welcome to Simply learns AWS full course AWS or Amazon web services is the leading Cloud platform used by businesses of all sizes from startups to large operations one of the most exciting and in demand roles in this field is that of an AWS solution architect as a Solutions architect you will be responsible for Designing and managing Cloud solutions that drive businesses growth and success in 2024 the demand for aw solution architect is is booming and with that comes impressive salaries on average you could earn over $113,000 a year with even more potential as you gain experience if you are seeking a career that's both fulfilling and secure becoming an aw solution architect is a great choice this course will take you through the process step by step giving you the skills needed to excel in this field let's get started craving a career upgrade subscribe like and comment below dive into the link in the description to FasTrack your Ambitions whether you're making a switch or aiming higher simply learn has your back before we begin if you are interested in getting certified in Cloud check out Simply learns Cloud architect certification program build expertise in AWS Microsoft aure and gcp with our Cloud architect certification course plus we have included an exam voucher for any Azure course so you can get certified hasslefree gain access to offcial a BL authored self-learning content and mastered this ins and outs of cloud architectural principles the course link is mentioned in the description box and in the pin comment so let's get started meet Rob he runs an online shopping portal the portal started with a modest number of users but has recently been seeing a surge in the number of visitors on Black Friday and other holidays the portal saw so many visitors that the servers were unable to handle the traffic and crashed is there a way to improve performance without having to invest in a new server wondered rob a way to upscale or downscale capacity depending on the number of users visiting the website at any given point well there is Amazon web services one of the leaders in the cloud computing Market before we see how AWS can solve Rob's problem let's have a look at how AWS reached the position it is at now AWS was first introduced in 2002 as a means to provide tools and services to developers to incorporate features of amazon.com to their website in 2006 its first Cloud Services offering was introduced in 2016 AWS surpassed its 10 billion Revenue Target and now AWS offers more than 100 cloud services that span a wide range of domains thanks to this the AWS cloud service platform is now used by more than 45% of the global market now let's talk about what is AWS AWS or Amazon web service is a secure cloud computing platform that provides computing power database networking content storage and much more the platform also works with a PSU go pricing model which means you only pay for how much of the services offered by AWS you use some of the other advantages of AWS are security AWS provides a secure and durable platform that offers in to end privacy and security experience you can benefit from the infrastructure management practices born from Amazon's years of experience flexible it allows users to select the OS language database and other services easy to use users can host applications quickly and securely scalable depending on user requirements applications can be scaled up or down AWS provides a wide range of services across various domains what if Rob wanted to create an application for his online portal AWS provides compute services that can support the app development process from start to finish from developing deploying running to scaling the application up or down based on the requirements the popular Services include ec2 AWS Lambda Amazon light cell and elastic beant stock for storing website data Rob could use AWS storage services that would enable him to store access govern and analyze data to ensure that costs are reduced agility is improved and Innovation accelerated popular services within this domain include Amazon S3 EBS S3 Glacier and elastic file storage Rob can also store the user data in a database with aw Services which he can then optimize and manage popular services in this domain include Amazon RDS Dynamo DB and red shift if Rob's businesses took off and he wanted to separate his Cloud infrastructure or scale up his work requests and much more he would be able to do so with the networking Services provided by AWS some of the popular networking Services include Amazon VPC Amazon Route 53 and elastic load balancing other domains that AWS provides services in are analytics blockchain containers machine learning learning internet of things and so on and there you go that's AWS for you in a nutshell now before we're done let's have a look at a quiz which of these services are incorrectly matched one [Music] 2 3 4 we'll be pinning the question in the comment section comment below with your answer and stand a chance to win an Amazon voucher several companies around the world have found great success with AWS companies like Netflix twitch LinkedIn Facebook and BBC have taken advantage of the services offered by AWS to improve their business efficiency and thanks to their widespread usage AWS professionals are in high demand they're highly paid and earn up to more than $127,000 perom once your AWS certified you could be one of them too hello everyone let me introduce myself as Sam a multiplatform cloud architect and trainer and I'm so glad and I'm equally excited to talk and walk you through this session about what AWS is and talk to you about some services and offerings and about how companies get benefited by migrating their applications and infra into AWS so what's AWS let's talk about that now before that let's talk about how life was without any Cloud Prov and in this case how life was without AWS so let's walk back and picture how things were back in 2000 which is not so long ago but lot of changes lot of changes for better had happened since that time now back in 2000 a request for a new server is not an happy thing at all because lot of uh money lot of validations lot of planning are involved in getting a server online or up and running and even after we've finally got the server it's not all said and done there a lot of optimization that needs to be done on that server to make it worth it and get a good return on investment from that server and uh even after we have optimized for a good return on investment the work is still not done there will often be a frequent increase and decrease in the capacity and you know even news about our website getting popular and getting more hits It's still an bitter sweet experience because now I need to add more servers to the environment which means that it's going to cost me even more but thanks to the present day Cloud technology if the same situation were to happen today my new server it's almost ready and it's ready instantaneously and with the Swift tools and technologies that Amazon is providing u in provisioning my server instantaneously and adding any type of workload on top of it and making my storage and server secure you know creating a durable storage where data that I store in the cloud never gets lost with all that features Amazon has got our back so let's talk about what is AWS there are a lot of definitions for it but uh I'm going to put together a simple and a precise definition as much as possible now let me iron that out Cloud still runs on and Hardware all right and uh there are certain features in that infrastructure in that cloud infrastructure structure that makes cloud cloud or that makes AWS a cloud provider now we get all the services all the Technologies all the features and all the benefits that we get in our local data center like you know security and compute capacity and uh databases and in fact you know we get even more cool features like uh content caching in various global locations around the planet but again out of all the features the best part is that I get or we get everything on a pay as we go model the less I use the less I pay and the more I use the less I pay per unit very attractive isn't it right and that's not all the applications that we provision in AWS are very reliable because they run on an reliable infrastructure and it's very scalable because it runs on an on demand infrastructure and it's very flexible because of the design designs and because of the design options available for me in the cloud let's talk about how all this happened AWS was launched in 2002 after the Amazon we know as the online retail store wanted to sell their REM remaining or unused infrastructure as a service or as an offering for customers to buy and use it from them you know sell infrastructure as a service the idea sort of clicked and AWS launched their first product first product in 2006 that's like 4 years after the idea launch and in 2012 they held a big-sized customer even to GA inputs and concerns from customers and they were very dedicated in making those requests happen and that habit is still being followed it's still being followed as U reinvent by AWS and at 2015 Amazon announced its Revenue to be 4.6 billion and in 2015 through 2016 AWS launched products and services that helped migrate customer services into AWS well there were products even before but this is when a lot of focus was given on developing migrating services and in the same year that's in 2016 Amazon's revenue was 10 billion and not but not the least as we speak Amazon has more than 100 products and services available for customers and get benefited from all right let's talk about the uh services that are available in Amazon let's start with this product called S3 now S3 is a great tool for internet backup and it's it's the cheapest storage option in the object storage category and not only that the data that we put in S3 is retriable from the internet S3 is really cool and we have other products like migration and data collection and data transfer products and here we can not only collect data seamlessly but also in a realtime way monitor the data or analyze the data that's being received that there cool products like uh AWS data transfers available that helps achieve that and then we have products like uh ec2 elastic compute Cloud that's an resizable computer where we can anytime anytime alter the size of the computer based on the need or based on the forecast then we have SIMPLE notification services systems and tools available in Amazon to update us with notifications through email or through SMS now anything anything can be sent through email or through SMS if you use that service it could be alarms or uh it could be service notifications if you want stuff like that and then we have some security tools like KMS key management system which uses AES 256bit encryption to encrypt our data at rest then we have Lambda a service for which we pay only for the time in seconds seconds it takes to execute our code and uh we're not paying for the infrastructure here it's just the seconds the program is going to take to execute the code if it's a short program we'll be paying in milliseconds if it's a bit bigger program we'll be probably paying in uh 60 seconds or 120 seconds but that's lot cheap lot simple and lots cost effective as against paying for service on an odly basis which a lot of other services are well that's cheap but using Lambda is a lot cheaper than that and and then we have services like uh Route 53 at DNS service in the cloud now I do not have to maintain an DNS account somewhere else and my cloud environment with AWS I can get both in the same place all right let me talk to you about um how AWS makes life easier or how companies got benefited by using AWS as their it provider for their applications or for the infrastructure now unil is a company and um they had a problem right and they had a problem and they picked AWS as a solution to their problem right now this company was sort of spread across 190 countries and they were relying on a lot of digital marketing for promoting their products and their existing environment their legacy local environment proved not to support their changing it demands and they could not standardize their old environment now they chose to move part of their applications to AWS because they were not getting what they wanted in their local environment and since then you know roll outs were easy provisioning new applications became easy and even provisioning infrastructure became easy and they were able to do all that in push button scaling and uh needless to talk about uh backups that are safe and backups that can be securely accessed from the cloud as needed now that company is growing along with AWS because of their Swift speed in rolling out deployments and uh being able to access secure backups from various places and generate reports and in fact useful reports out of it that helps their business now on the same lines let me also talk to you about kogs and how they got benefited by using Amazon now kogs had a different problem it's one of its kind now their business model was very dependent on an INF that will help to analyze data really fast right because they were running promotions based on the anal aned data that they get so they being able to respond to the analyzed data as soon as possible was critical or vital in their environment and luckily sap running on Hannah environment is what they needed and uh you know they picked that service in the cloud and that sort of solve the problem now the company does not have to deal with maintaining their legacy infro and maintaining their heavy compute capacity and maintaining their database locally all that is now moved to the cloud or they are using Cloud as their it service provider and and now they have a greater and Powerful it environment that very much complement their business let me start the session with this scenario let's imagine how life would have been without Spotify for those who are hearing about Spotify for the first time uh Spotify is an online music service offering and it offers instant access to over 16 million licensed songs Spotify now uses AWS Cloud to store the data and and share it with their customers but prior to AWS they had some issues imagine using spotify before AWS let's talk about that back then users were often getting errors because Spotify could not keep up with the increased demand for storage every new day and that led to users getting upset and users canceling the subscription the problem Spotify was facing at that time was their users were present globally and were accessing it from everywhere and uh they had different latency in their application and Spotify had a demanding situation where they need to frequently catalog the songs released yesterday today and in the future and this was changing every new day and the songs coming in rate was about 20,000 a day and back then they could not keep up with this requirement and needless to say they were badly looking for way to solve this problem and that's when they got introduced to AWS and it was a perfect fit and match for their problem AWS offered a dynamically increasing storage and that's what they needed AWS also offered tools and techniques like storage life cycle management and trusted advisor to properly utilize the resource so we always get the best out of the resource used AWS address their concerns about easily being able to scale yes you can scale the AWS environment very easily how easily one might ask it's just a few button clicks and aw solved spotify's problem let's talk about how it can help you with your organizations problem let's talk about what is AWS first and then let's bleed into how AWS became so successful and the different types of services that AWS provides and what's the future of cloud and AWS in specific let's talk about that and finally we'll talk about a use case where you will see how easy it is to create a web application with AWS all right let's talk about what is AWS AWS or Amazon web services is a secure cloud service platform form it is also pay as youo type billing model where there is no upfront or Capital cost we'll talk about how soon the service will be available well the service will be available in a matter of seconds with AWS you can also do identity and access management that is authenticating and authorizing a user or a program on the flight and almost all the services are available on demand and most of them are available instantaneously and as we speak Amazon offers 100 plus services and this list is growing every new week now that would make you wonder how AWS became so successful of course it's their customers let's talk about the list of well-known companies that has their it environment in AWS Adobe Adobe uses AWS to provide multi- terabite operating environments for its customers by integrating its system with AWS Cloud adob can focus on deploying and operating its own software instead of trying to you know deploy and manage the infrastructure airb BNB is another company it's an Community Marketplace that allows property owners and travelers to connect each other for the purpose of renting unique vacation spaces around the world and the rbnb community users activities are conducted on the website and through iPhones and Android applications Airbnb has a huge infrastructure in AWS and they're almost using all the services in AWS and are getting benefited from it another example would be Autodesk Autodesk de velops software for engineering designing and entertainment Industries using services like Amazon RDS or rational database servers and Amazon S3 or Amazon simple storage servers Autodesk can focus on deploying or developing its machine learning tools instead of spending that time on managing the infrastructure AOL or American online uses AWS and using AWS they have been able to close data centers and decommission about 14,000 in-house and collocated servers and move Mission critical workload to the cloud and extend its Global reach and save millions of dollars on energy resources Bit Defender is an internet security software firm and their portfolio of softwares include antivirus and anti-spyware products Bit Defender uses ec2 and they're currently running few hundred instances that handle about 5 terab of data and they also use elastic load balancer to load balance the connection coming in to those in instances across availability zones and they provide seamless Global delivery of service because of that the BMW group it uses AWS for its new connected Car application that collects sensor data from BMW 7 Series cars to give drivers dynamically updated map information canons office Imaging products division benefits from faster deployment times lower cost and Global reach by using AWS to deliver cloud-based services such as mobile print the office Imaging products division uses AWS such as Amazon S3 and Amazon Route 53 Amazon cloudfront and Amazon IM for their testing development and Production Services Comcast it's the world's largest cable company and the leading provider of internet service in the United States Comcast uses AWS in a hybrid environment out of all the other Cloud providers Comcast ches AWS for its flexibility and scalable hybrid infrastructure Docker is a company that that's helping redefine the way developers build ship and run applications this company focuses on making use of containers for this purpose and in AWS the service called the Amazon ec2 container service is helping them achieve it the esa or European Space Agency although much of esa's work is done by satellites some of the programs data storage and Computing infrastructure is built on Amazon web services Esh chose AWS because of its economical pay as you go system as well as its quick startup time the Guardian newspaper uses AWS and it uses a wide range of aw services including Amazon Kinesis Amazon red shift that power an analytic dashboard which editors used to see how stories are trending in real time Financial Times FD is one of the world's largest leading business news organization and they used Amazon red shift to perform their analysis A Funny Thing Happened Amazon red shift performed so quickly that some analysists thought it was malfunctioning they were used to running queries overnight and they found that the results were indeed correct just as much faster by using Amazon red Shi FD is supporting the same business functions with costs that are 80% lower than what was before general electric GE is at the moment as we speak migrating more than 9,000 workloads including 300 desperate Erp systems to AWS while reducing its data center food print from 34 to 4 over the next 3 years similarly Howard Medical School HDC IMDb McDonald's NASA Kelloggs and a lot more are using the services Amazon provides and are getting benefited from it and this huge success and customer portfolio is just the tip of the iceberg and if we think why so many adapt AWS and if we let AWS answer that question this is what AWS would say people are adapting AWS because of the security and durability of the data and endtoend privacy and encryption of the data and storage experience we can also rely on aw's way of doing things by using the AWS tools and techniques and suggested best practices built upon the years of experience it has gained flexibility there is a greater flexibility in AWS that allows us to select the OS language and database easy to use swiftness in deploying we can host our applications quickly in AWS be it a new application or migrating an existing application into AWS scalability the application can be easily scaled up or scaled down depending on the user requirement cost saving we only pay for the compute power storage and other resources you use and that to without any long-term commitments now let's talk about the different types of services that AWS provides the services that we talk about fall in any of the following categories you see like you know compute storage database Security customer engagement desktop and streaming Mission learning developers tools stuff like that and if you do not see the service that you're looking for it's probably is because AWS is creating it as we speak now let's look at some of them that are very commonly used within Computer Services we have Amazon ec2 Amazon elastic beant stock Amazon light sale and Amazon Lambda Amazon ec2 provides compute capacity in the cloud now this capacity is secure and it is resizable based on the user's requirement now look at this the requirement for the web traffic keeps changing and behind the scenes in the cloud ec2 can expand its environment to three instances and during no load it can shrink its environment to just one resource elastic beanock it helps us to scale and deploy web applications and it's made with a number of programming languages elastic beanock is also an easy to use service for deploying and scaling web applications and services deployed be in Java net PHP nodejs python Ruby doer and a lot other familiar services such as Apache passenger and IIs we can simply upload our code and elastic bean stock automatically handles the deployment from capacity provisioning to load balancing to Auto scaling to application Health monitoring and Amazon light sale is a virtual private server which is easy to launch and easy to manage Amazon light sale is the easiest way to get started with AWS for developers who just need a virtual private server lightell includes everything you need to launch your project quickly on a virtual machine like SSD based storage a virtual machine tools for data transfer DNS management and a static IP and that too for a very low and predictable price AWS Lambda has taken Cloud Computing Services to a whole new level it allows us to pay only for the compute time no need for provisioning and managing servers an AWS Lambda is a compute service that lets us run code without provisioning or managing servers Lambda executes your code only when needed and scales automatically from few requests per day to thousands per second you pay only for the compute time you consume there is no charge when your code is not running let's look at some storage services that Amazon provides like Amazon S3 Amazon Glacier Amazon EBS and Amazon elastic file system Amazon S3 is an object storage that can store and retrive data from anywhere websites mobile apps iot sensors and so on can easily use Amazon S3 to store and retrive data it's an object storage built to store and rrive any amount of data from anywhere with its features like flexibility in managing data and the durability it provides and the security that it provides Amazon simple storage service or S3 is a storage for the internet and Glacier Glacier is a cloud storage service that's used for archiving data and long-term backups and this Glacier is an secure durable and extremely lowcost cloud storage service for data archiving and long-term backups Amazon EBS Amazon elastic Block store provides Block store volumes for the instances of ec2 and this elastic Block store is highly available and a reliable storage volume that can be attached to any running instance that is in the same availability Zone ABS volumes that are attached to the ec2 instances are exposed as storage volumes that persistent independently from the lifetime of the instance and Amazon elastic file system or EFS provides an elastic file storage which can be used with AWS cloud service and resources that are on premises an Amazon elastic file system it's an simple it's scalable it's an elastic file storage for use with Amazon cloud services and for on premises resources it's easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily Amazon file system is built to elastically scale on demand without disturbing the application growing and shrinking automatically as you add and remove files so your application have the storage they need and when they need need it now let's talk about databases the two major database flavors are Amazon auds and Amazon red shift Amazon auds it really eases the process involved in setting up operating and scaling a rational database in the cloud Amazon audius provides cost efficient and resizable capacity while automating time consuming administrative tasks such as Hardware provisioning database setup patching and backups it sort of frees us from managing the hardware and sort of helps us to focus on the application it's also cost effective and resizable and it's also optimized for memory performance and input and output operations not only that it also automates most of the services like taking backups you know monitoring stuff like that it automates most of those Services Amazon redshift Amazon red shift is a data warehousing service that enables users to analyze the data using SQL and other business intelligent tools Amazon R shift is an fast and fully managed data warehouse that makes it simple and cost effective analyze all your data using standard SQL and your existing business intelligent tools it also allows you to run complex analytic queries against terabyte or structured data using sophisticated query optimizations and most of the results they generally come back in seconds all right let's quickly talk about some more services that AWS offers there are a lot more services that AWS provides but we're going to look at some more services that are widely used AWS application Discovery Services help Enterprise customers plan migration projects by gathering information about their on premises data centers you know planning a data center migration can involve thousands of workloads they are often deeply interdependent server utilization data and dependency mapping are important early first step in migration process and this AWS application Discovery service collects and presents configuration usage and behavior data from your servers to help you better understand your workloads rout 53 it's a network and content delivery service it's an highly available and scalable Cloud domain name system or DNS service and Amazon Route 53 is fully compliant with IPv6 as well elastic load balancing it's also a network and content delivery service elastic load balancing automatically distributes incoming application traffic across multiple targets such as Amazon ec2 instance containers and IP addresses it can handle the varing load of your application traffic in a single availability zones and also across availability zones a is auto scaling it monitors your application and automatically adjusts the capacity to maintain steady and predictable performance at a lowest possible cost using AWS Autos scaling it's easy to set up application scaling for multiple resources across multiple services in minutes Autos scaling can be applied to web services and also for DB Services AWS identity and access management it enables you to manage access to AWS services and resources securely using IM you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources and moreover it's a free service now let's talk about the future of AWS well let me tell you something cloud is here to stay here's what in store for AWS in the future as years pass by we're going to have variety of cloud applications Bor like iot artificial intelligence business intelligence serverless Computing and so on cloud will also expand into other markets like healthcare banking space automated cars and so on as I was mentioning some time back lot or greater Focus will be given to artificial intelligence and eventually because of the flexibility and advantage that cloud provides we're going to see a lot of companies moving into the cloud all right let's now talk about how easy it is to deploy an web application in the cloud so the scenario here is that our users like a product and we need to have a mechanism to receive input from them about their likes and dislikes and uh you know give them them the appropriate product as per their need all right though the setup and the environment it sort of looks complicated we don't have to worry because AWS has tools and Technologies which can help us to achieve it now we're going to use services like Route 53 services like cloudwatch ec2 S3 and lot more and all these put together are going to give an application that's fully functionable and an application that's going to receive the information uh like using the services like Route 53 Cloud watch ec2 and S3 we going to create an application and that's going to meet our need so back to our original requirement all I want is to deploy a web application for a product that keeps our users updated about the happenings and the new comings in the market and to fulfill this requirement here is all the services we would need ec2 here is used for provisioning the computational power needed for this application and ec2 has a vast variety of family and types that we can pick from for the types of workloads and also for the intents of the workloads we're also going to use use S3 for storage and S3 provides any additional storage requirement for the resources or any additional storage requirement for the web applications and we also going to use cloudwatch for monitoring the environment and cloudwatch monitors the application and the environment and it uh provides trigger for scaling in and scaling out the infrastructure and we're also going to use Route 53 for DNS and Route 53 helps us to register the domain name for our web application and with all the tools and techn techologies together all of them put together we're going to make an application a perfect application that cats our need all right so I'm going to use elastic beant stock for this project and the name of the application is going to be as you see GSG signup and the environment name is GSG signup environment 1 let me also pick a name let me see if this name is available yes that's available that's the domain name so let me pick that and the application that I have is going to run on node.js so let me me pick that platform and launch now as you see elastic beant stock this is going to launch an instance it's going to launch the monitoring setup or the monitoring environment it's going to create a load balancer as well and it's going to take care of all the security features needed for this application all right look at that I was able to go to that URL which is what we gave and it's now having an default page shown up meaning all the dependencies for the software is installed and it's just waiting for me to upload the code or in specific the page required so let's do that let me upload the code I already have the code saved here that's my code and that's going to take some time all right it has done its thing and now if I go to the same URL look at that I'm being thrown an advertisement page all right so if I sign up with my name email and stuff like that you know it's going to receive the information and it's going to send an email to the owner saying that somebody had subscribed to your service that's the default feature of this app look at that email to the owner saying that somebody had subscribed to your app and this is their email address stuff like that not only that it's also going to create an entry in the database and Dynamo DB is the service that this application uses to store data there's my Dynamo DB and if I go to tables right and go to items I'm going to see that a user with name Samuel and email address so and so has said okay or has shown interest in the preview of my site or product so this is where or this is how I collect those information right and some more things about the infrastructure itself is it is running behind an load balancer look at that it had created a load balancer it had also created an autoscaling group now that's the feature of elastic load balancer that we have chosen it has created an Autos Skilling group and now let's put this URL you see this it's it's not a fancy URL right it's an Amazon given URL a dynamic URL so let's put this URL behind our DNS let's do that so go to Services go to R 53 go to hostage Zone and there we can find the the DNS name right so that's a DNS name all right all right let's create an entry and map that URL to our load balancer right and create now technically if I go to this URL it should take me to that application all right look at that I went to my custom URL and now that's pointed to my application previously my was having a random URL and now it's having a custom URL hey all welcome to another video from Simply learn imagine a large hospital where doctors and nurses need to access patient records every day they look up medical histories test results and treatment plans to make sure they give the best care one day the hospital's old database system crashes and suddenly nobody can get the information they need doctors con see patient records during emergencies and everything comes to a standstill what can the hospital do to make sure this never happens again this is where AWS databases come to the Rescue by using AWS powerful and reliable database Services the hospital can make sure the patient data is always available safely stored and easy to access AWS offers a range of database solutions that keep the data secure and backed up so doctors and nurses can always get the information they need even in emergencies so in today's video we'll explore about the storage Services of AWS and the different types of databases available in AWS we'll explain how each service works the key features and the best ways to use them whether you are a developer a database administrator or just curious about Cloud technology this video has something for you so what is AWS Amazon web services or AWS is a comprehensive cloud computing platform provided by Amazon offering a wide area of on demand services such as compute power storage Ag and databases along with Advanced functionalities like machine learning analytics and iot it helps businesses to scale their applications efficiently it reduces the it cost as it has pay as you go model its Global Network of data centers ensures High availability and security Now what is a database and why is it important so databases are systems that store organize and manage lots of data efficiently they have tables to hold the data queries to find specific information and indexes to speed up searches databases also ensure that all operations are completed correctly and keep data secure now there are different types of databases relational databases use structured tables and SQL for queries while nosql databases handle unstructured data and are easier to scale Now using databases in cloud has many benefits Cloud databases can easily grow or Shrink based on your needs so you can handle busy times without paying for for extra resources you don't need they are also reliable because Cloud providers manage backups and replicate data in different locations which minimizes downtime and data loss additionally Cloud databases reduce costs because you don't have to buy and maintain your own hardware and software they allow Global access so teams and applications around the world can quickly get the data they need now let's discuss the various storage Services provided by AWS and identify which AWS databases use each type of storage so AWS offers a variety of storage Services tailored for different use cases first we have Amazon S3 or simple storage service which is an object storage service that is highly scalable durable and secure ideal for backups big data analytics and content storage it's used by databases like Amazon RDS Amazon Dynamo DB and Amazon red shift for backups and data storage next we have Amazon EBS or elastic stol which provides block storage for E to instances offering different volume types for balancing cost and performance now Amazon EBS is used by Amazon RDS and Amazon Aurora for database storage now next we have Amazon EFS which is elastic file system now it offers scalable file storage that can be concurrently accessed by multiple ec2 instances suitable for applications needing shared access like web serving and content management next on the list is Amazon FSX which provides fully managed file systems optimized for specific workloads such as FSX for Windows file server and FSX for luster the latter being ideal for high performance tasks like machine learning and big data processing now for archival storage Amazon S3 glacia offers Low Cost Storage for infrequently Access Data perfect for complains and archival needs now finally we have the AWS family including snow cone snowball and snowmobile which facilitates secure and efficient data transfer into and out of AWS supporting the initial data loading for various data phases so having known the services offered by AWS now let's move on to the different databases in AWS and discuss each of them with their use cases so first we have Amazon Dynamo DB now Amazon dynamodb is a fully managed nosql database service offered by AWS it is designed to handle large amounts of data with high speed and low latency making it perfect for applications that need to store and retrieve data quickly some of its features are scalability Dynamo DB can automatically scale up or down based on the application's demand ensuring consistent performance it provides singled digigit millisecond response times which is ideal for realtime applications AWS handles all the maintenance tasks like backups patches and Hardware provisioning so you don't have to worry about them so let's see a use case imagine you are running a mobile game with thousands of players online simultaneously each player's game progress scores and in-game purchases need to be stored and retrieved quickly to ensure a smooth gaming experience now Dynamo DB can efficiently handle this type of workload by providing quick access to player data even when there are sudden spikes in game activity this ensures players have a seamless and enjoyable experience without delays or lag now next we have Amazon Aurora Amazon Aurora is a high performance fully managed relational database service offered by AWS it's designed to be compatible with mySQL and postra SQL which are popular database systems but it's much faster and more reliable Aurora automatically takes care of tasks like backups software patching and scaling so you don't have to worry about that let's see its use case imagine you have an online store that handles thousands of transactions every day you need a database that can quickly process orders manage inventory and store customer information with without any slowdowns Amazon aora is perfect for this because it can handle lots of rate and write operations very efficiently ensuring a smooth shopping experience for your customers plus aora can automatically scale up to meet high demand during sales or holidays and scale down when traffic is lower helping you save costs it's high availability and automatic backup features mean your data is always safe and accessible even in case of Hardware failures this makes Aurora an excellent choice for running a reliable and respons responsive e-commerce website next on the list we have Amazon RDS now Amazon RDS or Amazon relational database service is a cloud-based service that makes it easy to set up operate and scale a relational database this means you can store and manage your data in a structured way using popular database engines like MySQL postre SQL Oracle SQL server and Maria DB without worrying about the underlying infrastructure now imagine you run an online store you need a database to keep track of your products customers orders and inventory using Amazon RS you can quickly create a database that handles all these tasks RDS automatically takes care of backups software updates and scaling so you don't have to worry about your database crashing during a big sale or needing more space as your business grows now next we have Amazon time stream now Amazon time stream is a cloudbased Time series database service offered by AWS designed to efficiently store and analyze time stamp data now time stamp data is information collected at regular intervals like temperature readings every minute or stock prices every second so the key features include performance it handles trillions of events per day with fast query capabilities now it automatically scales up or down based on the volume of data now you only pay for storage and queries you use with automated data life cycle management to reduce costs now imagine you have a network of thousands of IOD sensors deployed across a city to monitor air quality each sensor collects data like temperature humidity and pollution levels every few seconds now Amazon time stream can efficiently store this vast amount of timestamp data and provide quick access for realtime monitoring and historical analysis this helps in analyzing Trends predict pollution levels and make data driven decisions to improve air quality next on the list we have Amazon Neptune now Amazon Neptune is a fully managed graph database service provided by AWS is designed to work with highly connected data making it ideal for applications where relationships between data points are as important as the data itself its key features include graph models it supports popular graph models like property graph and rdf which is resource description framework optimized for quing large amounts of interconnected data quickly it handles database management tasks like backups patching and scaling automatically now one common use case for Amazon nipd is building social networking applications so in a social network users are connected to each other in various ways friends followers likes comments and groups now Neptune can efficiently manage these connections and quickly answer complex queries like who are the mutual friends of two users or what groups are my friends part of so by using Neptune social media platforms can provide a fast responsive user experience even as a number of users and connections grow so next we have Amazon qldb now it stands for Amazon quantum Ledger database which is a fully managed Ledger database provided by AWS it is designed to maintain a complete and unchangeable history of all changes made to your data over time uh think of it like a highly secure and transparent digital log book where every entry is recorded and can't be altered so the key features are immutable Ledger once data is entered it cannot be changed or deleted it ensures the Integrity of your data by allowing you to verify that it hasn't been tampered with now a WS handles all the maintenance including scalability backups and availability so one common use case for qldb is in tracking Financial transactions so imagine a bank needs to maintain an accurate and Tor proof record of all the transactions to ensure transparency and compliance with regulations so qlb can provide a trustworthy and unchangeable log of every transaction making it easy to audit and