. So, on the exam, I would not be surprised if you come across a question,
which kind of implies that cloudformation might incur a cost, but you just need to know that the
service itself is free, but it can provision other services. Okay, so I've highlighted in bold here,
two services, which I think would most likely show up on the exam. But I've given you more of a full
list of things that definitely do not cost money. So there you go. So each of us has four different
support plans to help you out when you need it. And when you first make an AWS account, you by
default are in the basic support plan. And this is going to give you access via email for billing and
account information. So let's say you aren't sure about the cost of something or you think that you
might have been overbilled or you are suspecting that you may be overbuild.
Because you might have
misconfigured, something, you have this available to you at all tiers. But yeah, that's the first
thing that you have access to. And so you just send them an email, and they'll help you resolve
that. Now, coming into the paid tiers, we're gonna start with developer starting at $20 USD,
and this is gonna give you access to technical support via email, okay, and generally, they will
reply within 24 hours. But they do allow you to choose the response time, like the nature of the
issue, which is going to determine how fast they reply. And so we have general guidance and system
impaired, okay. Now in the developer tier, it does not provide third party support. So let's say you
had a web application, whether it's Ruby on Rails, or Django or express GS and is running on an EC
two instance, AWS is going to help you with easy to instance, but they're not going to help you
with the actual third party part, which would be, you know, again, rails or Django and etc.
So, so you know, that's what's going to be limited to, going into the next year business was starts
at 100 USD, this is now where you're going to have access to chat and phone. And this is any time,
okay, so if you want to call them at 3am in the morning, you can or chat with them. And generally,
it might be a bit slower to connect with them, but they definitely will connect with you. And
you can work through your problems, okay. So the other advantage here is that now that you can
do chat and phone, you can also do screen sharing with them, so they can actually send you over a
link. And now they can see your screen, and they can work through the problem with you.
And this is
extremely useful and definitely makes the business here, something worth purchasing, especially if
you're running a production system. Okay, you're also going to get faster response times, in the
case of if you have a production system impaired or down. Okay, so this might be important to you.
And so also the business tier and enterprise here does support third party, okay, so on these tears,
they will make the best effort to try to help you through things that aren't database related to
solve your problem. Okay, so that is an additional bonus, they're now coming into the enterprise
account. This is the most expensive plan starting at 15,000 USD, it was previously 10,000. But it
was has increased that and this plan is special because you actually get to dedicated resources,
these nysa resources, I mean people and so you get a personal concierge and a Tam which stands for
technical account manager.
And also you have a new response time where they can respond within
15 minutes. In the case for a business critical system down. Okay. So um, there's that and then we
have advisor checks. Okay, so for advisor checks for the basic developer, we have seven, and then
for business enterprise, we get all checks. Do we have another section in this course here where
we covered trusted advisor so you can see what all those checks are. But for the exam, you're
going to need to know the difference. pricing for the different tiers, you're going to need to
know those response times the 2412 for one hour, 15 minutes, you need to know when are people
assigned your accountants only in the enterprise. You're going to need to know when third party
support is is there or not Yeah, so there you go. So here in this follow along, I want to show
you how you would go ahead and create a case, in AWS support, I am using the business support
And you can see that I have a bunch of different support cases, I definitely have a
lot on cloud front, because it's given us a lot of trouble. But anyway, let's work our way through
this and create a new case here. And then you're going to be presented with a type of case you
want to choose. So if you were on the basic tier, technical support would be grayed out, you'd
have access to both account a billing support and service limit increase.
So if I just click
here, you can see here, if I want to report a billing thing, I can choose the type. So I'd say
billing, I would choose the category. So I could say I have a question about the free tier. And
then you could specify the response time here, okay, Lord, I guess they call it the severity
and you'd write your subject description, you can attach up to three attachments there. And you
can only choose to talk to them via email. Okay, so we have chat and phone, but these are disabled.
But I think the real interesting thing to show you in support here is technical support. Okay? So
with technical support, this is where we're going to be able to ask technical questions about Ada
services. So if I wanted to drop something down, and we would type in a cloud front here, because
again, I say cloud front is something we spent a lot of time on. And then you choose the category.
And so now the category is going to narrow down based on the service.
And on the right hand side,
there are going to give you suggestions, okay, but we can go through here and say I'm having
an issue with caching, okay. And then you could choose the severity. So we'll just leave it
general. And then sometimes they ask you to provide additional information, it's optional,
but it's going to save them time to help you out, you'd have to go through your account to find
those values, it's going to change based on the service. And then down below, we can write in
whatever we want.
So I could say, I'm having issues with my distribution. Okay. My cash values
aren't showing up, aren't being served. Okay. And so you can choose the preferred contact here.
Now, this is very simple, you don't get any type of formatting or bolding. So you have to be a
bit creative to display that information. But you definitely want to try to create all the steps for
them to replicate it. Okay. And then down below, we have web chat or phone. So we'll give chat a
try here. Okay, and I'm just going to hit submit, and then we will we will get here is, um, a chat
window pop up there. Okay, and so we'll just wait here for a little bit. Well, I just wanted to give
you actually a better example here.
So I just left that window there and opened up a previous case I
had here on this one actually is with CloudFront, lambda edge. And so once you are chatting with
the cloud engineer, it will actually save all this within the case later on. So if you need to
read what you were talking about, that's going to be saved there later. If for whatever reason, the
cloud engineer cannot solve it, and they need to go off and try to replicate it or reach out to
someone else in the team, they will do so and then they will come back to you with the answer
And so they will provide that there. And that's what happened in the case here. Okay,
um, and generally, sometimes they will go out and actually bring back even more information for you
there. Okay. So you can even see that this cloud engineer had to go talk to the cloud formation
team to resolve this case here. So you definitely can really reach the experts within AWS to solve
your problem. So there you go. That's generally the follow along here in a nutshell, for crina
case, okay. So now we're taking a look at AWS marketplace, which is a curated digital catalog
with 1000s of software listings from independent software vendors, and allows you to easily find
by test and deploy software that already runs on AWS. So on the right hand side, there, you
can see we have a bunch of categories such as operating system security, machine learning, and
the idea is that you would click into one of those categories.
And now you have a bunch of products
that are being offered to you in the form of Amazon machine images, cloudformation, templates,
SAS offerings, laughs rules and a variety of more. And these products can either be free, or they
could have an associated charge, more likely the ladder and discharge will become part of your
AWS bill. And if you want to sell things yourself, there is a sales channel for ISVs and consulting
partners. So you definitely It cannot just be the one buying but also selling, okay. So in this fall
long, I want to show you the AWS marketplace and the things that you could possibly buy in here.
So just looking here, on the homepage, here, we have a bunch of categories where we can narrow
down the thing that we're looking for. Or we could choose a vendor, if we knew in particular, what we
want, you can see there's 1361 vendors. So there's quite a few here. Or if you want to determine
your pricing plans or delivery methods, okay, and then you have those popular categories,
which is a very easy way to start exploring, maybe we would be interested in machine learning.
So I'll go ahead and click there.
Okay. And now that we are in machine learning, we can see that
we have a variety of different offerings here. So let's say we wanted to do some deep learning.
with Python three and TensorFlow, I'm just going to click into here. And it's going to give
you an idea what kind of product we have here. I believe this is an Amazon machine image, I'm
just kind of trying to find where it says that, and right down there.
So we see that the delivery
methods is an Amazon machine image. So it's going to determine what that is. And we have a variety
of information here, such as the product overview, it'll do price estimating estimations based on the
easy to instance that you choose. And there can be useful information such as how to actually use
this. Okay, so yeah, so if you wanted to do that, I mean, you could create a subscription from
here. But generally, when you're launching Amazon machine images, you'd want to go ahead and launch
that with in the EC two, console there.
So let's hop our way over there and try to find something
in the marketplace. Okay. All right. So here I am in my AWS account, and I'm going to make my way
over to EC two. Okay. So a lot of times when you want to use a marketplace resource, generally,
you're going to launch it within the context of what service you're using. So there are laughs
rules that are sold in the marketplace. So when you're using laughs in the last console, you can
purchase them there. And when it's going to be an ami, it's going to be via EC two. Okay, so I
would just go ahead here and launch an instance. And as soon as I launch an instance here, or you
get to the option to choose to watch it instance, whatever it decides to load, we are going to be
presented with the AMI that we need to choose, okay.
Alright, so now we can choose our ami,
on the left hand side, you're going to see AWS marketplace. And so this is where it's going to
make it easy for us to choose a service there and subscribe to it. So if we wanted that machine
learning one, I think it was TensorFlow. Okay, so we typed TensorFlow there. I'm not quite
exactly the same one. But if we just wanted to launch one here, so here we have deep learning
ami, which is an Ubuntu image.
And it would have some kind of associated cost here. So I go
here and select it. Okay. And right away, it's going to show me the pricing here. I don't
see any additional costs, probably because this one is an AWS, deep learning ami, it probably
doesn't have any additional cost, but it does estimate that stuff out there. So maybe we'll
go back and actually choose something where I know there will definitely be a cost. Maybe we
try launching guacamole. Okay, so guacamole is a if you can spell it is a is a bastion, I'll
just type in Bastion, that's an easy way to find it. And so here's guacamole, it gives you a free
trial. And here you can see the pricing here. So you see 0.3 cents to 33 point 52 cents per hour.
And so I will just go ahead and select that, okay, and choose that ami and it can tell you that it
has a free instance. And then you'd hit continue, okay. And then you just launch your instance.
So based on this here, I'm restricted to that. So I'll just do a small here, and I'm just
going to go ahead and review and launch.
Okay, and this is definitely not part of the free
tier. So I'm going to definitely want to destroy this immediately after creating it, okay. But I
just want to show you how easy it is to create something from the aect marketplace here. Okay.
We'll just download that and launch that. Alright. And so now I actually have a subscription to that
market. Place service. Okay. So as is launching there usually doesn't take this long, but today,
it seems to be a bit slower. I want to show you the actual ABS marketplace subscription. So
when you start accumulating subscriptions, you can go to ABS marketplace subscriptions here
and see that apparently it's not supported in the Canada region. So we'll have to move over
to US East. That's not uncommon for AWS, because a lot of times with billing and other
They are only available in the US East region. But here you can see we have guacamole,
okay, it's saying trial ends in five days. And then I have over here a lamp certified by bitnami.
And it has no additional costs. So if you are using a bunch of things from the marketplace, and
you're trying to keep track of them, this is where you're going to find that information. Okay? So
I mean, that's pretty much all you need to know, for the ABS marketplace. And I'm just going to
make sure to shut down that instance, there, since I do actually not want to do anything with
Okay. But I just wanted to show you how easy it was to start subscribing to a resource there.
So I'm just going to go here and quickly shut down that instance there. So if you're following along,
you do the same. So I'll just go ahead here and terminate that instance. Okay. And there we go.
Hey, this is Angie brown from exam Pro. And we are looking at trusted advisor which advises
you on security, saving money performance, service limits and fault tolerance. The reason
I have that saving money in red is because we are looking at billing and pricing. Okay. And
for trusted advisor for every single account, you're going to get for free seven trust advisor
checks, if you have either business or enterprise support, you're going to get all trusted advisor
checks. And an easy way of thinking of what trusted advisor is, is think of it as an automated
checklist for best practices on AWS. So trusted advisor has five different categories where it can
advise you on and it has a checks.
And these are all the checks that are possible that are at the
paid tiers, okay, for the free tier, there's quite a few less, I honestly can't remember what they
are. So I'm not going to show them here to you. And we're just going to focus on the fullest here
going through each category. So first looking at cost optimization, where you're going to be able
to save money. The two most common ones where it will recommend you on is idle load balancers, and
on associate AIP. So for idle load balancers. So if you spin up an elastic load balancer, the
minimum cost per month is $15. Okay, but let's say you just don't happen to have any easy two
instances that are being balanced on there, it's going to say, hey, this load balancer is not doing
anything, maybe you should get rid of it to save some money. Another one is IPS. So that's elastic
IP addresses. Okay. And so the idea is that if you have an easy to instance, and you want to give it
a static IP, you can reserve an E I, II, II p from AWS.
But the thing is, is that it's not attached
to EC two and says it's associated, it costs you money, because AWS wants you to release that
that IP address so someone else can use it. So that's a recommendation that will make to you
looking at performance. Let's say we look at high utilization Amazon ECS instances. So for that one,
I believe that it's let's say you have a very high CPU usage on an on a CPU instance, it's going to
say, hey, maybe you should use a larger instance, okay, to get better performance out of this,
this machine here, okay? Now, for security, we have MFA on root account. And this is not
only trusted advisor tells you to do this, but so many other services tell you to do it,
because it's such a important security measure within your AWS account. Another thing could be
Iam access key rotation, so you have access keys that are used by users.
And it might suggest, hey,
it's time to rotate these out to make sure things stay secure. Okay, so looking at the last two
categories, we have fault tolerance and service limits. So for fault tolerance, it would recommend
that, let's say something for RDS backups, okay, so just to make sure that you have backups in
place, or have them turned on. So in the case that your database goes down, you can recover
it, okay. And then you have service limits, and there's none in particular chosen here. But
there are limitations on the certain amount of things that you can use enables allows you to
increase those limits. So it's just kind of like a safeguard for you to be less be allowed to go
beyond that, I guess a really good one would be SEO.