verify the history of financial activities now the last on the list is Amazon RDS on VMware so it is a service that allows you to run Amazon's managed relational database service or RTS in your own data centers using VMware now VMware is a virtualization and cloud computing software provider so this means you can enjoy the benefits of ideas like automated backup patching and scaling without moving your data to the AWS Cloud so it's perfect for businesses that want to keep their data on premises due to regulatory requirements low latency needs or existing investments in vmw infrastructure for example imagine a hospital that needs to store and manage large amounts of sensitive patient data so due to strict privacy regulations this data must remain onsite itself with Amazon RDS or VMware the hospital can set up and manage databases easily within their own data centers they get the reliability and automation of AWS RDS while keeping patient information secured and compliant with local laws so this setup ensures the hospital's data is always back up secure and accessible without the complexity of managing database servers manually hey Tech enthusiasts welcome to yet another informative video from Simply learn imagine your managing an online store you need to handle day-to-day transactions and live sales Trends over the past year and store massive amounts of raw customer feedback from social media how do you manage all this data efficiently this is where databases data warehouses and data legs come into play I'm pretty sure most of you are well aware of what a database is a datab base is a system that stores and organizes data in a structured way using rows and columns making it easy to access manage and update information now if data can be stored and managed in data bases then what is a data warehouse and a data Lake and why do we need them so in this video I will give you a clear understanding of what a database data warehouse and data Leake is with examples how are they different from each other and what factors to consider before choosing amongst the three so so let's jump in so what is a database a database is essentially a structured collection of data or information that is stored electronically it serves as a centralized repository where data is organized in a systematic way often using tables rows and columns so the primary function of a database is to support online transaction processing or oltp which means it handles a realtime transactions and operations of businesses or applications so behind the scenes a database management system or dbms manages the database ensuring data is stored securely and efficiently so the dbms also allows users and applications to interact with the data through queries updates and modifications so in common usage the term database can refer both to the actual data repository and the software system or dbms that manages it providing a seamless interface between users and their stored information now there are two types of databases relational databases store data in structured tables with fixed rows and columns this structured approach makes them ideal for applications requiring strong data consistency and complex quiding capabilities on the other hand non-relational databases often refer to as nosql databases offer more flexibility by accommodating various data models so these include Json for semi-structure data Bon key value pairs for simple data retrieval tables with Dynamic columns for evolving schemas and graph databases using nodes and edges for connected data relationships so some of the examples of databases are Oracle MySQL and postra SQL and also mongodb now what is a data warehouse so a data warehouse functions as a specialized database designed to store structured information gathered from multiple sources so encompassing both current and historical data so unlike traditional databases primarily focused on transaction processing data warehouses are tailored for analytical purposes so they consolidate data from different systems to facilitate comprehensive analysis uncover insights and generate business intelligence through reports and dashboards so in essence while a data warehouse is indeed a type of datab Base it distinguishes itself by its optimized architecture for handling complex queries and facilitating data analytics essential for strategic decision making in organizations so a data warehouse serves as a centralized repository designed to store large volumes of both current and and historical data gathered from diverse sources this data ranges from raw initially ingested information to highly refined cleansed filtered and aggregated data sets the process of moving data into a data warehouse is managed through extract transform load or ETL process which extract data from its original sources transform it to fit the warehouse schema and load it into the warehouse on a regular basis such as early or daily schedules so this periodic loading means that the data warehouse may not always reflect the most current state of the original systems so once the data is successfully loaded into the warehouse business analysts and data scientists can utilize business intelligence tools to connect to the data warehouse so these tools enable them to explore the data uncover valuable insights and generate reports that Aid business stakeholders in making informed decisions based on comprehensive data analysis so examples of data warehouse is Amazon redshift Google bit and IBM db2 warehouse now what is a data lake so a data Lake serves as a centralized storage repository for data collected from various sources preserving it in its original or raw format so unlike data warehouses that also handle extensive volumes of both current and historical data data distinguish themselves by the versatility in storing diverse data formats such as Json B CSV Etc so the core objective of a data L typically revolves analyzing this data to extract valuable insights so however some organizations use data legs mainly because they offer Affordable storage options storing data and anticipation of future analysis so data legs are versatile storage systems that can handle large amounts of structured semi-structured and unstructured data so unlike traditional databases or data warehouses data Lakes don't need data to be organized before storing it allowing quick accumulation of diverse data types like spreadsheets Jon files PDFs and multimedia so different users Access Data differently structured data is often used directly by business analyst for insights while unstructured data requires expertise from developers data scientists or data Engineers this set of flexibility lets analysts and scientists discover unexpected patterns and insights using the data's variety and volume to solve problems that weren't anticipated initially so data and data leaks can be processed with online analytical processing or oap systems and visualize using business intelligence tools improving data exploration and decision- making capabilities some of the examples of data Lake are AWS S3 Azure data Lake storage Gen 2 Google cloud storage Etc so now let's recap the differences among the three of them so if your application needs to store data which is essential for most interactive apps having a database is crucial so databases are fundamental for applications in various Industries and scenarios use they provide an organized way to store retrieve and manage data effectively for instance an online store uses a database to handle product stocks and customer orders similarly a Healthcare System relies on databases to manage patient information and medical histories even social media apps use databases to store user profiles and posts so without databases it would be difficult to manage and access data reliably impacting the functionality and usability of interactive applications now data warehouses are essential when organizations need to store large amounts of historical data and analyze it deeply to gain business insights the organized structure makes data analysis straightforward accessible to business analysts and beneficial for data scientists so unlike transactional datab bases used daily for operations data warehouses specialize in handling complex queries and generating detailed reports so this capability supports strategic decision making based on past strengths and patterns it's important to know that while data warehous houses excellent analytics they aren't suitable for real-time transaction processing or handling multiple uses at once so organizations typically maintain separate databases for day-to-day operations and use the data warehouse specifically for strategic analytics and business intelligence now data laks are a budget friendly way to store large amounts of data in its original form so unlike regular databases or data warehouses that need data to be organized beforehand data leaks allows storing various data types like structured semi-structured and unstructured without IMM restructuring so the kees data raw letting business fully explore and analyze both current and past information uncovering insights that may not be obvious initially so data leaks are great for advanced analytics such as machine learning and predicting Trends offering flexibility for experimenting with data however they aren suitable for handling day-to-day transactions or meeting the fast data access needs of operational tasks which traditional databases and data warehouses specialize in so I hope now you all know how the three of them differ now have having known that there are some factors to be considered before deciding on which platform to use so let's look into those considerations like the variety and volume of data sources the way data arrives and how predictable its structure is are crucial so data Leakes are versatile handling unstructured data in various formats on the other hand data warehouses specialize in structure data from multiple sources now databases perform well with structured data from one source but may struggle with scalability now the choice between these platforms depends on these factors shaping the roles in data management and analytics now in a solid data management strategy choosing when and how to use data models is crucial in a solid data management strategy choosing when and how to use data models is crucial data laks offer flexibility by storing raw data alongside metadata allowing schemas to be applied later during data extraction for analysis on the other hand databases and data warehouses use ETL extract transform load processes here raw data is transformed into a predefined structure of an inje called schema onrite this difference shows how data Lakes enable agility in exploring data and adjusting schemas as needed contrasting with databases and data warehouses that prioritize upfront data organization and consistency through fixed schemas now big data is highly valuable for businesses evident in their investments in data management as data grows in volume and speed storage expenses increase data leaks are cost effective Ive because they store data as is reducing storage needs compared to data warehouses that require extensive processing before analysis databases can scale storage capacity to match demand now the choice between a data warehouse data lake or relational database depends on users role whether they are a business analyst data scientist or a part of operations and the specific organizational needs so operations teams focused on business insights often prefer data warehouses for structured data analytics despite higher set up and storage costs data scientists prefer data legs for their flexibility with structured and unstructured data which supports Advanced Ai and machine learning business analysts skilled in SQL may find relational databases adequate for generating specific Trend reports on business segments so each option serves different needs based on data complexity analytics requirements and cost considerations now organizations have different preferences between open source and propriatary software along with the communities backing them so data are popular because many use platforms like Hadoop and there's a growing amount of unstructured data from various company systems and real-time data streams another important point is how easy and affordable it is to update systems and when data sources and structures change unlike relational databases and data warehouses which can be expensive to update data legs make it simple to adjust making them flexible for changing data needs as Cloud adoption continues to increase with IDC predicting that Global Cloud spending will reach 1.3 trillion by 2025 there's never been a better time to certify your skills this AWS Cloud practitioner certification is for anyone who wants to understand Amazon web services Cloud better no matter their technical background plus AWS certified professionals ear an average of $183,000 per year highlighting the significant financial benefits of becoming certified so what are you waiting for in this video we will cover everything about AWS Cloud practitioner certification career goals and objectives Market demands cost investment and advantages of the certification all right so let's understand about AWS Cloud practitioner certification all right so now let's talk about AWS certified Cloud practitioner exam so the AWS certified Cloud practitioner exam is an entry-level certification designed for individuals who are new to cloud computing and want to build a foundational understanding of AWS Services the certification is particularly beneficial for those without an IT background May making it accessible to a wide range of people looking to start a career in the cloud this certification is ideal for business professionals including sales product management and project management roles it helps them gain a basic understanding of cloud Concepts which enhances their ability to communicate effectively with the technical teams and customers by understanding the core AWS Services pricing and support models these individuals can make decisions and contribute more to their organizations one of the advantages of AWS certified Cloud pration exam is the flexibility it offers in testing options like candidates can choose to take the exam in person at view or like testing centers or online with a proctor making it convenient to fit for various schedules all right now talking about the key details of the exam so first that is a level of the exam is foundational then talking about the duration the exam lasts 90 minutes giving candidates ample time to answer all the questions thoroughly the format of exam so it consists of 65 questions which can either be multiple choice or multiple response this format is designed to test your understanding of AWS services and Cloud Concepts in a comprehensive manner talking about the cost the exam cost is $100 it's worth noting that additional cost May apply depending on your location and the prevailing exchange rates then testing options so as we already discussed you can take the exam in person at a person view testing center or online through a proed exam offering flexibility to fit your schedule and preferences so this was about the AWS practitioner certification now let's have a look at one of its important factors which is career goals and objectives so the AWS certified Cloud practitioner certification helps you start with a career in cloud computing by giving your foundation knowledge of AWS services so this certification is great for entry-level jobs as it shows employers you understand basic Cloud Concepts however the certification alone isn't enough to secure a job to maximize your chances it's important to create Cloud projects alongside your studies working on cloud projects helps you apply that you have learned and gives you practical experience making you more attractive to employeers it's also beneficial to stay updated in the new AWS services and continue learning building a portfolio of projects can show potential employers that you have hands-on experience which is a highly valued in the job market also for individuals in sales product management project management or other technical roles the AWS Cloud practition certification can help them better understand how cloud computing works and how AWS Services can be used to benefit their business this can improve communication and collaboration with the technical teams and customers now let's move on and have a look at salary and companies hiring for AWS professionals so the average salary of an AWS professional in the United States is $133,000 per year this High ping job role is in demand across many companies notable employers look looking for AWS professionals include TCS Accenture M tree IBM Cap Gemini and delo and many more like that these companies value aw skills due to the growing need for cloud computing expertise AWS professionals help business leverage Cloud technology for better scalability efficiency and the C saving purposes with such a increasing a lucrative salary and demand from leading companies pursuing a career in AWS professional can be a smart and rewarding choice for you all right now let's talk about about the market demands so don't worry about new Air Technologies stealing your future about Cloud job you don't have to worry the demand for aw skills in the job market is growing rapidly with many companies transitioning to cloud computing the cloud computing Market is experiencing explosive growth according to Gartner in 2024 worldwide end user spending on public cloud services is forecast to Total $79 billion businesses of all sizes are migrating to the cloud to benefit from its scalability cost efficiency and Agility this rapidly adoption has created a significant skill Gap a recent report by Global Knowledge estimates a shortage of over 3 million cloud computing professionals globally by acquiring AWS skills you are not just securing a job in today's market but you are positioning yourself for a successful career in the ever growing field of cloud computing coming to the next one which is cost investment so the AWS certified Cloud practitioner exam cost $100 this is a State forward fee for registration and taking the exam additionally while the AWS offer free digital training courses you might also consider investing in supplementary study materials such as books online courses and practice exams now let's discuss the advantages of cloud practitioner certification one of the coolest perks of getting the AWS practitioner certification is the digital badge you receive it's like a digital dropy that you can proudly display on your social media profiles and email signatures this badge not only shows of your achievement but also grants to immediate access to exclusive AWS sponsored certification events which can be a great way to network and learn more another fantastic benefit of this exam once you're certified you get a 50% discount voucher that you can use for recertification or even for taking another AWS certification exam this means you can keep your skills up to date without breaking the bank yes all right the next is when it comes to recognition AWS really goes the extra mile as a certified professional you'll get the invites to special Regional appreciation receptions plus when you attend a major events like AWS re invent or select AWS submit events you can use your digital badge to gain exclusive access to the AWS certification launches these launes are perfect for networking relaxing and meeting other AWS professionals lastly you'll also become a part of AWS certified Global Community this community accessible via infu allows you to connect with other AWS certified individual from around the world it is an excellent platform for networking sharing knowledge and staying in the loop with latest in AWS so this AWS Cloud fraction certification opens doors to the world of opportunity in the booming cloud computing Market with its industri recognition and focus on Foundation knowledge this certification is a valuable investment for both aspiring ID professionals and business-minded individuals AWS Solutions architect associate so AWS has multiple certifications and multiple training courses out of that solution architect is one of the roles in Cloud projects right who actually uh is responsible for Designing the architecture for it workload and then deploying application and all heex help of developers deop Engineers or you know for security part security specialist Network part Network specialist so there's a teamwork on one of the member of the team is solution architect and he is responsible for Designing and implementing the complete Cloud architecture on any one of the cloud vendors such as AWS in solution architect there are two types of certification or two levels are there one is associate and the other is professional so professional is the later stage which is an expert stage into solution architect role however ass associate is an entry stage into solution architect level and once you become solution architect associate you would be called as Cloud engineer in your company right so there are many roles you can see in the job description so Cloud engineer is something is the common designation we have and in the companies when we become solution architect there are majorly two types of role that this Cloud engineer do one is called as pre-sales Cloud Engineers pre-sales cloud or pre solution architect whatever terminology they are using but pre-sales is something that they do and the second is uh just a cloud engineer right so out of these two role what role you will be working on depends on many factors the first thing you must have good knowledge of AWS and after good knowledge you if you can do Global certification of solution architect associate which is three years valid certification offered by AWS itself and after your knowledge if you go for certification which is uh optional because not every company demands certification but if a company demands or if a job description demands then doing certification is completely subjective whether the demand of the job is experience plus certification or only knowledge plus experience something like that so if you have a knowledge good knowledge of cloud and in fact for certification also good knowledge is required so everything is depend on what kind of knowledge you have plus a little handson handson in the sense you're not working on the actual project of the industry you're learning it first time so whatever practices we can do on different services that that is handson I'm talking about or some mini projects that we'll be doing a final project that we'll be doing so this is all the combination of all three and uh this if you have then you either get a pre-sales job or Cloud engineer job that is what the outcome of this particular learning is right so why I'm learning AWS associate solution architect course so the reason is either I want to become a pre-sales engineer or I want to become a cloud engineer or there can be third possibility that people are already working on cloud but they just want more experience into it okay so let us start uh I'm going to sign in into my account or on my login basically not my account so I'll open a new tab and then I will be entering username and password there so are you able to see the console home that's all this is your lab nothing else if you don't see access denied or access denied so this is the account given by simply learn so this is the naws account if you go to the right hand side you can see account ID my account ID is ending with 919 and then I can see that I am an IM user and my username is odl user 13 94774 you'll be also able to see the same kind of thing however the username will be different now now how to use the account what are the part it is the next topic this is not current topic okay I wanted to just show you that uh let us understand cloud computing okay so cloud computing is a business that almost started in 2005 Plus in that era in the world 2006 onwards probably and in India it started way back in 20111 and 12 predominantly from 1213 it has started in India also and what is that cloud computing business right so earlier it companies the job of it companies was to help you know the customers this is the customer and he says that I want a very nice it availability of my business I do one business so he's a client right and he says that sir I want an a very good website and I want it to be launched I want to do business online so I want my end customer to visit it so he approaches IT company and the IT company what they will be doing they would be doing two things number one they would be creating a very nice website for him and then they'll be launching the website on server so all the online website or application on mobile phone whatever we use there's a server on which this application is running am I correct so it companies do the same thing for their customers right now making a website is all called as development or very specifically is called software development or sometimes people call it as application development many many words are written but making an application is application development simple this is done by software developers so companies have software Developers who can make that application now what is mean by launching launching means running that website on a server now what is mean by server server means a hardware machine or we can say a hardware computer or Hardware Computing machine on which your website will be running so we generally call for example there is a Google server on which Google is running there is a Microsoft server on which Microsoft website is running there is a server on which simply learn website is running for example this LMS portal which you see on my screen is also like you know one of the web applications or applications you can say for that matter and this application now we are going to visit it by typing one URL and there is one server on which this application is running so it companies need to have have that server on which their client's website would be running this is a simple thing that every IT company Ed to do am I correct te okay so this is a rough idea generalized idea that everybody has even you are it person or non it person but if you go deep dive if you understand software architecture it is not just the website which is running on server it is not the only application which is running on one server and that is all about no software architecture has multiple components uh there can be database there can be storage there can be let's say messaging cues there can be notifications there can be monitoring tools so if you see the software architecture it has consist of lot of things right so not only website which is called front end uh companies all also have databases which is acting as a backend most of the times and then website to database transaction happens they also have storage where they can store the files and everything so if I keep adding the things then there will be lot of things uh you know as a part of software architecture so for one client company has to maintain this particular architecture and for that they require infrastructure what what is infrastructure all about infrastructure means the resources on which your applications are running you always understand see it is very simple it consists of two things one is software one is Hardware these are the two important terms and then you can categorize it further you can do subcategory in software there are these type of software that type of software in Hardware again you have servers then you have netor work you have other things that and that ultimately what happens you require Hardware servers to run your softwares is that clear this is the fundamental thing right so making software is easy that you have developer they can make softwares for you but Hardware Hardware is a thing which you need to establish and companies used to have such a setup of Hardwares so that applications can be running that setup is called as data center so suppose a client comes to an IT company so they have a team of developers who can develop the software they can develop the software that is website but for this Hardware servers companies need to maintain the data centers in the data centers there will be a lot of hardware setup I'll show you something on my screen and I'll be using Google it is a general information that everybody can have so I'll be going on Google and will try to show you an image of data center how does it looks like so you can see any image on my screen these are the places like there is a building or a warehouse is a big space and in that spaces what I'm seeing I am seeing there are vertical racks do you see the rack we have a rack at our house also right we have racks where we can put clothes or sh you know use it for multiple purpose right you can put any stuff any material or books anything these racks are there and in the racks there are some Hardware servers are set up you can see these images and they're all connected through cables you can see this guy right on the left hand side you can see these images in this rexi this person I'm not interested into the website of that but I am interested into this image so uh he is trying to connect with the hardware right and these racks are consisting of different types of servers right those servers are used for multiple purposes and also they are all connected through network network is required because this is all uh something you know which has to be connected with internet right so you can see in this image uh these are all connected to each other on a particular Network so there can be a local area network land van man and then these all connected to Internet also so that is a very fundamental concept those who never knew that these images can help you to understand how data center looks like so if I an IT company and my clients are asking me to create website and launch them on or create it infrastructure and launch it on Hardware then I have to be ready with the team of developers also that I should have data centers so if I keep uh watching on data center part this is something which requires huge capital investment because it requires you to have a space it requires you to purchase Hardwares it requires you to give air conditioning it requires you to give 24x7 internet and I believe uh this is something which requires very big upfront requ upfront uh investment which is called capital expenditure am I right it is very similar to purchasing a car suppose if I purchase a car I have to invest a lot similarly a company has to maintain a data center for that purpose they have to invest a lot and huge amount of money into it and that is what it companies used to do even after doing that they had to hire new people the new people who can maintain those data center who can look after the data Cent's activities right they can solve their problems they can look after monitoring everything whatever it requires in fact security also we need to secure those data center so again surveillance is required security people are required we want technical Engineers who can solve the problems which are happening and in case if any kind of damage happens again the company has to purchase a new one solve the existing one or if you require more Hardware then again you have to invest once more so what do you think the it company's attention or the whole investment is now divided into two things one is developing the software and the other is developing the data center also am I correct so it became very difficult for companies you know to sustain with those Data Center and then there the business of giving the hardware part or giving the hardware part for sharing purpose uh is something that many companies started doing it slowly companies started giving their own infrastructure to other companies on rent so that they can host their application on it and now in the market globally there was a need for that companies like Amazon Microsoft Google they all came forward uh as per as the information that I have Amazon started working in the era of 2000 in the year of 2006 they officially launched their Cloud business and what they did they found out this Business Loop loophole in the market and they start providing Cloud Computing Services what is that part that part is that now Amazon says that it companies do not have to maintain data center for them it is not required they need to look after their app development that's that much is enough whatever client application is that they can develop it what Amazon is doing uh with their business called as Amazon web services they are started providing these data centers which are maintained by them and on top of data center they are providing Services two things right so if I am an IT company or if I'm a client directly so AWS says that we have data centers we have Hardware setups and to use that to launch your you know web site or application on it we provide services we provide 300 plus Services you can use services for different purpose and then those Services those applications will be running on Amazon's data center so if I I am an IT company I'll be giving I'll be creating One account of AWS in that account I'll be using the services and now this is very important to see as a client what I'll be doing I'll be creating one free account in AWS in that account I'll be using this Services as per my requirement of the project and Amazon is maintaining data center for it you can see the black color things these are all given by Amazon what I am doing in the red color is I'm using those services and those services are run by data centers which are managed by a AWS these data centers are managed by AWS and in return what AWS is doing AWS is charging me they are obviously nothing is free right it's a business so I have to pay the bills for every account there is a bill generated in the end of the month so in return AWS is charging me certain amount but that amount is comparatively very lesser because that model is called as pay as go pay as go what is pay as go pay as go means it's very similar to renting part do you use Uber all over the world everybody sitting here maybe from different countries do you know Uber cap serving cap sharing service everybody knows Uber model right don't you think cloud computing and Uber is the same thing we are not purchasing a car that is being purchased by a company you're are not investing into it that is being already done by companies companies are maintaining car they are paying for driver they are paying everything petrol or diesel or gasoline whatever they're maintaining it they're looking after maintenance tire everything also whatever happens is all the companies responsible as a customer I just go book a cap they drop me at one location and I'm paying the fair I'm paying the rent for using that car for a particular amount if I say that no I want to I want to travel more distance then I will be giving more fair once my requirement is over I can I can simply you know as for my requirement I'll book The Cab my requirement is not required I'll take out of the cab I'm not paying anymore what is this am I am I like booking the cab on demand I need a cab immediately I go to the app I book it app comes to at my doorstep it drops me somewhere the job is over similarly it companies can use AWS so that they can create whatever resources they want using the AWS services on demand and that everything is on online don't you think what I'm doing here look at me imagine I am an IT company I have got access to One account suppose this account is created by me I have one AWS account I can immediately go right and start creating resources only the thing that I have to do is that I have to develop the website nice website so if I have a website I can go to a particular service for example I go to ec2 I launch my website and my business is online at the end of this month they will be giving bills right now I cannot see the bill here this is not my account but if if I go to billing and cost management I'll be able to see the bills of every month and if I know the bills of every month I will be paying for that and let's say after one year after two years after some days after some hours I don't require some resources I can immediately delete it so I have a full control on how I can launch the resources and I can delete the resources and accordingly my business will be online I don't need to maintain data center I don't need to do anything at all there is something which is already provided by AWS and that is called cloud computing the proper definition of cloud computing is on demand delivery of it resources online simple on demand delivery of it resources online so slowly with the class progresses uh you know when we'll go for one by one on different Services we will be able to understand what are the it resources are required for a project I took some names such as we require web server uh we require database server we require storage devices we require notification service we require messaging we require some compute part we require containers we require some functions you know uh we require access management there are so many things that will be requiring so I must tell you that for solution architect associate there are some services that you must learn and this course is developed accordingly for you so as I told you the definition on demand delivery of it resources online so we will be day by day we will be creating Resources with the help of services and slowly one day by day you will be understanding each and every service like for example tomorrow you'll be learning some service day after tomorrow you'll be learning some different service so day by day you will be understanding each and every block of your project and finally once you try to reach right once you try to reach uh the end of the course you will have good idea how this complete it infrastructure Works how this software architecture Works how Cloud helps you to do that but right now for time being I wanted to convey the message that this is a third party service that clients are using AWS is the third party cloud provider which companies are using and AWS has a big list of customers I can show you some existing customers of AWS and everything is available on Internet that is why I don't want to lie uh you know anything as such in front of you because whatever I'll be showing you is all on official website of AWS so this is an official website aws.amazon.com there's a custom customer list and you know for different Services we show different customer case studies so there is a service related to containerization and these are some customers which are doing it however if I want to see uh you know all customers for all services okay so I'm using some third party website to show you the list of AWS customers until 2020 and mostly you know the the ot2 platforms and different companies I can show you Aon Adobe Airbnb alcate AOL and this is very old store old list okay it's 2024 right now and this is a page that I got for 2020 which is I think not not uh actually good to show you but 2023 is something that is good and yeah so customers list you can see these are the companies and industries and the region where they are using AWS so it's a big list some of the famous such as you know amazon.com itself do you use amazon.com for shopping hello yeah so amazon.com is the business of Amazon and AWS is also another business of Amazon AWS started in 2006 and they they successfully migrated amazon.com on 2010 if I'm not wrong so 2010 amazon.com is was completely shifted to AWS and also some of the OT platform you you guys are Cricket lover I believe so you must be using hot star you must have seen the World Cup match a day ago right we I mean India won the final and you watching hot star I I remember FC was the count of Maximum count of viewers on hot Star right if I'm not wrong perfect this whole hot stock is running on AWS Netflix Amazon Prime yep so I still remember I was watching the match 5C and I was very impressed that yeah so you know AWS is backing up the whole thing on hotstar and everything was uh basically online and hotar doesn't require their own infrastructure so it's a good business right and in the market AWS is a leader in this business followed by Microsoft number two and then Google and then Alibaba IBM these are all like the market leaders in the cloud computing business however it's not necessary that every companies goes to AWS only or Microsoft only or they go for third party Cloud so basically companies have three kind of scenarios which are called Cloud models I'm actually teach teaching you the topics okay guys so this is not just basic information I'm actually teaching you AWS right so there are three types of uh you know Cloud models that are existing the first type is called as private Cloud then the second type which is called public cloud you have to note down if you want or you can take a screenshot of my drawings okay if you like my diagram you can take a screenshot and then the third type is called hybrid Cloud so these are three types of cloud models and companies fall into any one of these models so first of all let us understand private Cloud suppose an IT company is having their work on their own data center so if company is maintaining their own data center right company if it is maintaining own Data Center and 100% workload is on their own data center they are also using virtualization they are also launching everything on their own data center then that company falls into private Cloud so this is like they are you maintaining their own data center they have the whole setup they are launching everything on their data centers only the second category is there are some companies who have 100% workload on AWS so AWS or Microsoft or Google whatever you are using the product of for the this for this training I'm using AWS so if a company has complete it infrastructure on AWS everything is in their AWS account only they are not maintaining their data center it is AWS data center where 100% workload is running then it is called as public cloud and the third category of the companies where because of governance and compliance issue they cannot move 100% workload on AWS so what they do as per their governance and compliance issues if certain x amount of workload on own Data Center and percent certain percent of workload on AWS so they are having mix up of the load so there are certain things for example if I give you example let's say I give you example of banking Industries do you know the banks are also running on cloud are you aware of this let's take any leading Bank in the world you know so they are running their infrastructure on cloud also but not every bank is on public Cloud most of the banks are on hybrid Cloud what do mean by hybrid Cloud it means that their part part infrastructure is on their own data centers probably their virtual machines right if a company is having their own data center will they put it in AWS in premise or their own premise it's very obvious that this is their own property they'll be putting it in their own premise am I right prti if you talk about private Cloud yes public Cloud means it is some third party company data center so if I'm using my own car I'll be pass paring in my own parking but if it is AA Uber car car then they will be parking in their own parking it's not my parking in that sense so hybrid cloud is like banking for example I take one example of banking Industries banks have certain resources on own data center such as let's say their virtual machines are on their own data center probably they are using storage of cloud so they're having percentage of workload on their own and percentage of workload on cloud and this kind of model is a requirement for some companies because of governance and compliance issues governance and compliance if you don't understand what is this this is mean that for any companies it is bounded by certain protocols and rules you take any example of any company so they are bounded by certain rules and regulation these are called governance and compliances governance means maybe the that particular Nation where that business is running on that nation is having certain rules which the company has to follow in fact the state where that company is there it has to follow the state rule also also the company itself has their own protocol and policies which that company has to follow for example I take banking example and the bank has to maintain data encryption this is very obvious right the data must be encrypted the data encryption is not uh that nation's uh you know regulation or it is not the state regulation