So SEO allows you to send out emails, and
probably by default, it caps you at like 5000 or 10,000 emails. And if you had to go beyond that,
you would ask for a service limit increase. Okay, so those are all the checks there and the five
categories to give you an idea of what trust advisor can help you with. So in this follow
along, I want to show you, the trusted advisor dashboard and how it makes recommendations to
you, and how you can keep up to date when it discovers new things. Okay, so here in this
exam pro account, we have business applied, so we have all the AWS advisor checks.
go take a look at cost optimization here. And you can see that we have things in green. So these
things are a Okay. And then you have things with warnings. And one thing we explored earlier was an
associate associated elastic IP addresses. If we expand there, it's going to show us that we have
one IP address and our US East region that's not currently associated with any running instance.
So this thing is costing us money, okay? So so then you'd have to go take action and go over to I
believe it's VPC, the VPC console and then just an associate that and you start saving money, okay.
And so we have that for a bunch of categories here.
If you wanted to download a report, I
believe you could go up here and download an XLS. Yep, that's an XLS there. So you can bring
that into Excel and look at that information. But the number one thing I'm going to show you
is preferences. And under preferences, you can actually set up email notifications on a weekly
basis. So you would just set those email addresses checkbox and save those preferences. And you would
get these notifications, anytime there would be a change, where it has recommendations for you, you
can take action on that. So that is all you really need to do for trusted advisors. So there you go.
So we're gonna take a look here at consolidating billing, which is a feature that is turned on by
default when you're using a service organizations and you have multiple member accounts. So you're
going to have one account, that's considered your master account within your organization.
you'll have all these member accounts underneath. And all of their billing information is going
to be sent to the master account, as well as the master account is going to be responsible for
paying the charges for all its member accounts. Okay, so it makes billing a very simple and
straightforward. And also, you'll be able to use cost explorer to visualize the usage of the
billing per account. So if you wanted to see all the expenses, just for the developer account, or
the data science science account or the security account, you're going to be able to segment that
data within cost Explorer. consolidate billing is offered at no additional cost, okay. And if
you do have a member account, and you have it, leave the organization that cost export data is
going to be no longer available. So just keep that in consideration. Okay. So another thing we want
to touch on about consolidating billing is volume discount.
So each of us has volume discounts for
many services. So what that means is, the more you use something, the more you are going to save
Okay, and so consolidate consolidated billing lets you take advantage of volume discounts,
because it's going to take the usage from multiple accounts and treated as one and then whatever
that surplus of from another account is going to end up in another bracket of lower discount. So
just to really illustrate this here, we have usage from two different accounts we have odos usage and
data's use, DAX is usage for data transfer, okay, instead of the data transfer is going to cost at
the first 10 terabytes 17 cents per gigabyte. And the next 40 gigabytes is going to be a 13 cents
per gigabyte. Okay? So if you were just paying for odos usage and daxue separately, which would
be unconsolidated, you could see that comes out to 2088 and 96 cents, okay.
But when you consolidate
the billing and group, the total usage, you're going to have that usage overflow into tier two,
which is where you're going to save that money, okay. And so now you can see the consolidated
billing, it's going to be $2,007.04. So we have roughly there about $80 worth of saving, okay, and
so, if you if those costs weren't consolidated, we wouldn't get those savings. So that's one
motivation for you to take your individual accounts and make sure they're in an organization.
Okay. Hey, this is Andrew Brown from exam Pro. And we are looking at AWS cost Explorer, which helps
you visualize, understand and manage your AWS cost and usage over time.
So with cost Explorer, if you
have multiple AWS accounts within an organization, all the costs will be consolidated into the master
accounts of cost Explorer is very good at giving, getting an overview of all your costs, no matter
what accounts they're in. Within Eva's cost Explorer, you have these things called reports,
okay? And Asus gives you a bunch of reports, by default that you can use. So if you need to
start breaking costs down based on services, or excetera, they're just one click away. And you
of course, can make your own reports. Within cost Explorer, it has a feature called forecasting,
which allows you to see future costs, so you can plan for the future or maybe make adjustments so
you can lower your bill.
Within cost explorer if you want to view the data monthly or daily, that
is an option that is available to you. And you get these nice graphs within class Explorer.
So you can group the information in a variety of different ways. You can see there's tons of
different ways and you can also filter based on a lot of options there. So if you want to filter
out very specific services or Yeah, very specific regions or based on tags, or maybe you just
want to look at one particular, like accounts, maybe you have a developer account, you just want
to see what they're spending, then you, you can use those filters to narrow that stuff down. All
right? Hey, this is Angie brown from exam Pro. And we are going to do a quick follow along here
in Eva's cost explorer here. Okay. And so here, I have an exam pro at ghost account, which has
some expenses within it. So hopefully, we will find some useful information here to look at as
an example, on how would you use cost Explorer.
So here I am on the home, right. So if I was to click
here, this is what we would see. And right away, we're going to get month by month today cost. So
here so far, we've spent $185, this month, and then it's forecasting $466.18, I do need to point
out that these forecasts, forecasted monthly costs can be misleading. So if you have a large spike,
or bill at the start of a month, because you might have large services, so like you're paying for EDA
support, or you're registering domains, like one time fixed costs, this value here can be extremely
So next month, I'm not paying $466. I definitely know that. But you know, just be aware
of that, if you see that it might shock you. Okay, so just to start looking at information, we
go to explore costs, okay. And right away, now we have our nice graph here. And it allows us
to now filter this data however we want. So here we have that group by and so the most convenient
one is generally by service, okay. And so what you'll get is a stacked bar graph here, which
will break down service costs. Now, it doesn't always show everything.
As you can see, here, we
have our business support RDS, some other EC two instances that are probably managed by AWS, maybe
ECS or something, then we have kinesis analytics, and then we have others, okay, so you don't get a
full picture there. But they do have a cost listed down below, you can download the CSV and work with
this raw data here. Okay, and you could break this down monthly, so I can go to monthly here. Okay,
and then this will just change the graph. So now it's a monthly breakdown. And you can change the
scope of how far you want to go back there. Okay. But we'll just go back there and change it to
daily. And apparently, we have some other options here. So if you don't, like stacked and you like
line graphs, you can have that or if you'd like bars, okay, but stack stack is my preference
And then on the right hand side, we have filters. So if you want to start
filtering, it might look like this is grayed out, but what you do is you actually click here, okay,
and so then I could type something like register, okay. If I can remember how to spell it, there we
go. And that's for registering domains on Route 53. And if I just apply that filter there, you can
see I have one class there, okay. And there's tons of different filters in here, okay, tons and tons.
But like, the one that you'll notice the most is like linked accounts.
So if you wanted to filter
out for like a developer account, like a discount, or something like a variety of different accounts,
you can do that to figure out the exact costs of particular teams. Okay, and so that's that there.
Now, just to show you those reports, there are those default reports here, if you go on the left
hand side here, we can go to save reports. Okay, and so here are a bunch of them there, and you
can get an idea of what's inside of them. Okay. But yeah, you basically would just create whatever
configuration you want, oops, I went into reserved utilization there. I don't care about that. But
yeah, whatever, whatever filters you want, you just go ahead and make any report. You go cost and
usage, okay. And from there, once you pick, choose your configuration, you hit save, and you can have
this report for later. Okay, so if you really want to monitor, like CloudFront. So CloudFront is
something that we heavily use that exam Pro, and it can fluctuate based on how many people are
consuming videos on our platform, we might want to just create a report for CloudFront.
yeah, there you go. Hey, this is Angie brown from exam Pro. And we are looking at AWS budgets, which
is a service that helps you plan service usage, service costs and instance reservations. I like
to think of it as billing alarms on steroids. And when you use AWS budgets, each budget costs
about two cents per day. Okay, and you have up to a limit of 20,000 budgets, but the first two
budgets are free of charge. So if you have any adverse account, you definitely want to go ahead
and create yourself a couple of budgets. Okay. All right. So we're looking at his budgets here,
a little bit more detail. And so the idea here is that you can set up alerts if you exceed or are
approaching your defined budget. There are three types of budgets you can create. You have cost
usage and reservation, okay, so costs is where you're just plugging in $1 amount There, okay?
For usage, it's going to be based on a usage unit. So you could choose something such as EC to
running hours. And then you're going to use supply whatever the unit is.
So that's going to be ours
in this case. So here I've supplied 100. And you can track budgets based on monthly, quarterly
or yearly levels, okay? And so just if you set it for a year, then that alert is really going
to be designed to be delivered at the end of the year. Okay. So for reservations, that is for
reserved instances, and it is budget supports, etc, to redshift or RDS and elastic cash,
okay? Now, when you are defining your budgets, you can define them based on a fixed cost, or you
can plan planning upfront based on your chosen level. So you could say for, for each, so for next
six months, you could say for this month, I want to spend this and for this month, I want to spend
that etc, etc.
Okay, and if it was quarterly, you could say what you want those budgets to be
for those quarters. Okay. You can also easily manage Eva's budgets via the dashboard. And they
also have an API. So if you need to do something programmatic, you can definitely do something
there. And normally, you'd get notified by email, but you could also have the notification
sent to chatbot. Okay, so for chatbot, that is a newer service for AWS integrates
with common services such as slack or chime, so those could, your budget information will be
pushed out to there, okay.
Hey, this is Angie brown from exam Pro, and we are going to look at
Avis budgets in this follow along and learn how to set our own budget. So we'll go ahead here and
create our our budget here. Alright, and so we're gonna be presented with either a cost budget,
or usage budget, or a reservation budget. So I'm going to choose cost. And we're going to set your
budget. And so they give you a suggestion, like monthly easy to budget, okay. And I could just say
all my costs, so overall, overall costs, okay. And then we can choose the period. So monthly seems
good to me, but you have monthly, quarterly and annually here, alright, you can have a recurring
budget or expiring we want this for every single month. And then you can choose your budget amount.
So we have a fixed or a monthly budget planning, this is a little bit more complicated.
So I guess
if you're a startup and you assumed your costs were going up, you'd want to fill this go up and
up and up. Or if you were a seasonal business, and you assume your budget would change based on
the demand, it would definitely make sense to a set monthly budget planning, okay, but we'll go
back to fixed here and we can just have a cost, you can see it shows my last month cost was $126.
Let's just say I wanted my cost to always be $100 per month, it will draw this line here and give
me an idea of whether I'm over or under, okay, and we could filter services. So if I wanted to
go here, I could just choose EC two, okay.
And I'm just going to look for EC two, I'm not sure why
I didn't show up in search ghosts already. Yes, instead, because that was a bit easier to find
here. So apply filter. So but just an idea to show you just how that works there. Okay, and I'm just
going to remove that filter there. If I figured that out, there we are. Okay, and we'll just apply
that filter again. And we do have some advanced options there.
But everything seems pretty good.
So I'm just going to go ahead and configure alerts. Okay, and so you can get alerted if you're
if you go over the budget, so you can get it based on the actual cost or forecasted, I would get so
many emails, if I or at least I'd always get a email if I had forecasted because forecasts within
my account are always spiked, okay, but here, you could set the alert threshold. So when you're
approaching that budget, so let's say you're 80% On the way there, it should send you an email,
and then you'd add your contact here. So I could just say Andrew at exam pro.co. Okay, um, maybe I
did that button.
Yeah, just the one there. Okay, and you could also notify via Amazon SNS so if you
already have a topic Arn, you could provide that there. But apparently, you do not have to do that
here, which is kind of nice. But apparently they have a new feature, which is the chat bot. So I
suppose if you're using Slack, you could integrate that alert there. So nothing super exciting there.
But yeah, so if you were using Slack, or I'm sure it integrates with AWS version of slack, which is
called chime in, there's probably another service there. So that's kind of interesting there.
we'll go ahead and we will confirm our budget. We're going to get an overview of that. And we'll
go ahead and create that budget. Okay. And so now we have this budget, and we just have to wait some
time before we can actually see some information here. But generally what would happen is it will
Oh, here we go. I just did a refresh there. So it showed my budgeted my forecasted the current
versus budgeted and then the forecast. Okay, so yeah, there you go. That is a budget. So I
just wanted to show you that the email here came through for those budgets and just what it looks
So here, you can see that it says that I exceeded the amount of $80. So when we entered in
that 80%, it calculated the dollar amount for us there. It just shows us that information. Okay,
so there you go. That's all you need to know for those budgets. Hey, this is Angie brown from exam
Pro. And we are looking at the decio calculator, which stands for the total cost of ownership. And
this allows you to estimate how much you would save when moving to a dress from on premise. So it
provides you a detailed set of reports that can be used in executive presentations, the tool is built
on underlying calculation models that generate fair assessments of value that you can achieve
given the data provided, okay? And the TCL helps by reducing the need need to invest in large
capital expenditures. Of course, this tool is for approximation purposes only. So it's really a
persuasion tool to use for at the executive level, okay.