it is the company's policy and as per the company's policy their employees and their project everything has to be as per their policies so regul the governance word when I say governance that is not only connected to country or not only related to state but it is also related to the company's own policies that is one thing compliance means there are organizations or bodies who look after particular sector for example I give you some example in us for healthare industry there is one compliance called as Hippa Hippa or in Europe there is called as pcsa uh payment card data encryption standard pcds something like that so these are the worldwide global compliances that if you fall into an industry you have to follow that suppose my company is doing a business of banking it is a financial company and that is having credit card or debit card for their customers so if I fall into that industry I have to be compliant with the rules given by that particular group or particular compliances so for that purpose because of those restriction sometimes companies have to put their infrastructure some of the infrastructure on own data center rest of the infrastructure where there is no compliance restriction they can put it on third party Cloud such as AWS in that scenario company is maintaining two sites one is their own site and the other is AWS site and that is called hybrid Cloud Model so if you're working in a cloud computing company right who is doing a business for uh you know clients for launching their website on uh AWS so you may be finding your clients in any of the three categories either they are having purely on private cloud or they will be purely public cloud or they'll be having hybrid Cloud I hope this diagram is clear to everybody and you understand it hybrid means computation will be on Cloud by data shall be on private this is just one example it is not necessary that every hybrid Cloud will have VM on data this is one example that probably some compan is having virtual machine on on premises and storage on AWS this is one example I give some this is not the rule that VM should be here and storage should be there companies may have anything right it's just that percent X workload is on own data center percent y some Services they are using from AWS and it is very subjective that is a perfect uh thing which is me that hybrid split is completely subject to to each form right it's up to them that how they evaluate their project cost everything so companies would do that percent X percent Y X and Y are the random numbers these are variables right somebody can have 10% 90% ratio somebody will have 5050 somebody will have 30 40 it's up to them what kind of percentage they want to have that's why I use the word X and Y hybrid means something on AWS something on own so that is completely subjective to the company depends on many scenarios what is their compliances saying what they find feasible there are something that they find feasible to run on their own data center must be on AWS mostly data need to be local why companies keep data on Cloud for compliance uh so you need to uh understand cloud computing for that purpose because I agree with you that so far companies keep used to keep their data on locally but nowadays you see you know even hot star one big example in fact hot star is having having everything on AWS this is public cloud model for hotar right so it's not that AWS or Microsoft or aure but I never mean that AWS is not compliant with the things AWS is 100% compliant with many things however still company's own policies sometimes have a restriction that we can't go with third party then what do you say AWS is also compliant azur is also compliant gcp is also compliant for storage there's no doubt there they support all the compliances which is happening but still if the company have the policy no we have to be kept it local only we can't do anything for that purpose right however those companies who are ready to open to accept and go ahead because the benefit that you get on third party cloud is more than what you do it on local and that is for what purpose you are learning this particular course in this training so when I'll teach you storage part I'll make you understand what are the storage Services AWS provides how it is happening and how it is useful okay so if you think that public means that it is public and it is not secure no that is not the thing everything is secure by the way what is the difference between architect associate and architect professional and certification details basically associate level is a starting step uh you act as a junior engineer or a cloud engineer into Cloud projects this is the initial start of you working on clouds however professional requires you to work for 2 to three years minimum you must have three years of experience and professional is a expert level of the same job it's like Junior engineer and senior engineer similar to that so the certification if you want to start with suppose you are starting your Cloud career today then you go with the solution architect associate you get the job you work on the job spend some years then go with the professional certificates Services those Services who learn you in solution architect same Services you will get in professional there will be some extra Services also but the level will be difficult comparatively so we would be looking at AWS Global infrastructure and then we will see how to create your own personal AWS account then what are the ways we can access different ways to access AWS account after this we will be starting with uh the first service called identity and access management in that service we will be looking after four important topics root user I am user group and policy all right so let us start with AWS Global infostructure and we discuss into that that cloud computing is basically uh simple you know on demand delivery of it resources over internet it means there are companies who are providing infrastructure and the services to it companies such as uh if you talk about Cloud providers AWS is Amazon's business so Amazon web services and then we have Microsoft Azure and Google gcp so uh AWS is a cloud provider it means that AWS has provided a global infrastructure for you know companies they have their own uh data centers and everything that companies do not need to maintain so I'm going to show you this Global infrastructure on the official website so this is an official website of AWS wherein I can show you the image now this is what our beautiful world and you can see there are some circles shown these circles indicate presence of AWS data centers in the world now the point is very clear that Amazon will maintain the actual data center consisting of Hardwares and these data centers are located in different cities of the different countries I can start with let's say USA uh North America we have you know here uh Ohio then Northern Virginia uh Oregon California Northern California and there are two which are for US government called as Government Cloud you can see government cloud is that particular area is that particular data centers is actually made up for US Government only so for us who are the actual customers these are the regions in USA however in Canada there are two Canada West and Canada Central uh then there is Mexico now Mexico is in the red color so basically all these are called as regions now Mexico region is the upcoming one it is not made available so they are in the process of uh making it then if you go to Europe we have Spain Paris jurri Germany Germany is coming soon uh Stockholm then we have UK London Ireland and also Middle East Kingdom of Saudi Arabia so this is like coming soon and the existing region is y this UA beIN they love you in Africa we have cap Town India has two Mumbai and Hyderabad and Australia I believe has two one is Sydney and Melbourne and then we have Jakarta Singapore uh Malaysia is upcoming Thailand is upcoming Hong Kong is already available Taiwan is upcoming uh region in China we have ninga and Beijing and seol and in Japan we have ahoka and Tokyo these all are called as regions of AWS region so what is mean by region region is group of data center of AWS into a particular country so if I take one example of Tokyo I take Tokyo region so what is mean by Tokyo region Tokyo region is basically a group of data centers in that particular country so let's say data center you know that it is one building or a warehouse where Hardware setups are there so I'm drawing couple of data centers in Tokyo region and uh you know these data centers are having Hardware servers storage servers networks networking devices it is all backed up by internet electricity everything even if I can show you something very interesting how does an AWS data center looks like okay so AWS uh data center last time I have seen one very wonderful uh you know video on official website of AWS okay so yep so if you can see so they they maintain Big Data Centers right so what you see on the screen the video is all showing you the glimpse of the place one of the data center of a however I would see if I can show you something interesting yeah so this is an image you see this this is one angle where in you know you can see two racks are there on the left hand side in the black color and inside that there are Hardware servers well uh the point is they are maintaining it very wisely they're taking care of security performance yeah so this was I was trying to show you an AWS technician gives us a tour of a data center in eastern Oregon and how it looks like inside now this this is the actual image right so these people are maintaining those data center very perfectly it has a huge capacity there is one YouTube video however you will not be able to uh hear the sound of it but yes if I can make it maximize you'll actually get a glimpse of uh very precisely we'll be talking about the you know the upper layer so right now I'd like to give that few minutes of this you know showing you that see as I told you yesterday there are only two things you can focus on hardware and software and softwares run over Hardware now AWS or Microsoft or Google these guys are maintaining such Data Center and they are you know big in numbers they have these Hardware servers you can see on the racks yeah we have technicians who look after the maintenance of those data centers Hardware machines yeah and they are all connected through internet so of course you need to be connected to a network in order to provide the service and all the AWS Services there are 300 plus AWS Services they are all running on these data centers right so this is something which is a ready system called as cloud computing provided to all of us we as an IT company or an individual we can go use those services and deploy our application now in this topic we are actually discussing uh what is the strategy of AWS in maintaining the data center and again what is the concept of region and availability Zone we are going to talk about in a particular region right you saw the names of the cities in particular countries like in India we have Hyderabad and Mumbai Japan has Tokyo and Osaka USA has six region I I remember Africa has kep town now all these are the the name of the cities in that country these are all called as region and one region consist of multiple data center and one data center is like one building or one Warehouse you can see this is like one data center I can show you again this is like um how many data center would be there I think there are two yep so these are two different buildings or there is one third building and fourth building also so these are separate building buildings or warehouses called as data centers I hope you have got now enough idea which is required to understand it even better all right so I must I must be very confident that you have enjoyed this video and coming back to this now one uh region when I was talking about like Tokyo it consists of multiple data center you can see on my screen I have drawn couple of black color building and these black color buildings are data centers now if you ask me you know how many data centers in one region there is no such official number given by WS but there are multiple data center for sure and what they do if you have seen my diagram very carefully then you would see that they have made subgrouping of data center within a region can you see I have made three groups of data Center here this is one group this is another group and there is one more group here so this subgrouping inside a region you know that is being made so this data centers are placed in the form of groups you know these are different building but yes there is a enough distance between two groups you can see there is a distance between two groups how much distance they maintain is not sure even it is not officially declared on any website of AWS but there is roughly 60 M of distance and it's not the official number but what we have seen through different blogs and videos is around 100 miles 100 kilm or 60 mil of distance they maintain it varies it is very subjective place to place but there is a enough distance between the two groups and they maintains that uh different groups and why they maintain the group because they want to create availability zone now what I have drawn in the green color that green color circle that group is called as availability zone so I can name it like for example this is a a this is a b and this is azc so there are three availability zones inside one Tokyo region and this Tokyo is a region so now you can see there are three levels the Bas basic the actual physical part is actually the data center inside which Hardwares is there and there are groups of data center called as availability Zone and multiple aity Zone consist of one region and this is the same architecture you would see in every region how many availability zones are there inside one region because in Tokyo I have drawn three availability Z but probably if you go to Northern Virginia you would be find ing it that you know uh that Northern Virginia has six availability Zone and if you go to some another region there can be different so the idea is in a particular region there are three or more than three availability zones are available any region if you so minimum three or more than three regions or evolutive zones are there inside the region now why the is made why multiple data centers are required why they made groups of data center inside a region because when I launch resources and uh to launch the resources I will use some service now you can see the list of services here uh there are different categories like these are analytics related services so whenever you want to do data analytics then you can go with these Services you know uh you can see on my screen and then we have application integration uh we have service that helps you to maintain blockchain related networks also business applications are there app fabric chime chime is like you know chatting service or meeting Service uh you know there is connect pinpoint you go to financial management related Services these are compute Services compute services are helpful to you to run your website your application to run your code and these are the main services like compute then we have containers also so containerization is a very Advanced Technologies that is being used in the software development so if people have the project in which they are using conization so they can go with these ECS service or eks service ECS stands for elastic kubernetes container service and eks for kubernetes then we have customer enablement we have database Services Dynamo DB we have relational database service RDS this is graph service called NEP Chun uh we have developer tools these are required for software developers who are making application and they want to deploy it on AWS so they want cicd tools and all these things so those who are familiar with cicd you can see this Services which are helpful for that then we have uh front front end and web mobile app service where you can easily launch your mobile applications or frontend application easily like amplify apps Sy device Farm gaming related service in Internet of Things iot machine learning these are AWS machine learning a ml Services out of that uh you know many services are very famous like Bedrock is used very very extensively uh we have t Ops Guru we have fraud detector uh some are select related Services right we have poly Sage maker those people who are in AI ml category or those who want to pursue their career in AIML so in AWS there is a service called sage maker which is used to build train and deploy machine learning models then we have Media Services and and you can understand now it is trying to widely cover all the possibilities which are required in the project you can see security related services and today we are going to learn IM service so you can see IM is also listed here then finally we have storage category and there are multiple storage Services we have now imagine I would like to create my project and in that project I want to create some resource so basically a a project would start with let's say launching a website I'm taking very simple example I have a website I would like to launch it for a website I require a server so I can go to compute and I can go to compute category try to find out ec2 service you know a virtual machine it gives me so when I launch this machine when I create this virtual machine on my uh AWS account basically it is created inside a region can you see on the right hand side there are regions listed all right so you could see Northern Virginia and there is a naming convention also you can see there are two Us East regions Northern Virginia and Ohio number one and number two which are actually named as us East one and Us East 2 followed by us West there are two Northern California and Oregon which are named as us West one and US West 2 these are four regions in us and then we go to Asia Pacific uh you know we have Mumbai like AP South one uh Osaka uh and then you go to Europe EU Central 1 then Stockholm EU North one uh these are all list of the region the number one is always the default region that is selected in my screen there is nor Virginia what is the region that is being shown on your screen is it stock home if yes then you can change it because you are deciding in which region you would like to launch your resource so you can go to the list click on Northern Virginia and then n Virginia should be seen here now after I remove the list I am seeing only one name this is the selected region now come back what I was trying to explain you that when I launch my resource that resource will be launched inside this region inside one availability zone now let me show you for example I'm launching one virtual machine so my virtual machine will be launched inside a region and inside an availability zone so imagine this blue color is my one ec2 machine which I launched and on that ec2 machine my website will be running so in the account how many machines I have created I have created only one machine which you can see on my screen that is one server I have created on which my website I have launched but that server I have created one ec2 virtual machine I have created in one ability Zone but in that abity zone there are M many data centers can you see that 1 2 3 4 5 I have drawn five Data Centers inside it so the idea is that within the availability Zone this ec2 machine is r ly running on every data center all right can you see I have drawn ec2 in every data center so what I'm trying to explain is you have launched one ec2 machine but it is running inside every data center this is called redundancy so actually this ec2 machine is only one in quantity but actually it is running redundantly in every data center because they believe that if one data center is not responding for any reason if that you know data center is not working well or we not able to you know or the AWS is not able to get that machine then at least another data centers are running and your ec2 will be always available in that a in in that availability zone so you have to see my diagram only this is automatically redundant this is not made by me I have launched only one machine we launch one machine all right and internally automatically these machine is running in uh that data centers in that availability Z I have launched machine in AA do you understand I'm not talking about a b or c I have launched one machine and the ec2 Machine is launched in only one availability zone so you have one ec2 machine that you have launched and that machine you have launched inside one a and in that a it is automatically redundant in all the data centers because if one data center fails then other data center are still having the E2 running let's go step by step okay all right so the point is the point is I have launched only one machine right there can be a possibility that the whole availability zone is not R uh responding you can see the whole avilability zone is not responding there is there are possibilities right there can be technical issues in the whole data centers all the data center in that a or there can be problem related to natural calamities we may not sure what may happen in the future maybe there is a big flood happens maybe earthquake happens or maybe there is you know any kind of natural calamities which is very you're going to make big impact on your avity Zone if that happens and if that all data center in that a are not responding will your ec2 will be available will this ec2 will be available if the whole availability zone is down right so so the idea is that if the a zone is not responding then that ec2 will also be not responding I'm talking about all the data centers are not responding in that Al Zone this never happens but in case if it happens then that ec2 will not be enough so will you recommend your client launching only one machine will you say that sir let us go with one machine only and one machine is launched inside one a so there is a risk of AZ level issue right so always make sure that uh if that ec2 is launched right in one ability Zone then uh you have to recommend your client that don't go with one machine all right don't go with one machine go with multiple machines minimum two or more than two so I will recommend my client that sir we should go with at least two or three or four machines minimum two three machines we should go with and if my client agrees so what I will do my first machine I will launch in one a and the other machine I will launch in another availability zone now you see that my first machine I have launched in aity zone a and the another machine I have launched in another aity Zone both are having the same website there is no doubt both machines are having the same website now why I'm recommending it to launch the another machine in another ability Zone he could have launched machine in same ability Zone but again the risk whether the risk will be resolved what is your opinion if I launch two machine in the same a is it going to help me more or instead of that if I launch two machines in two separate a what is better in separate availability zone is it better if I go with multi-az approach if I try to spread my machine in multiple a Zone that is more better because between the two groups there is a big distance right so if anything bad happens in one area that is not necessarily going to impact another area and that is the idea behind the grouping that is the idea behind availability Zone and that is why I always write down this formula that if you are using multi a setup this is called multi easy setup it means you are launching multiple machine but in multiple availability Zone I again repeating launching multiple machines in multiple availability Zone and that multiple aity Zone if you are launching your machines in then you are going to achieve one important aspect in Cloud that is called high availability so please note down this is one principle that everybody should be aware of which is called high availability High availability means your systems must be highly available and I give you one simple example okay so I'm right now giving you a training correct so if my uh internet goes down what would happen so if my internet goes down my system will not be available it means I will not be available to you correct but if I have alternate internet option if I have alternate uh Broadband option then obviously I can switch to that Network and I will be still available to you am I right another example if I go to my exam tomorrow if I carry two pens three pens then even if one pen fails another pen is useful so the idea is that this is my strategy this is client strategy that we should launch multiple machine in multiple aity Zone because if one machine goes down because of the problem in the a then another machine will necessarily not be impacted it will be obviously running and this is the way our customers will be able to find the website the a customers will be able to always visit the website am I right is that the logic ultimately your customer End customer should always be able to visit your website your website should not be down that is called multi-az setup and it is recommended that whenever you create the architecture correct whenever you create the architecture you should always maintain multiple availability Zone setup you know there are three components into Global infrastructure one is called Data Center that you have already seen the buildings inside which the hardware is there the group of data centers is called avity Zone and the group of all the avity zone is called as region region indicates one city so if it is to not necessarily it is residing inside Tokyo only but in the area of Tokyo wherever Tokyo city is there in that area they are maintaining three groups of data center and thereby the services or the resources will be launched over there so I as a customer has Liberty I have a choice if I launch my project I can choose region as per my choice by default I have chosen Northern Virginia so whatever I'm creating in this account that will be created in Northern Virginia only do you understand that whatever I will be launching I'll be launching in one region now the question is the biggest question is how would I know that which region is better for me okay how would I know that what region is better for me and which a is better for me these are very obvious question so the first thing is that I can see the list of region in different countries in which region I should launch my my infrastructure I should launch my project how would you know that there are some strategy that you must be uh you know Fallout so I'm proceeding ahead with you know criteria to choose the correct region so this is called criteria to choose right region right means correct region okay so I'm writing down the criterias uh which will help you to choose the correct region and the first criteria is called governance governance and compliance or we can say regulations all right so suppose my customer is a bank all right and the bank is from India they want to launch their it infrastructure on cloud so which region they would be choosing so they have to first of all check with their current governance compliance or regulations for which the compan is abide to every business has to be followed has to follow the rules and regulations of the country right every government has set up the rules for the companies running in that particular country so if my government says that I have to launch my resources in India only right so I have only two option either I will go with Mumbai or I go with Hyderabad do you agree do you understand regulations compliances and governance which are every company has to follow that so first question the client has to ask itself is is there any obligation to me if yes then my choice becomes very restricted uh right then the second question after this criteria I have to also see one more thing that is called latency latency what do you mean by latency okay on my browser as a client if I type www.s simply.com simply learn.com when I type it I'm sending a request am I right I'm sending a request to Simply learn server from the my client machine and simply learn server will respond back with some web page right okay so if you go to hotar if you go to hot Star right you open the app and you click on some button anything you clicked on because you want to watch the movie or the cricket match anything like that and you get the content back again so what is this this is the time it takes to respond back so it is a kind of delay right suppose the delay is more will you be happy as a customer what is your user experience what do you want as a better user experience you want faster response or slower response quicker response faster response so leten see is actually a delay in the response so you would always look after latency Factor suppose as per my governance and compliances India government is asking me for the bank you know to launch their server uh in Asia only right only in Asia and in Asia there are lot of options I have I have you know many countries in Asia where data centers and the regions are available but the second question I'm thinking about is latency so in that how would I choose the region I would think of My End customer the people who are going to visit the website you know what do you want you want lower latency right how would you achieve lower latency how would you achieve the lower latency if the distance between client and server is less correct am I right if my customers are in Asia should I take the US region for my server do you think my end customer are sitting in Asia and they're sending request request goes go back long way to USA and returning back this is this is not a good approach I should try to find the closer server so basically when I choose the region I have to keep in mind where are my end customer are sitting if my customer is in Africa then it is very wise decision to choose some region which is closer by if my customers are in USA then I should choose some us region if my customers are in Australia then this Melbourne or Sydney would be the better one okay so latency is one factor third one the third criteria is called as cost and this is very important criteria the cost of using the services as I told you uh AWS charges you monthly billing and in the monthly billing you will see the charges of resources that you have used but it all depends on the region also the cost the charges of services varies region to region it varies region to region so it also depends on the tax structure of the country so if I'm launching something in India and if I'm launching the same thing in USA the charges that I'll be paying are different so I have to see the cost Factor also that which one becomes cheaper for me you know I have to save my money so I have to look at the cost factor and finally the last factor is service availability so suppose I'm looking for one service and if that service is not available in the region then that region is useless for me correct so it's very obvious that I should choose the region if the service is available for example in my project I require 12 Services those 12 services are they available in the region there's a list of of you know regions as per for the services I can show you something very interesting that will be helpful for you uh AWS Services by region okay so I would like to show you something interesting list of AWS services available by region so if I'm targeting Northern Virginia then I can see these services are available I have to see if the service is available or not available I'm sharing you these URLs I'm making the file for all of you okay so that's a good thing that you will be able to see these links later on second you will be also able to see this data center part I'm sharing you this also and then I would also want you to see this particular link so these are the four criterias roughly which you can take in your mind and you ask this question to yourself being a client and then you will be able to choose the right region but then another question is if I choose the region suppose I decided that Tokyo is the best region for me so while launching the machine which a is suitable so there is no such criteria to choose the a you can choose any AZ inside that region ultimately are you going to launch in one a or multi a multi a so if you are using all the availability Zone then is there is question of choosing the right right aut zone is that question applicable then what do you think because I'm going to use all a then why should I ask the question which one is the better one all are equal right all are same so you can choose multiple ability Zone number of a matters in every region minimum Three A's are there and how much we are recommending you multiple so what is the definition of multiple Shan think carefully one is one multiple no two or more than two two or more than two so if possible I will go with two or three or four or five anything as such correct so anything which is two or more than two that will be multiple so you it is you who is going to decide if you try to cover maximum a Zone you will get maximum High availability suppose I want to launch three server should I choose two AES or three AES for three server I want to launch three ec2 machine obviously try to launch three ac2 machine in three availability Zone very simple and that is what the criteria to choose region now one thing is very clear that my whole project will be inside the region only now the people are very creative they are thinking about what if there is a problem in the whole Tokyo region can you think about it it may happen can you give a guarantee these are physical data center does any company can give guarantee that this will never fail we have seen in the real world we have seen many bad situation we all have gone through Corona right for two years consistently and there are Wars happening there are earthquakes happening there are natural calamities human beings are not capable of giving a guarantee of anything right we living in a damn real world and that's why everything May Fail at any time so we must be able to think about that situation also so uh if one region is there right and I'm launching a project in one region and if that region goes fail then what about the situation the whole infrastructure will be down will your customer will be happy answer is no not at all so in it I'm not talking about cloud okay in it there is a strategy called as disas recovery do you know Dr Dr you must have heard of these words Dr strategy Dr strategy Dr strategy this looks very big word right this is not a rocket science this is a common sense this is a common sense you know I live with my family one day I'll be old if my if my son says okay Dad you cannot live with me I you know I'll be buying another house also if I don't have one house house I'll go to the another house we always keep things backuped right I living in one city but my parents are living in another city if there is anything bad happens in this I'll pack up and this happened with Corona right we all went to our hometown back we have another home so similarly this is what the Dr strategy we use in our real life in during Corona pandemic we all went back to our hometown and we' all survived because we followed Dr strategies right so the thing is simple what is mean by Dr strategies so Dr strategies is like we recommend our clients to choose one region as a primary region where their actual production envirment is live so let's say Tokyo is something where the servers are running all right now we recommend them to create one more replica site or another site in some different region suppose I'm making a site in Northern Virginia and I'm mimicking the same in architecture like this here in Northern Virginia also so primarily my customers end customers will be approaching or they will be making available made available with this infrastructure which is running on Tokyo so this will be called as my primary site and the other one is which is in completely different region is called as recovery site and the Dr strategy is what if any disaster happens in the primary site let us say disaster happens this is not available then we will redirect our customers to our recovery site isn't it a simple logic isn't it a simple logic this is called Dr strategy this is a strategy so at the global level of course cost is involved we are making two sites right so cost will be involved ultimately you get Global level of uh benefits but this is the customers responsibility this is the client's responsibility to create two sites one as a primary site another as a Rec site this is what is happening in the real world our real customers of AWS or not only AWS any Cloud business or even the private Cloud people are creating two sites because they know that if the whole site goes down we will have not enough time to you know recover it and until we recover that will be bigger downtime duration more downtime duration it will be make a big loss to our C our business right imagine amazon.com is not available for 1 hour how many billions of dollars they will be losing within that one hour so they cannot they cannot take a risk of having that website down this they cannot take a risk of any End customer any client is not happy with that right so as a solution architect we should recommend Dr strategies for them I hope you understand the logic suppose the site is not failed the primary site is wonderful but your site is in Tokyo but my customer has SPID all all across the world I have Global customers it's not Asian customers only I have the customer base all across the world in every country and my main server is in Tokyo so then the customers who are living near to Tokyo will get faster response the people who are living far from Tokyo I mean imagine like your main server is here in Tokyo you can see the Tokyo here right in Japan but you customers are all across the world so people in USA will find it slower okay forget about this have you seen the World Cup matches cricket matches those who don't know Cricket it's a sports you must have seen another Sports matches also so you must be using OT platform now Disney hot star is something that the Disney hot star server is in USA right so we all sitting in different countries what watching the match the live stream match how we are able to get the you know content with the lowest possible latency because we are the global customer and the server is in some one particular region for that purpose uh there's another solution called as content delivery Network CDN now CDN is something for that there is one service called cloudfront content delivery network using cloudfront all right so downtime issue or the problem of failure that is something is you know has to be troubleshooted first it is not necessary that there is a physical damage to your data center there can be some problem from your side also being a client you must have done a wrong setup or there is some ex resources getting exhausted so the thing is that troubleshooting is the responsibility of AWS team as well as your team who is making the infrastructure on aw right so they all have to resolve the problem if it is under the scope of your team it is related to your services and project your application then you have to resolve it if there is no problem from your side then AWS team will help you to solve the problem from physical data centers perspective so that is for sure it is their product they have to help you in order to maintain that what is mean by redundancy redundancy means multiple things are running behind when I say that I'm running one machine in one a in my diagram can you see in Tokyo there are two machine can you see it yeah okay so this is my machine a and this is in machine B and they are running in different aity zone so when I say that uh this machine a is running in one availability Zone it means in that availity zone there are multiple data centers right so the machine is running redundantly in data center so behind the scene they run multiple copies of that machine into multiple data center for you you'll see only one machine but actually there are multiple machines running behind this is called redundancy why redundancy is made not as a backup but as a spare machine there's a difference between the word backup and spare spare right you keep spare things am I right so I go with two pens in the exam one is spare okay now what is mean by Backup backup means taking the copy of that into some storage device you you know suppose I have mobile phone I have photos of my family so I take a backup of that it means that I'm not creating one more mobile phone I have one mobile phone only I am not creating another mobile phone as a spare so if I carry two mobile phone in my pocket that is called redundancy like I'm having two two things but when I say backup it means I have only one pH but I'm taking a backup of photos into some storage so that in case if tomorrow my phone is lost I can purchase a new phone and take take my data back again we take a backup in real life anyways so AWS account creation if you want at personal level uh if you want to create your own personal a account or any company then they can visit the website aws.amazon.com you can note down aws.amazon.com is the official website of AWS so before you start creating an account make sure that you have a valid credit card or debit card with you so at least what credit or a debit card is required nowadays net banking is also supported UPI is also supported for India so you can click on create AWS account on the top right corner and once you click on create AWS account then you get sign up page okay now now going forward it's a very simple step you have to first of all give uh one simple uh you know email ID so for example I'm giving my email ID here and you can give some any account account name as per your wish so I'm saying that trainer is my account name so once I do that I put my email ID and everything I'll click on verify email address so when I click on verify email address my email address will receive one OTP and I have to enter that OTP and once I enter the OTP then they will ask me simple questions what is your first name last name what is your address what is your mobile number and then they will ask me to enter either debit card or credit card details that's all and I have to create the account it's that simple okay so credit card and debit card for payment process because uh when the bills are generated they are generated by the end of the month so you must be sharing with you know either one valid debit card or credit card so that's all initially they do not charge you anything U so even if you give the details of credit card or debit card they will not charge you anything however when the bill is generated it is your responsibility to pay the bills I hope this is clear how to create AWS account this is similar to creating any account in any website it is though very very simple then next question is what are the ways uh a client can access AWS account so basically there are three ways AWS account can be accessed or AWS account services can be accessed and these three ways are called as uh Management console the second is called command line interface command line interface is also called as CLI console is also called as GUI and the third is called of SDK SDK stands for software development kits now this SDK is called as program atic way of accessing AWS account or it is also called as programmatic access these are the three ways we can always access your AWS resources now the first way is called console console is basically a browser based access what do mean by browser based access browser based access means on my browser I have opened aw. Amazon website and in that I have logged in into my account now this is an account where I have logged in and you see console home so this is called as console this is the graphical user interface wherein I can use my mouse I can click on icons buttons I can see the option and accordingly I can visit a service and create a resource so suppose as an example I go to S3 and I type Amazon S3 and I go and when I create a bucket in S3 right right now I'm just creating one S3 bucket and the way I'm creating is actually this is all graphical user interface isn't it I'm simply going and clicking on buttons icons I can see the different menus I can see the resource created and I can work on that resource this way of access is called as graphical user interface called as console access and to enter into AWS us using console access you require user ID and