But the idea is that you just launch the
TCL calculator, you describe your environment, you're going to get a three years summary of
cost comparisons, and then you can download that detailed report, okay. All right, so we're going
to take a look at the total cost of ownership calculator here. So just Google and find your way
to the TCL calculator on AWS, when you arrive, this page, you know, you're in the right place,
and you're gonna be looking for this big yellow button. Now, it does take sometimes quite a bit
of time for this to load. So I've already clicked that button and have it open here on a new tab.
Okay. And so you get here, and the idea is you choose your currency, we're gonna stay with us
dollars. And you can choose whether you're on a premise or colocation, we're gonna say on prem.
And you can decide whether they are physical servers or virtual machines, you can see some
options there. And now you're going to go ahead and fill some stuff in here.
So let's see if I can
figure something out here. That is a good example. So maybe you'd have a non database server. So you
have your own web application. Okay. And let's say it is using whoops, it is using the number of VMs,
you have six running, and each have, I don't know, eight cores, and you're using that's 1024242048
amount of memory, oh, that's gigabytes. That's too high, we'll just say eight gigabytes there.
Okay, we can choose the hypervisor, the OS there, I'm going to add another row here. And we'll
choose a database this time, and we'll just say Postgres here, okay. We'll say Postgres. And
maybe we don't have as many Postgres servers running here. So we'll say two, and we will say,
four cores. And we will say, have four gigabytes of memory here.
And that's running on VMware. And
then we can choose storage here. So we have some storage here. I guess we could just put something
in here. So we could say, we'd have 500 gigabytes, maybe 500 gigabytes of storage. Okay. And so now
that we have all those things, we're going to go ahead and hit Calculate the TCL. And we are just
going to wait here for this report to generate all right. All right. So after a little wait
there, we can see this report has generated and we have a comparison between on prem and AWS. And
it's saying that we could save up to 70% a year, which would give us a total savings of $200,000
over the course of three years. Okay, so here, we get a cost breakdown, and we get the total
cost of ownership there. So we have the server, the storage, the network, and now we have this
additional cost, which is it labor, okay, because this is, in the case that you have on prem, you're
gonna have to hire it to manage the infrastructure on AWS, it's, it's taken care of for you, okay,
so you're not paying for that cost.
And then it shows you your on prem environment, and then it
shows you the equivalent in AWS. So if you had if this is what you're using, this is what you'd
want to use on AWS. Okay. And then down below, we have some additional information, okay,
and then we have a cost breakdown. So it just compares those breakdowns for you. Okay, and then
we got other things here, like calculations. Oh, boy, that's a lot of stuff. methodology. Okay.
So a lot of stuff that you can use within a presentation to make the case to move to AWS.
Okay. And then up here, we can just download that report. Okay. And that would download it as a
Alright, but there you go. So that's the the TCL calculator. Hey, is Andrew Brown from exam
Pro, and we are looking at Ava's landing zone, which helps enterprises quickly set up a secure
Avis multi account. Now I have enterprises in red there because if you read them Marketing
page, it doesn't say that it's for enterprises, but it definitely is because from what I remember,
it has a very expensive upfront cost, okay, which but for enterprises would be a very little.
So it's not gonna be for the small to medium sized startups. But the purpose of Eva's landing zone is
to provide you with a baseline environment to get started with multi account architecture. So what
does that mean? Well, the idea is that you have these companies and at best recommends that you
run in multi account, but they don't know how best to the company itself doesn't know how best to set
up multi account and make sure it's secure.
And, and, and good for future growth. And so landing
zone is basically that setup for you. Okay. And the way this all works is through a service
account vending machine, also known as a VM, which automatically provisions and configures
new accounts via a service catalog template. And the way you're going to access these accounts
is going to be using single sign on. Okay, and so the environments here are customizable to allow
customers to implement their own account baselines through a landing zone configuration and update
pipeline. Okay, so now that we have an idea, let's go take a peek at the landing zone page.
we are on the Ava's landing zone marketing page, I just want to scroll down here for you. So I can
just show you that they have some architectural diagrams here to give you an idea what you are
getting with landing zone. So here it says the solution includes four counts, add on products can
be deployed using a service catalog. So when you get this you're going to get four accounts
are going to get this master account here, they're going to have a shared service account
log archive account and secret account. So when you are setting up your organization's you should
always have a login account and should also have a security accounts that are isolate from your other
accounts, because it's just good for for auditing purposes, okay, and so at best is giving you the
best setup possible by doing that for you.
All right. And so when you need additional accounts,
then you use that account vending machine, okay, and so that account vending machine will just
create new accounts for you. And so that's really all you need to know about a landing zone
that it is giving you a baseline environment, and then it's going to allow you to add additional
accounts that are going to be secure, with a lot of other good best practices baked into the Okay.
Hey, this is Angie brown from exam Pro, and we are looking at Ava's resource groups and tagging.
we've got two different things here. But they are strongly related. So we need to learn them both at
the same time. So tags are words or phrases that act as metadata for organizing your AWS resources.
And then you have resource groups are a collection of resources that share one or more tags. Okay,
and so the way you'd access those resource groups, is there's a drop down right beside services where
you get to create a group and manage your tags. Okay. So the whole purpose of resource groups is
to help you organize consolidate information based on your, your project, and the resources that you
use. And resource groups can display details about a group of resources based on metrics, alarms,
configuration settings, okay. And at any time, you can modify the settings of your resource groups to
change what a resources appear. Okay, so let's say you had a database server, and maybe an s3 bucket
and you wanted to group them all together, you'd give them all the same tag, and then you could
put them in a resource group.
And so that's the concept there. Okay. So in this follow along here,
I'm going to show you how to use resource groups and tagging. So we're going to spin up a couple of
servers, give them some tags, and associate those to a resource group see that they are in a group,
and then we'll turn down those servers. Okay, so what I want you to do is make your way to EC
two. So we'll go to services at the top here and type in EC two. Okay. And we'll just make our way
over to the EC two console. So once we are here, we'll have to go ahead and launch some instances.
So let's press the Big Blue Button.
Okay. And now that we're in here, I will just choose Amazon
Linux two, okay. And we'll stick with the micro tier because that is the free tier. And then we're
just going to set up two servers, okay. And we're going to go on to storage and pass onto storage
onto tags, and we're going to add a new tag and I'm going to call it project and I say tarok
nor okay tear rock nor, and that is a Star Trek reference. If you're wondering, okay, and we don't
have to worry about secure groups, we'll have to review and launch we're gonna hit launch here and
I'm going to drop down Percy without a key pair. We're not doing anything with these servers, just
tagging them okay. And so, they are launching, we're gonna go down to view instances in the right
hand side there and then they are launched. I'm just going to click on one of these, even though
there's a loading thing, you can still click the checkbox. And we're going to go to tags here just
so we can see our tag.
And then what I want you to do is ROP resource groups down here and I'm just
going to create a new group, I'm going to open a new tab to make my life a little bit easier
here. And we'll just wait for this to load. Okay, and so here, we are creating a new group. And we
need to choose our group types. So we have tag based and cloud formation stack based, so we're
going to be going with tag base today, okay, and so then we have our grouping criteria, this
is going to determine how things will be grouped. And so we can choose a resource type, but we'll
just leave it to all supported resource types, okay, so that allows it to be anything easy to
or anything, okay, and we will need to supply our tags. So going back over here, I just want to make
sure it's 100% the same, so I'm just going to copy and paste that there. So we got project, and
then we have tarok noer. Okay, and I'm just gonna hit Add.
And so now we have our criteria set up.
This is where we would see those group resources, we don't see any as of yet, okay, I'm just going
to click here to see what we see. Oh, sorry. So you hit that there. And now, those instances have
been found, and also the volumes the EBS volumes attached there also have the tag applied appears
to be, so we actually have four resources. And that's why and so I'm just going to type in tarok.
Nor here, okay.
And we have some options, here to tag the actual group here. That's not necessary,
we'll just hit Create group. Okay, and so now we have grouped resources, okay, so whenever we want
to look at our saved groups, okay, we can go here, we can see terok nor, and we can see all the
resources and then quickly click through to find other resources with those tags.
All right. And so now that we know how to create a resource group, let's actually go look at manage
tags, okay? Because this is a very convenient way to find resources. All right, based on tag, so
what we can do is we are, it's certain it adds the region that we're in, so we're in Ohio right
now. And we could choose the type of resource I'll say all resource types, and I'm gonna just
type in projects, see how it autocompletes there, and I can use tarok, nor Okay, I'm going to add,
I'm gonna hit Search resources, okay. And so what that has done for me is it's actually found them
all for me. And if I want to export them as a CSV, those resources I could do so. And I think I
have a checkbox here and go to Manage tags, selected resources, I can now remove the tag from
all these resources here, or add additional tags, okay, so I can go here and then say, Federation,
All right. And I believe, if I hit review and apply tags, it's going to go
now apply those tags to those four resources. So we go back to EC two instance here, we might have
to do a manual refresh up here. And so now we have an additional tag applied. If we wanted to remove
those on mass, it's going to be the same story, right? So we're gonna go to project we're going to
go to terok. Nor we're going to hit all resources here, search for those resources. And I can select
them all manage them, and remove that tag. Okay. So um, yeah, it's pretty darn straightforward.
think I actually removed our original tag there. So if I go back here and do a refresh, now we just
have Federation Starfleet. Okay. So, you know, that's as simple as it is. And there's tagging
found out throughout so many services within AWS. Okay. And I'm just going to go and shut down
these instances, because we are done with them. So we want to terminate them. And we want to say
yes, okay, and so that's all of our cleanup there. So there you go. Hey, this is Angie brown from
exam Pro. And we are looking at AWS quickstarts, which are pre built templates by Ava solution
architects, and Amos partners to help you deploy popular stacks on AWS.
And so the benefit here is
that it can reduce hundreds of manual procedures into just a few steps. Okay, so quickstart is
composed of three parts. So you're going to get a reference architecture for the deployment. So
it's going to be like an architectural diagram and description. And then the actual quickstart
itself is just a cloudformation template, and cloudformation templates are used for
provisioning multiple AWS resources.
So it's going to automate configured that deployment
for you. And it will have also a deployment guide explaining the architecture and implementation in
detail. Okay, so most quickstarts are reference deploy deployments enable you to spin up a fully
functional architecture in less than an hour. Okay, so you can get operational pretty quick with
these things. And on the right hand side there, you can see that I've cherry picked one out there
from onica and that's one is for setting up an IoT camera connector. Okay. So here I just wanted to
give you a quick tour of Eva's quickstarts just so you have an idea of what there is available to
And so on the left hand side we have a bunch of filtration options to choose Or to narrow
down some nice templates here for us. And on the right hand side, we already have some templates,
let's go into analytics here. And right away, we have a one here by Cambridge technology, which
automatically deploys a clickstream analytics environment for you. So that sounds pretty
cool. So if we just click into this actual quickstart here, what we're going to see
down below is that architectural diagram, I was talking about how we're like a bunch of
descriptions as to what it is doing, this stuff varies based on quickstart templates that don't
expect to see the same stuff everywhere.
But they'll generally give you instructions on how to
deploy, and then the costs or licenses involved. And so if we wanted to launch this, we go view
deployment guide details, maybe here. Okay. And, oh, we got a big white paper. So this one's a
bit different here. Sometimes, the buttons are a little more clear. Oh, yeah, here it is. So again,
this will vary based on each one. So I've never done this one before. But we'll say deploy into a
new VPC. Okay, and what that's going to do is set up that cloudformation template for you.
what I'm expecting anyway, so yep, there it is, it's going into cloudformation. Okay. And we're
not going to go through this whole process, I'm just showing you, at least to this stage, okay.
And so here, we have that template, we go next. And I'm just going to see if it asks us to provide
some information. So yeah, these a cloudformation template has a bunch of variables that you fill
in. So based on the Quickstart template you have, it's just going to have different options here.
As you can see, this one has a variety of options, but we would just fill that in, go next review and
launch and then it would spin up that clickstream for it. So there you go, that is a quickstart.
Hey, this is Andy brown from exam Pro. And we are looking at AWS cost and usage report. And this
is a service which will generate out a detailed spreadsheet enabling you to better analyze and
understand your AWS costs. So just as it says, you have a big button and you download a spreadsheet
and there you get a nice big breakdown, the report gets placed into an s3 bucket, you can
use Athena to turn that report into iqueryable database hour, or you can use quick sight to
visualize your billing data as graphs.
Okay, so you have a lot of options here to work with
this data. All right, but maybe you just want the spreadsheet. Okay. So that is Ava's cost usage
report. So in the following, I just want to show you how to use Amos costing usage report to get
that spreadsheet, okay. And so what you're gonna do is you're gonna go up the top right corner
here, you're gonna go to my billing dashboard, and you're going to make your way to the cost
of usage reports here on the left hand side, okay, and then once you get here, we're gonna
have a nice big blue button that we can press to create our reports, let's go ahead and do
that. So we're gonna need to give us a name. So we're gonna say my, my use cost and usage, okay.
And we can include additional resource IDs here, I'm gonna just hit next.
And then we need to
configure where it goes. So I'm going to create a new bucket. So I'm just gonna say, ESP for
exam Pro, cost and usage, okay. And it's going to put that in the US East. One region there.