password so that is one way we can access AWS resources and in order to login into your account by this way you require user ID and password and this will be the way every day we will be accessing AWS account and we'll be doing practical okay as a solution architect most of the times you will be going through console way only however this is not the only way you can access your a account there's another way you can access is called as command line interface command line interface means there is an CLI you can have in your always your operating system like if you have Windows you have command prompt correct then you have Macintosh like your Apple machines or even if you have Linux laptop then you'll be having terminal right now through that like on command prom for example I can type some command and try to login into AWS account now that CLI access requires again it requires credential and this access of login is through commands that is why it is called as command uh command line uh argument right so so CLI is like you will be using commands and through different commands you'll be able to login into AWS account for that purpose you require different kind of credential uh which are called as access key and secret access key access key and secret access key which is similar to user ID and password okay so I will be showing you right now I'm just telling you the three option okay whenever there is a demo of CLI I will show you the demo of CLI also but right now you can understand there are two ways I can login into my account one is on the browser I have to enter user ID password the other way is I can go through CLI while going through CLI I will enter access key and secret access key is that clear to everybody and Mr ramdas if you can understand you have to try resolving the audio problems rather than blaming the whole class right so guys you can unconfirm me if this CLI is also clear to you I'll show you practically don't worry how the things are working right so uh who uses CLI option that is a question CLI option is used by mostly developers the developers who are working on AWS project they will be using CLI options multiple times what operation you can do on GUI the same operation you can do through CLI for example right now I have shown you one simple task that I created one S3 bucket do you remember that there is one service called S3 and there is one bucket I have created with this name I did this with the help of buttons icons and by clicking on those icons right but I can do the same thing through CLI also for that purpose I have to use certain commands I should know that for creating the bucket what is the command to be used right for that purpose I'm going to share you one document which is called as AWS CLI reference now AWS CLI reference is something you know which gives you the information of all the commands that you can use this page is a official website of AWS where you can see the name of services for example I want to find S3 service so this is alphabetically arranged I can scroll down after I scroll down I will try to find S3 service inside this particular list okay so I got S3 in S3 what operation I want to do so I can see all the operation of S3 here so I want to do I want to let's say create a you know a bucket so I have to find out what is the operation for that so MB there's an available command list if I go to MB command so MB stands for make bucket what it does can you see the description it creates an S3 bucket so it helps you to create an S3 bucket so if you want to do the same operation with the help of CLI then you must have a knowledge of how to use MB Command right how we can use MB command so there is uh you know a particular uh you know example given like for example AWS S3 MB and there's a name you have to give and region you have to give so this document you can refer in future if you want to do CLI operation both operations are same in the GUI whatever I was doing and in the CLI whatever I will be doing both are same only the way of doing is different C operations are faster because GUI operation if you go through GUI you have to go through this website you understand if your request goes through the website it will be experiencing a delay in the response it's like loading the results onto this website however if you go through CLI that operation happens very fast okay so if you are a developer you can understand it's very better that it is a direct API call from the CLI however through G you are making a call through one application that is the AWS website so that is why it is nothing is like good or bad but these are two different ways and developers generally goes through CLI to perform the operations very quickly however we will be going through GUI in the whole training to do those activities GUI and CLI now the last option is is reserve for is is reserve for only software developers the people who are going to making the website because if I draw the architecture and let me show you one sample architecture in front of you so suppose if I go uh you know and show you a simple two-tier architecture right so in the two-tier architecture I will have a server on which my website is running and then I have a database uh server on which my database is also running okay now you tell me when from the website on the database when the data will be inserted right so this operation of inserting the information into this database service will be done from the website so this is nothing but your application so when you write the code code of application as a developer you have to make request of that particular operation to this particular service now this database service is in your AWS account correct so then that is something related to development but the point is very simple when software developers you know they will do development they will make the website or application in the program they will write down the command to get access to these services so for that purpose they will also require credential and this is called programmatic access programmatic access means they are trying to access AWS services from the application itself because this website has to make operation on database and that is why it is called programmatic access so this third option is out of scope for all of us because we are solution architect this third option is only for software developers those who don't know development for them this is not applicable those who are going to to become software developer or they will be becoming AWS developer for them this particular option will be useful and for that purpose again they require access key and secret access key so these are the three possible ways people can go uh for you know AWS account they can try uh you know with these any of these three option however uh being a solution architect you have to focus on Console only that is GUI first option which you can see on my screen this is the GUI option you'll be doing all practical on GUI only okay so these are the three ways we can access our AWS account this was for your information purpose only now what to do if you want to do CLI operation at all okay so first of all you all will follow me you will open Google and in Google what you will do you will type download aw C you can see my search query I hope you are following me right you will click on Google and you will find download AWS CLI okay so once you click on this then you open this website first website all right uh you must come on this page are you on this page so what you have to do you have to scroll down okay choose the operating system Windows or Mac if windows then you see the first link here which is MSI file okay if you are windows now if you are a Mac User then go to Mac in the Mac you again find package PKG file you simply need to see the operating system Mac OS you know it says AWS install update instruction go to Mac and then you find this J installer the first option this is the link I I'm asking you to click on so if you click on this link it will download one setup both for Windows and Mac it will download one setup for you so I I am having Windows laptop so I will do windows demonstration for you so I need to click on this it is going to download one MSI file on my laptop so if you open that setup you know this will open a new window and you have to wait for some time until you get the next button so for that next button it will take few more seconds so wait for a few seconds more and you will get next button very soon okay so for Windows the next button is appeared on my screen I click on next accept the license next next next I just need to keep installing that's all right so next next next this is a very simple thing nowadays even children's can install any software right like installing a game software and then we will check it on command prompt whether we can see it so my screen is actually showing you the installation so let me finish that first after I finish the installation I'll go to command prompt and Mac people will go to terminal so on the command promp you have to type one command that is AWS space minus minus that is hyphen hyphen version and after you type AWS space hyphen hyphen version you'll be able to see one response which says awsi 2.7.6 python do you get that response do you get the response to the command AWS hyphen hyphen version okay it means that CLI is available on your laptop now this is a command to check the version of AWS CLI now I will give you next command I have to login please repeat the command to check login Okay so uh now after this is done I will show you how to login into AWS using CLI okay so for that purpose there is a command called AWS space configure what is the name of command AWS space configure same for Mac this is the common command for all even it is Mac or Windows the name of command is AWS space configure so once I enter AWS configure they will ask me first question access key ID is it asking you the question please enter access key now what is mean by access key and secret access key secret access key and access key act as a username and password okay so if I can show you here I have written it for CLI access key and secret IIs key is required now how can I get it but right now I would like to uh create one access key or secret access key for me I'm creating one access key for myself for CLI because you don't understand what is I am user so you will not understand what I'm doing right now I know it better I'm taking care of all of you cloud services are available to satisfy almost any it requirement although cloud computing service vary greatly they all have some basic qualities and benefits in common and they can be classified into a few basic cloud service kinds hello everyone I'm shamle and I welcome you all to this new video of Simply learn on Cloud Computing Services let me give you an overview of the concepts you're going to go through in this video first we will go through what is cloud computing then we will have an introduction to Cloud Cloud Computing Services followed by the types of Cloud Computing Services and at the end we will look into the features and benefits of Cloud Computing Services so let's not waste any more time and get started with the video so what is cloud computing cloud computing is the distribution of Cloud Computing Services by the internet including servers storage databases networking software analytics intelligence to provide faster Innovation more flexible resources and economies of scale you usually only pay for the cloud services you use which helps you cut cost run your infrastructure more efficiently and scale as your business grows now that we know what cloud computing is let's proceed with understanding Cloud Computing Services Cloud Computing Services provide users with a variety of capabilities including email storage backup data retrieval app creation testing data analysis audio video streaming software on demand regardless of the type of service although cloud computing is still a relatively new technology it is now being used by a wide range of organizations including large Enterprises small businesses nonprofit government agencies and even individual consumers so not all clouds are created equal and not every sort of cloud computing is appropriate for every situation a variety of models varieties and services have evolved to assist you find the best option for your needs to begin one must decide on the type of cloud deployment or cloud computing architecture that will be used to implement your cloud services cloud services can be deployed in three different ways public Cloud private cloud or hybrid Cloud now let's dive down deeper into Cloud Computing Services and explore its type in more detail cloud computing unlike a microprocessor is not a single piece of technology rather it's a system made up of three services infrastructure as a service platform as a service and software as a service so let's have a better understanding of each starting with infrastructure as a service so what is infrastructure as a service it is a type of cloud computing that uses the internet to provide virtualized Computing resources the cloud provider controls it infrastructures such as storage server and networking resources and also offers them to subscribe companies via virtual machines accessible over the internet in the I model for businesses it can provide numerous advantages including the ability to make tasks faster easier more flexible and less expensive now let's have a look at the working of IAS users connect to resources and services across a wide area Network such as the internet and then use the cloud provider services to complete the application stack the user can for example log into the infrastructure as a service platform to build virtual machines install operating systems in each VM deploy middleware such as databases create storage buckets for workloads and backups and install the Enterprise workload onto that virtual machine customers can then track cost monitor performance balance Network traffic solve application difficulties and manage Disaster Recovery using the provider service so moving ahead let's go through its advantages and disadvantages advantages organizations select infrastructure as a service because operating a workload without having to buy manage and support the underlying infrastructure Is frequent quently L easier faster and more cost effective a company can rent or lease infrastructure from another company using infrastructure as a service for workloads that are transitory experimental or change abruptly it is an effective cloud service Paradigm for example if a company is creating a new software product hiring an ieas provider to host and test the application maybe more cost effective once the new software has been thoroughly tested and refined the company can move it away from the IAS environment and into a more traditional in-house deployment if the expenses of a long-term commitment are lower the organization could commit the piece of software to a longterm IAS deployment now disadvantages billing can be a challenge for some firms despite its flexible pays Yugo model Cloud invoicing is quite detailed and it is broken down to reflect specific service usage when evaluating the invoices for each resource and service involved in application deployment users frequently experience sticker shock or discover expenses that are greater than expected another issue it face is lack of insight because its providers own the infrastructure the configuration and performance of that infrastructure are rarely transparent to its consumers users may find it more difficult to operate and monitor systems due to the lack of transparency users of infrastructure as a service are also concerned about service availability and reliability the supplier has a big influence on the workloads availability and performance the workloads of users will be impacted if a provider has Network constraint or any other type of internal or external outage furthermore because it is a multi- in design the problem of noisy neighbors might have an adverse effect on users workloads so now these are the top infrastructure as a service providers Lode is a privately held CL Cloud hosting firm based in the United States that offers virtual private servers host wins web hosting Cloud hosting and dedicated server options are all available from host wins Microsoft aure is a cloud computing service operated by Microsoft for application management via Microsoft manage data centers digital ocean offers developers cloud service that make it easy to deploy and grow group programs that run on several machines at the same time Alibaba cloud is a cloud computing firm that serves online businesses as well as alibaba's own e-commerce ecosystem so the second service is platform as a service what is platform as a service platform as a service products which are geared toward wordss software development teams include Computing and Storage infrastructure as well as development platform lir that includes web servers database Management systems and software development kids for multiple programming languages working of platform as a service for software development it does not replace an organization's complete it infrastructure it's made possible by the hosted infrastructure of a cloud service provider a web browser is the most Comm common way for users to access the offerings platform as a service such as application hosting and Java development can be supplied bya public private or hybrid clouds so now let's look into the advantages and disadvantages advantages the main advantage of platform as a service for users is its Simplicity and convenience much of the infrastructure structure and other ID services will be provided by the platform as a service provider which users can access from anywhere via a web browser the flexibility to pay on a peruse basis allows businesses to forego the capital cost associated with on premises gear and software many platform as a service solutions are aimed towards software development these platform provider computation and storage infrastructures as well as text editing version management compilation and testing capabilities to assess developers in swiftly and efficiently developing your software coming to the disadvantages platform as a service on the other hand can cause issues with service availability and resilience customers may suffer as a result of of of a service outage or other infrastructure Interruption which might result in costly productivity losses it suppliers on the other hand will typically deliver reasonably high up times another widespread problem is when the lock in which occurs when users are unable to Simply transition many of their services and data from one platform as a service solution to another when choosing a provider users must consider the business risk of service outages and vendor loog in internal changes to a platform as a service product could also be a problem the impact on users might be tough and disruptive if a platform as a service provider seizes supporting a programming language or chooses to use a different set of development tools so let's have a look at the top platform as a service provider IBM cloud computing refers to a set of Cloud Computing Services for businesses provided by IBM a technology corporation red hat is a collection of tightly integrated Red Hat Technologies for building Cloud infrastructure and developing Cloud native apps on premises elastic bean stock AWS elastic bean stock is an Amazon web services application deployment orchestration solution Salesforce offers CRM Services as well as Enterprise applications for customer service marketing automation analytics and application development and software AG cloud is an open and independent Cloud platform that serves as your onstop shop for all software AG has to offer in the cloud now coming to the next service which is software as a service so what is software as a service customer relationship management or CRM marketing Automation and business analytics are just a few of the application Level services offered by software as a service companies so how does it works the provider gives consumers network based access to a single copy of an application that the provider designed expressly for software as a service distribution in this software on demand model the source code for the program is the same for all clients and new features of functionalities are rolled out to all the users at the same time the data of each model's customer may be stored locally in the cloud or both locally in the cloud depending on the service level agreement coming to its advantages customers sub subscribe to a software as a service solution rather than buying an installing software or additional gear to support it many firms can now budget more effectively and predicta by converting cost to recurrent operating expenses you can also cancel software as a service subscriptions at any time to avoid incurring recurring fees its systems are frequently customizable and can be connected with other corporate applications particularly when using software for the same vendor vertical scalability is a feature of cloud services like software as a service which allows clients to access more or fewer services or features on demand disadvantages of software as a service when providers indoor service delays impose undesirable modifications to service offerings or suffer a security breach all of these these things can have a significant impact on customers ability to use the software as a service offering customers should be aware of their software as a service providers SLA and ensure that it is followed if the provider adopts a new version of an application it will roll it out to all of its clients whether or not they want it this may need the organization allocating additional training time and resources switching vendors can be tough as it is with any cloud service provider customers must migrate massive volumes of data when switching vendors furthermore some vendors use Technologies and data types which can make transferring client data between Cloud providers even more difficult so coming to the top companies that provide software as a service Adobe is a collection of adobe incorporation programs and services that provide user with access to software for graphic design video editing web development and photography as well as a set of mobile apps and certain optional cloud services sap is a platform as a service designed by SCP SE for developing new application and enhancing existing ones in secure cloud computing environment managed by sap Google Cloud Google Cloud platform is a set of Cloud Computing Services provided by Google that run on the same infrastructure as Google's internal products such as Google search Gmail drive and YouTube freshworks Cloud platform allows users to manage their identities and access across all of their freshworks products an atation advanced features such as has an 99.9% uptime SLA unlimited storage and premium support provide teams the confidence to scale reliability now that we have all the in-depth information about different types of Cloud Computing Services let's move ahead and explore its benefits and features which makes it so popular and convenient first the supplier host and maintains the site in their own facility the cloud hosting provider acquires host and maintains the necessary hardware and software users avoid the construction expenditures and maintenance problem that would be incurred if the service was established on premise second selfservice using a webbased interface through a web interface service users can initiate certain service functions as well as increase or reduce their service consumption level with l or no intervention from the service provider third is you must pay to utilize the facility users of the service only pay for the services they use when compared to the typical method of building on-site it capacities Target for the highest usage situations and then having that capacity to go unused for the most of the time this can result in significant cost savings and the fourth one is scalability that comes close to being infinite cloud computing service providers usually have the in infrastructure in place to deliver their services at a large scale that means that cloud service consumers can readily accommodate business expansion or periodic surges in service usage well this is all about Cloud Computing Services hello everybody Welcome to Simply learns AWS S3 tutorial for beginners my name is Kent and today I'm going to be covering these following points I'm going to be covering what is cloud computing I'm going to be showcasing what AWS is in terms of cloud computing and I'm also going to be covering the core fundamental service of the simple storage service which is a object storage service we're going to be covering the benefits of the simple storage service better known as S3 what op objects and buckets are and we're going to be seeing how things are working in the background and implementing that in terms of lab assisted demonstrations in order for you to see what those features of s3r and then we'll perform a wrap up of the material we've done in a conclusion so let's get started what is cloud computing so here is a definition of cloud computing but I'm going to paraphrase it cloud computing is nothing more than you gaining access to infrastructure through web services with a pay as youo model now this is a very very different model than we're traditionally involved in on a on Prem data center so when I mean on Prem I'm saying on premise okay so you'll hear hear that a lot on Prem now when we are on on Prem as data center we have to provision lots of infrastructure even before we get started with um deploying any type of application whether it be a mobile application a web application etc etc so every application needs some sort of underlying infrastructure whether that be uh barebone servers uh databases they're obviously going to be needing some typee of storage etc etc so all this is something that we have to kind of fight against in order just to get started with deploying our application so this takes usually traditionally depending on the size of the company about 3 months to set up so what if we could leverage all this infrastructure as a service and just through some API call that's what the web services is all about we could provision a server or we could provision a database within minutes and then deploy any type of application that we want to on top of that stack and also take advantage of any storage that we may want we may want object level storage which is what we're going to cover we may want an elastic file system right so there are different types of storages that we're eventually going to look at as you go down your learning path with simply learn so cloud computing is really about provisioning of all these kinds of services but not only at the infrastructure level we're going to see how we could move up the stack and get entire platforms as a service or even softwares as a service so what is AWS well AWS is really a cloud computing platform that will offer us many many services through these API calls some are again just bare infrastructure like a service other can be um a service as a software for example email so here we have an example of uh the public data storage this is S3 the simple storage service icon that you're going to see over and over again this is a representation of an actual bucket in S3 so this will become more clear as we uh continue the slide deck and actually reinforce this with some Hands-On lab but as you can imagine you may want to provision a private softwar defined Network in the cloud and so we can do that in AWS we can provide load balancing we could provide scalability in terms of autoscaling groups that will respond to increased demand as your application let's say um becomes more popular you want that infrastructure to grow elastically so doing this on premise is traditionally not only extremely expensive uh and thus prohibitive but very difficult to implement physically speaking as well so by going with a cloud provider like AWS we can severely reduce the expense and the complexity of setting all of this up because we're trading Capital expense for variable expense so Capital expense is about you procuring all the hardware that you need beforehand and the budget being approved before even getting that Hardware in through your door right and then you have to configure it so there's that complexity Factor whereas if you're doing this through AWS you can within minutes just provision all of that very quickly so you're also not paying for everything all upfront you're paying this with a pay as you go model so very different we are now removing what's called undifferentiated lifting which is every everybody has to do the same thing but it's not really bringing any value to their end product we all have to buy servers and configure them and scale them etc etc so if we remove that element and have AWS handle that we can concentrate on our business which is our application and improving that application and responding more to our client request we can be more agile more flexible so all of this leads to these points that we uh see here on this slide much easier to use much easier to get our application to Market we're actually going to be leveraging the physical security that AWS implements for us they have data centers all over the world that we're going to plug into and that physical security is already implemented for us there are varying levels of security that we're going to get into through AWS Journey but right off the bat you know that you have physical uh security of course we're going to be talking about storage in this demonstration or in this slide deck over here but the nice thing is is we only pay for what we use so that's that variable expense that I was talking about that we've traded for Capital expense we can easily set up databases we can easily automate our backups and have those backups stored in the cloud through that S3 storage that we're going to get into okay so lots of benefits of going through AWS here and it's also comprehensive and simple to use uh comprehensive meaning that there are hundreds and hundreds of services um it's going to be actually quite timec consuming for you to just know what each service does in general but you'll get there through your journey it's all about sticking with it and learning something new every day which is what simple learn is all about um over here we have infrastructure as a service platform as a service and software as a service so these are three different types of distinctions we have in the cloud industry to basically cover what's going on here on the right hand side so on premise you're traditionally involved in everything from networking which is you for example buying the switches the routers the cabling everything all the way up the stock to deploying your application and you see everything in between there okay so this is a very timec consuming job not only that but it costs a lot of money because you have to buy all these machines UPF front and you have to have the individuals with the right knowledge to maintain all of this stock all right so different individuals and different teams maintaining this whole on premise data center you may also have different data centers deployed globally so you can imagine the cost overhead of this so everything in green is basically you're managing it now we can offset that and ask AWS to handle part of this stack over here so on this second po column over here we see infrastructure as a service which basically says a WS I want you to handle all the networking my software defined Network I want you to handle my storage elasticity I want you to handle my compute power my virtual machines I want you to handle even uh administrating those uh machines at a physical layer as well and I want you to physically secure them so this will allow you more time to focus on all the green up here of course we can move up the stack can say I even want AWS to take on more responsibility and that would be more of a platform as a service where AWS would also install and maintain the operating system for you so you can imagine things like new versions of operating systems uh security patches maintenance patches all of the like and any middle wear or runtime that you have on top of that think of something like the Java virtual machine perhaps that needs to be updated now you wouldn't be responsible for maintaining all of what's in Orange over here you would only be responsible for deploying your application and making sure that your data is saved and secured right so again platform as a service is a more hands-off approach so think of it as you wanted to set up a cicd deployment environment for your development team and you want it to be very uh involved D in just handling your application code and making sure that it was properly uh compiled built tested and deployed right well this could be implemented as a platform as a service or you could take your code as a zip file and give it to aws's uh service called beanock which would automatically deploy your code and make sure that it's highly available scalable and fall tolerant across all all of the orange stack over here right so more of a hands-off approach of course we can go all the way up to stack and tell AWS to take care of everything for us and just ask for a service much like a utility like electricity or water we might want to say we just want an email software service and we're not really concerned about how the underlying operating system or servers or network are configured for that we just want to use the software as a service we don't want to administrate anything else we just want to be sort of like an end user to it so AWS will manage everything underneath the hood so there are varying types of services you pick and choose whichever one makes more sense for you and your team so what is S3 S3 stands for simple storage service and it is an object storage service in Amazon with this means is that it doesn't matter what kind of file you upload to S3 it will be treated as an abstraction meaning an object so you can upload a PDF file you can upload a JPEG file you can upload a database backup it doesn't really matter all that is abstracted Away by the use of storing it within an object we're going to talk more about what composes an object but by doing so what happens is is S3 allows us to have industry uh leading scalability so it doesn't matter if you're going to make a request for that database backup let's say that object um five times or 10,000 times that requests that demand will scale the underlying infrastructure that is implemented behind the scenes is handled for you so in a sense it's kind of like a serverless service a storage service where you're not implicated in handling anything underneath the covers you're just uploading your objects and accessing them later on in terms of data availability very powerful as well because it takes those objects and will replicate them across at least three availability zones of course these availability zones have one or more data centers attached to them so you have lots and lots of copies of your objects distributed globally or at least at a regional uh in a regional area uh you can do this as well globally if you you enable global replication um and you will see that your level of dur availability will Skyrocket and you're just not going to worry about losing an S3 object data security well we can encrypt our data at rest our objects at rest we can encrypt it in transit we can also come up with security policies at uh the Bucket Level which we're going to talk about what a bucket is very very very soon um these are going to be implemented through what's called I am policies and you're going to be able to control who or what has access to your objects and of course because everything is handled underneath the covers all the servers all the storage nodes are Cloud optimized for the best possible performance so let's continue on our journey on what is S3 we're going to take a look at what is a bucket and what is an object as you can see here here you have inside this bucket which is a logical container for an unlimited amount of objects you could have objects of different shapes and sizes like I said you could have pictures database backups Etc so this is what's being represented here by different shapes and you can think of a bucket really as almost like a folder where objects or files are placed within them so there are many ways for us to place objects within a bucket we can do this through the AWS console which I'll be showing you very shortly we can do this via the command line interface or we can do this through a software development kit at the end of the day all those three options go through an API right so it's all about picking the right method that is best suited for whatever kind of end user or application that needs access to these buckets and to these objects now once you've got the data or objects within this bucket you can control pretty much how the data is accessed how it's stored whether you want it to be encrypted and how it's even managed so you can have organizations that have specific compliance needs for example any objects uh that are placed in there perhaps some PDFs are not to be modified are not to be touched for 90 days let's say we can imply um object locks if we want to we can imply security guards we can also for example uh record all API actions that try to access to list to delete any kind of API operations on those objects at the Bucket Level on the object level we can record if that is some sort of organizational compliance need for auditing or for whatever internal um auditing reason that you may have so continuing on here you can see that there are many organizations that use S3 one in point is Amazon itself S3 is so popular and so durable that Amazon internally uses it to store its own data you're guaranteed you know almost that you're not going to lose any object in there because it has what we call 119 durability now 11 9's durability is really an extreme amount of durability where it's mathematically almost impossible for you to lose an object once you placed it in S3 you're in fact more uh liable to get hit by meteorite than you are to lose an object in S3 statistically speaking which is a pretty incredible statistic but it's but it's true so if we continue here with the benefits of S3 some of these have already uh described but let's talk about the full um picture here we see the performance scalability availability and durability um of S3 are really uh you know first class in the industry again durability we were talking about that 119 so what that really means is 99.9999 in total if you count all the nines that's 11 of those nines so um ex most durable in the industry by far and again because everything is handled underneath the covers it's a serverless service uh they ensure the scalability and availability and the performance of um the inner workings of that object level storage now cost is of course always important and S3 really shows up here with first class support again for cost it's got very very low cost we can have object level storage for um let's say a terabyte of object level storage for as little as a dollar a month so again it will depend on the kind of storage class we're going to have a discussion on different types of storage classes that we might want to transition or move over our objects from one storage class to the next depending on how frequently accessed that data is as you know data over time seems to get less and less accessed as you know your needs shift from one place to another we're going to talk about that coming up very soon so we're going to want to really focus on that to reduce our end of the month costs for storage with S3 of course security is always at the Forefront and we want to make sure that we either simply secure by encrypting everything right off the bat either at rest in transit or we want to put an object lock or just maintain security at the Bucket Level maintaining let's say who or what has access to that data because by default no one has access to the data unless we open up the door and also we want to make sure that we don't give public access to our bucket for obvious reasons of uh giving away important information by mistake so AWS makes it extremely difficult for you to accidentally do this and I'm going to show this in a demonstration lab uh coming up very soon and we can also query in place which is very interesting so you can imagine you putting let's say um a file that's in CSV format or Json format or parket format some sort of structured format or semi-structured format in S3 and you can actually use SQL queries on the spot to filter that data in place at the Bucket Level you can also have other services that may want to extract some business intelligence uh from that data in your S3 bucket directly as well so some other more advanced quering operations can take place at the S3 level so this you will learn during your journey with simply learn as you're covering all the AWS technology stacks and here the most widely used storage cloud service in the industry uh because of all the points that we just covered it really is the number one storage or object level storage solution in the industry let's now take a look at objects and buckets and S3 so the objects are really the fundamental entities that are stored in S3 or the lowest common denominator which means that we're not really interested in what kind of data is within the object at at the layer of S3 because S3 doesn't have direct access to the data within an object like I said before it's an abstraction of the data so we don't know if it's a cat picture if it's a backup of your database it's just treated as a fundamental entity aka the object now every object is associated with metadata so data about itself things like what's the name of the object what's the size the time and date that the object was uploaded things of that nature are categorized as metadata so S3 does have direct access to that now the data within that object of course is accessible by other services so it's not that once you've uploaded it you've totally lost the data and it's only can be treated as an object it's just that at this layer it's simply just assigned metadata and a version ID a unique version ID and and if you re-upload the exact same object a second or third time to S3 it will have its own version ID number so a new unique version ID number will be generated so really what buckets are are their logical containers to store those objects so of course at an extremely high level a bucket would be like your root file system if you want to think about it like that but that doesn't mean you can't go into this bucket and create separate folders now when you create separate folders in a bucket because you might want to logically organize all your objects you might be fooled by the fact that you think this is a hierarchal storage system when in fact it is not and I'll talk about that in a second so you cannot store an object without first storing it into a bucket so of course the first step would be for us to create a bucket and then upload objects Within in that bucket so an object cannot can cannot exist without its container or its bucket so there's no windows explor view like we're used to in an operating system because this is not a hierarchal view no matter if you create folders within folders within folders in fact S3's internal architecture is a flat hierarchy what we do instead is we assign prefixes which are treated as as folders in order to logically organize our objects within our buckets and I'm going to Showcase a prefix in one of the demonstrations coming up very soon so when you create or when you're working with S3 first of all you're working at a regional level you're going to have to pick a region for example you might pick us east1 region or us east2 region and the bucket that you're going to be creating will be replicated across several availability zones but within that region also that data those objects can be accessed globally because S3 uses the HTTP protocol HTTP protocol is very permissive everybody knows how to administrate it and work with it so we just need to give access to that object in terms of a permission policy and give it the proper uh URL or give whoever needs access to it the proper URL and they can access that via HTTP globally so first when you're creating a bucket you have to select the region and the object will live within that region but that doesn't mean that it still can't be accessed globally so let's now take a minute go over to the AWS console and actually let me showcase how to create uh objects and buckets so so for our first lab we're going to be going and creating an S3 bucket and uploading an object to it so we first have to log into the AWS console which we have up here in the address bar let's click on either create free account if it's your very first time or as in is in my case already have an account and we're going to sign in here you're going to have to pass in your um IM username password and your um account ID of course once you've logged in you can search for the simple uh storage service S3 either uh by coming up here in the search box and typing S3 and you'll find it there that's probably the easiest way or if you want you can take a look at all the services and it'll be under storage over here the first one okay so pick whichever method you see best for yourself once we're here we want to create our first bucket now I've already have a couple of buckets here so we're going to go on and create a new bucket the very first thing is you have to specify a bucket name now this bucket name has to be globally unique if you take a look here at the region that we're in it doesn't actually select a re specific region it selects the global option which means that this bucket will become globally accessible so that is why it needs to have a unique name much like a DNS name has to be unique for your website right so I'm going to come up here and pick a name that I think is going to be unique so I'm going to say simply learn S3 demo right let's take a look at if that's going to work out of course we have to pick a region but it is globally accessible so you either pick a region that's closest to your end users or in our case since we're just doing a demonstration we can do whichever is closer to us right now now okay and we're going to skip these options for now we're going to come back to them later on we're just going to create the bucket now hopefully that was a unique name and allowed me to create that and it looks like it did so if I scroll down you can see that uh it clearly got created over here now we're going to click on that and we are going to start uploading objects to this bucket so let me click on the upload button and you can either select one or more files or you can select an entire folder so I'm going to just go and select a specific cat picture that I have here okay and again we'll go through some of those other options later on and we'll just click upload now this should take no time at all because of the fact that it's a very small object or file that's being uploaded so it is has succeeded we can close this up and we see now clearly that the object is in our bucket if we go to properties we can see the metadata associated with this bucket we can see the region that it's in we can see the Arn which is the Amazon resource name which uniquely identifies this resource this bucket um across the globe so if ever you needed to reference this let's say uh in an IM policy or whatever other service needed to communicate with S3 you would need this Arn it's very important piece of of information and of course we have the creation date so some high level metadata so objects as we have covered already consist of not only the data itself but the metadata so there's lots of metadata and there's a lot of other features that we can go here and enable very easily and this will be the basis of the future uh demonstrations that I'm going to do all right so just to recap what we just did we created a unique bucket give it a name of Simply learn S3 demo and uploaded our first object to it so let's now take a look at the inner workings of the Amazon S3 when we upload an object into a bucket we have to select which one of these storage classes the object will reside in so you see you have six storage classes here at the bottom and each have their own characteristics that we're going to get into by default if you don't specify anything it'll get placed in What's called the S3 standard storage class which is the most expensive out of all these storage classes once your object gets colder and what I mean by colder is your access patterns diminish meaning that you're accessing that file less and less over the course of time so it gets colder you will transition that object from one tier to the next all the way to for example S3 deep archive so again deep archive signifies extremely cold so maybe you're only referencing this data once a year once every couple of years and so you want to have the cheapest possible storage available so right now you can get about one terabyte of storage per month for about a dollar a month with S3 uh glacer deep archive so you are going to be very interested in knowing how to transition from one or more of these storage classes over time in order to save on your storage costs that's really why we're doing this so let's go through some of the storage classes by default like I said whenever you upload an object you automatically get placed into the standard storage class so any files that you're working on frequently daily this is the best fit for it you've got the high price level of accessibility and um durability as well not that the others don't have the same level of durability however we'll see how when you transition from one storage tier to the next some characteristics do change in order for you to save on some cost we're going to go through some of those now this would be considered hot data right data that's used all the time maybe just by you maybe by everybody all right so that's the perfect place to place it in the standard storage class now over time like I said you may find yourself working less and less perhaps on a document that was due by the end of the month that document was submitted and then afterwards you don't work on that document anymore perhaps you're only working on revisions based on feedback from your colleagues that are asking you to make some corrections or some amendments and so only those uh Corrections or amendments come in perhaps once a month and so in that case you might find yourself um finding a justification for moving that document from the standard tier to the standard IIA or infrequently accessed tier maybe any objects not modified for more than 30 days are a good fit for that and that's really the criteria for IIA inactive access is that S3 or AWS itself recommends to only put objects in there if they haven't been asked access for at least 30 days so you get a a price reduction a rebate for putting objects that are not access frequently in here of course if you remove objects let's say before the 30-day uh limit then you are charged a sir charge for retrieving an object that you said was in frequently accessed but it really was not so bear that in mind if you're going to place objects in INF frequent access be somewhat uh reasonably assured that you're not going to be going there and accessing them you can still access those files no problem just as quickly they have the same level of accessibility and durability however like I said anything less than 30 days you'll get a price ding on that if you want to have long-term storage we're talking about Amazon Glacier so this is more anything um over 90 days that hasn't been modified or 180 days there's two subcategories of Amazon Glacier that we're going to get into and this is the cheapest storage by far and Amazon Glacier doesn't really operate through the AWS console as the same as the standard and the infrequent access you can't really upload objects to Glacier via the um console in the browser you can only do so let's say through the command line interface or through an SDK the only thing you can do on the a web console with Glacier is actually create what's called a vault which is a logical container for your archives but then after that you have to go through the CLI or the SDK to do the rest of the work there if we continue on there's some gray areas between uh the S3 standard in the glacier one is the one zone in frequently accessed storage class so if we go back to the regular uh standard and IIA storage class all of these objects are stored across a minimum of three availability zones if you want a further price reduction you can store your objects in a one zone IIA storage class which means that instead of taking that object and replicating it across three or more availability zones it will only store it in a single availability Zone therefore reducing uh the level of availability that you have to that object so in this case here if that single availability Zone would go down for example you would not have access to that object once it would come back up of course you would the other thing is is if there was a an immense catastrophe where the actual availability Zone was destroyed well of course then your object is also gone so if that's something that doesn't worry you because you have already many copies of this object may be lying around on premise then this is a good option for you because it's data that you're willing to lose or lose access to for short periods of time if ever that single availability Zone goes down so it's about an extra 20% off the price from already the normal uh IIA standard price there is another one called the standard reduced redundancy storage this one is kind of getting phased out as we speak because the same price for this storage class is about the same amount you're going to pay for the normal IIA standard class what this does is again is a good fit for um your objects that you're not really worried about losing if there is some sort of catastrophe that happens in an availability Zone there's less copies of it that are stored and so if that data center and that availability Z goes down then you lose your object so of course it offered at the time the highest price reduction uh possible but now the difference between this one and the normal IIA standard storage class is so small in terms of price that you're probably not going to uh migrate to um or navigate to this storage class but it is still there in the documentation and it may very well come up still in the um certification exam so at least be aware of that let's not take a look at some individual features of S3 starting off with life cycle management so life cycle management is very interesting because it allows us to come up with a predefined rule that will help us automate the transitioning of objects from one storage class to another without us having to manually copy things over of course you could imagine how time consuming that would be if we had to do this manually so we're going to see this very soon in a lab however let me discuss how uh how this works so once we uh it's basically a graphical user interface it's very very simple to use once you come up with these uh life cycle management rules but you're going to Define two things you're going to define the transition action and the expiration action so the transition action is going to be something like well I want to transition an object from maybe it's all objects or maybe it's just a specific type of object in a folder example that has a specific prefix from one storage class let's say standard to standard inactive or infrequent access maybe only after 45 days after at least a minimum of 30 days like we spoke of before and then maybe after uh 90 days we want to transition the objects and IIA to right away Glacier deep archive or 180 days you come up with whatever combination you see fit okay it doesn't have to be sequential from S3 to IIA to one zone etc etc because like we discussed before it depends what kind of objects that you're interested in putting in one zone objects that you don't really mind losing if that one availability Zone goes down so you're going to be deciding those rules it ends up that this even is not a simple task because you have to monitor your usage patterns to see which data is hot which data is cold and what's the best kind of life cycle management to implement to reap the benefits of the lowest cost so you have to put somebody on this job and make the best informed uh decisions based on your access patterns and that is something that you need to consistently monitor so what we can do is we can instead opt for something called S3 intelligent taring which basically analyzes your workload using machine learning algorithms and after about a good 30 days of analyzing your access patterns we'll automatically be able to transition your objects from S3 standard to S3 standard in frequent access okay it doesn't go past the iia1 doesn't go after the glacier and whatnot okay so it can then offer you um that at a reduced um price overhead so there is a monitoring fee that is introduced in order to uh implement this feature it's a very nominal very very low monitoring fee and the nice thing is is if ever you take out an object out of the infrequent axis before the 30-day limit as we spoke of before you will not be charged um an overhead charge because of that why because you're using the intelligence tearing you're already paying an overhead for the monitoring fee so at least in that sense the intelligent tearing will take the object out of IIA and put it back into the S3 standard class if you need access to it before the 30 days and in that case you w be charged that overhead so that is something that is very um that is very um good to to to do in order not to have to put somebody on that job so yes you're paying a little bit of overhead for that monitoring fee but at the other side of the spectrum you're not investing in somebody uh working many hours to Monitor and put into place a system to monitor your uh data access patterns so let's take a look at how to do this right now let's Implement our own life cycle management rules so let's now create a life cycle rule inside our bucket first off we're going to need to go to the management Tab and the bucket that we just created and right on the top you see right way life cycle rule we're going to create life cycle rule and we're going to name it so I'm just going to say something very uh simple like simply learn uh life cycle rule and we have the option of creating this rule for every single object in the bucket or we can limit the scope to a certain type of file perhaps with a prefix like I could see one right now something like log so anything that we categorize as a log file will transition from one storage tier to the next as per hour instructions we're doing this because we really want to save on costs right it's not so much of organizing what's your older data versus your newer data it's more about reducing that storage cost as your your objects get less and less used so in this case logs are a good fit because perhaps you're using your logs for the first 30 days you're sifting through them um you're trying to get insights on them but then you kind of move them out of the way because they become old data and you don't need them anymore so we're going to see how we can uh transition them to another pricing tier another storage tier uh we could also do this with object tags which is a very powerful feature and in the lifer rules action you have to at least pick one of these options now since we haven't enabled versioning yet what I'm going to do is just select transition the current version of the object between these storage classes so as a reminder of what we already covered in the slides are storage classes are right over here so the one that's missing is obviously the default standard storage class which all objects are placed in by default so what we're going to see say is this we want our objects that are in the default standard storage class to go to the standard inactive access storage class after 30 days and that'll give us a nice discount on those objects being stored then we want to add another transition and let's say we want to transition them to Glacier after 90 days and then as a big finale we want to go to Glacier deep archive you can see the rest are grade out would it make sense to go back and maybe after 180 days we want to go there okay now there's a little bit of um a warning or call to attention here they're saying if you're going to store very small files um into Glacier not a great idea there's an overhead in terms of metadata that's added and also there's an additional cost associated with storing small files in Glacier so we're just going to acknowledge that of course for the the demonstration that's fine in real life you don't want to store very big tar files or zip files that had you know one or more lock files in there okay that would bypass that that search charge that you would get and over here you have the timeline summary of everything we selected up above so we have here after 30 days the standard inactive access after 90 days Glacier and after 180 days Glacier deep archive so let's go and create that rule all right so we see that the rule is already enabled and at any time you could go back and disable this if ever you had um a reason to do so we can easily delete it as well or view the details and and edit it as well so if we go back to our bucket now what I've done is created that prefix with the slash logs since we're not doing this from the command line we're going to create a logs folder over here that will fit that prefix so create logs create folder and now we're going to upload our let's say Apache log files in here so we're going to upload one demonstration Apache log file that I've created with just one line in there of course just for demonstration purposes we're going to upload that and now we have we're just close that and now we have our our Apache log file in there so what's going to happen because we have that life cycle rule in place after 30 days anything any file that has the logs prefix or basically is placed inside this folder will be transitioned as per that life cycle rur policy that we just created so congratulations you just created your first S3 life cycle rule policy let's now move over to bucket policies so bucket policies are going to allow or deny access to not only the bucket itself but the objects within those buckets to either specific users or other services that are inside the AWS Network now these policies fall under the category of I am policy so I stands for identity and access management and this is a whole other topic IC that deals with security at large so there are no services in AWS which are allowed to access other services or data for example within S3 without you explicitly allowing it through these IM policies so one of the ways we do that is by attaching one of these policies which are written in a Json format so it's a text file that we write at the end of the day that's the artifact and that's a good thing because we can use that artifact and we can configuration control it in our source control and version it and put it alongside our source code so when we deploy everything it is part of our deployment package so in this case here we have several ways of doing this we can use What's called the policy generator which is a graphical user interface that allows us to Simply click and point and populate certain text boxes which will then generate that Json document that will allow us to attach that to our S3 bucket and that will determine like I said which users or Services have access to uh whatever API actions are available for that resource so we might say we want certain users to be able just to list the contents of this bucket not necessarily be able to delete or upload new objects into that bucket so you can get very fine grained permissions based on the kind of actions you want to allow on this resource so in order to really bring this home let's go and perform our very own lab on this let's now see how to create an S3 bucket policy going back to our bucket we're now going to go into permissions so the whole point of coming up with a bucket policy is that we want to control who or what the what being other services have access to our bucket and our objects within our bucket so there are several ways we can go about doing this let's edit a bucket policy one we can go and look at a whole bunch of preand examples which is a good thing to do two we could actually go in here and code the Json document ourselves which is much more difficult of course so what we're going to do is we're going to look at a policy generator which is really a form based graphical user interface that allows us to generate through the answers that we're going to give here the Json document for us first question is we got to select the policy type of course we're dealing with S3 so it would make sense for us to create an S3 bucket policy the two options available to us are allowing or denying access to our S3 bucket now in this case here we could get really um fine grain and specify certain kinds of services or certain kinds of users but for the demonstration we're just going to select star which means anything or anybody can access this S3 bucket all right now depending on uh also the actions that we we're going to allow so in this case here we can get very fine grained and we have all these check boxes that we can check off to give access to certain kind of API action so we can say we want to give access to you know just deleting the bucket which obviously is something very powerful uh but you can get more fine grain as you can see you have more of the Getters over here um and you have more of the the the listing and the putting new objects in there as well so you can get very fine grain now for demonstration purposes we're going to say all action so this is a very Broad and wide ranging permission something that you really should think twice about before doing we're basically saying we want to allow everybody and anything any service all API actions on this S3 bucket so that's no uh small thing we need to specify the Amazon resource name the Arn of that bucket specifically so what we're going to do is go back to our bucket and you can see here uh the bucket Arn okay so we're just going to copy this paste it in this policy generator and just say add statement you can see here kind of a resume of what we just did and we're going to say generate policy and this is where it creates for us and make this a little bit bigger for us it creates that Json document so we're going to take this we're going to copy it and we're going to paste it into the generator okay now of course we could flip this and change this to a deny right which would basically say we don't want anybody to have access or any thing any other service to have access to this S3 bucket we could even say slashstar to also encapsulate all the objects within that bucket so if I save this right now you have a very Ironclad S3 bucket policy which basically denies all access to this bucket and the objects within of course this is on the other side of the spection very very secure so we might want to for example host a static website through our S3 bucket so in this case here allowing access would make more sense right so if I save changes you see that we get an error here saying that we don't have permissions to do this and the reason for that is because it really realizes that this is extremely permissive so in order to give access to every single object within this bucket as in the case that I was stating of a static website being hosted on your S3 bucket it would be much better to also it first enable that option so I'm just going to duplicate the tab here and once you go back to the permissions tab one of the first things that shows up is this block block Public Access setting right right now it's completely blocked and that's what's stopping us from saving our policy we would have to go in here unblock it and save it right and it's also kind of like a double clutch feature you have to confirm that just so you don't do that by accident right so now what you've effectively done is you've really opened up the floodgates to have public access to this bucket it's something that can't be accessed accidentally done it's kind of like having to perform these two actions before the public access can be granted now historically this was something that AWS was um was guilty of was making it too easy to have Public Access so now we have this double clutch now that this is enabled or turned off we can now save our changes here successfully and you could see here that now it's publicly accessible which is a big red flag that perhaps this is not something that you're interested in doing now if you're hosting a public website and you want everybody just to have read access to every single object in your bucket yes this is fine however please make sure that you um pay very close attention to this uh type of access flagged over here on the console so congratulations you just got introduced to your first bucket policy a permissive one but at least now you know how to go through that graphical user interface through the policy generator and create them and paste them inside your S3 bucket policy uh paint so let's continue on with data encryption so any data that you place in S3 bucket can be encrypted at rest very easily using an AES 256 encryption key so we can have server side encryption we could have AWS handle all the encryption for us and the decryption will also be handled by AWS when we request our objects later on but we could also have client side encryption where we the client that are uploading the object have to be responsible for also passing over our own generated key that will eventually be used by AWS to then encrypt that object on the bucket side of course once that happens then the key is discarded the client key is discarded and you have to be very mindful that since you've decided to handle your own encryption client side encryption that if ever you lose those keys well that data is not going to be recoverable in that bucket on the AWS Network so be very careful on that point we can also have a very useful feature called versioning which will allow you to have a history of all the changes of an object over time so versioning sounds exactly how it's named every time you make a modification to a file and upload that new version to S3 it will have a brand new version ID associated with that so over time you get a sort of stack of a history of all the file changes over time so you can see here at the bottom you have an ID with all these ones and then an ID with 121212 So eventually if ever you wanted to revert back to a previous version you could do so by uh accessing one of those previous versions of course versioning is not an option that's enabled by default you have to go ahead and enable that your yourself it is an extremely simple thing to do and so there may be a situation where you already have objects within your buckets and you only then enable versioning well versioning would only apply to the new objects that would get uploaded from the point that you enabled versioning the objects that were there before that point will not get a specific version number attached in fact they will have a sort of null marker um version number that will get attached to them it's only after that you modify those objects later on and upload a new version that they will get their own version numbers so right now what we're going to be doing is a lab on actual uh versioning so let's go ahead and do that right now in this lab we're going to see how to enable versioning in our buckets and a versioning is very easy we're simply going to click on our bucket go into properties and there is going to be a bucket versioning section going to click on edit and enable it once that's done any new objects that are uploaded to that S3 bucket will now benefit from being tracked by a version number so if you upload objects with the same file name after that they'll each have a different version number so you'll have version tracking a history of the changes for that object let's actually go there and upload a new file I'll upload one called index.html so we're going to simulate a situation where we've decided we're going to use an S3 bucket as the source of our static website to deploy one and in this index.html file if you take a look uh right now let's take a look at what's in there you can see that we have welcome to my website and we're at version two okay so if I click on this file right now and I go to versions I can clearly see that there's some version activity that's happening here okay we have here um at 1456 which is the latest one the latest one is on the top the current version we have a specific version ID and then we have a sort of history of what's going on here now I purposely enabled versioning before and then try to delete versioning or disable versioning but here's the thing with versioning you cannot disable it fully once it's enabled you can only suspend it right now suspending means that whatever version numbers those objects had before you decided to suspended will remain so you can see I have an older version here that has an older version number and at this point here I decideed to suspend versioning and so what it does instead of disabling the entire history it puts what's called a delete marker okay you could always roll back to that version if you want now in the demonstration when we started it together I enabled it again so you can see this is actually the brand new version version number as we did it together but you don't lose the history of previous versioning if ever you had suspended it before so that's something to keep in mind right and it'll come up in the exam where they'll ask you can you actually disable versioning once it's enabled and the answer is no you can only suspend it and your history is still maintained now we have that version there and let's say I come to this file and I want to upgrade this I don't know I say version three right and now what's going to happen is if I click on this version this is the current one with version two and I open this we should see version two which is fine that's that's that's expected if we go back to our bucket and upload that new version file that has version three in there they want I just modify it we should now see in that index.html file a brand new version that was created under the versions Tab and there you go 1458 just 2 minutes after you can see here we have a brand new version ID right and if I open this one you can see version three so now you have a way to enable versioning very easily in your buckets and you also have seen what happens when you want to suspend versioning what happens to the history of those versions files before just to actually go back here to the properties uh where we enabled versioning in the first place if I want to go back in here and disable it like I said you can't disable you can only suspend and that's where that delete marker gets placed but all your previous versions retain their version ID so don't forget that because that will definitely be a question on your exam if you're interested in taking the certification exam so congratulations you just learned how to enable versioning let's move on to cross region replication or crr as it is known there will be many times when you find yourself with objects in a bucket and you want to share those objects with another bucket now that other bucket could be within the same account could be within another account within the same region or could be within a separate account in a different region so there's varying levels of degree there the good thing is is all of those um combinations are available so crr if we're talking about cross region replication is really about replicating objects across regions something that is not enabled by default because that will incur a replication charge because it's syncing objects across regions of course you are spanning a very wide area network in that case so there is a search charge for that now doing so is quite simple to do but one of the things that we have to be mindful of is to give permissions for the source bucket which has the originals to allow for this copying of objects to the destination bucket so if we're doing this across regions of course we would have to come up with I am policies and we would also have to exchange credentials in terms of IM user credentials in terms of account IDs and and the such um we're going to be doing a demonstration in the same account in the same region but largely this would be the same steps if you were going to go cross region so this is something you might find yourself doing if you want to share data with other um entities in your company maybe you're a multinational and you want to uh have all your lock files copied over to another bucket in another region for another team to analyze to extract business insights from or it might just be that you want to aggregate data in a separate data Lake uh in an S3 bucket in another region or in like I said it could be even in the same region or in the same account so it's all about organizing moving data around across objects across these boundaries and let's actually go through a demonstration and see how we can do CR r r let's now see how we can perform cross region replication we're going to take all the new objects that are going to be uploaded in the simply learn S3 demo bucket and we're going to replicate them into a destination bucket so what we're first going to do is create a new bucket okay and we'll just tack on the number two here and this will be our destination bucket where all those objects will be replicated too we're going to demonstrate this within the same account but it's the exact same steps when doing this across regions one of the requirements when performing cross region replication is to enable versioning so if you don't do this you can do it at a later time but it is necessary to enable it at some point in time before coming up with a cross region replication rule all right so let me create that bucket and now after the bucket is created I want to go to the source bucket and I want to configure under the management tab here a replication rule so I'm going to create a replication rule call it simply learn rep Rule and I'm going to enable this right off the bat the source bucket of course is the simply learn S3 demo we could apply this to all objects in the bu bucket or perform a filter once again let's keep it simple this time and apply to all objects in the bucket of course caveat here this will only now apply to any new objects that are uploaded into this Source bucket and not the ones that are already pre-existing there okay now in terms of the a destination bucket we want to select the one we just created so we can choose a bucket in this account or if we really want to go cross region or another account in another region we could specify this and put in the account ID and the bucket name in that other account so we're going to stay in the same account we're going to browse and select the newly created bucket and we're also going to need permissions for the source bucket to dump those objects into the destination bucket so we can either create the RO ahead of time or we can ask this user interface to create create a new role for us so we'll opt for that and we'll skip these additional uh features over here that we're not going to talk about in this demonstration we're just going to save this so that will create our replication rule that is automatically enabled for us right now so let's take a look at the overview here you can see it's been enabled just to double check the destination bucket is the demo 2 we're talking about the same region and again here we could opt for additional um parameters like different storage classes in the destination bucket that that object is going to be deposited in etc etc for now we just created a simple rule now if we go back to the original Source bucket which we're in right now and we upload a new file which will be transactions file in a CSV format once this is uploaded that cross region replication rule will kick in and we'll eventually right it's not immediate but we'll eventually copy the file inside the demo 2 bucket now I know it's not there already so what I'm going to do is pause the video and come back in 2 minutes and when I click on this the file should be in there okay so let's now double check and make sure that object has been replicated and there it is been replicated as per our rule so congratulations you just learned how to perform your first same account account S3 bucket region replication rule let's now take a look at transfer acceleration so transfer acceleration is all about giving your end users the best possible experience when they're accessing information in your bucket so you want to give them the lowest latency possible you can imagine if you were serving a website uh and you wanted people to have the lowest latency possible of course that's something that's very desirable so in terms of traversing long distances if you have your bucket that is in for example the US East one region in the United States in the Virginia region and you had users let's say in London that want to access those objects of course they would have to Traverse a longer distance than users that were based in the United States and so if you wanted to bring those objects closer to them in terms of latency then we could take advantage of What's called the Amazon cloudfront delivery Network the CDN Network which extends the AWS backbone by providing what's called Edge location so Edge locations are really data centers that are placed in major city centers where our end users mostly are located more densely populated areas and your objects will be cached in those locations so if we go back to the example of your end users being in London well they would be accessing a cached copy of those objects that were stored in the original bucket in the for example Us East one region of course you will get get most likely a dramatic performance increase by enabling transfer acceleration very simple to uh enable this just bear in mind that when you do so that you will incur a charge for using this feature the best thing to do is to show you how to go ahead and do this so let's do that right now let's now take a look at how to enable transfer acceleration on our simply learn S3 demo bucket by simply going to the properties tab we can scroll down and look for a heading called transfer acceleration over here and very simply just enable it so what does this do this allows us to take advantage of What's called the content delivery Network the CDN which extends the AWS Network backbone the CDN network is strategically placed into more densely populated areas for example major city centers and so if your end users are situated in these more densely populated areas they will reap the benefits of having transfer acceleration enabled because the latency that they will experience will be severely decreased so their performance is going to be enhanced if we take a look at the speed comparison page for transfer acceleration we can see that once the page is finished loading it's going to do a comparison it's going to perform first of all what's called a multi-part upload and it's going to see how fast that upload was done with or without transfer acceleration enabled now this is relative to where I am running this test so right now I'm actually running it from Europe so you can see that I'm getting very very good results if I would enable transfer acceleration and my users were based in Virginia so of course now I have varing uh differences in percentage as I go closer or further away from my region where my bucket or my browser is being um is being referenced so you can see here United States I'm getting pretty good uh percentages as I go closer to Europe it gets lower of of course but still very very good Frankfurt again this is about as probably the worst I'm going to be getting here since I'm situated in Europe and of course as I go look more towards you know the Asian regions you can see once again it kind of scales up in terms of better performance so of course this is an optional feature once you enable it as I just showed over here um this is a feature that you pay additionally for so bear that in mind make sure that you take a look at the pricing page in order to figure out how much this is going to cost you so that is it congratulations you just learned how to Simply enable transfer acceleration to lower the latency from the end user point of view we're now ready to wrap things up in our conclusion and go over at a very high level what we just spoke about so we talked about what S3 is which is a core service one of the original Services published by AWS in order for us to have unlimited object storage in a secure scalable and durable fashion we took a look at other aspects of S3 in terms of the benefits we mainly focused on the cost savings that we can attain in S3 by looking at different storage class classes now of course S3 is industry recognized as one of the cheapest object storage um Services out there that has the most features available we saw what goes into the object storage in terms of creating first our buckets which are our containers high level containers in order for us to store our objects in again objects are really an abstraction of the type of data that are in there as well as the the metadata associated with those objects we took a look at the different storage tiers the default being the standard all the way till the cheapest one which is the glacier which are meant for longterm archived objects for example log files that you may hold on to for a couple of years may not need to access routinely and we'll have the cheapest pricing option uh by far so we have many pricing te and if you want to transition from one tier to the next you would Implement a life cycle policy or use the intelligent tiering option that can do much of this for you we took a look at some very interesting features starting from the life cycle management policies that we just talked about all the way to versioning cross region replication and transfer acceleration so with this conclusion you are now ready to at least start working with S3 hello everybody my name is Kent and today we're going to be covering AWS identity and access management also known as I am tutorial by simply learn so these are the topics which we'll be covering today we'll be defining what AWS security is the different types of security in AWS what exactly is identity and access management the benefits of identity and access management how I am Works its components its features and at the end we're going to do a great demo on I am with multiactor authentication and users and groups so without any further Ado let's get started so let's get started with what is AWS security your organization May span many regions or many accounts and you may Encompass hundreds if not thousands of different typ Ty of resources that need to be secured and therefore you're going to need a way to secure all that sensitive data in a consistent way across all those accounts in your organization while meeting any compliancy and confidentiality standards that have to be met so for example if you're dealing with Health Care data or credit card information or personal identification information like addresses this is something that needs to be thought out across your organization so of course we have Individual Services in AWS which we will explore in this video however in order to govern the whole process at an organizational level we have AWS security Hub now AWS security Hub is known as a cspm which stands for a cloud security poster management tool so what does that really mean well it's going to Encompass like I said all these tools underneath the hood in order to bring a streamlined way for you to organize and adhere to these standards across organization it'll identify any misconfiguration issues and compliant risks by continuously monitoring your Cloud infrastructure for the gaps in your security policy re enforcements now why is that important well these misconfigurations can lead to unwanted data breaches and also uh data leakages so in order to govern this at a very high level like I said we need to incorporate a WS security Hub that will automate and manage all these underlying services for us in order to perhaps take automated action we call that remediar actions and you can approve these actions manually or you can automate those actions as you see fit across your organization so let's delve a little bit deeper into what is AWS security and then we'll start looking individ ually at some of these services and so our organization has special needs across different projects and environments so of course the production development test environments all are going to have their own unique needs however