Okay, I'll hit next. And we have this nice, big policy wants will say, save that, okay. And
then we can choose to what detail that we want. I'll leave it for hourly, that's totally fine. I
will say daily, that's probably more ideal there, we'll create a new version of support. And now for
easy integration, we do have those options there, Athena redshift and quick site, but we are just
going to leave this as be I'm gonna make a zip because I want to make my life really easy here.
Just because if I download to my local computer, I won't be able to unzip that with very little
effort here. I'm gonna hit next. And what we can do here is go hit review and complete. Okay,
and so now, it is going to deliver that. So in the next 24 hours, your first report will be delivered
to an Amazon s3 bucket you configured during this report creation.
So we're just going to have
to wait for this creation. And I will come back here and download it and show you that report.
Okay. All right. So it's been 24 hours, and I went over to my s3 buckets here, and I searched
for that bucket that I created. And then I just drilled down so if you just click through to that
bucket, okay, so I go into here, and then there's this folder that has no name, okay? And then you
go into the cost and usage. And then you go into here, then you're going to see another folder, you
click into there, and then we can get that CSV, zip.
Okay. So that's going to have a zip, which
contains a CSV file. And that's going to give us that raw data, which I've opened up here in Excel.
And so you can see there's a lot of data here and so it's up to you To make sense of this data, but
at least you can see you get all the raw data from cost and usage. And of course, I mean, the huge
advantage here is that you can integrate this into quick site and Athena to analyze it within AWS.
Okay. So there you go, that is a cost of usage. Hey, this is Angie brown from exam Pro, and we're
looking at organizations and accounts. So when you first sign up for AWS, you are creating a single
account. And that first user you're logging in, as is the root user. Okay, so just look over
here on this diagram, see where we have a master account. So just, let's pretend that this was the
account that we created, and we were logging is that root account user.
So what you can do is you
can promote your account into an organization. And so what that's going to allow you to do is it's
going to allow you to create multiple accounts within that organization. So now, that original
account is now a master account, and underneath it, you can create multiple accounts. Okay,
so why would you want to do this? Well, if you're an organization, you might want to, like,
isolate different departments within your company, and also to have fine tuned control over what they
have access to on mass. Okay, so the idea here is like, let's say you have a development team on one
side, and there's multiple accounts, you can put them within an organizational unit, and then use
a service control policy to apply rules about what services they can or cannot use on math.
So I mean, that's pretty much all there is to it. But I think this would be a lot more clear when we
do a quick follow along, okay. Hey, this is Angie brown from exam Pro. And in this follow along,
I'm going to show you how to use organizations and create some member accounts. Okay. So there are
two places where you can manage your organization. It's within the IM console here. So you just type
in Im to get to that console. But you can see here that it says organization is not in use, because
we have yet to create an organization. So what we'll have to do is in a new tab, we'll have to go
to the organization's console here, which is where I'm at currently. And we have this nice little
wizard here to get started. So I'm going to go ahead here and hit Create organization, it's
going to ask us to create an organization where we have all these features, or we could just have
one consolidated billing, we definitely want to create this one here.
So I'm gonna hit Create
organization. Great. And so here I have created organization. And you can see that it sent me an
email to finish verifying your master account, because the original account we have here has
now been turned into a master account. So I'm going to go ahead and just go confirm that email
here. So now I'm in my email here. And here's that verification email. So I'm just going to go
ahead and press that button. And now this has been verified. Okay, so I'm just going to close that
here. I'm just going to refresh. And you can see we are now verified, okay, and we can see, that's
our master account, I think it might be Yep, the star emphasizes that that is a master account. So
if I go back to Im console here and do a refresh, let's see if there's any kind of change.
there definitely is. So you can see that we have a root organization here. And then we have the exam
pro fresh account, which is the master account. So we can't create additional accounts. From here,
it's just more of an organizational structure, what we can do is go back to the organization's
console here, and do some organized organizing. So before I actually go ahead and create any
accounts, let's actually go look at some, some organizations are sorry to organize this
account. So we'll go to organize accounts. And so over here, this is where we'd see all of our
accounts. And we can create some organizational units.
So I'm going to create a new organizational
unit called developers. Okay. And so now I have that organizational unit, and there is some
way for me to set them in the tree. Actually, by default, it has already set it here. So we
already have that. Okay, so I suppose it already is associated to the root there. Okay, so now
what we'll want to do is we'll want to actually create an account under this organizational unit.
So let's go back to accounts here and let's make a new account. I'm going to create a new account
And I'm going to do Andrew plus fresh plus developer at exam pro.co. Here, okay, I just gotta
be here. And we'll just say Andrew Brown, okay, because every account has to have a unique, unique
email for the root account. And there is this Im role, I'm just gonna leave that blank and hit
Create. And what's that? What that is going to do? It's going to get us set up with a new account.
And so I'm just waiting here for this to send us an email to tell us that our account is ready.
Okay, so we'll just wait here for a little bit. Alright, so after waiting a few minutes here, I
got a new email saying my account is ready.
Okay. And just back in here, if you do a hard refresh
here, you'll see that the account is set up, you probably don't want to name the account
based on someone's name, I just inherently had put my name in there. Generally, you'd want
to name this developers or whatever the account is called here. But this account is now ready.
So how do we actually access this account? Well, the way you do it is you actually just log in as
the root user. So I'm going to just close this tab here. And I need to remember what this email is
here. So it's Andrew plus fresh plus developer. And we're just going to log out here and just sign
back in with this as the root user.
So what we'll do here is we'll just go ahead and go sign in
to console. And we're just going to provide that email there. And we're just going to hit next.
Okay, and what we're going to do is we're actually going to hit forgot password is the only way to
set up new accounts, you have to just reset the password. And so we have to enter into this code
by three by m, q q, that's really hard to see, but I think that's what it is. Okay, we'll try
this again, eight, seven, E, eight, y p. Great. And so now we're gonna get an email here. And so
we'll just wait for that email. Okay. All right. And so here is that email to reset her password.
So we just got to go ahead here and click this link here. Okay. And so now we're just going to
have to provide a new password, so I'm just going to fill something in there.
Okay, and so now our
password has been reset. Great. So now we'll just have to proceed to sign in here. So we'll just
put in that new password, and we should be in our new account. Great. And so now we are in with
within this new account. So it's not easy to get new accounts set up. And so I guess the next thing
is, we'll look at how we can organize this account with the organization. So we're gonna have to
log in and go back into the root account of our master account. Okay. So that's what I'm just
doing here. Okay. So I believe I called it fresh. And we will just supply that a password. Okay, and
so what we'll do here is we'll make our way over to organizations.
And we see we have our account
there. And so what we want to do is we want to add our account to an organizational unit. And so I'm
just going to see how we can do that if I remember how. So I'm just going to check boxes here. And
I believe over here, if we right click here, this account is currently in the route to move
this, choose the move account option. Okay, so I guess that's what we need to do here.
So we'll just click on move. And we'll just choose that to be in the developers route. And
so now, this account is under the developers organizational unit. Okay. So if we click in
there, we can see that account. So the reason you'd want to move things into organizational
units is so you can attach policies, okay. And service control policies.
And that's what they
are, helps you limit access to certain resources. So if we only wanted that account to only be
allowed to use EC two, that's what we can do. So we'd say only EC two, here as the policy name.
And then we'll just filter out what it is that we want to allow. So we'll say EC two, and then we
have to choose actions. So we'll say all Okay, and then we can move on to resources, I suppose,
specify the resource type EC to will say, all resources here, and then we'll hit add, and then
we'll move on to the conditions. And so we don't need to change any of this here. I'm pretty sure
I'm happy with that.
And we're going to say allow, so we're just going to allow access to all the
VC to Okay, so that way, everything else will be implicitly denied. So the only thing we'll have
access to is easy to and hopefully, the statement is valid. And we'll just go hit Create policy.
And now that we have our policy created here, which gives us only easy to access, we now you
can apply it to that organization, you have to do everything from the root. So you'd have to enable
service control policies so that you're allowed to use them. Okay. And so now that is enabled, and
I believe, if we go into developers, we should be able to set that policy. So I'll go here, and
I'm going to just choose attach. Okay, and I'm not sure if I can detach it, but let's give it a go.
Okay, and so now this one should only have access to EC two, and, but the root will still have
access to everything.
Okay. So there we go. So now that we have an idea how we can apply permissions
to accounts, let's actually go back to the other account and just go ahead and just shut it down or
terminate it because we're not going to be using This other account for anything, we don't want
to leave this other account laying around. Okay, so what we'll do is we will just log out here,
and I'm just going to log back into this other account. Okay, so I'm just proceeding to log into
that other account there. And I just got to type the password in here. Okay, great. So we're back
into our member account there. And we did say we were only allowed to launch EC two. So actually,
let's go ahead and try to just create something else just to see if our service control policies
working and right away, so you're not authorized to perform lambda. So our policy is working as
And I didn't mention this before, but every time you create an account, they all
have their own root account. Okay, so right now we are logged in as the root account into this
member account. And let's say you wanted to get rid of this account, you can actually suspend this
account. So let's go ahead and do that now. So I believe to suspend accounts, we have to go to up
up here, and we have to go to my account. Alright, so but there's only one problem here is the
fact that we don't actually have the ability to close our own account, because we don't have the
permission. So we're going to have to go back into our master account and give us better permissions
So we can actually go ahead and get rid of this account. So I'm just going to log out here,
we're gonna go back into our master account there. And we will make our way back to organizations
here. And so you might think that you could just remove the account here, but the problem with
that is that it would just leave the organization. And in order to leave the organization,
you'd have to attach a new credit card, and account wouldn't be would actually wouldn't
be deleted or suspended, you actually can't delete accounts in AWS, you can just suspend them, which
makes sure that no resources are being billed for within those accounts anymore. And that's what
we want to accomplish here.
So we're going to go back to our organization accounts here, right
click on developers, and we're going to go to service policies, and I'm going to attach the
full access and then detach on the EC two, and we're going to log out and go back into that
member account. Alright, so here we are going back into that member account. And we'll just do
was at Andrew plus exam Pro Plus developers. Oh, no, it's fresh, okay, fresh plus developers at
exam pro.co. Maybe it's just developer. There we go. We'll enter that password in. Okay, great. And
so now we should be able to get rid of our account here. So I'm going to go up and go to my account.
Okay. And so we do have some sensitive information here, which I have blocked out.
But within here,
we are going to go ahead and close our account. So we'll just do that. So what I did here is I
just scrolled all the way to the bottom, and you can see that we can close your account. And we
have a big long disclaimer about it. But again, the advantage here of closing our account, which
just suspends it is that it's going to ensure that we're not being billed for anything else within
our account. Okay, and I'm just going to go ahead here and say I understand for the three things
here and go ahead and close my account. And so this account has now been closed, and I can just
proceed to logging out here. So just scroll up and just log out and we'll go back into our master
account. Alright, and so now we'll just go ahead and log back into our master account and go just
check on the status of that organization. And we will just make our way back to organizations
here. And you can see now this is suspended. So this account is no longer active. Okay. And so
that's all there is to it.
Okay, so yeah, that's eight us organizations. And yeah, there is some,
some visibility there on organizations within the IM console, there's not a lot there to do, you can
just see the structure and look at service control policies. But just be aware that each of us is
developing that in Iam. Yeah, there you go. Hey, this is Andrew Brown from exam Pro. And we are
going to learn a bit about 80 of us networking here. So I have this nice big architectural
diagram. And we're gonna work our way through it. Okay. So the first thing you'll want
to do when you want to launch resources, you're going to have to choose a region to
launch them in. And so a region is a geographical location of your network.
So that could be US East
one, which is north Virginia, or maybe you would choose Canada Central, which is based in Montreal.
Once you've decided what region you want to launch resources in, you're going to need a VPC. And
a VPC stands for virtual private cloud. It is a logical isolated section of the cloud, where you
can launch at best resources. So it's just a slice of the ADA based network. Just for you. Okay, and
then once you have your VPC, you're going to want to subdivide it up into subnets. And so subnets
are logical partition of IP network into multiple smaller network segments. Okay, so you could have
public and private subnets. The difference between a public and a private subnet a public one is
generally accessible to the internet, whereas a private subnet is where it is not. Okay. So when
you have things that need to be super secure, are you going to put those in a private subnet?
And so subnets are defined within an availability zone. And an availability zone
is just a data center for your where you're going to launch your AWS resources. And those
azs are contained or are specific to specific regions. Okay. So now we have a region we have a
VPC, we have our subnets. And so we can go ahead and start launching resources into our subnets
here. So we could launch an EC two instance, or an RDS instance. But how are how is that EC two
instance going to reach the internet. So in order to do so we're going to need a gateway to the
internet. And that's where internet gateway comes into play. So it enables access to the internet,
you can think of it up as a door to the internet, from your VPC, outward, okay. But just having
internet gateway is not enough, because the subnet has to know how to reach that internet
gateway to reach the internet. And that's where route tables come in.