it doesn't matter which project or Which business unit we're talking about and what are their storage backups needs they should all be implemented in a concise standardized way across your organization to meet that compliancy what we're just talking about so we want to automate all these tedious manual tasks that we've been doing like ensuring that perhaps our buckets in S3 are all encrypted or all our EBS volumes are encrypted and we want to have an automated process in place in order to give us time on other aspects of our business perhaps our application development to bring better business value value and that allow us to grow and innovate the company and in a way that's best suited for it so let's take a look at the different types of AWS security now there are many different types of uh Security Services out there however we're going to concentrate primarily on I am in this video tutorial so I like to think of I am as the glue between all AWS Services because by default we don't have permission for any one service to communicate with another so let's just take for example an ec2 instance that wants to retrieve an object from S3 well those two Services could not interact unless we interacted with I am so something that's extremely important to learn and by the end of this video tutorial you'll be able to understand what I am is we have Amazon guard Duty here which is all about logs basically Aggregates all logs from example cloud trail which we still haven't talked about so at the end of this list will be here but instead of looking at cloud trail um individually guard Duty will actually take a look at Trail um cloud trail we'll take a look at your VPC flow logs and we'll take a look at your DNS logs and monitor that account and your network and your data access via machine learning algorithms and it'll I DNA threat where um you can automatically remediate the workflow that you've approved so for example if you know of a malicious IP address that's making API calls well those API calls are registered in cloud trail right so this machine learning algorithm will be able to detect that and and take action so this is really governed at a higher level than you having to you know individually inspect all your DNS logs flow logs and Cloud Trails individually and take action through some scripting fashion that that you've come up with so guard Duty manages all that we have Amazon Macy which once again us machine learning but also uses pattern matching pattern matching can be used with um matching uh kind of libraries that are already in place or you can come up with your own pattern matching and that's used to discover and protect your sensitive data so for example if you had healthc care data also known as hippoc compliancy or credit card data that's lying around well Macy will Discover it and will protect it so as your data grows across your organization that might be harder and harder to do in your own way so Macy really facilitates uh discovering and protecting that so you can concentrate on other things AWS config is something that kind of works in tandem with all the other uh Services it's uh able to continuously monitor your resources configurations and ensure that they match your desired configuration so for example um maybe you state that your S3 bucket should be encrypted by default all of them or you want to make sure that your IM U user access keys are rotated and if they're not then take remediar action so a lot of these automated remediar actions right are basically executed via AWS config so you'll seef AWS config actually used by other services underneath the hood and then you have cloud trail cloud trail is all about logging every single type of API call that's made so it'll um it'll always record the AP call who made it from what source IP um the parameters that were sent with the API um the response all that data which is really a gold mine for you to investigate if there's any security threat and again this Trail over here and there can be many and there's lots and lots of data generated by these Trails can be analyed by these other services uh specifically guard Duty here that automates that process process so you don't have to so let's get to the next one which is what is identity and access management so what is I like I said I is the glue between all AWS Services it will allow those services to communicate with each other once you put I am into place the other thing is is it allow us to manage our AWS users which are known as I am users and group them together into groups to facilitate at assigning and retriev or removing permissions from them instead of doing it on an individual scale so of course if you had 200 I users and you wanted in one shot to add a permission to a group that contained 200 IM users well you can do that in one operation instead of 200 now we do have a distinction between IM users and end users end users use applications online whereas I am users are your employees in your organization that are interacting directly with AWS resources so for example an ec2 instance would be a resource that let's say a developer would be interacting with and traditionally those are resources that are used full-time from 9 to 5 let's say uh five days a week 365 days a year okay now sometimes those users have to have elevated permissions for a temporary amount of time and that is more suited for a role and that will eliminate the need to create separate accounts just for you know type of actions that are needed for let's say an hour a month or two hours a a week or something like that something like backing up an ec2 instance removing some files doing some cleanups traditionally you don't have those permissions as a developer but you can be given temporary permissions to assume this role so it's kind of like putting a hat on your head and pretending you're somebody that you're usually not for a temporary amount of time once you take off the hat you go back to being your old boring IM am user self which doesn't have access to performing backups or cleanups and stuff like that so the roles interact with a service called a secure token service which gives us specific Keys three um specifically an access key a secret key much like a username and password and then we have a token key which only gives you access to this role this elevated permission for 1 to 12 hours so we'll talk more about roles as we go on through this video tutorial but it's important that you at least remember at this point even if you don't know all the details that roles have to do with temporary permissions elevated permissions so what are the benefits of IM well across our organization we are going to have many accounts and like I said hundreds if not thousands of resources so scalability is going to be an issue if we don't have a very high level uh visibility and control over the entire security process and once we have a tool like for example security Hub which we saw on the first slide we can continuously Monitor and maintain a standard across our organization so very very important to have that visibility and we do when we integrate with AWS security now we also need to eliminate the human factor right so um we don't want to manually put out fires every single time of course there will be times when when something new occurs that we've never seen before that that you know will be needed however Once An Occurrence happens and reoccurs we can obviously come up with a plan to remediate the action so once we automate we can definitely reduce the time to fix that reoccurring air or it could be a new erir that we don't have to interact with because we're using machine learning algorithm services like I was talking about like G Duty or Macy and we can really reduce the risk of um security intrusions and data leakage and such by using IM to facilitate this of course you may have many compliance needs you may be dealing uh with applications that use uh Health Care data or credit card information for payments or um you might be dealing with a government agency let's say in the US that has certain compliancy requirements that needs assurances that if they're data is stored on the cloud that you're still following the same compliance controls that you were let's say on premise so we have a very very long list of compliance requirements that each AWS service adheres to and you can go on the um AWS documentation online and you could figure out if for example Dynamo DB is compliant with HIPPA uh compliancy and it is and so you you can be sure that you can use that so AWS itself has to constantly maintain these compliancy controls in place and they themselves have to pass all these certifications and that gets passed on to us so much less work for us to implement these compliance controls we can just inherit them by using AWS security model by IM and last but not least we can build the highest standards for privacy and data security now having all this on our own on premise Data Center uh poses security challenges especially physical security challenges you have to physically secure the data center you might have security Personnel that you need to uh hire uh 247 camera surveillance etc etc so just by migrating to the cloud we can take advantage of aws's global infrastructure they're very very good at building data centers that's part of their business and securing them so of course we have a shared security model in place however you can rest assured that at least as the lowest common denominator uh physical security has been put into place for us again as other services are used more managed services or more higher-end services used in AWS more and more of that security model will be aws's responsibility and less yours we will always have a certain type of responsibility for our applications but we can again use these high level services to ensure that our ability to encrypt the data at rest and in transit are always maintained by coming up with specific rules that need to be adhered to and if those rules are not adhered to then we have remediar actions that take place in order to maintain again that um cross account or organizational wide um security control okay so lots of benefits of using I am and let's now take a look at exactly how I am works and delve deeper into authentication and authorization so there are certain terms here that we need to know about one of them is principal now principal is nothing more than an entity that is trying to interact with an AWS service for example an ec2 instance or an S3 bucket now that could be a user an IM user it could be even a service or it could be a role so we're going to take a look how principles need to be specified um inside IM policies authentication so authentication is exactly how it sounds who are you could be something as simple as username and password or it could involve an email address example if you're the root user of the account when you're creating the account for the very first time um other normal users will not need to log in with their user uh email it'll only be their root user that needs that you could also have developer type access which needs access let's say via command line interface or a software development kit also known as an SDK now for those kind of access points we're going to need uh access keys and secret keys or public private Keys let's say if you want to even authenticate and log in through SSH to an ec2 instance so there are many different types of authentication that we could set up when creating IM users based on what kind of access they need do they just need access to the console do they access to just services in terms of as a a programmatic need um so those are different types of authentication then we have the actual request now we could make a request in AWS through various ways we're going to be exploring that via the console the AWS console however every button you click every drop- down list you select that invokes an API call behind the scenes so everything goes behind a centralized well documented API every service has an API so if you're dealing with Lambda let's say well Lambda has an API if you're dealing with ec2 ec2 has an API now you could interact with that API like I said via the console indirectly you can use a command line interface you can use an SDK for your favorite programming language like python um so all of them get funnel through all your requests get funnel through an API but that doesn't mean you're allowed to do everything just because we know who you are and you have uh access to some keys let's say to make some API calls you have to be authorized in order to perform certain actions so maybe you're only authorized to communicate with Dynamo DB and also maybe you're only authorized to perform reads and not WR so we can get some very fine grained authorization through some IM IM policies in order to control not only who has access to our awes but what they're allowed to do so very fine grained actions read actions write actions both uh maybe just describe or list some buckets so depending on the AWS user that's logged in we can control exactly what actions because every API has Fine Grand actions that we can control through I am and of course many many different types of resource when we're coming up with with these policies all these actions can be grouped into resources so perhaps we can say well this user only has access or read only access to S3 specifically these buckets and can write to Dynamo DB table but cannot terminate or shut down an ec2 instance so all these kind of actions can be grouped into resources on a per resource basis based on the kind of role you have in the projects or in the company so now let's take a look at the components of IM we've already seen that we can create IM users and that how they are different than your normal end users now those entities represent a person that's working for organization that can interact with AWS services and some of those permissions that we assign through what's called identity based policies to such a user will have permissions for example that are always necessary every time that they're logged in so perhaps this user Tom always needs access to the following Services over here for example an RDS instance or an S3 bucket etc etc and sometimes they will need temporary access to other services for example Dynamo DB so in those cases there would be a combination of normal IM policies assigned to the user user and certain assume roll calls done at runtime in order to acquire this temporary credential elevated permission there is also the root user which is different than your typical super user administrator access there are some things that a root user can do that an administrator access cannot for example a root user first of all logs in with their email address and can also have the option to change that email address something that is very tightly coupled to the AWS account so you cannot change the email address with an administrator account the other thing your root user can do is they can change the support contract they can also uh view billing information or taxes information that information for example so the best thing to do the best practice is that once you've created your AWS account you are obviously the root user the best thing to do is to enable multiactor authentication uh store away those keys in a secure location and your first administrative task should be to create an administrator super user from which that point on you will log in as only an administrative user and you will create other type of administrative users and those administrative users will create other I am users so never log into your AWS account as a root user and unless you need to access that specific functionality that I said that is over and above a super user administrator account so here we have a set of IM users and we could assign to them directly IM policies which give them access to certain Services however the best practice is to create groups which is just a collection of IM users and suppose we have a developer group and a a group of uh security administrators of course we could assign different types of policies to that group and every user that is assigned to the developer group will inherit those IM permissions makes it much easier to manage your IM users this way for um and for the fact that also you can have users that can be assigned to groups as you can see here but what's not shown here that is possible as well is you could have a user that is part of two groups at the same time the thing that you cannot have though is the notion of subgroup so I can't extend this group and create a smaller um group of developers out of this big group here so we don't have hierarchal groups but we do allow users to partake in different uh groups at the same time so they will inherit those permissions those IM policy permissions from for example if user a was part of developers and user a was part of security they would inherit these two policy uh statements over here now there is another type of IM policy and that is called a resource-based policy so resource-based policies are not attached directly to for example users but they're attached more to uh resources like um an S3 bucket for example and so when you have such a case a user group can't be designated uh as a principle to a group that's just one of the restrictions however there are other ways to uh get around that as I said when you think of an I am role I want you to think that these are temporary credentials that are acquired at runtime and are only good for a specific amount of time now an IM roll is really made up of two components we have what's called a trust policy so who do you trust to assume this role who do you would trust to even make an API call to assume the role after that we have an I am policy once you've been trusted to assume the role and you get those temporary tokens what are you allowed to do maybe you're allowed to have read write access to the Dynamo DB so here we have no long-term credentials that are connected to ro you do not assign a role to a user the user or service will assume assume the RO via API call via the secure token service STS and with those temporary credentials we will then be able to access for example an ec2 instance if the IM policy attached to the IM Ro says that you can do so so your users and your applications perhaps running on an ec2 instance and the awf AWS Services themselves don't normally have access to the AWS resource but through assuming a role they can dynamically attain those permissions at runtime so it's a very flexible model that'll allow you to bypass the need to embed security credentials all over the place and then have to maintain those credentials and make sure they're rotated and they're not acquired by anybody trying to find a security hole in your system so from a maintenance point of view they're really an excellent tool to use in your toolbox your security toolbox so let's take a look at the components of I am we have the I am policy over here which is really just a Jon document and that Json document will describe what this user can do if it's attached directly to it or if the am policy is attached to the group whatever user is attached to that group will also have the same policy inherited so these are more long-term credentials in terms of uh or permissions rather that are attached to your login for the duration of your login whereas roles are as we've already stated temporary and again once you've established a trust relationship then we can assign a policy for example a policy that gives you only read only access to a cloud trail to a role now it's up to the user to assume that role either through the console or through some programmatic means whichever way is performed the user will have to make a direct or indirect call to STS for the assume rle call now these permissions are examined by AWS when a user submits a request so this is all happens at runtime dynamically so when you change a policy it will take effect pretty much immediately as soon as the user makes the next request that new security policy whether you just added or removed the permission will take immediate effect so what we're going to do now is just really quickly go to the AWS console and actually show you how an IM policy looks like so I've just logged into my AWS Management console and if I search for identity and access management it should be the first one to show up I'll just click on that and I want to show you actually how these IM policies look like if you go to the left hand side here there's an entry for policies and there are different types of policies that we can filter out so let's filter them out by type we have customer managed we have AWS managed and More in line with job functions that AWS managed also so we're going to take a look at AWS managed all that means is that AWS has created and will actually update maintain these pre-established and already vetted um identity policies IM am identity policy so I could further down maybe look at all the S3 policies that are available and we can see there are some that allows only read only access there are some that will give us full access and there are of course other types here that we're not all going to explore but let's just easily kind of take a look here at the full access you can see it's just a a Json document and of course you cannot modify it since this is a managed policy however you can copy it and modify it and in that case it will become a a a your own version of it and so it'll be customer defined and so when you go here and you U do a filter you can filter on your own customer uh managed policies so over here we are simply allowing certain actions right we talked about actions before that were based on API so here we have an API that starts with with S3 so this is for the S3 API and instead of filtering out exactly specifically what API calls are there we're basically saying all API calls so star representing all API actions and again there is another category of S3 which deals with object Lambda and we are uh allowing all operations on that specific API as well we could if this was our own customer managed ID uh policy actually scal down on which resource which bucket let's say or which folder in a bucket uh this would apply to but in this case since this is a full access we're basically um being given permission to execute every single API action under S3 for all buckets we're going to see in the lab or the demonstration at the end of this tutorial that uh I'm going to show you how to scale that down okay so that's how an IM policy looks like and if you want to assign an IM policy to a user well stay tuned for the demonstration at the end of the video tutorial what's not at the end of the video tutorial is really how to create a role so I'll show you what a role is here again there's a whole bunch of roles already uh set up that we can go and and take a look at here but we can go and create our own role as well and I might create a role for example that gives uh in ec2 let's choose choose ec2 access to S3 so if I click uh ec2 and click next permissions I can actually assign the S3 permission right over here just an a policy just like we took a look at obviously assign it a tag and review it and I'm just going to call this my ec2 rooll 2s3 create the rooll and because I selected ec2 as a uh service it automatically will include that in the trust policy so now when I go and I create an ec2 instance I can attach this role to that ec2 instance and that ec2 instance will automatically be able to if we're using the Linux 2mi let's say have access to or full admitted access to any S3 bucket uh in the a AWS account so let's go take a look at where we would actually attach that rooll on the ec2 so when you're creating an ec2 let's just say we go here we say launch an ec2 instance and we'll pick this Ami over here because it'll already include the uh packages necessary to perform the assume rule call to sts4 so we won't have to code that and we don't have to embed any credential Keys um in order to get this running which is really good which is the whole point of what I'm doing because by assuming a role I don't have to manage that and I'm just going to pick the free T2 micro and it is here once you you know pick whatever you need whatever VPC and whatnot that you come to the IM rooll and you select the role to be assumed dynamically now I have a whole bunch of them here but this is the one that I had created here my ec2 roll to S3 and if I go and I launch this ec2 instance and then I I had an application let's say that needed to contact S3 or even if I went on the command line of the ec2 instance I would be able now to communicate with the S3 service because they would use they being AWS would actually use this role to perform an assume roll call to get those temporary STS tokens for me which will then allow me to access my I policy which gives me full access to S3 and off I go so this is a great way like I said to avoid having to administrate any embedded keys in this ec2 instance and I could take this roll away at any time as well so there you have it a little demonstration on how to create a role how to attach it to an ec2 instance and also how manage and customer managed policies uh look like in I am of course there is also the fact that we have multiple accounts and so we could assign a policy that will also allow a user in another account access to our account so cross account uh access is something that's very um very well needed and also is a feature of I am so when you need to share access to uh resources from one account to another in your organization uh we are uh in need of an I am policy to facilitate that so also roles can come into play Here For That by also assigning granular permissions we can make sure that we implement the concept or the best practice of the um least privilege access and also we have secure access to AWS resources because by default again we have the principle of lease privilege and no service can communicate with another until we enable it via IM so very very secure out of the box of course if you want to add a additional layer of authentication of security we have multi multiactor authentication rather and that'll allow you to ensure through a hardware device perhaps let's say a hardware token device or your cell phone that has some software that generates a code that will allow to identify uh you are actually the person that uh is typing the username and password and not somebody who's actually stolen your username and password so at the end of this video tutorial we will uh show you or I will show you how to enable that and of course identity Federation is a big thing where your users may have been defined outside of AWS you may have thousands of users that you've already defined let's say in an active directory or in an ldap environment on Prem and you don't want to read create all those users again in AWS as I am user so we can tie in we could link the users uh your user database that's on Prem or even users that have been uh your user account that's been uh defined let's say uh on a social site like um Facebook or Twitter or Google and tie that into your AWS account and there there is an an exchange of information there is a setup to do but uh at the end of the day it is either a role in combination with an IM policy that will allow to map what you're allowed to do once you've been authenticated by an external system so the this has to do with perhaps uh like I said ldap or active directory and you can tie that in with AWS SSO uh there are many different Services here that can be leveraged to to facilitate what we call identity Federation and of course IM itself is free so it's not a service per API request AWS is very concerned to put Security First and so I am is free it's just the services that you use uh for example if you're securing an ec2 of course that ec2 instance falls under the current pricing plan so of course compliance like I mentioned is extremely important making sure that it's business as usual in the cloud and so for example if you were using the payment card industry uh data security standard to make sure that you're uh storing and processing and transmitted credit card information appropriately uh in order to do your business well you can be assured that the services you use in AWS are PCI DSS compliance and there's many many other types of compliance that AWS aderes to as well so password policies of course are important by default we do have a password policy in place but when you go to the IM console you're free to update that password policy make it more restrictive based on whatever uh policy uh you have at your company so many features and so I think we're ready now to go into a full demonstration and I will show you how to incorporate IM users group and also multiactor authentication so get ready let's do it I'm going to demonstrate now how to attach an S3 bucket policy via IM I've already created a bucket called simply learn S3 IM demo and what we're going to do is we're going to attach a bucket policy right over here we're going to have to edit it of course and the basis of the demonstration will be to allow a user that has MF a so multiactor authentication set up to have access to the contents of a folder within this bucket so of course now I have to create a folder just simply call it folder one create that folder and now I'm going to go into that folder and upload a file so that we can actually see uh this in action so I'm going to select a demo file that I prepared in advance called demo file user to MFA I'm going to upload that all right and now what's going to happen is eventually when I create our two I am users one will have access to view the contents of this file which should look like something very simple if I open this up within the console you'll be able to see well it's pretty small right now I'll make this a little bit bigger of course it says this is a demo file which user 2- MFA should only be able to have access to so what's left to do now is to create two users one called user one and one called user 2- MFA and that's what we're going to do right now let's head over to I identity and access management and on the left hand side here we're going to click on users you can see here I don't have much going on I just got administrator user so I want to create two new users we'll start with one at a time so one called user one now by default we have um you know the principle of lease privilege which means this user is not allowed to do anything unless we give them access to either the console right over here which I will do right now and also if they were a kind of programmatic user that needed access to um specific keys in order to interact with uh the apis via the command line interface or the software development kit for example if you were a Java developer so in this case that is not what I want so I'm just going to assign console access and I'm also going to create a default password for this user but I will not allow them to reset it on the first login just for demonstration purposes now over here we have the chance to add the user straight to a group but I'll only do that later on at the end of the demonstration for now I want to show you how to attach to this user an I am policy which which will give them access to specific services so if I type in S3 full access here this is an administrative access to an S3 bucket if you take a look at the Json document attached or representing that IM policy you can see that it is allowing all API actions across S3 star and also object Lambda across all buckets and I say all buckets because the star represents all buckets so it is a very broad permission so be very careful when you're actually assigning this to one of your users make sure that they deserve to have such a permission so I'm not going to assign any tags here but I'm just going to review what I've done you can see here I've just attached an S3 full access permission to this one user and I'm going to create that user now of course now is the time for me to download the CSV file which will contain those credentials if I don't do it now I will not have a second chance to do this and also to send an email to this user in order for them to have a link to the console and also some instructions I'm not going to bother with that I'm just going to say close and now I have my user one you can see here that it says None for multiactor authentication so I have not set anything up right now for them and that's what I want to do for this second user that I want to create called user 2 Das m fa or NFA rather all right so now I want to do the same exact thing as before I'm going to sign a custom password and I'm going to go through the same steps as we saw before I'm going to attach an existing managed policy that AWS has already vetted for us review create now right now they're exactly the same so I have to go back to user 2 and set up multiactor authentication and to do that you have to go in the security credentials Tab and you'll see here assigned MFA device we have not assigned any yet so we're going to manage that right now and we have the option to order and get an actual physical device that's uniquely made for performing multiactor authentication however we're going to opt for the virtual MFA device which is a software that we're going to install on our cell phones let's say so I can actually open this link just to show you the um very many options that we have for that they're right over here I'm going to go with Google Authenticator so go to the App Store on your Android device and you can download that of course if you have an Android device if not you have other options for iPhone and other softwares for each one of those so I'll let you do that once you've installed that software on your cell phone you could come here and show the QR code now what that is going to do is you're going to need to go to your phone now and I'm going to my phone right now as we speak and I'm going to open up that MFA software in this case the Google Authenticator and I'm going to say there's a little plus sign at the bottom I'm going to say scan QR code I'm going to point my phone to this Square code here this QR code and it's going to pick it up I'm going to say at account there's a little button there out account and it's going to give me a code so I'm going to enter that code right now so once I've entered the code I have to wait for a second code and that's because this code on the screen of my cell phone is going to expire it's only there for about 20 to 30 seconds once that token expires it refreshes the display with another token so I have another token now that's only good for a couple of seconds again and now I'm going to say assign MFA what this does is it completes the link between my personal cell phone and this user right now so now that this has been set up we can see we actually have an Arn to this device which we are going to possibly need depending on how we write our policies in our case here I'm going to show you a way to kind of bypass having to put that so now we've got those two users one with an MFA device and another one without okay so now the lab is going to be or the demonstration rather is going to be how do we allow user 2 MFA access to this file in folder one and not allow user one the distinguishing Factor will be that user 2 has an MFA setup in user one doesn't So based off of just that condition that'll be the determining Factor if they can view the file or not so let's get back to S3 and actually create this I am bucket policy and see how it's done so back we are in our bucket and now we have to go to permissions in order to set up this bucket policy we're going to click on edit over here and we're going to click on policy generator to help us generate that Json file through a user interface of course we're dealing with an S3 bucket policy now what we're going to do is we're going to deny all uh users and services so star uh S3 is great out here because we selected S3 up here we want to deny all S3 API actions we're not going to go and selectively go down the list the specific bucket and the folder so in this case here we're missing the Amazon resource name so we have to go back here and we have to copy the Arn of our bucket right so we're going to copy that come back contrl V and we're going to of course have to specify the folder as well so I'm going to just do slash folder one and then I'm also going to do slash star for all the objects in that folder okay so here's the MFA condition that I want to add though CU we cannot assign it the MFA condition up here we have to say add conditions very powerful feature here that's optional but very powerful we want to look for a condition that says Boolean if exists or bull if exists all right so there's got to be a key value pair that exists and there are many but we're going to look for one that is specifically known as multiactor authentication present and we want to make sure that value is equal to false so I'm going to add that condition and then I'm going to add that statement and I want to generate the policy just to show you now how that user interface has generated this uh Json document for us that we're going to attach to our S3 bucket what I want to do is I want to take this in its entirety copy it and go back to our S3 bucket that's just waiting for us to paste our policy in here okay so let's see what's actually going on here we've created a policy again this policy could have any ID it's just a an ID that was given by the um user interface you could name that whatever you want of course something that makes total sense and then we have one or more statements and then we only have actually one statement and again you can select any ID here that was just autogenerated by the IDE we're saying that all actions on the the simple storage service I say all again because of the star are denied specifically on this resource which is our bucket and the folder named folder one and all the objects within that folder under the certain conditions so the condition is if you have a Boolean value of false associated with a key called multiactor authentication present and it has to exist Okay then if that value is equal to false you don't have access to the objects in this folder which means that if you do have MFA set up you will be allowed access to the contents of this folder so if we assign this and apply this to all principles which would Encompass user one and user 2- MFA then let me just apply this that would mean that user one would not be able to see the contents of our object inside folder one and user 2- MFA would so let's go take a look and log into let's log out first and then when we're going to log back in we're going to log in as the individual user one and user 2 MFA and prove this is actually the case so I am now logging back in as user one that we created moments ago and of course if I for example go see a service like ec2 we don't have access to ec2 we've just given ourselves access to S3 so this makes total sense we're just going to go see what we have access to which is S3 should be able to list and describe all the buckets there because we've been giving pretty much administrative action access now if we go here to our created bucket and go inside folder one and want to actually open up this document we can see now that that's not happening okay and that's because of that condition that is checking if we actually have a value of of true for that um MFA key that we specified okay so this is expected and this is exactly uh what we wanted now what we're going to do is we're going to log out once again and we're going to do the same thing but with user 2- MFA let me log back in and then specify the new password we created now of course now I have an MF code right because I've set that up for user to so back on my cell phone I go I am opening up the Google authentic application and I have in front of me a new Amazon web services code that is only good for like I said maybe 20 seconds so it's a little nerve-wracking if you're if you're not good Under Pressure you're going to choke so I've just entered the code and I have to wait for um you know that to actually work now it looks like I actually didn't check off um not to recreate the the password so unfortunately uh I must have missed that check mark so I wanted to kind of avoid this here so I'm going to start over and create a brand new password a little painful for you know demonstrations but it's good for you guys to see how that actually looks like so because I've set up my MFA device properly I am able to log in after I enter that MFA code and once again if I go to ec2 now I haven't been given the permissions for ec2 I've only been given the permissions for S3 so nothing changes here I'm going to go to S3 and I'm going to go into folder one of our bucket and question and I'm going to see if I have access now to opening up and seeing the contents and here I have the contents this is a file which user 2fa should only be able to have access to so that worked so now you guys know how to create a bucket permission policy uh that is also known as a resource policy because it's assigned to the resource that's assigned to the bucket and let me actually show it to you once one last time here it is and that'll only allow us to have access to the contest of folder one if we have multiactor authentication set up in our account so that's really good the last thing I want to show you now is how to maybe uh create I am users uh in a better way in terms of not having to assign over and over again the same permissions like you saw me do for user one and user two uh of course now I cannot do anything I am why because I'm user I'm user two I don't have access to Im so once again I'm logging out and we're going to actually see the best practice in terms of how do I assign IM policies to a group and then assign users to that group in order to inherit those permission policies so let's get to it let's sign out first so let us go back to I am and we're going to be creating our first group we're going to Simply create the button or click on the button create group and we'll come up with a group called testers we have the ability to add existing users to this group so we will add for example user one only uh to the testers group and we can also add permissions to this group so we're going to go here and add for example the ec2 full permissions create group and what's going to happen now is if we go take a look at testers we can see we have that one user that we added and we also have the permissions associated with that group so this means now that any new users we create will automatically inherit whatever permissions the group has which is really good for maintainability so for example let's say we were to create many new testers so let's say user three over here now of course I'm going to have to go in this case through the same steps as I did before I'm just going to remember this time not to forget to check uncheck that and instead of attaching policies directly I'm going to say well I want to inherit the policy permissions that were assigned to the group so I'm going to say this user is going to be part of the testers group and of course I'm just going to skip through the remaining repetitive tasks that I've already described and this user 3 now is already going to have their permissions to access cc2 that they've gained through the group testers whereas if we go back to user one this user also has the permissions from the group but has a unique permission added to itself so in this case you do have the option of doing that you have the option of adding a permission over and above that is assigned to the group to yourself directly so this is really good um adding permissions to groups when you have of course lots of users in your company in your organization and instead of going to them and adding permissions after permission you can centrally access this in one or manage this in one place so for example if I go back to my roles uh groups rather in my testers and let's say I forgot to add a permission to all the users in this group so let's say there was 20 users attached to this group okay I'm not going to bore you with creating 20 users we have we have two now that's good enough to show the demonstration and let's say now I need to add another permission all right so in this case here I'm going to add a permission uh for example let's say based on Dynamo DB right so I'm going to get full access to Dynamo DB going to add that permission and what's going to happen now is if I go back to my users for example user 3 I'm going to see that user 3 automatically has inherited that permission and so has user one right