So route tables determine
where network traffic from your subnets are, are directed. So you'd create a a route in your
route table to say, hey, row table, go here and go out to the internet. Alright, now that we have
a way to the Internet, and we can launch resources into our subnets, what about security, and that's
where security groups and knackles are going to come in. So security groups is acts as a firewall
at the instance level. So here, you can see that we have an EC two instance in RDS, and they span
subnets. And we have a border drawn around it to say that the security group is protecting those
two instances. So that's how that works. And you have knackles and knackles is another form of
security, but it's at the subnet level. So it sits in front of subnets. And controls access in and
out of those. Okay, so I mean, those are the most important components of AWS networking, there's
definitely a lot more. So that's all we need to know for now.
Okay. Hey, this is Andrew Brown from
exam Pro, and we are looking at database services. And so you can see we have a variety of different
services, for databases on AWS. And for the actual exam, you probably just need to know Dynamo dB,
RDS, Aurora, and redshift. But when you're taking the exam, they might throw in these other ones to
just throw you off. And so by knowing all of them through process of elimination, you can determine
what the correct answer is. Okay. So I think it's going to be good for us to learn them all. And
so just starting at the top here with Dynamo dB, which is a no SQL key value database.
so I always like to say that it's Cassandra, like or Cassandra based, because I think
at one point it was, or at least is very similar to it. And so this is a very flattened
simple database, which can scale to millions of records. And we'll give you a guarantee of reads
and writes per second. Okay. So if you needed to say 200 reads per second, you just enter that
in and you'd get a guarantee of it. All right, moving on to document dB, which is a no SQL
document database that is MongoDB compatible. So if you need MongoDB, you're going to be using
document dB. Then we have RDS, which stands for the relational database service, okay. And it's
probably the most popular database on AWS, and the most commonly used and it supports multiple
So you can use MySQL, Postgres, Maria, db, Oracle, or Microsoft SQL Server, alright. And
it happens to have one other engine called Aurora. And so Aurora is really its own thing. And it
is a fully managed relational database, okay. And within it, you can choose to either run MySQL
or Postgres. And so because it's fully managed, it has a greater performance over the regular MySQL
Postgres RDS, and you're gonna see my school, it has a better performance of up to five times,
whereas Postgres has up to three times. Now, Aurora, again, is highly available and durable.
And so when it when you spin up, an aurora cluster is going to be running six copies of your
database across three availability zones. Okay, so with that, it definitely is more expensive
than using RDS.
But if you are an enterprise or you need that guarantee of availability and
durability, you're definitely going to want to use a worra. Now moving on to Aurora serverless.
It's pretty much the same thing as Aurora. With less features, but the huge advantage here is
that it's, it's way more inexpensive. So this is kind of like a relational database where it's on
a need B basis. Okay? So the idea is that you're only paying for when you're using it just like
kind of like a lambda, okay? And it's really good for development workloads or web apps that are not
frequently used. Or if you're using a serverless architecture, okay, so it makes it really easy
to connect lambdas to Aurora serverless. Now, moving on to Neptune. It is a managed graph
database. That's all you need to know. them. We're onto a redshift. So redshift is a columnar
store database. Okay, so instead of reading via rows, it reads via columns.
And so it's really,
really good. Working with a huge amount of data, where you need to generate maybe, like reports
or analytics, like a business intelligence tool, and it can handle petabytes worth of data. Okay,
so there's like 1000 terabytes in one petabyte. So that is x significant amount of data. Moving on
to elastic cache, it is a caching solution. So you can either choose to use the open source caching
databases here, Redis, or memcached. Okay, so if you need caching, that's going to be your choices
here. So there you go.
That's all the database services. Hey, this is Andrew Brown from exam
Pro. And we are looking at provisioning and so provisioning is just an easy way to set up a bunch
of AWS resources for you or your servers in an automated way. And this could be done via code, or
it could be done via a graphical user interface. Okay. And so AWS has a variety of different
services that can help us with provisioning. So let's just learn the difference between all
these services starting with Elastic Beanstalk. So Elastic Beanstalk is really good at deploying web
applications, where you don't have to think about the underlying infrastructure at all. So what
you're going to do is you're just going to prepare your code, you're going to upload it to Elastic
Beanstalk choose the container you want to use with the language of choice.
And it will more or
less work with very little to no configuration. So if you're using Ruby on Rails, you just choose the
Ruby container, upload your code, it would work. And you know, if you wanted to use Django, then
you just use the Python container, etc, etc. Okay, I like to think of Elastic Beanstalk as the
Heroku for AWS, if you've ever used Heroku, it's just a service where you not part of AWS, but you
just upload your code, and it just works. Okay, moving on to opsworks. opsworks is a configuration
management service. And it's going to help you the management help you with the configuration of
your instances, using either Chef or Puppet. So those are just two different tools, developer
tools that you can use to manually or sorry, programmatically set up a server. So for, for
chef, you're actually using Ruby, that's what it's written in. And so you would define these
things called recipes. And those recipes would go out and set up things on your actual easy to
server. So if you had to install dependencies, or pull the code or do a bunch of other stuff,
that's what those tools are going to do.
And officeworks also has a concept called layers.
So you can define your infrastructure as like three tier or two tier layers. And so you could
have like an application layer, a database layer and networking layer. And it just makes things
very clear. Okay. Moving on to cloud formation, cloud formation is infrastructure as code.
And so the idea here is that you are creating a JSON or yamo file, and what you're going
to do is you're going to define all of your AWS resources that you want to provision and
how exactly how you want to configure them, you're going to upload that template and then
it's going to set everything up for you in one go.
Okay, so cloudformation is an extremely
powerful provisioning tool. And so compared to opsworks opsworks, has some limitations as to what
it can do. So it can set up some things for you, but cloudformation can do anything pretty much
in AWS. Okay, so it is the most complex option, but it is also the most flexible option in our
provisioning tool set here. Moving on to Eva's quickstarts. These are just pre made packages,
which actually are just cloudformation templates. And they are created by AWS or with AWS third
party providers through the APN network, okay, and so, they are going to have these pre packaged
templates for a variety of different things. And we do cover quick sidebar. quickstart in more
detail here in this course. But the idea is like, let's say you wanted to get started with ml,
you'd go to the ML category, and there would be a bunch of premade configured cloudformation
templates and you just launched one.
Okay, so you'd have to take a look to see what there is
there. But it is a provisioning tool. Moving on to 80 of us marketplace, this is a digital catalog
of 1000s of software listings from independent software vendors, where you can find by test
and deploy software. Okay, and so, generally, you're gonna be using the marketplace to buy
managed EC two instances. So let's say you needed to set up a WordPress, you could go into the Ava's
marketplace and find an ami, for wit, WordPress, so one that is very popular is by bitnami. And
so the advantage here is that it's just pre configured for you. And maybe it has additional
security hardening. And so you would pay a monthly subscription to use that.
Okay, so those are all
of our provisioning options on AWS. Hey, this is Andrew Brown from exam Pro. And we are looking at
computing services on AWS, starting with geesey, which stands for elastic Compute Cloud. And you
can see that I've made a division there. And that's just to emphasize how important EC two is.
And the fact that basically, every service under the hood is using EC two. So no matter what you're
using, whether it's a lambda RDS, or redshift, they're all running on EC two instances, they're
just what might be abstracted away from you, because eight of us is managing those EC two
instances. Okay. And so what is EC two? Well, it's a highly configurable server, where you get
to choose your CPU, memory network and operating system. Okay, so now moving on to the other
computing services, we have ECS, which stands for elastic container service.
And this is basically
Docker as a service. So if you need to run micro services, or a, a dockerized, application, you're
going to be launching it on ECS. So with ECS, what you would do is you would just choose the
type of easy to instance you you want. And that easy to instance will come pre configured with
Docker running on it. And then it has a really nice interface, so that you would just define
your containers within something called a task or a service, and then you would just run them on
ECS. Okay, next on this list, you have fargate. And this is also for micro services.
And this is
kind of like the evolution of ECS. So, with ECS, you choose what easy to instance, you, you need
to use fargate, you don't choose easy to instance, you just would define your, your containers within
a task or service. And you would just tell them to run and AWS would just have it run, okay. And
so the difference here is that you aren't paying for the EC two instance, you're just paying
for the runtime and the CPU utilized. Okay, so it's kind of like lambdas, where you're
just paying for the time performed and the resources used. Okay, moving on to Eks, which is
Kubernetes as a service. And so if you've never heard of Kubernetes, it's becoming the de facto
standard for micro services within the industry. And so since it's so important, AWS has decided
that it needs to have a service to run Kubernetes and it's called Eks.
Okay, so it gives you all the
benefits of ECS. That allows you to run the open source Kubernetes. Okay. And again, this is just
for micro services, moving on to lambda lambda, lets you run serverless functions. So the idea
here is that it you just upload your code in the form of function, and it just runs, you don't have
to think about the servers, there's nothing to provision everything is taken care of for you.
And you are just paying for the compute time based on how long it runs. Okay, so that's all
there is with lambda. Okay, moving on to Elastic Beanstalk. And so Matt blastic, beanstalk is going
to orchestrate a various amounts of Eva services for you.
So the idea is it will set up up to s3,
SNS, cloudwatch RDS, load balancers, whatever you need to run your web application. And the idea
behind Elastic Beanstalk, it allows you to set up developer environments, that's what it's intended
for. It's not really for production use. So the idea is like, let's say you're a developer, and
you have a web app. And it's running on Ruby on Rails, or Django, or love rail, and you just want
to get it running. But you don't want to have to think about all the services you have to set up.
You just upload your code to Elastic Beanstalk, it would do the rest for you. So that's all there
is there to that service. And it really just is using EC two again, so it's just going to set up
EC two instances for you, but you just don't have to worry about it. Moving on to AWS batch.
batch, as the name implies for batch processing, so you can plan schedule and execute your batch
computing workloads across the full range of Eva's compute services and features. And so what it's
doing is it's just launching EC two instances for you using spot pricing so that you can save
a lot of money. So there you go, that is all the computing services, you need to know. Hey, this
is Angie brown and exam Pro. And on AWS, we have a variety of different storage services that are
available to us. So let's quickly go through them. So the first one on our list here is s3, which
stands for simple storage service. And it's an object store, I like to think of it as a hard
drive in the cloud, where I don't have to think about the actual hard drive, I can just upload
files, and I don't have to worry about running out of space, because there's unlimited space.
really is a no brainer, okay. And then you have s3 Glacier. And so it's like s3, but it's extremely
inexpensive. But the trade off here is that you have to be okay with waiting for several minutes
up to hours to access those files. And when you do access those files, there is a retrieval
cost. So it is a really good use case for large enterprises who have lots of sensitive data. But
they have to hold on to it for seven to 10 years, but they're very unlikely to actually ever look at
that data. Okay, so that's where s3 Glacier comes in. Then you have storage gateway. And so I like
to think of storage gateway as an extension of your on premise storage into the cloud. You could
also use storage gateway as a backup solution. So for your local storage, you would just back
it up onto s3 there. Okay. And so basically, storage gateway is a hybrid solution for on prem
to cloud for storage. And then you have EBS, which stands for elastic block store. And this is
essentially a virtual hard drive in the cloud that you can attach to EC two instances, and you get
to choose what kind of hard drive you want it to be.
Okay, so if you want it to be a solid state
drive, which are optimized for higher I ops and better throughput, or you could use an H HD, which
is going to be more inexpensive solution, okay. And then you have Fs, which stands for elastic
file store, and it is a file storage solution. So it's like having a file system that you're
able to mount to multiple EC two instances at the same time. Whereas with elastic block store,
you're only able to attach that to one EC two. So that is a huge advantage there. Okay. All right.
And so now we're looking at snowball, and it is a way of moving a lot of data around very
quickly from your on premise network into AWS, or vice versa.
So let's say you have terabytes
worth of data, uploading that directly to this would be extremely slow and painful. So what it
goes will do is you order a snowball, they'll send it to you, it's basically a computer in the form
of a suitcase with a lot of hard drives in it. And what you're going to do is you're going to quickly
load your data onto that snowball, and then it's going to be delivered to AWS directly into s3,
okay. And then we have snowball edge, which happens just to be like a snowball with additional
features, and more storage so that it actually can also process data as it's being inserted into the
snowball. Okay, and then on last on our list here is snowmobile, which is super cool. And it
allows you to move petabytes worth of data. So it's actually just a giant cargo container or
shipping container on a semi trailer truck. Okay, so it's basically like a data center on wheels.
So AWS will drive it to your on premise, location, and you're going to basically just hook up to
that, and you're going to move all of your data onto there, and then it's going to be driven back
to AWS and then loaded into s3.
So there you go, that is the storage services on AWS. Hey, this is
Andrew Brown from exam Pro, and we are looking at business centric services. So starting at the
top of our list here, we have Amazon Connect, which is a cloud based call center service, you
can set up in just a few clicks, and based on the same proven system used by amazon customer
service teams, okay. So what you can do with Amazon Connect is you can accept inbound, inbound
calls and dial outbound, you can record your calls and then store them into s3. So maybe you could
then run them for analysis maybe through Amazon comprehend or something like that. And you can
also set up workflows within Amazon Connect. So if you want to route a call based on a set of rules,
you can definitely do that there. Next on our list here is workspaces, which just boils down to
being a virtual Remote Desktop.