show two more and there they are so in this case it really allows for you to easily manage a lot of users in that group because you can simply go to one place which is the group and add and remove policies as you see fit and the whole team will inherit that so it saves you lots of work and that is the best practice so there you have it guys you have learned in this demonstration how to create users how to create groups how to add users to groups and manage their policies in terms of best practice and you've also learned how to attach to an S3 bucket a policy that allows you to per M access based off of if a user has multiactor authentication set up and we showed you how to actually set that up when creating an IM user so again permissions tab is where this all happens hope you enjoyed that put that to good use and I'll see you in the next demonstration so I hope you enjoyed that demonstration uh we're just going to wrap things up in summary and kind of see what was looked at throughout the tutorial we first started with what is AWS security we took a look at how important it was across our organization to maintain best practice and also uh standardize that practice across accounts organization we took a look at the topmost services in which we concentrated then after on I am and we took a look at what exactly what I am was in terms of I am users groups long-term credentials that are applied as IM policies and then the concept of a role we took a look at the benefits of IM am and the actual terminology used with working with I of course principle being an entity that is a either a user or a service itself that can gain access to an AWS resources and we actually saw the different types of authentication and what we can do to implement authorization VI IM policies and also through the use of roles so we took a look how to organize our users into groups and what actually goes into acquiring a role through a demonstration we took a look at how to actually create a role and attach that role to an ec2 instance and then we took a look at the high level features of I am which allowed us to either Grant access to another IM user from another group Implement multiactor authentication like we just did in the demonstration or ensure ourselves that we are following uh all the compliancy standards that have been uh adhered to by whatever project we're working on and that AWS is there to support us so here we're going to talk about Amazon ECS a service that's used to manage Docker containers so without any further Ado let's get started in this session we would like to talk about some Basics about AWS and then we're going to immediately dive into why Amazon ECS and what is Amazon ECS in general and then it uses a service called Docker so we're going to understand what Docker is and there are competitive services available for ECS I mean you could ECS is not the own and only service to manage Docker containers but why ECS advantage of ECS we will talk about that and the architecture of ECS so how it functions what are the components present in it and uh uh what are the functions that it does I mean each and every component what are the functions that it does all those things will be discussed in the architecture of Amazon ECS and how it works how it all connects together that's something we will discuss and what are the companies that are using ECS what were the challenge and how ECS helped to fix the challenge that's something we will discuss and finally we have a wonderful lab that talks about how to deploy Docker containers on an Amazon ECS so let's talk about what is um AWS Amazon web service in short called as AWS is an web service in the cloud that provides a variety of services such as compute power database storage content uh delivery and a lot of other resources so you can scale your business and grow not focus more on your it needs and the rest of the it demands rather you can focus on your business and let Amazon scale your it or let Amazon take care of your it so what is that you can do with AWS with AWS we can create deploy any application in the cloud so it's not just deploying you can also create your application in the cloud it has all the tools and services required the tools and services that you would have installed in your laptop or you would have installed in your on premises desktop machine for your development environment you know the same thing can be uh installed and used from the cloud so you can use cloud for creating and not only that you can use the same Cloud for deploying and making your application available for your end user the end user could be internal internal users the end user could be the could be in the internet the end user could be kind of spread all around the world it doesn't matter so it can can be used uh to create and deploy your applications in the cloud and like you might have guessed now it provides service over the Internet that's how your users worldwide would be able to use the service that you create and deploy right so it provides service over the Internet so that's for the End customer and how will you access those Services that's again through the internet it's like the extension of your data center in the internet so it provides all the services in the internet it provides compute service through the internet so in other words you access them through the internet it provides database service through the internet over the internet in other words you can securely access your database through the internet and lot more and the best part is this is uh pay as you go or pay only for what you use there is no long-term or you know beforehand commitment uh here most of the services does not have any commitment so there is no long-term and beforehand commitment you only pay exactly for what you use there's no overage there's no overpaying right there's no buying in advance right you only pay for what you use let's talk about what ECS is so before ECS before containers right ECS is a service that manages Docker containers right it's not a product or um it's not a feature all by itself it's a service that's dependent on Docker container so before Docker containers all the applications were running on Wim or on an host or on an physical machine right and that's memory bound that's latency bound the server might have issues on and on right so let's say this is Alice and she's trying to access her application which is running somewhere in her on premises and the application isn't working what could be the reason some of the reasons could be Memory full the server is currently down at the moment we don't have another physical server to launch the application a lot of other reasons so lot of reasons why the application wouldn't be working in on premises some of them are Memory full issue and server down issue very less High availability or in fact single point of failure and no high availability if I if I need to tell it correctly with EES the services can kind of breathe free right the services can run seamlessly now how how is that possible now those thing we will discuss uh in the upcoming sessions so because of containers and ECS managing containers the applications can run in a high available mode they can run in an high available mode meaning if something goes wrong right there's another container that gets sped up and uh your application runs in that particular container very less chances of your application going down that's what I mean this is not possible with a physical Host this is very less possible with an VM or at least it's going to take some time for another VM to get spun up so why ECS or what is ECS Amazon ECS maintains the availability of the application and allows every user to scale containers when necessary so it not only meets the availability of the application meaning one container running your application or one container hosting your application should be running all the time so to meet that high availability availability is making sure your services running 24 bar 7 so Container makes sure that your services run 24 bar 7 not only that not only that suddenly if there is an increase in demand how how do you meet that Demand right let's say you had like th000 users suddenly the next week there are like 2,000 users all right so how do you meet that demand Container makes it very easy for you to to meet that demand in case of VM or in case of physical host you literally will have to go buy another physical host or uh add more RAM add more memory add more CPU power to it all right or kind of Club two three uh hosts together clustering you would be doing a lot of other things to meet that high availability and also to meet that demand but uh in case of uh ECS it automatically scales the number of containers it automatically scales the number of containers needed and it meets your demand for that particular R so what is Amazon ECS the full form of uh ECS is elastic container service right so it's basically a container Management Service which can quickly launch and uh exit and manage Docker containers on a cluster so what's the function of ECS it it helps us to quickly launch and quickly exit and manage docker container so it's kind of a Management Service for the docker containers you will be running in Amazon or running in the AWS environment so in addition to that it helps to uh schedule the placement of container across your cluster so it's like this you have two physical hosts you know joined together as a cluster and ECS helps us to place your containers now where should your container be placed should it be placed in host one should it be placed in host two so that that logic is defined in ECS we can Define it you can also let ECS uh take control and Define that logic most cases you will be uh defining it so schedule the placement of containers across your cluster let's say two containers want to interact heavily you really don't want to place them in two different host all right you would want to place them in one single host so they can interact with each other so that logic is defined by us and these container services is you can launch containers using AWS Management console and also you can launch containers using SDK kids available from Amazon you can launch through a Java program you can launch container using anet program you can launch container using an nodejs program as in when the situation demands so there are multiple ways you can launch containers through Management console and also programmatically and U ECS also helps to migrate application to the Cloud without changing the code so anytime you think of migration the first thing that comes to your mind is that how will that environment be based on that I'll have to alter my code what's what's the IP what is the storage that's being used what what are the different parameters I'll have to include the environment parameters of the new environment with containers know that worry is already taken away because we can create an pretty exact environment the the one that you had on premises the same environment gets created in the cloud so no worries about changing the application parameter no worries about changing the code in the application right you can be like if it ran in my laptop a container that I was running in my laptop it's definitely going to run in the cloud as well because I'm going to use the same container in the laptop and also in the cloud in fact you're going to ship it you're going to move the container from your laptop to Amazon ECS and make make it run there so it's like the same the very same image the very same container that was running in your laptop will be running in the uh cloud or production environment so what is Docker we know that it ECS helps to quickly launch exit and manage Docker containers what is Docker let's let's answer that question what is Docker now Docker is a tool that helps to automate the development of an application as a lightweight container so that the application can work efficiently in different environments this is pretty much what we discussed right before the slide I can build an application in my laptop or in on premises in a container environment Docker container environment and anytime I want to migrate right I don't have to kind of rewrite the code and then rerun the code in that new environment I can simply create an image a Docker image and move that image to that production or the new Cloud environment and simply launch it there right so no compiling again no relaunching the application simply pack all your code in a Docker container image and ship it to the new environment and launch the container there that's all so Docker container is a lightweight package of software that contains all the dependencies so because you know when packing you'll be packing all the dependencies you'll be packing the code you'll be packing the framework you'll be packing the libraries that are required to run the application so in the new environment you can be pretty sure you can be guaranteed that it's going to run because it's the very same code it's the very same framework it's the very same libraries that you have shipped right there's nothing new in that new environment it's the very same thing that's going to run in that container so you can be rest assured that they are going to run in that new environment and these Docker containers are highly scalable and they are very efficient suddenly you wanted like 20 more Docker containers to run the application think of adding 20 more hosts 20 more VMS right how much time would it take and compared to that time the amount of time that Docker containers would required to kind of scale to that amount like 20 more containers it's very less or it's minimal or negligible so it's an highly scalable and it's a very efficient uh service you can suddenly scale number of Docker containers to meet any additional demand very short boot up time because it takes a it's not going to load the whole operating system and these Docker containers you know they use the uh Linux kernel and features of the kernel like cgroups and name spaces to kind of segregate the processor so they can run independently any environment and it takes very less time uh to boot up and the datas that are stored in the containers are kind of reusable so you can have an external uh data volume and I can map it to the container and whatever the uh space that's occupied by the container and the datas that the container puts in that volume they are kind of reusable you can simply remap it to another application you can kind of remap it to the next successive uh container you can kind of remap it to the next version of the container next version of the application you'll be launching and you don't have to go through building the data again from the scratch whatever data the container was using previously or the previous container was using that data is available for the next container as well so the volumes that the containers users are very reusable volumes and like I said it's it's isolated application so it kind of isolates by its nature it kind of by the way it's designed by the way it is created it isolates one container from another container meaning anytime you run applications on different containers you can be rest assured that they are very much isolated though they are running on the same host though they're running on the same laptop let's say though they're running on the same physical machine let's say running 10 containers 10 different applications you can be sure that they are well disconnected or well isolated applications now let's talk about the advantages of ECS the advantage of ECS is improved security it's security is inbuilt in ECS with ECS we have something called as a container registry you know that's where all your images are stored and those images are accessed only through https not only that those images are actually encrypted and access to those images are allowed and denied through identity and access management policies I am and um in other words let's say two container running on the same inst now one container can have access to S3 and the others or the rest of the others are denied access to S3 so that kind of granular security can be achieved through containers when we mix and match the other security products available in Amazon like IM am encryption accessing it uh using htps these containers are very cost efficient like I've already said uh these are lightweight uh processes right we can schedule multiple containers on the same node and this actually allows us to achieve high density on an ec2 instance imagine an ec2 instance that that's very less utilized that's not possible with the a container because you can actually DSE or crowd an ec2 instance with more container in it so to best use those resources in ec2 straightforward you can just launch one application but with when we use containers you can launch like 10 different applications on the same ec2 server that means 10 different applications can actually feed on those resources available and can benefit the application and ECS not only deploys the container it also maintains the state of the containers and it makes sure that the minimum set of containers are always running based on the requirement that's another cost uh efficient way of using it right and anytime an application fails and that has a direct impact on the revenue of the company and is just make sure that you're not losing any Revenue because your application has failed and EES is and pretty extensible Services it's like this in many organization there are majority of unplanned work because of environment variation a lot of firefighting happens when we kind of deploy the code from one or kind of move the code or redeploy the code uh in a new environment lot of firefighting happens there right this Docker containers are pretty extensible like we discussed already environment is not a concern for containers because it's going to kind of shut itself inside a Docker container and anywhere the docker container can't run the application will run exactly the way it performed in the past so environment is not a concern for the docker containers in addition to that ECS is um easily scalable we have discussed this already and it improves it has improved compatibility we have discussed this already let's talk about the architecture of ECS like you know now the architecture of ECS is the ECS cluster itself that's group of servers running the ECS service and it integrates with Docker right so we have a Docker registry Docker registry is a repository where we store all the docker images or the container images so it's like three components ECS is of three components one is the eest cluster itself right when I say eest itself I'm referring to eest Cluster cluster of servers that will run the containers and then the repository where the images will be stored right the repository where the images will be stored and the image itself so container image is the template of instructions which is used to create a container right so it's like what's the OS what is the version of node that should be run and any additional software do we need so those question gets answered here so it's the template template of instructions which is used to create the containers and then the registry is the service where the docker images are stored and shared so many people can store there and many people can access or if there's another group that wants to access they can access the image from there or one person can store the image and rest of the team can access and the rest of the team can store image and this one person can pick the image from there and kind of ship it to the uh customer or ship it to the production environment all that's possible in this container registry and Amazon's version of the container registry is ECR and there's a third party Docker itself has a container registry that's dockerhub ECS itself which is the the group of servers that runs those containers so these two the container image and the container registry they kind of handle Docker in an image format just an image format and in ECS is where the container gets live and then it becomes an compute resource and starts to handle request know starts to serve the page and starts to do the batch job you know whatever your plan is with that container so the cluster of servers ECS integrates well with the familiar services like VPC VPC is known for securing VPC is known for isolating the uh whole environment from rest of the customers or isolating the whole environment or the whole infrastructure from the rest of the clients in your account or from the rest of the applications in your account on and on so evpc is a service that provides or gives you the network isolation ECS integrates well with VPC and this VPC enables us to launch AWS resources such as Amazon ec2 instance in a virtual private Network that we specify this is basically what we just discussed now let's take a closer look at uh the ECS how does ECS work let's find answer for this question how does ECS work ECS has got a couple of components within itself so this ECS service can run across availability Zone as you can see there are two availability zones here they can actually run across availability zones and ECS has got two modes fargate mode and ec2 mode right here we seeing farget mode and then here we seeing nothing that means it's an ec2 mode and then it has got different network interfaces attached to it because they need to be running in an isolated fashion right so anytime you want Network isolation you need separate IP and if you want separate IP you need separate network interface card and that's what you have elastic network interface card separate elastic network interface card for all those tasks and services and this runs within an VPC let's talk about the fargate service tasks are launched using the fargate uh service so we will discuss about uh task what is farget now farget is a computer engine in ECS that allows users to launch containers without having to monitor the cluster ECS is a service that manages the containers for you right otherwise managing containers will be an full-time job so ECS manages it for you and if you and you get to manage ECS that's the basic service but if you want Amazon to manage ECS and the containers for you we can go for fargate so fargate is a computer engine in ECS that allows users to launch containers without having to monitor the ECS cluster and the tasks the task that we discussed the tasks has two components you see task right here so they have two components we have U ECS container in and then the container agent so like you might have guessed right now eest container instance is actually an ec2 instance right capable of running containers not all ec2 instances can run containers so these are like specific ec2 instances that can run containers they are ECS container instances and then we have container agent which is the agent that actually binds those clusters together and and it does lot of other housekeeping work right kind of connects clusters uh makes sure that uh the uh version needed is present so it's all part of that agent or it's all job of that agent container instances container instances is part of Amazon ec2 instance which run Amazon ECS container agent pretty straightforward definition and then a container agent is responsible for communication between ECS and the instance and it also provides the status of the running containers kind of monitors the container monitors the state of the container make sure that the container is up and running and if there's anything wrong it kind of reports it to the appropriate service to fix the container on and on it's a container agent me we don't manage container agent it it runs by itself and you really don't have to do anything to make the container agent better it's already better you really won't be configuring anything in the agent and then elastic network interface card is an virtual interface Network that can be connected uh to an instance in VPC so another words elastic network interface is how the container interacts with another container and that's how the container interacts with the easy to host and that's how the container interacts with the internet external world and a cluster a cluster is a set of um ECS container instances it's not something that's very difficult to understand it's simply a group of ec2 instances that runs that ECS agent and this cluster a cluster handles the process of scheduling monitoring and scaling the request we know that ECS can scale the containers can scale how does it scale that's all monitored and managed by this ECS cluster let's talk about the companies that are using Amazon ECS there are variety of companies that use um ECS clusters to name a few Oka users easiest cluster and Oka is a product that use identity information to Grant people access to applications on multiple devices at any uh given point of time they make sure that they have a very strong security protection so Oka uses Amazon ECS to run their OCTA application and serve their customers and Aima Aima is an a TV channel and they chose to use microservices and Docker containers they already had microservices and Docker containers and when they thought about a service that they can use in AWS ECS was the only service that they can immediately adapt to and because in abima TV the engineers have already been using Docker and Docker containers it was kind of easy for them to adapt themselves to ECS and start using using it along with the benefits that ECS provides previously they had to do a lot of work but now ECS does it for them right similarly remind and Ubisoft GoPro or some of the famous companies that use Amazon ECS and get benefited from its scalability get benefited from its cost gets benefited from its Amazon managed Services get benefited from the portability that ECS and the migration option that ECS provides let's talk about how to deploy a Docker container on Amazon ECS the way to deploy Docker container on ECS is first we need to have an AWS account and then set up and run our first ECS cluster so in our lab we're going to use um the launch wizard to run an ECS cluster and run containers in them and then task definition task definition tells the size of the container the number of the container and when we talk about size it tells how much of CPU do you need how much of memory do you need and talking about numbers you know it it requires how many numbers of container you're going to launch you know is it five is it 10 or is it just one running all the time now those kind of information goes in the task definition file and then we can do some Advanced configuration on ECS like a load balancers and you know what port number you want to allow and you don't want to allow you know who gets access who shouldn't get access and what's the IP that you want to allow and deny request from on and on and this is where we would also mention the name of the container so to differentiate one container from the other and the name of the uh servers you know is it an in a backup job is it a web application is it an a data container it's is it going to take care of your data uh data back end and the desired number of task that you want to be running all the time those details go in when we try to configure the ECS service right and then you configure cluster you put in all the uh Security in the configure your cluster step or configure cluster stage and finally we will have an instance and bunch of containers running in that instance all right let's do a demo so here I have logged in to my Amazon portal and let me switch to the appropriate region I'm going to pick North Virginia North Virginia look for ECS and it tells ECS is a service that helps to run and manage Docker containers well and good click on it I'm in North Virginia just want to make sure that I'm in the right region and go to clusters and here we can create cluster this is our fargate and this is our E2 type launching for Linux and windows environment but I'm going to launch through this walkth through portal right this gives lot of information here so the different steps involved here is creating a container definition which is what we're going to do right now and then a task definition and then service and finally the cluster it's a four-step process so in container definition we Define the image the base image we are going to use now here I'm going to launch an uh httpd or a simple HTTP web page right so a simple httpd 2.4 image is fair enough for me and uh it's not an heavy application so5 GB of memory is enough and again it's not a heavy application so 025 virtual CPU is enough in our case right you can edit it based on the requirement you can always edit it and because I'm using htpd the port mapping is already Port 80 that's how the container is going to receive the request and there's no health check as of now when we want to design critical and complicated environments uh we can include health check right and this is the CPU that we have chose we can edit it and I'm going to use some bash commands to create an HTML page right this page says that you know Amazon ECS sample app right and then it says Amazon ECS sample app your application running on a container in Amazon ECS so that's the page the HTML page that I'm going to create right index.html so I'm going to create and put it in an appropriate location so those pages can be served from the container right if you replace this with any of your own content then it's going to be your own content ECS comes with some basic logs and these are the places where they get stored that's not the focus as of now all right so I was just saying that you can edit it and customize it to your needs we're not going to do any customization now we just get getting familiar with ECS now and the task definition name of the task definition is U first run task definition and then we are running it in a VPC and then this is an fargate mode meaning the servers are completely handled by Amazon and the task memory is5 GB and the task CPU is25 virtual CPU name of the service is it a batch job is it an you know a front end is it in backend or is it a simple copy job what's the service name of the service goes here again this you can edit it and here's a security group as of now I'm allowing 480 to the whole world if I want to restrict to a certain IP I can do that uh the default option for load balancing is uh no load balancer but I can also choose to have a load balancer and use port 80 to map that Port 80 to The Container Port 80 right I can do that the default is no load balancer all right let's do one thing let's use load balancer let's use load balancer and Port 80 that receives information on Port 80 HTTP what's going to be the cluster name we're in the last step what is the cluster name cluster name can be simply learn ECS demo next we done and we can create so it's launching a cluster as you can see and it's picking the task definition file that we've created and it's uh using that to launch an service and then the these are the log groups that we discuss and it's creating a VPC remember ECS clubs well with the VPC it's creating a VPC and it's creating two subnets here for high availability it's creating that Security Group Port 0 allowed to the whole world and then it's putting it behind and load balancer right generally would take like 5 to 10 minutes so just need to be patient and let it complete its creation and once this is complete we can simp simply access these service using the load balancer URL and when this is running let me actually take you to the other products or the other services that are integrated with the ECS it's getting created our service is getting created as if now ECR repository this is where all our images are stored now as of now I'm not pulling my image from ECR I'm pulling it directly from the internet uh Docker Docker Hub but all customer images all custom images they are stored in this repository so you can create a repository call it app one create a repository so here's my repository so any image that I create locally or any Docker images that I create locally I can actually push them push those images using these commands right here and they get stored here and I can make my ECS connect with ECR and pull images from here so so they would be my custom images and as of now because I'm using a default image it's directly pulling it from the internet let's go to ec2 and look for a load balancer because we wanted to access the application from behind a load balancer right so here is a load balancer created for us and anytime I put the URL so cluster is now created you see there's one service running right let's click on that cluster here is the name of our application and here is the tasks the different containers that uh we are running and if you click on it we have an IP right IP of that container and it says it's running it was created at such and such time and started at such and such time and this is the task definition file that it this container uses meaning the template the details the all the version details they all come from here and it belongs to the cluster called uh simply learn ECS demo right and you can also get some logs container logs from here so let's go back and there are no ECS instances here because remember this is forget you're not managing any ECS instance all right so that's why you're not seeing any ECS instance here so let's go back to task and U go back to the same page where we found the IP pick that IP put it in the browser and you have this sample HTM page running from an container so let me go back to load balancer ec2 and then under ec2 I'll be able to find a load balancer find that load balancer pick that DNS name put it in the browser and now it's accessible through the load balancer URL right now this URL can be mapped to other services like DNS this URL can be embed in any of your application if you want to make that application connect with this container Now using I p is not all that advisable because uh these containers can die and then a new container gets created and when a new container gets created it gets a new IP right so a hot coding IP is uh not hot coding Dynamic IPS are not advisable so you would be using load balancer and putting that URL in that application that you want to make it interact with this container instance it was a wonderful experience in Walking you through this ECS topic and here we learn about what AWS is and why we using ECS and what is ECS in general what is Docker in specific and we also learn about the advantages of ECS the architecture the different components of ECS and how ECS works when they're all connected together and we also looked at the companies that use ECS and their use cases and finally a lab how we can launch ECS fargate through the portal I'm very glad to walk you through this lesson about Route 53 so in this section we are going to talk about basics of uh AWS and then we're going to immediately dive into why why we need Amazon Route 53 and then we're going to expand and talk about the details of Amazon Route 53 the benefits it provides over its competitors and the different types of routing policy it has and some of Amazon route 53's key features and we're going to talk about how to access Route 53 I mean the different ways the different methods you can access Route 53 and finally we're going to end with an a wonderful demo in Route 53 so let's talk about what is AWS Amazon web services or AWS in short is a cloud provider that offers a variety of services such as variety of IT services or infrastructure services such as compute power database content delivery and other resources that helps us to scale and grow our business and AWS is hard AWS is picking up AWS is being adapted by a lot of customers it that's because AWS is easy to use even for a beginner and talking about safety the the AWS infrastructure is designed to keep the data safe irrespective of the size of the data be it small data be it very minimal data be it all the data that you have in terabytes and in petabytes Amazon can keep it safe in their environment and the wonderful thing and the most important reason why a lot of customers move into the cloud is that the pay as you go pricing there is no long-term commitment and it's very cost effective what this means is that you're not paying for resource that you're not using in on premises you do pay for resources you're not using a lot meaning you go and buy a server you do the estimate for the next 5 years and only after like 3 or 4 years you'll be hitting the peak capacity but still you would be buying that capacity before 4 years right and then you will gradually be you know utilizing it from you know 40% 60% 70 80 and then 100 so what you have done is that even though you're not using the the full capacity you still have bought it and are and are paying for it from day one but in the cloud it's not like that you only pay for the resources that you use anytime you want more you scale up the resource and you you pay for the scaled up resource and anytime you want less you scale down the resource and you pay less for that scal down resource let's talk about why Amazon uh Route 53 let's take this scenario where uh Rachel is trying to open her web browser and uh the URL that she hit isn't working a lot of reasons behind why the URL isn't working it could be the server utilization that went High it could be it could be the uh memory usage that went High a lot of reasons and she starts to think is there an efficient way to scale resources according to the user requirements or is there an efficient way to kind of mask all those failures and kind of divert the traffic to the appropriate active you know active resource or act Ive service that's running our application you always want to hide the failures right in it kind of mask the failure and direct the customer to another healthy uh service that's running right none of your customers would want to see a server not available or you know none of the customers your customers would want to see your service not working not impressive to them and this is Tom Tom is an IT guy and he comes up with an idea and he's answering Rachel yes we can scale resources efficiently using Amazon rod 53 in a sense he's saying that yes we can mask the failure and we can keep the services up and running meaning we can provide more High availability to our customers with the use of Route 53 and then he goes on and explains Amazon Route 53 is a DNS service that gives developers an efficient way to connect users to internet applications without any downtime now downtime is the key Amazon rout 53 helps us to avoid any downtime that customers would experience you still will have downtime in your server in your application but your customers will not be made aware of it and then Rachel is kind of interested and she's like yeah that sounds interesting I want to learn more about it and Tom goes on and explains the important concepts of Amazon rout 53 that's everything that I'm going to explain it to you as well all right so what is Amazon Rod 53 Amazon R 53 is an highly scalable DNS or domain name system web service this service this Amazon R 53 it functions three main things or it has three main functions so the first thing is if a website needs a name Route 53 registers the name for the website domain let's say you want to buy google.com you want to buy the domain name let's say you want to buy that domain name you buy that through r 53 secondly Route 53 is the service that actually connects your server which is running your application or which is holding which is serving your web page so that's the service that actually Route 53 is the service that connects the user to your server when they hit google.com in the browser or whatever domain name that you have purchased so you bought a domain name and the user types in your domain name.com and then R 53 is a service that helps the user to connect their browser to the application that's running in an E2 winon or any other server that you are using to serve that content now not only that Rod 53 checks held off the resource by sending automated request over the internet to a resource so that's how it identifies if there is any resource that has failed when I say resource I'm referring to any infrastructure failure any application Level failure so it kind of keeps checking so it understands it first before the customer notices it and then it it does the magic kind of shifts the connection from one server to the other server we call it routing we will talk about that as we progress so the benefits of using R 53 it's highly scalable meaning suddenly let's say the number of request the number of people trying to access your website through that domain name that you have bought let's say it has increased R 53 is highly scalable right it can handle even millions and millions of requests because it's highly scalable and it's managed maned by Amazon the same thing it's reliable it's U highly scalable it can handle large queries without the users Without You interacting without the user who bought it interact with it you don't have to scale up you know when you're expecting more request it automatically uh scales and it is very reliable in a sense that uh it's very consistent it has the ability to Route the users to the appropriate application through the logic that it has it's very easy to use uh when we do the lab uh you're going to see that it's very easy easy to use you buy the domain name and then you simply map it to the application you simply map it to the server by putting in the IP or if you you can simply map it to another load balancer by putting in the load balancer URL you can simply map it to another uh S3 bucket by simply putting the S3 bucket name or the S3 bucket URL it's pretty straightforward easy to set up and it's very cost effective in a way that we only pay for the service that we have used so no wastage of uh money here so the billing is set up in such a way that you are paying only for the amount of requests that uh you have received right the amount of traffic the amount of requests that you have received and a couple of other things the the number of U uh hosted zones that uh you have created right and a couple of other things it's very cost effective in such a way that you only pay for the service that you are using and it's secure in a way that access to R 53 is uh integrated with identity and access management I am so you only have authorized users gain access to Rod 53 the trainee who just joined yesterday won't get access and the contractor or the consultant the third party consultant you have given access or who is using your environment you can block access to that uh particular person because he's not the admin or he's not a privileged user in your account so only priv users and admin gain access to Route 53 through I am now let's talk about the routing policies so when you create a record in uh in Route 53 record is nothing but an entry so when you do that you choose a routing policy right routing policy is nothing but it determines how Route 53 responds to your queries how the DNS queries are being responded right that's that's a record or that's a routing policy so the the first one is simple routing policy so we use Simple uh routing policy for a single resource in other words simple routing allows to configure DNS with no special Route 53 routing it's kind of one to one you use an single resource that performs a given function to your domain for example if you want to Simply map an URL to a web server that's pretty straightforward simple routing so drought traffic to a single resource example web server to a website and with simple routing multiple records with the same name cannot be created but multiple values can be created in the same record the second type of routing policy is uh failover routing so we would be using failover routing when we want to configure active passive fail over if something failed right you want to fail over to the next resource which was previously the backup resource now the active resource or which was previously the backup server now it's an active server so you would be failing over to that particular resource or that particular IP if you want to do that we use fail over routing so fail over routing routes traffic to a resource when the resource is healthy or to a different resource when the previous resource is unhealthy in other words anytime a resource goes unhealthy I mean it does all that's needed to shift the traffic from the primary resource to the secondary resource in other words from the unhealthy resource to the healthy resource and this records can rout traffic to anything from an uh Amazon S3 bucket or you can also configure a