So secure managed services for provisioning either Windows or Linux
desktops in just a few minutes, which quickly scales up to 1000s of desktops. So you just would
have bring your own license and you'd be able to spin up a Windows 10 server that you can now log
in from the convenience of your AWS account. Okay, then we have worked docs, which is a content
creation collaboration service, easily create, edit and share content, save centrally AWS. So
this is a this is version of SharePoint, then you have chimes. So this is a service platform
for online meetings, video conferencing and business call business calling which elastically
scales to meet your capacity needs. So chime here is like, it's like having slack and also Skype.
Okay. Now we're on to work mail. And this is just managed business, emails, Contacts and Calendar
service, which supports for existing desktop and mobile email client applications.
So this is just
Gmail for but like on AWS, then you have pinpoint. So this is for marketing campaign management
systems, you can use for sending targeted emails, SMS push notifications, and voice messages. So
we actually use pinpoint here at exam pro to send out our campaign emails. So here, you can
import a bunch of contacts, create campaigns, and do like a B testing on your your emails. Okay,
so that's a useful tool there.
Then you have FCS simple email service. And this is a cloud based
email sending service doesn't a for marketers, and application developers who send marketing
notification in emails. So we just had mentioned pinpoint, which is for marketing campaign
management system. And this can send emails but FCS is more for like when you are building
your web application, and you want to send out emails from that application. So let's say you
had someone who registered on your platform, and you want to send them a confirmation email,
you send them out through FCS and FCS supports, HTML emails.
So there's another service called
SNS, which also can send emails, but that can only send plain text. So that's why ICS is more
designed for marketers because it has that HTML component. And last on our list is quick sight.
And this is a business intelligence service. And so the idea here is you can connect multiple data
sources and quickly visualize data in the form of graphs, little to no programming knowledge,
okay, so you can connect a data from s3, you're probably Aurora and RDS. And you just click
it. And then with a bunch of other clicks, you now have these beautiful graphs, okay. And I believe
that there's also like an ml component and quick site. So there's a lot of cool things you can do
there. And you can also share those visualizations in the form of dashboards to other people.
So there you go. Those are the business centric services. Hey, this is Andrew Brown from exam Pro,
and we are looking at enterprise integration. This is all about going hybrid, bringing your on prem
and your cannabis network together. Okay. So the first service we're gonna look at here is direct
connect. And this is a dedicated a gigabit network connection from your on premise to AWS. So imagine
having a direct fiber optic cable running straight to AWS. So it's a really good way of having low
latency and a dedicated connection. Okay. The next thing is VPN. So the idea here is that you can
establish a secure connection to your network. And we have two ways of doing this. We have site to
site VPN and client VPN. So site to site is when you are connecting on prem to your network, and
you have client VPN.
So imagine you have someone that works for you. Maybe they are maybe they work
from home and they have a laptop and you just want to connect them to your network. Okay, then you
have storage gateway. So this is a hybrid storage service that enables your on prem applications
to use Eva's Cloud Storage. I always think of it as extending your hard your on prem hard drives
onto AWS. So this can be also used for backing up and archiving, disaster recovery, cloud data
processing, storage tiering and migration. Okay, and then down below, we have Active Directory.
So we have a directory service for Microsoft Active Directory, also known as Eva's managed
And this enables your directory where workloads and Amos resources to use manage
Active Directory in the cloud. Alright, so I know that last one was pretty boring. But if you are
using Active Directory, there are definitely ways to integrate that on AWS. Hey, this is Daniel
brown from exam Pro. And we are looking at two logging services. Here we have cloud trail
and cloud watch, starting with cloud trail, it logs all API calls, generally via the SDK or
AWS COI between Ada services.
So this is a really good service to determine who we should blame for
something. So if you wanted to say who created this bucket, who spun up that expensive easy to
instance, who launched the sage maker notebook, that's where cloud trail is going to come
into play. And so some of the other use cases here is that we can use it to detect developer
misconfiguration, which we just talked about, but we could also use it to detect malicious
actors. So someone got into our account, cloud trail is going to maybe give us an idea
What is going on? And then we could also automate responses. So maybe every time someone created
a bucket, you wanted to trigger something. And so that is something that we could do maybe with
cloudwatch events using cloud trail. Okay. So now on to cloud watch. So Cloud watch is a collection
of multiple services. But generally, when people say cloudwatch, we're talking about cloud watch
logs. And all the other cloud watch services are really based off of logs.
Okay? So Cloud watch
logs is just a durable storage solution for your logs. And so logs could be performance data about
your database services, such as CPU utilization, memory, or network in, you could also store your
application logs here. So if you are running Ruby on Rails, you could send the logs there or nginx.
Just as that as well. Or let's say you're using lambda lambda, you would, you can put within your
functions, a lot of console log calls. And so that would then pass that on to cloud watch. And that
is just in itself, application logs for lambdas. Okay, and so moving on to the other cloud watch
services, we have metrics, and they represent a time ordered set of data points. And so you want
to think of cloudwatch metrics as a variable to monitor.
And if that's still confusing, just think
of it as like taking data from Cloud watch logs and turning it into a graph, okay, then you have a
cloud watch events. And this allows you to trigger an event based on a condition so when, when you
have logged data, or you can trigger based off of a metric, or other other kinds of rules. But like,
the most common thing you might use cloudwatch events for is, let's say, every hour, you want
to take a snapshot of your elastic block store, like the volume that is attached to your
server, you can do that with cloudwatch events, then you have cloud watch alarms, and these
trigger notifications based on a metric. And so you would specify a threshold and when that
threshold is breached, that alarm gets triggered, and then it would send you an email or a
text message however you specify, okay, then you have cloud watch dashboards. And this
just creates visualizations based off of metrics. So when I said earlier that metrics, you can think
of them as graphs, that's exactly what they are. And so you could take those graphs, and then put
them onto a dashboard.
So you could represent a lot of data at a glance. So there you go,
those are the two logging services in AWS. Hey, this is Andrew Brown from exam Pro, and we're
looking at know your initialisms. And so there's a lot of ad bus services and some other things that
are represented by these short form of initials. And the reason why it's good to know these is
that on the exam, if they were to just give you the full name of the service, it might give away
the answers. So they might use the initialized version. Okay, so if you had a question about
sending emails, and one of the options was sex, and you knew that he sued for email, that's a dead
giveaway of what the correct answer is, it's also just going to help you comprehend things a lot
faster, if every time you see auto scaling groups, you just think as G because in your mind, you're
going to read that a lot quicker.
Okay. So we do have a lot of initialisms here, and four services.
But there's also some things such as Tam, which is actually a type of person that gets assigned
your account. Or we have IoT, which is just a more generic tech technology term, which stands for
Internet of Things. Okay, so there just are a lot of things on here. And these are the most common
ones that I could think of. And so I figured, you know, you should study up on these and just
make sure you are familiar with them, okay. Hey, this is Andrew Brown from exam Pro. And we're
looking at the shared responsibility model. And this is going to deal with security of an in
the cloud. So when we're talking about customers, they are responsible for security in the cloud.
So what does that mean? Well, whatever data you put on AWS, you are responsible for it. So if you
do not secure it, that is your fault.
Or if you do not turn on monitoring services to monitor
sensitive data, that's going to be your fault as well. Or there's a variety of different Ada
services that you can use, and it's up to you to configure them. So if there is a misconfiguration,
that fault is going to be with you. Okay, so those are your responsibilities. Then we have AWS and so
AWS is has is responsible for the security of the cloud. So the hardware, the operations of managed
services, and the global infrastructure, okay, so all the things that you can't touch is what AWS
is responsible for. And so this is actually just a pared down version of the shared responsibility
model. The full one actually looks like this. Okay, and so you can just see that there's a
lot more information here. So for the customer, we got customer data platforms application
on As the network the fire configuration, client side dating encryption, server side
encryption network traffic protection, and on AWS we have software and hardware rights
over the software, you have your compute your storage, your database, your networking, if your
hardware you have an Davis global infrastructure, you have the regions and the edge locations.
so I mean, this is the full list, but really, you just need to remember, again, for the customer,
it's dating configuration for AWS, its global infrastructure and hardware. Okay. Hey, this is
Angie brown from exam Pro, and we are looking at ETS compliance program. So what is a compliance
program? It's a set of internal policies and procedures of a company to comply with laws, rules
and regulations or to uphold business reputation, okay. And so we have a bunch of these cool looking
badges. And the idea here is that if you need to conform to one of these compliance programs,
eatables has a big list of them. So it makes it easier for you to adopt cloud computing.
that I want to point out is HIPAA and PCI. So so for HIPAA that is the Health Insurance Portability
and Accountability Act of the United States, and is a legislative legislation that provides data
privacy and security provisions for safeguarding medical information. So if your hospital you're
going to want to be HIPAA compliant, okay? And then you have PCI DSS and so this is the Payment
Card Industry data security standard. So when you want to sell things online, and you need to handle
credit card information, you're going to want to be PCI compliant, okay? And there's a variety of
compliance programs, this is not the full list, but just to give you a taste of what that is,
okay? Alright, so I just hopped over here to the AWS website, because I just wanted to show you the
full range of compliance programs that AWS has, and if you had to find out if they had some kind
of compliance program, how to investigate that. So here I am, you can see we have a bunch of
different logos more than what I was showing you prior there.
And you can see that there are
offerings in multiple countries. So if we just scroll down here, you can see there's a lot for
the US. We even have some here for Canada, okay, which is where I am, Asia, Pacific Europe. Okay,
so there is a variety of things there. All right. Now, if you wanted to find a little bit more about
any of these certifications, if you just click into them, they'll tell you what it's for. And a
lot of additional information, okay. So there is a considerable amount of information here.
you do need to explore a bit more about compliance programs, definitely check this out. Now actually
getting access to the reports for how AWS meets those compliances is another story. And so
that's what we're going to look at next, which is at this artifact, okay? Hey, this is Andrew Brown
from exam Pro, and we are looking at a database artifact. And the purpose of this service is to
really help us determine whether a database is meeting a compliance program, because just because
they have the logo on their website, doesn't necessarily mean that they are compliant, you
need to prove that via a very long checklist and explain how you are meeting those, all those rules
within a compliance program. So if you wanted to get access to that, you actually have to go into
a bit of a roundabout way. And so 80 of us has made a service in order to generate out the report
that shows that they're compliant. So what you do is you would go into at this artifact, you would
choose the package, or artifact you're looking to get, it's going to generate out a PDF, and
then within that PDF, you have to click a link, which will then get you the actual files that
you that you are seeking.
Okay, so that's what Eva's artifact is, and I'm going to show you how
to generate an artifact and get to those files. Alright, so in this follow along here, I'm going
to show you how to use AWS artifacts so that you can get access to a compliance report. So what I
want you to do is go to the top here to services, and we will type in artifact, like remember how to
spell it here. We just type in art. There we go. And so now in artifact, we're going to get a huge
list of all the possible compliance programs that AWS has. And so what we'll do is we'll just look
for one so since I'm in Canada, let's look for the Canada GC partner package. And what you'll do
is you'll hit get this artifact, okay, and you'll be presented with a bunch of information. And what
we'll do is you should probably read it and then once you've read it, check that box there and say
accept and download and what that what's that that is going to do is it's going to download this PDF
So in order for you to access to files within this PDF, you're going to have to make
sure you have Adobe Acrobat Reader installed, because it will not work with any other reader.
If you're on a Mac like I'm on right now, if you open it up in preview, it's not going to allow you
to download those files. But I'm going to open up Adobe Acrobat, and we're going to give this a go.
Alright, so I have this document opened up here in Adobe Acrobat Reader. And it even tells you right
off the bat, open the artifact using Adobe Acrobat Reader. Other PDF readers are not supported.
So now that we have this open, what we have to do is follow the instructions. So this is click the
paperclip paperclip icon in the top left corner, so which is up here, okay, and then what it's
going to tell you is a double click the file you'd like to open. So there could be a variety
of different files in here. It could be PDFs, or csds, or excels. But we'll just go ahead and
just double click this one here. And so now we actually have access to even more content. So now
we have an XLS. So here, I guess it's just kind of a summary of what's going on. And then, within
this XLS file is the file that we're actually trying to get to. So we're gonna go ahead and open
this file. Okay. And here's that file open there. And so, you know, this is what we're looking
for, you can see it's a very long file. Okay, so the, these documents are gonna vary based
on each compliance program, because they're all different.
But this is that one. And this is
the file that you are trying to get to that proves that AWS is meeting this compliance program. So
there you go. Hey, this is Andrew Brown from exam Pro. And we are looking at Amazon inspector.
And the question we are asking here is how do we prove an EC two instance is harden? And so
to really understand that question, we need to know what a hardening is. And so hardening is
the act of eliminating as many security risks as possible. Okay. And so that is what Eva's
inspector is helping you do. So Avis inspector runs a security benchmark against specific EC two
So you choose which ones you want. And you can run a variety of security benchmarks.
Okay. And so it can run both a network and host assessment. So for network, it's checking to see
if you're, if any ports are open, and if they're reachable to the internet. And then the host is
actually checking the actual OS, and any of the applications there, based on the benchmark or
security best practices that you choose, okay. So the way inspector works is that it's going
to install the agent on your EC two instance, which just does this, I believe through a run
command, then it's going to run an assessment for your assessment target. And then it's going
to, then you get to review your findings and remediate those security issues. Okay. And so
one very popular security benchmark is the CIS, which stands for center of internet security. And
they have over 699 checks. And that's what we are going to be using through our follow along. So
let's get to that. Hey, this danger brown from exam Pro. And we are looking at AWS whap,
which stands for web application firewall, and it's going to protect us, or specifically our
web application from common web exploits.
Okay, so the idea here is you're going to write your
own rules that are either going to allow or deny traffic based on the contents of an HTTP request.
And if you didn't want to create your own rules, and you wanted to just use one from a trusted
Eva security partner, you could purchase one very cheaply in the at best laugh rules marketplace.
And so they call it a rule set, because it's a bunch of rules included. And generally, those rule
sets will protect you against the a wasp top 10, which are the most dangerous attacks for web
applications. And so whether it's SQL injection, or cross site scripting, or a host of other ones,
again, those rule sets are easy to purchase and protect you against everything. Now, in order to
use laugh, it has to be attached either in front of CloudFront, or an application load balancer.
And so there you go, that is all you need to know for a nervous laugh. Hey, this is Andrew Brown
from exam Pro.
And we are looking at AWS shield, which is a managed DDoS protection service that
safeguards applications running on AWS. So just to understand what the offering for the services, we
need to know what a DDoS attack is, which stands for distributed denial of service and this is
a malicious attempt to disrupt normal traffic by flooding a website with a large amount of fake
traffic, okay. And so, in order to use a shield, it's actually already turned on for you, and
it's given to all eight of us customers. at no additional charge at least the shield standard
is and So, in order to take advantage of shield, you just have to make sure that you are routing
your traffic through rough d3 or through cloud front. Okay? Now I said that there is a paid tier
and that is shield advanced. Okay, so for shield a standard, this is going to protect you against the
most common DDoS attacks, and it's already turned on automatically for you.
And it's available for
a lot of different database services. And then you have shield advanced, which cost $3,000 per
year and you have to pay that upfront, I believe are these you have to make the commitment to pay
that. And this is going to protect you against additional types of attacks, larger attacks,
more sophisticated attacks, okay, and it's also going to give you visibility into those attacks, I
believe you get like a dashboard. And you also get 24 seven access to some DDoS experts. For those
complex cases, I myself have experienced DDoS and have paid for such a services shield advanced,
so I can definitely understand the value there. And it's only available for a limited amount of
services. So it'd be for roughly three CloudFront lb their global accelerator and putting things in
front of or on to tip there.
Okay, so that's all there is there. And I probably will just go to the
website and just pull up the big comparison so we can take a quick look through it. Alright, so I've
hopped over here to the AWS website to give you a comparison between shield standard and shield
advance. And so as we saw earlier, shield standard is turned on for all AWS services, where shield
advanced, it's going to have the same coverages of standard but have additional functionality for
these specific AWS services. Okay, so if we just scroll down here, you see we have a nice large
comparison, the most important thing to note is that shield advance is for mitigating large, DDoS
So if someone is specifically targeting you, and sending a lot of traffic your way, you're
going to want to pay for shield advance. Okay? Another thing about shield advanced is that we get
that visibility reporting, so we're gonna get a lot more information as to the nature of these
attacks, we're going to have response team and support. So we're going to be able to talk to
people to work through that problem. And then we're also going to get DDoS cost protection,
okay, so this is going to make sure because we're getting a lot of traffic's going to be hitting
the servers that roughly three CloudFront EOB. And if you have a lot of traffic that would
cause you to spend a lot of money.
So AWS gives you these guarantees that you're not going
to be going overboard and cloths. Okay, so yeah, that's the stuff I wanted to highlight there for
advanced. Yeah, there we go. Hey, this is Andrew Brown from exam Pro. And we are looking at the
concept of penetration testing. And so it's pen testing for short. So what is pen testing? It's
an authorized simulated cyber attack on a computer system performed to evaluate the security of the
system. So the question here is, can you perform pen tests on AWS? And the answer is yes, there
are some limitations around it.
And there are some prohibited activities. But you can definitely
do pen testing on AWS, AWS. So there are eight services you are permitted to do pen testing on.
So you have you see two instances, Nat gateways and lbs, you have RDS, you have CloudFront, you
have Aurora, you have API gateway, you have Eva's lambda and lambda edge, you have lightsail
resources, which are just using a variety of other services underneath such as EC two, and
then you have Elastic Beanstalk. So those are the eight permitted services. And then you have
prohibited activities. So you definitely cannot perform DDoS attacks, you can't do port flooding,
you can't do protocol flooding, you can't do request flooding, anything of the flooding nature,
okay, and you cannot do DNS zone walking. So there's that now if there's something else that
you wanted to do, I need us to run a simulated cyber attack or test, you can submit a request to
AWS and they will reply up to seven days to say whether you are allowed to do so or not a year or
so ago pentesting wasn't allowed at all on AWS.
So they have definitely opened this up. So you can do
a lot more stuff here. And just be aware that yes, you can do pen testing on AWS. Hey, this is
Andrew Brown from exam Pro, and we are looking at Amazon guard duty and so the question I want
to pose to you is how do we detect if someone is attempting to gain access to our AWS account or
resources, and that's where Amazon guard duty is going to come into play. So guard duty is a threat
detection service that continuously monitors for malicious suspicious activity and unauthorized
behavior. It uses machine learning to analyze the following 80 plus logs so you have cloud trail
logs, your VPC flow logs and your DNS logs.
Okay, and it will alert you of findings which you can
automate an incident response via cloud watch events or with a third party services. And
just to add a bit of additional information, if you've ever heard of an IDS or an IPS, those
stands for intrusion detection systems and intrusion protection system. And that is a device
or software application that monitors and network or systems for malicious activity or policy
violations. So that's what Amazon guard duty is. It's an IDS IPS for AWS. Okay. Alright, so I just
wanted to quickly show you what findings look like in guard duty. So I have guardi turned on, and
I have a few EC two instances that are launched, which are just in public v PCs with with very
exposed security groups.
And you can see right away that people are already trying to SSH
brute force into my instances, because if you do have instances that are public facing with SSH,
where you do not restrict the IP to only your IP, you're very likely to see a brute force attacks.
But you can see here it describes what, what the finding is, and a bunch of additional information
about this attack here. So yeah, there you go. That's just a guard up there. Okay, this is Andrew
Brown from exam Pro. And we are looking at key management service, also known as kms. And it is
a managed service that makes it easy for you to create and control encryption keys used to encrypt
your data. And there's three things I want you to know about kms. And that is it's a multi tenant
HSM stands for hardware security module, and this is a piece of hardware that's at the AWS
data center. I mean, there's lots of them. But this piece of hardware is specifically designed
for storing keys within memory. So they're never written to disk. And that piece of hardware is
extremely secure. It's multi tenant in the sense that there's other customers that are utilizing
that same piece of hardware, and you all are virtually isolated from each other via software.
Okay. And the other two points I want you to know is that many Eva services integrate with kms
to encrypt your data with a simple checkbox. So in this screenshot here, we have RDS where we're
enabling encryption, and that is using kms. Okay, so a lot of services have that checkbox, and
then you just choose the key from kms.
And kms uses envelope encryption. Okay, and so envelope
encryption, we have an example down below, on the idea here is you might have a you have a key that
encrypts your data, but what is going to protect your data key from from being encrypted. Okay, so
that's what we're doing is that we're encrypting the key that we use to encrypt our data with
and that's why it's called envelope encryption. Because it's like putting your key within an
envelope so people can't see that key. Alright. And yeah, that is kms. Hey, this is Angie brown
from exam Pro. And we're looking at Amazon Macy, which is a fully managed service that continuously
monitors s3 data access activity for anomalies, and generates detailed alerts when it detects
risks of unauthorized access or inadvertently data leaks. So that was a very long sentence. So if you
weren't following along, I wasn't either.
So just to reiterate, Amazon may see it, the idea is here
is that you put data in your s3 bucket. And that data can be it could be sensitive data, such
as credit card numbers, or personally identify identifiable information, or it could be health
record information. And so what Amazon Macy does, using the power of machine learning, and also
analyzing your cloud trail logs, it's going to detect that sense of data and whether that data
has a risk of being compromised or exposed. Okay, so if you put a file full of credit cards in plain
text, and you upload it to your s3 bucket, Amazon is gonna say, Hey, we found some credit cards, and
it's plain text, you should probably I don't know, encrypt this and and archive it and make sure
nobody has access to it. Okay. So that's the role of Amazon Macy.
Now, Macy has a variety
of alerts. And this kind of gives you an idea, the kind of things that can detect so ransomware
someone trying to lock you out your data and make you pay for it privilege escalation for someone
trying to get access to stuff that they're not supposed to, at the entity enumeration somebody
that is trying to enumerate over the list of stuff that you have to figure out what they can
steal information loss, if you've lost data, credit credentials loss.
So if you have stored
credentials there, and they were lost. So there's a bunch of alerts that it can alert you on. The
other thing that it can do is it will identify your most at risk users, which could lead to
a compromise. Okay, so if you have someone on your team, and you know, they're just having very
poor practices and access to sensitive files very often, they're going to rank it based on this.
These badges, okay. And it's funny because you think bronze would be the worst user, but Platinum
is actually the worst user. So the nicer the badge is the worse this user is. You got to give them
that attention. Okay. But anyway, that is what Amazon may see is, Hey, this is Angie brown from
exam Pro, and we are looking at security groups versus a knackles. Okay, and so these are both
used to act as firewalls within your VPC. But the utility of these are slightly different. Okay, so
just knowing the difference here is a good thing to cover, especially when we are in the security
So looking at security groups, they act as a firewall at the instance level, whereas
knackles act as a firewall at the sub net level. So in that diagram, you can see that all those
instances are contained within a security group, and they can span multiple subnets. Whereas the
knackles sit in front of the subnets. And they're gonna control access in and out from subnets.
Okay. Now, security groups implicitly deny all traffic, and so you have to create allow rules
to get access to things.
Okay. And so that's both for inbound and outbound. Okay. So the
idea is that if you wanted to open up Port 22, so you could SSH into an instance, that's an allow
rule you'd create on that security group. Now, with knackles, you can allow an end deny rules,
okay. But the real utility here with knackles, is that you can block a specific IP address
known for abuse, okay? Because you can have deny rules. And you can say exactly, I want to
deny exactly this IP address. So the reason you can't do this with security groups is that because
implicitly denies everything in order for you to, to deny a single IP and allow everything else,
imagine all the IP addresses in the world, right, you'd have to create allow rules for everything
for those IP addresses, and just exclude that one IP address, which is like almost impossible.
So for knackles, the best use case here is again, block a specific IP address known for abuse.
so hopefully that helps you understand security groups, versus knackles. And that's all we need
to know here. Hey, this is Andrew Brown from exam Pro. And we are looking at a universal VPN, which
stands for virtual private network. And what this service does is it lets you establish a secure
and private tunnel from your network or device to the AWS global network. And so it comes in two
variations, we have site to site VPN and a client VPN. So what is the difference here, so for site
to site, this is where you securely connect on premises networks, or a branch office to your
AWS VPC. And then for the client VPN, this is where you securely connect users to AWS, or on
premise networks. Okay, so the idea here is that you are for site to site, you're connecting an
entire office, or network to AWS.
And the client is just like, imagine you have some employees, and
they have laptops, and they're, or they're working from home, and you want them to connect them to
the ADA bus network. That's what you're going to be using. So just know that you can do that.
And it is a private tunnel, and it is secure. And that there are these two variations here. Hey,
this is Andrew Brown from exam Pro. And we're doing a bit of variation study.
And we're going
to look at services that have cloud in the name because I want you to know that even though they
have similar names, they're completely different services. And I just don't want you to get mixed
up with these things. So we're going to learn about all the services that start with cloud
starting with cloud formation. cloud formation is infrastructure as code. And it sets up services
via templating scripts such as gamle, or Jason, it is used for provisioning lots of resources on
AWS. Okay, moving on to cloud trail, this is for logging all API calls between Ada services. So
I would say it's about who you can blame, okay, then on to CloudFront. CloudFront, is a content
distribution network creates a cached copy of your website and copies that content to servers located
near people trying to download your website, okay, it's going to be using edge locations to do
that. Then moving on to cloud watch, which is a collection of multiple services, okay. And so
starting with cloud watch logs, any custom data or log data, so memory usage, rails logs, or nginx
logs, then you have cloudwatch metrics.
And these are metrics that are based off of the logs. I like
to think of metrics as graphs, because that's how they're represented. So it's like your log data.
So like, if you want a memory usage graph over time, that's cloud watch metrics, okay? Then you
have cloud watch events. And this is triggers, triggers an event based on a condition. So
you could have a condition where every hour it takes a snapshot of the server, and these
can be based off of metrics or other log data, okay? Then you have cloud watch alarms, and
these trigger notifications based on metrics. Then you have cloud watch dashboard, and this
creates visualizations based on metrics. And the last one here on our list is cloud search. It
is a search engine, so Let's say you had an e commerce website and you wanted to add a search
bar to search across all products on your website. Unlike just or just like amazon.com, that's
what you would use, okay? Hey, this is Andrew Brown from exam Pro. And now I just want to cover
services that have connect in the name.
Alright, and so there are three services with Connect,
they are totally all unrelated. But let's learn a little bit about these three so we can distinguish
them. Okay, so the first on our list is direct connect. And it is a dedicated fiber optics
connection from your data center to AWS. So this is ideal for large enterprises that own their own
data center. And they need to have insanely fast connection directly to AWS. If you need to secure
these connections, you can also apply a VPN, it was VPN on top of direct connect. Okay,
next is Amazon Connect. And this is basically a call center in the cloud. So you get a toll free
number, it can accept inbound and outbound calls, and you can automate, automate like a phone system
within it. Last on our list here is media Connect, and it is the new version of elastic transcoder.
It converts videos to different video types. So if you have 1000 videos, and you need to transcode
them into different video formats, then, or if you had to apply like a watermark or insert in an
introduction video, this is what you would use, okay.
Hey, this is Andrew Brown from exam Pro,
I just quickly want to do a comparison between elastic transcoder and media convert the both
these services transcode videos. So it's a little bit confusing, but I'll just tell you a bit of the
story here. So elastic transcoder is the old way it was the first service that came out that could
transcode videos into streaming formats, and you have a video one format, and you want to turn it
into another format.
And so eight of us came up with another service called Eva's elemental media
convert. And it is the new way of transcoding videos. I don't know if they rebuilt it from
scratch. But it has the exact same use case except it has additional features that elastic transcoder
cannot do. So you can overlay images, you can insert video clips, you can do extracts for
caption data, it has a much more robust UI. So at one point, I believe that people were still using
elastic transcoder because it just had better integration with the AWS API, but I'm pretty sure
media convert has caught up. And anytime you're using elastic transcoder Avi bus is always
telling you Hey, go use media convert, okay, but elastic transcoder is still around, because
I'm sure they have customers that are pretty much used to it.
And these things are priced pretty
much the same. Okay, so you're not going to really save money by using elastic transcoder. But there
is a comparison for you. Hey, this is Andrew Brown from exam Pro. And I want to just do a quick match
up here of SNS versus Sq s, because these are easy services to get mixed up because they both have
something to do with messaging. And they both are used for application integration. So they connect
apps together. So let's look at SNS first so SNS, which stands for simple notification service it
uses using pub sub, which is publisher subscriber messaging model. And so with it, it passes along
messages, whereas with simple queue service, it is a messaging service, but it's all about queuing
up messages. Okay, and so simple notification service, it's just passing them along, whereas Sq
s you can get a guaranteed of delivery, okay.
Now going back to SNS, SNS sends notifications to
subscribers of topics via multiple protocols. So it can use HTTP email, it can also send it to
Sq s, you can also send text messages, and it can send to lambda, as well there which don't have
listed, okay, whereas simple queue service, you place messages in the queue and the and you have
applications pull the queue using the AWS SDK. All right back on the SNS. So SNS is generally used
for sending plain text emails, I really got to emphasize that because it cannot do HTML emails,
which is triggered via other AWS services.
So the best example is building alarm. So if you've
ever had a building alarm and it's been triggered, it's going to send you a plain text email. Okay,
so that's the exact use case there. SNS does have the ability to retry sending in the case for
HTTPS. So that's when you are sending web hooks, okay. So that there is some kind of retry
functionality there. Now moving over to SQL, so SQL can retain a message for up to 14 days. They
can send them in sequential order or in parallel, they can ensure only one message is sent, they can
ensure messages are delivered at least once. Okay, and so there's the comparison there and just the
last part here, so SNS is really good for web hooks. Simple internal emails are triggering
lambda functions, and we have Sq S is really good for delay tasks, and queuing up emails.
All right, if you needed a comparison of other similar services for SNS, if you've ever heard of
pusher or pub nub, that is basically what SNS is. And for Sq s, if you've ever heard of rabid mq
or sidekicks, that's what Sq S is, there you go, Hey, this is Andrew Brown from exam Pro, I want
to do a comparison here between inspector and trusted advisor, because both of these services
have a security component involved in them. And so they're easy to mix up.
Okay? So Amazon
inspector is designed to audit easy two instances. So you can audit a single instance or all the
instances within your region. And, and so it would run a script, which would then run against
a security checklist, and it will come back and report to you what checks have passed or failed.
So there is one very popular benchmark by the CIS, which will do 699 checks, okay. And the other
side, we have trusted advisor and trusted advisor doesn't generate PDF report, there probably is
a way to export a CSV or something. But it's not like something that is promoted with trusted
advisor. But it gives you a holistic view of recommendations across multiple service services
and best practices. And so it has a whole section on just security, okay, so it would tell you
something like, Hey, you should really enable MFA on your root account.
So inspector is really
just about EC two instances and and making them secure or hardened. And trusted advisor is all
about multiple services and security practices, okay. Hey, this is Andrew Brown from exam Pro,
I just want to quickly cover the three different types of load balancers. So you have an idea
of their use case. So before application, network load bouncer existed, all there was was
elastic load bouncer, and now it's been renamed to classic load balancer. And it basically does
the job of both application network load bouncer, but it has a way fewer features, and it works
slightly different. Okay, so classic load balancer does not use target groups. And it's
intended for applications that were built with the EC two classic network in mind, okay, so
generally, you do not want to launch a classic load balancer you, you still can, but you're
going to want to use application and network load balancer because they are specialized for their
individual use case.
So for the application loads, load balancer, it's working at layer seven,
layer seven is the application layer. So it's dealing with HTTP and HTTPS traffic. Okay. And so
if you're running a web application, this is what you're going to want to use. It has some advanced
routing rules. So it allows you to get more usability out of your load balancer. So prior to
this, if you needed a load bouncer for subdomain, you'd have to launch a load bouncer for each one.
But now you with routing rules, you can route all subdomains to the single load balancer and make
sure that it goes to the right instances that you want to target. Okay. And so with application load
balancer, you are able to attach a laugh. Laugh stands for web application firewall. And so since
its application load balancer and web application firewalls just for applications, it makes sense
why you would be able to attach it, okay.
Now, on to the network load balancer. This operates at
layer four, which is the transport layer, and it's dealing with IP protocol data. So this is where
you are dealing with TCP and TLS traffic where extreme performance is required. So think video
games think real time. So think about handling millions of requests per second will maintain
ultra low latency, okay. It's also optimized for sudden and volatile traffic patterns. So
that is another advantage there. Okay. And then all these load balancers, you can attach the
Amazon certification manager so you can apply SSL certificate so you have HTTPS traffic. Okay, so
there you go. Hey, this is Andrew Brown from exam Pro. I'm just gonna do a quick matchup of SNS vs
FCS. And so these two services are easy to confuse because they both send emails Okay, so let's learn
the difference. So SNS, which stands for simple notification service. It is really intended for
practical use cases and internal use cases when it comes to sending emails. All right. So with
SNS you can send notifications to subscribers of topics via multiple protocols, so we're not
just limited to email, but we have HTTP email, sq s SMS and we can also do lambdas.
on the other side, we have se s which stands for simple email service. And this is really utilize
for professional emails, marketing, emails, all right. And so it basically is a cloud based email
service. Have you ever heard of sendgrid that is what FCS is All right. So going back to SNS, SNS
is generally used for sending plain text emails, which is triggered via other Ada services. The
best example here is building alarms. Okay, so if you ever had a billing alarm, and it's
been triggered, it would send you an SMS plain text email. It's an ugly email, but it does the
job. Okay. over onto FCS FCS sends HTML emails, and can also send play up plaintext emails,
whereas SMS cannot do that. So SMS cannot send HTML email. So if you want something that's going
to look good, you're going to have to use sts sts can also receive inbound emails, SMS can create
email templates, you can use a custom domain name, or domain name for your email, and you can monitor
your email reputation. So there's a lot of other stuff that is going on there with SEO.
As you can
see, it's really optimized for emails. So yeah, there you go. So that is the comparison there.
Hey, this is Andrew Brown from exam Pro, I just want to do a quick comparison between
artifact and inspector. And the reason why is that they both compile up PDF reports. So
that is where some confusion can can happen. So I just want to clarify the difference between
these two services. So artifact is all about why should enterprise trust at West. So does
AWS meet specific compliance frameworks, such as sock or PCI? And inspector is all
about how do we know this easy to instance is secure? Can you prove it? And so it runs a
script that analyzes your EC two instance, and then generates out a PDF report telling you which
security checks have passed.
Okay, so that is the difference between these two services, but just be
aware that they both compile up PDFs. Hey, this is Andrew Brown from exam Pro. And I congratulate you
for making your way through the journey content. And so now all that's left to do is to do some
practice exam questions. And if you're scoring, all right, that means you're ready to go book
your exam, which I'll show you here in the next section shortly. Okay, so there you go.
So now it's time to book our exam. And it's always a bit of a trick to actually find where this page
is. So if you were to search at a certification and go here, alright, and then maybe go to the
training overview, and then click get started, it's going to take you to at bis dot training,
and this is where you're going to register to take the exam. So in the top right corner, we are
going to have to go ahead and go sign in. And I already have an account. So I'm just going to go
and login with my account there. So I'm just gonna hit sign in there. Okay, and we're just going
to have to provide our credentials here. So I'm just going to go ahead and fill mine in.
will see you on the other side and just show you the rest of it here. Alright, so now we are in the
training and certification portal. So at the top, we have a one stop training. And to get to booking
our exam, we got to go to certification here. And then we're going to have to go to our account.
And we're going to be using the certain metrics, third party service that actually manages the
certifications. So we're going to go to our certain metrics account here. And now we can go
ahead and schedule our exam. So we're going to schedule a new exam. And down below, we're going
to get a full list of exams here. So it used to just be psi. And so now they all have psi Pearson
VUE, these are just a network of training centers where you can actually go take and sit the exam,
for the CCP, you can actually take it from home now it's the only certification you can take from
home, it is a monitored exam.
But for the rest, they have to be done at a data center. And so I'm
just going to show you how to book it either with psi or a Pearson VUE here. And again, they have
different data centers. So if you do not find a data center in your area, I'll just go give
Pearson VUE a look so that you can actually go book that exam. So let's go take a look at
an exam. So maybe we will book the professional here. So I'm just going to open this in a tab and
open that in a tab and we're going to review how we can book it here through these two portals. So
let's take a look at psi, this is the one I'm most familiar with. Okay, because Pearson VUE wasn't
here the last time I checked, but so here you can see the duration and the confirmation number,
you want to definitely make sure you're taking the right exam. Sometimes there are similar exams like
the old ones, that will be in here. So just be 100%. Sure, before you go ahead and do that and go
and schedule your exam.
And so it's even telling you that there is more than one available here and
that's fine. So we'll just hit Continue. Okay. And then from here, we're going to wait here and we're
going to select our language, okay. And then we get to choose our data centers. So the idea is you
want to try to find a data center near you. So if I typed in Toronto here, so we'll get sitting
here like Toronto, I don't know why thinks I'm over here. And I'm just going to hit Toronto here.
And we're going to search for exam centers.
Okay, and then we are going to have a bunch of over
here. So the closest one in Toronto is up here. So I'm gonna click one. Alright, and it's going
to show me the available times that I can book. So there's not a lot of times this week, generally
you have to, it has to be like two, three days ahead. Every time I booked exam, it's never been
the next day. But here, we actually have one, it's going to vary based on the test center that you
have here. We're going to go ahead here and this one only lets you do Wednesdays and Thursdays.
if we had the Thursday here at 5pm, okay, and then we would choose that and we would continue. Okay,
and then we would hit Continue again. Alright, and so the booking has been created. And in order
to finalize that, we just have to pay that it is in USD dollars, okay. So you'd have to just go and
fill that out. And once that's filled out and you pay it, then you are ready to go sit that exam. So
that's how we do with psi and then we're gonna go take a look over at Pearson VUE. So I'm just gonna
go ahead and clear this, because I'm not serious about booking an exam right now. Okay, and we'll
go take a look how we do it with Pearson VUE. So here we are in the Pearson VUE section to book and
you first need to choose your preferred language. I'll choose English because that's what I'm most
And we're going to just hit next here. And the next thing it's going to show us is
the price and we will say schedule this exam. All right. And now we can proceed to scheduling. Okay,
so we'll just proceed to scheduling it's given me a lot of supervillains often Alright, okay,
hello, let's go. and here we can see locations in Toronto. Okay, so here are test centres. And
we do actually have a bit of variation here. So you can see there are some different offerings,
you might also see the same data center, so I can choose this one here.
Okay, and it lets you select
up to three to compare the availability. So sure, we will select three, and we will hit next. Okay,
we'll just wait a little bit here. All right. Okay. Hello, let's go. And now we are just going
to choose when we want to take that exam there. So we do have the three options to compare. And so
you know, just choose that 11 time, okay. And so then we would see that information, and we could
proceed to checkout. Hey, this is Andrew Brown from exam Pro, and we are at the end here. So I
hope you set your exam and you pass and when you do I definitely want to hear your feedback. I do
appreciate any kind of criticisms. You do have of the the course curriculum here of any regards
and definitely be sure to share with me your success on social media, whether it's LinkedIn,
Twitter, Instagram, I want to hear from you. Okay..