complex tree of Records now when we configure the records it'll be more clear to you so as of now just understand that Route 53 can route or this routing policy the failover routing policy can Route traffic to Amazon S3 bucket or uh to a website that has complex tree of uh Records geolocation routing policy now geolocation routing just like the name says it takes that routing decision based on the geographic location of the user in other words you know when you want to Route traffic based on the location of the user that's your primary criteria for you know sending that request to the appropriate server we would be using geol location router so it localizes the content and presents a part or the entire website in the language of the user for example a user from us you would want to direct them to an English website and a user from German if you want to send them to the German website and a user from France you know you want to send those request or you want to show content specific to a customer who lives in France a French website so this is if if that's your condition this is the routing policy we would be using and the geographic locations are specified by either continent or by country or by state in the United States so only in the United States you can actually split it to state level and for the rest of the countries you can do it on a country level on an high level you can also do it on a continent level the next type of routing policy would be Geo proximity routing Geo proximity routing policy when we want a route traffic based on the location of our resource and optimally shift traffic from resources in one location to resource in another location we would be using Geo proximity routing so Geo proximity routing routes traffic to the resources based on the geographic location of the user and the resources they want to access and it also has an option to Route more traffic or less to a given resource by specifying a value known as bias kind of weight but we also have weighted routing that's different so we've chosen different name bias you can send more traffic to a particular resource by having a buyas on that particular routing condition and a bias expands or shrinks the size of the geographic region from which traffic is routed to a resource and then we have latency based routing just like the name says we use latency based rout if we have resources in multiple AWS regions and if you want to Route traffic to the region that provides the best latency at any given point of time so let's say if one single website needs to be installed and hosted on multiple AWS regions then latency routing policy is what is being used it improves the performance of the users by serving their request from the AWS region that provides the lowest latency so at any given point if performance is your criteria and at any given point of time irrespective of what happens in Amazon infrastructure irrespective of what happens in the internet if you want to route your users to the best performing website best performing region then we would be using latency based routing and for using latency based routing we should create latency records for the resources in multiple AWS regions and then the other type of um routing policy is a multivalue routing policy where we can make Route 53 to respond to DNS quaries with up to eight healthy records selected at random so you're not kind of loading one particular server we can Define eight records and on a random basis Route 53 will respond to queries from these eight records so it's not one server that gets all the requests but uh eight servers gets the request in a random fashion so it's multivalue routing policy and what we get by this is that we are Distributing the traffic to many servers instead of just one server so multivalue routing configures uh Route 53 to return multiple values in response to a single or multiple DNS queries it also checks the health of order sources and Returns the multiple values only for the healthy resources let's say out of the eight servers we have defined one server is not doing healthy it will not respond to the query with the details of the unhealthy server right so now it's going to treat it as only seven servers in the list because one server is unhealthy and it has the ability to return multiple Health checkable IP addresses to improve availability and load balancing the other type of uh routing policy is weighted routing policy and in here we use uh to Route traffic or this is used to Route traffic to multiple resources in a proportion that we specify so this is an weighted routing and weighted routing routes multiple resources to a single domain name or a subdomain and control the traffic that's routed to each resources so this is very useful when you're doing uh load balancing and testing new versions of the software so when you have a new version of the software you really don't want to send 100% of the traffic to it so you want to get customers feedback about the new software that youve launched new version or new application that you have launched so you would kind of send only 20% of the traffic to that application get customer feedback and if all is good then we would move the rest of the traffic to that new application so any software launches application launches will be using weighted routing now let's talk about the key benefits or key features of uh Route 53 some of the key features of Route 5 23r traffic flow it routes end users to the endpoint that should provide the best user experience that's what we discussed in the routing policies right it uses a routing policy a latency based routing policy and Geo based routing policy and then failover routing policy so it kind of improves the uh user experience and the key feature the other key feature of Route 53 is we can buy domain names using R 53 using R 53 console we can buy it from here and use it in R 53 previously it was not the case but now we can buy it directly from Amazon through Route 53 and we can assign it to any resources that we want so anybody browsing that URL the connection will be directed to the server in AWS that runs our website a health checks it uh monitors health and performance of the applications so it comes with an health check attached to it health check are useful to make sure that the unhealthy resources are retired right the unhealthy resources are taken away or your customers are not kind of hitting the unhealthy resources and they see an service down page or something like that uh we can have weighted round robin load balancing that's helpful in spreading traffic between several services or servers we are round robin Al them so no one server is fully hit or no one server kind of fully absorbs all the traffic you know you can shift you can split and shift the traffic to different servers based on the weight that you would be configuring and also weighted uh routing also helps with the soft launch soft launch of your new application or the new version of your website there are different ways we can access Amazon Route 53 so you can access Amazon Route 53 through AWS console you can also access Amazon Route 53 using AWS sdks and we can access it using we can configure it using the apis and we can also do it through the command line interface that's Linux type Linux flavor AWS command line interface we can also do that using Windows command line Windows Powershell flavored command line interface as well now let's look at some of the companies that are using Route 53 so some of the famous companies that use Route 53 are uh medium medium is an online publishing platform and uh it's more like a social journalism it's kind of having hybrid collection of uh uh professionals people in Publications or exclusive blogs or Publishers on medium it's kind of an blog website and that uses Rod 53 for the DNS service Reddit is an uh social news aggregation or web content rating and discussion website that uses R 53 so these are some websites that that are accessed throughout the world and they are using rth 53 and it's highly scalable suddenly if there is a a new news right their website will be accessed a lot and uh they need to keep their service up and running all the time more availability otherwise customers will end up in an broken page and uh the number of customers who will be using the website will come down so it's very critical now these sites these companies are very critical you know they're being highly available their page their site being highly available in the internet is very critical and crucial for them and they rely and use Route 53 to meet that particular demand and Airbnb is uh another company uh insta card Kar is another company stripe is another company that uses R 53 to as their DNS uh Pro provider for their DNS uh service they use Rod 53 so their customers get best performance they use Rod 53 so their website is highly available they use R 53 to kind of shift the traffic between the resources so their resources are properly used with all the weighted routing the resources are properly used now let's quickly look at a demo I'm in my AWS console and I'm in Rod 53 so let me click on Rod 53 so in this lab we actually going to simulate buying a domain name and then we're going to create an S3 static website and we're going to map that website to this DNS name right so the procedure is the same for mapping load balancer the procedure is the same for mapping Cloud front the procedure is the same for mapping ec2 instances as well we're picking S3 for Simplicity right but our focus is actually on Route 53 so let's go in here and we'll see if we can we'll buy a domain name here so let's first check the availability of a domain name called simply learn hyphen demo hyphen Route 53 let's check its availability it is available for $12 so let me add it to cart and then come back here and then once you continue L for personal information once you give the personal information you finally check out and then it gets added to your shopping list once you pay for it Amazon takes like 24 to $40 to make that DNS name of available so the next stage would be contact details and then the third stage would be verify and purchase so once we have bought the domain name it will become available in our DNS portal and I do have a domain name which I bought some time back and it's now available for me to use so I can go to hosted Zone and simply start creating I can go to hosted Zone and then here it's going to list all the domain names for me right click on the domain name and then click on the record set and here I can actually map elastic load balancer S3 website VPC inpoint API Gateway and uh cloudfront elastic bean stock domain names right all that gets mapped through this portal quite simple like four or five step button clicks and then it'll be done so I have an domain name bot and then I'm going to go to S3 and I I'll show you what I've done in S3 so I've created a bucket name called as DNS name let me clear the content in them so I've created a bucket and then permissions I've turned off Public Access blocking and then I've created an bucket policy so this bucket is now publicly accessible and then I went on to properties and created the static website hosting right and I pointed that this is the file that's my index file that I'm going to put or name of the file that's going to be my index file that I'm going to put in this S3 bucket so put the index file. HTML saved it and uh we're going to create a file now we're going to create an index file so this is a sample code it says Amazon rout 53 getting started routing internet traffic to S3 bucket for your website and then couple of other information so I've saved it as an index.html file in my desktop so let me upload that from my desktop into this bucket so that's index.html and it's in capital I so let me go to properties and go to starting website side hosting and make sure that I spell it properly right it's case sensitive and then save it so now this means that my website should be running through this URL and it does it's running through the static website URL we're halfway through so now let me go back to Rod 53 go back to Rod 53 go back to hosted zones go into the domain name and then create a record set and it's going to be an Alis record and I I see my S3 static website endpoint there right so click on it and create it has now created an record that's pointing my domain name to the S3 endpoint that I have created and my static website is running from it so let me test it right so let me go to the browser put the domain name in there and sure enough the domain name when my browser queried for the domain name AR 53 returned a response saying this domain name is actually mapped to the S3 bucket starting website hosting enabled S3 bucket and this is the URL for that static website hosting and then my browser was able to connect to that S3 bucket and download the details and show it in my browser right so it's that simple and pretty straightforward today's session is on AWS elastic beam stock so what's in it for you today we'll be discussing about what is AWS why we require AWS elastic beam stock what is AWS elastic bean stock the advantages disadvantages the components of uh bean stock along with that the archit arure and the companies that are primarily using the awsp stock so let's get started and first understand what is AWS AWS stands for Amazon web services uh it's a cloud provider and that offers a variety of services such as compute power database storage content delivery and many other resources so we know that AWS is the largest uh cloud provider in the market and so many services are available in the ews where you can apply the business Logics uh and create the solutions using the cloud platform forms now why AWS elastic bean stock now what happened earlier and uh that whenever the developer used to create the software or the modules related to the softwares it has to be joined together to create a big application now one developer creates a module that has to be shared with another developer and uh if the developers are geographically separated then it has to be shared over a medium probably an internet so that is going to take some time uh it would be a difficult process and in return it uh makes the application or a software development a lenier process the building of the software development a lenier process so there were challenges uh which the developers were facing earlier and uh to overcome that uh we have the bean stock as a service available in the AWS so why AWS elastic bean stock is required uh AWS elastic bean stock has made the life of the developers quite easy uh in terms of that they can share the applications across different devices at a shorter time dur ation now let's understand what is AWS elastic bean stock AWS elastic bean stock is a service uh which is used to deploy and scale web applications by developers not only web application any application that is being developed by the developers this is a symbol representation of the AWS elastic bean stock NOW along with that the AWS elastic bean stock supports the programming language the runtime environments that are Java net PHP nodejs Python rubigo and Docker and in case if you're looking for any other programming language or a runtime environment then you can make a request with AWS to arrange that for you now what are the advantages associated with the elastic bean stock First Advantage is that it's a highly scalable service now when we talk about a scalability it means that whenever we require the resources in demand we can scale up the resources or we can scale down the resources so that is kind of a flexibility we get in terms of changing the type of res sources whenever we need it and in that case the elastic bean stock is a highly scalable service now that is something which is very difficult to achieve in case of an on Prim environments because you have to plan for the infrastructure and in case if you're short off the resources within that infrastructure then you have to procure it again the second Advantage associated with the bean stock is that it's a fast and simple to begin now when we say it's fast and simple that means that you just have to focus on the development of an application building an application and then then you can just deploy the application directly using the beanock what the beanock is going to do that every networking aspect is being taken care by the bean stop it deploys your application in the back end on the servers and then you can directly access your application using the URL or through the IP address the third Advantage is that it offers the quick deployment that is what we discussed in the fast and simple to begin as well so why it offers a quick deployment you don't have to bother about the networking Concepts you just have to focus on the application development and then you can just upload your application deploy that and then you are good to go the other Advantage is that it supports multi-tenant architecture when we talk about tenants or multi- tenants that means we can have a virtual environments for separate organizations or the divisions within the organizations that will be virtually isolated so likewise you can have uh virtually isolated environments created on the bean stock and they can be separated used as a separate entities or separate divisions within the organization and we know that it's a flexible service since it's a scalable then it is a flexible also now coming to the simplifies operations as an advantage now once uh the application is deployed using the bean stock then it becomes very easy to maintain and support that application using the beanock services itself and the last advantage that we can have from the bean stock is that it's a cost efficient service the cost efficient as we know that many of the aw services are cost effective the cost optimization can be better managed using the AWS mean stock as compared to if you are developing or if you're deploying any kind of an application or a solution on the on-prem servers now there are some components that are associated with the AWS be stock and it has to be created in the form of a sequence manner so AWS elastic mean stock consist of few important components which are required while developing an application now what are these components these are four components one is application the second is application version the third is environment and the fourth one is the environment tier and we have to progress while deploying our applications or the softwares using the same sequence now let's understand what are the different components of the bean stock are the application it refers to a unique label which is used as a Deployable code for a web application so generally you deploy your web application or you create your application and that is something which is basically uh used as a unique label then the second component is application versions so it resembles a folder which stores a collection of components uh such as environments versions and environment configurations so all these components are being stored using the application version the third most important component is the environment in the environment only the current versions of the applications runs now remember that elastic mean stock supports multiple versions as well and using the environment you can only run the current version of the application for if you wanted to have another version of an application to be running then you have to create an another environment for that then comes the environment tier and in the environment tier it is basically it designates the type of application that the environment runs on now generally there are two types of environment here one is the web uh and the other one is the worker node and that's something which we'll be discussing later as well now let's understand how does elastic bean stock in AWS works so first we have to create an application and this is a task that would be done by the developers and for that you can actually select any runtime environment or a programming language like Java Docker Ruby go Pole or python as well and once you select that environment uh you can uh develop your application using that runtime environments now after that uh once the application is created then you have to upload the version of an application on the AWS and after that once the version is uploaded and then you have to launch your environment so just have to click on the buttons that's it nothing more uh you have to do once the environment is launch then you can actually view that environment using a web URL or using the IP address now what happens in that cases when you launch an environment uh in the back end the elastic bean stock runs automatically runs any ec2 instance and using a metadata the mean stock deploys your application within that ec2 instance that is something which you can look into the ec2 dasboard as well so you don't have to take care of the security groups you don't have to take care of the IP addressing and even even you don't have to log in into the instance and deploy your application it would be done automatically by the beam stock it's just that you just have to monitor the environment and the statistics will be available there itself in the beanock dashboard otherwise you can view those statistics in the uh cloudwatch logs as well now in case if you wanted to update any kind of a version then you just upload a new version and then just deploy that and then monitor your environment so these are the essentials to create a local applications for any platform uh whether it's a nodejs python Etc these are the things that you have to actually take care and this is the sequence you have to follow while creating an environment so you can say that it's a four steps uh creation of a or deployment of your application that's it now after users upload their versions the configuration is automatically deployed with a load balancer yes and uh with a load balancer that means uh you can access the applications using the load balancer DNS also and apart from load balancer if you wanted to put any other feature that includes the autoscaling for example if you wanted to create your ec2 instances where the application will be deployed within the virtual private cloud or in a particular subnet within the VPC all those features that are available and you can select them using the mean stock itself you don't have to move out to the VPC you don't have to actually go to the ec2 dashboard and select all those separately everything would be available within the beanock dashboard so that's what it says in the presentation that after creating an application the deploy service can be specific ly accessed using the URL so once the environment is created there will be a URL defined now you can put a URL name also that is something which uh you wanted to put for your application you can Define that you can check for the availability of that URL and then you have to use that URL to access your application or the browser now once it is done then in the monitor environment it says the environment is monitored provided capacity provisioning load balancing Auto scaling and H M features all those features are available there itself in the mean stock now let's understand the architecture of AWS elastic bean stock now there are two types of environments that you have to select you can select one is the web server environment and the other one is the worker environment So based on the client requirement beanock gives you two different types of environment that you have to select generally the web server environment is the front end facing that means uh the client should be accessing this environment directly using a URL so mostly a web applications are deployed using that environment the worker environment is the backend applications or the mic apps which are basically required to support the running of the web applications now it depends on the client requirement what kind of an environment you want it to select now in the web server environment it only handles the HTTP request from the clients so that's why we use uh the web server environment mostly for the web applications or any application which works on the HTTP https requests so it's not only the HTTP you can use the HTTP SS as well the worker environment it process background task and minimizes the consumption of resources so again it is just like a kind of a micros service or an application services that are running in the back end to support the web server environment now coming to the understanding of the AWS bean stock so this is how the architecture of the AWS bean stock is designed and you can refer to that image also now in the web server environment let's say if we select a web server environment and it says that if the application receives client request the Amazon Route 53 send these requests to the elastic load balance now obviously we discussed here that the web server environment is primarily an envir en which receives the HTTP request it's a kind of a client facing environment now if the application receives a client request Amazon from the Amazon Ro 53 this roote 53 is a service which is primarily used for DNS mapping it's a global Service and it may route you can route the traffic from the root 53 matching your domains towards the load balancer and from the load balancer you can point that traffic to the web server environment obviously the web server environment is nothing it's just the ec2 instances that would be running in the back end now here in the diag you can see that there are two web server environments and they are created in the autoscaling group that means there is some kind of scaling options that are defined as well and these instances are created in an availability zone or they can be created in a different availability Zone also for the redundancy as well and these web application servers are further connected to your databases which primarily will be in a different security groups probably it can be an RDS database also so all these functionalities all these features are basically Ally available on the elastic mean stock dashboard itself now what happens in that case is if the application receives client request Amazon roote 53 send these requests to the load balancer later the load balancer shares those request among the ec2 instances how does that happen it happens using a predefined algorithm the equal distribution of a load is distributed to both the ec2 instances or n number of ec2 instances running in the availability zone now in the availability zones every ec2 instance would have its own Security Group they can have a common Security Group also they can have their own Security Group as well now after the security group the load balancer is then connected to the Amazon ec2 instance which are part of the auto scaling group so that's something which we have discussed already now this autoscaling group is would be defined from the bean stock itself and there will be some scaling options that will be created it could be a possibility that it might be the minimum number of instances that would be running as of now and based on the threshold defined it may increase the number of ec2 instance and the load balance will keep on Distributing the load to as many instances that will be created inside the availability zours obviously there will be an internal he check that the load balancer will be first doing before Distributing the realtime traffic to this instances created by the mean stock now what does autoscaling group does it automatically starts the additional ec2 instance to accommodate increasing load on your application that's something which we know that and also it monitors and scales instances based on the workload as well so depends on what kind of a scaling threshold you have defined in the autoscaling groups and when the load of an application decreases the ec2 instance will also be decreased so whenever we talk about the auto scaling generally it comes in our mind is that we scale up the resources that means we it increases the ec2 instances in the auto scaling you might have the scale down option also scale down policy also created in which if the load minimizes it can terminate the additional ec2 instances as well so that is something which will be automatically managed all these features can be achieved able using the elastic bean stock and with this feature accommodated it gives you the better cost optimization in terms of managing your resources now it says that elastic bean stock has a default Security Group and the security group acts as a Firefall for the instances now here in this diagram it says about the security group autoscaling also you might create it in a default VPC also you might create it in your custom VPC also where you can have the additional level of securi also created you can have the NSS knackles also defined here before the security groups so that would give you the additional filtering option or the firewall option now it says that with these groups with these security groups it allows establishing security groups to the database server as well so every database would also have its own Security Group and the connection can be created between the web servers environment that is created by the beanock to the database security groups as well now let's discussed about the worker environment now understanding the worker environment what happens is that the client the web server environment is the client facing the client sends a request for an access to the web server and in this diagram the web server further sends it to the sqs which is a simple Q service and the Q service send it to the worker environment and then whatever the worker environment is created for doing some kind of a processing or some kind of an application that is running in the back end that environment initiates and uh then send back uh the results to this sqs and vice versa so let's understand the architecture of a AWS elastic bean stock with the worker environment so when a worker environment year is launched AWS elastic bean stock installs a server on every ec2 instance so that is in the case of a web server environment also and later the server passes the request to the simple Q service now this service is an asynchronous service instead of a simple Q service you can have other services also it is not necessary that you need to have the sqs also this is an example that we are discussing about and the sqs shares those message via a post request to the HTTP path over the worker environment and there are many case studies also with respect to this kind of an environment that is being created that is being done on many customers uh and you can search for these kind of a case studies available on the internet now the worker environment executes the task given by the sqs uh with the HTTP response after the operation is completed now here what happens is a quick recap the client request for an access of an application to a web server using an HT DP request the web server passes that request to the Q service the Q service shares the message with a worker probably a worker might be uh the manual worker and generally it's an automated worker so it would be shared via the worker environment only and the worker send back the response with the HTTP response back to the Q that response can be viewed directly from the Q service by the client using the web server so this is one of the example likewise as I said that there can be many other examples also so where you can have the worker environments defined now what are the companies that are using the elastic bean stock these are few of the companies that are primarily using on a Zillow jelly button games uh then you have League of Women Voters ebur uh these are some of the few listed companies and obviously you search on the AWS site and you'll find many more organizations that are using the elastic bean stock primarily for deploying their applications now the next thing is to go with the practicals that how actually we use the elastic bean stock so let's look into the demo using the AWS elastic bean stock NOW first you have to log into the AWS console and I'm sure that you might be having the accounts created or you can use the IM credentials as well and then you have to select the region also now I am in the North Virginia region likewise you can uh select any of the regions that are listed here now click on the services and you have to search for the elastic bean stock you can find the elastic bean stock under the compute section so here itself uh you'll find the elastic bean stock as a service now open this service and there it will give you an option to create an environment you have to specifically select an environment probably a worker environment or a web service environment so let's wait for the service to open so we have the dashboard now available with us this is how the elastic bean stock looks and this is the symbol representation of a bean stock now what we have to do is we have to click on get started and that will load and you have to create a web app so instead of creating a web app what we'll do we'll create a new application so just click on create a new application put an application name let's say we put something like XY Z you can put any description to your application let's say it's a demo app and click on create now it says you have to select an environment uh now the environment the application name XYZ is created you just have to select an environment so click on create one now and it is going to ask you that what kind of an environment tier you wanted to select so as we discussed that there are two types of environments one is the web server and the other one is the worker envir let's look into it what is defined by the AWS AWS says that it has two types of environment tiers to support different types of web applications web servers are standard applications that listen for and then process HTTP request typically over port number 80 workers are specialized application that have a background processing task that listens for message on an Amazon sqs Q workers's application post those messages to your application by using the HTTP response so that's what we saw in the case of the beanock slides also now the usability of a worker environment can be anything now we'll do a demo for creating a web server environment so just click on select and uh you we have the environment name created now we can Define our own domain it ends with the region. elastic beano.com let's say I look for a domain which is XYZ only that's the environment name now I'll check for the availability whether that domain name is available with us or not and it says we don't have that domain name so probably I'll try to make it with some other name and let's look for the availability XYZ ABC and it says yes it is available now once I deploy my application I would be able to access the application using this complete DNS so you can put a description uh it's a demo app that we are creating and uh then you have to define a platform as well now these are the platforms that are supported by the AWS let's say I wanted to run a nodejs environment so I just click on the no nodejs platform the application codes is something which is basically developed by the developers and you can upload the application right now or you can do that later as well once the environment is ready now either you can select to create an environment if you wanted to go with all all the default settings otherwise if you wanted to customize it more you can click on configure more options so let's click on configure more options and here you would be able to define various different features like the type of an instance for example what kind of an ec2 instance or a server that should be running so that the beanock can deploy our applications over it if you want it to modify just click on a modify button and here you can modify your instance with respect to the storage as well now apart from that if you wanted to do some modification in the case of monitoring in the case of databases in the case of security or in the case of a capacity let's look into the capacity so here you can actually do the modification so in the capacity you can select the instance type also by default it is t2. micro but in case if your application requires a larger type of an instance then you can actually go for the instance type as well similarly you can Define your Ami IDs also because obviously for the application to run you would require the operating system also so you can select that particular Ami ID for your operating system as well let's cancel that likewise you have uh many other features uh that you can actually Define here from the dashboard and you don't have to go to the ec2 dashboard to do the modifications now let's go and create an environment let's assume that we are going with the default configuration so this is going to create our environment the environment is being created and you can get the environment and the logs defined in the dashboard itself so you'll see that the beanock environment is being initiated uh the environment is being started and in case if there would be any errors or if it is deployed correctly you'll get all the logs here itself now the environments are basically color coded so there are different color codings that are defined if you get the environment in a green color that means everything is good to go so here you can see that uh it has uh created an elastic IP it has uh checked the health of the environment now it has created the security groups and that would be an auto security groups created by the bean stock and the environment uh creation has been started you can see that uh elastic bean stock as Amazon S3 storage bucket for your environment data as well this is the URL through which you will be accessing the environment but right now we cannot do that since the environment is being created let's click on the application name and here you can see that it is in a gray color that means right now the build is being done uh it is being created once it will be successfully created it should change to the green color and then we will be able to access our environment using the URL now if I move to the ec2 instances and see in the ec2 dashboard if I see whether the instance is being created by the beanock or not so let's see and let's see what are the differences in terms of creating an instance manually and getting it created from the bean stock so click on the ec2 let's go to the old ec2 experience that's what we are familiar with and let's see what's there in the dashboard so here you can see one running instance let's open that and the XYZ environment which was created from the beam stock is being initiated the instance is being initiated and that is something which is being done by the beanock itself we have not gone to the dashboard and created it manually now in the security groups if you'll see that here the AWS mean stock security groups are defined it has the elastic IPS also defined so everything is being created by the beanock itself right now let's go back to the bean stock and let's look into the status of our environment whether the color coding has been changed from Gray to green or not and here you can see the uh environment is successfully created and we have that environment colored in green we'll access the environment and it says it's a web server environment its uh platform is nodejs running on 64-bit Amazon Linux Emi and it says sample application health status is okay now the other thing is that if you do not want to use the web console the Management console to access the bean stock then the bean stock offers you the elastic beanock CLI as well so you can install the command line interface and then you have the command references CLI command references that you can actually play with and get your applications deployed using the bean stock itself so this is uh one of the sample CLI commands that you can actually look into now let's let's look into the environment let's click on the environment and we'll be represented with the URL it says health is okay uh these are the logs that you have to follow in case if there are any issues the platform is nodejs that is what we selected now the next thing is you just have to upload and deploy your applications so just click on upload and deploy select the version label or the name select file and wherever your application is hosted at just select that upload it and deploy your application you'll see that the like your environment is created similarly your application will be deployed automatically on the instance and from this URL you will be able to view the output it is as simple as just like you have to follow these four steps now let's see whether the nodejs environment is running on our instance before deploying an application uh so we'll just click on this URL since the bean stock has already open up the security groups or HTTP Port 80 for all uh we can actually view that output directly from the URL so we have the nodejs running that's visible here and after that you just have to upload and deploy your application and then from that URL you can get the output now this URL you can map it with the root 53 service so using the root 53 DNS Services the domain names can be pointed to the elastic bean stock URL and from there it can be pointed to the applications that are running on the ec2 instance whether you wanted to point it to the URL directly using the mean stock you can do that otherwise as as we saw in the slides you can use the root 53 point it to the load balancer and then point it to the instances directly also once it is created by the bean stock so that was the demo guys uh with respect to the bean stock and how we can actually run the environments apart from that the operational task like uh system operations you can manage all these things from the environment dashboard itself so you have the configurations you have the logs you can actually check the health status of your environment you and do the monitoring and you can actually get the alarms and the events here so let's say if I wanted to if I wanted to see the logs I can request for the logs here itself and I'll be represented with the full log report and I can now download that log file and I can view the locks so it's in the so we have this bundle locks in the zip file all right so if you want to see some kind of uh Logs with respect to elastic bean stock activity it's in the form of a notepad and here you can see what all configurations the beanock has done on your environment on your instance similarly you can go for the health monitoring alarms events and all those things if getting your learning started is half the battle what if you could do that for free visit skillup by simply learn click on the link in the description to know more hi this is the fourth lesson of the AWS Solutions architect course migrating to the cloud doesn't mean that resources become completely separated from the local infrastructure in fact running applications in the cloud will be completely transparent to your end users AWS offers a number of services to fully and seamlessly integrate your local Resources with the cloud one such service is the Amazon virtual private Cloud this lesson talks about creating virtual networks that closely resemble the ones that operate in your own data centers but with the added benefit of been able to take full advantage of a WS so let's get [Music] started in this lesson you'll learn all about virtual private clouds and understand their concept you'll know the difference between public private and elastic IP addresses you'll learn about what a public and private subet is and you understand what an internet gateway is and how it's used you'll learn what root tables are and when they are used you'll understand what a that Gateway is we'll take a look at security groups and their importance and we'll take a look at Network ACLS and how they're used in Amazon VPC we'll also review the Amazon VPC best practices and also the costs associated with running a VPC in the Amazon Cloud welcome to the Amazon virtual private cloud and subnet section in this section we're going to have an overview of what Amazon VPC is and how you use it and we're also going to have a demonstration of how to create your own custom virtual private Cloud we're going to look at IP addresses and the use of elastic IP addresses in AWS and finally we'll take a look at subnets and there'll be a demonstration of how to create your own subnets in an Amazon VPC and here are some of the terms that are used in vpcs there subnets root tables elastic IP addresses internet gateways knat gateways Network ACLS and security groups and in the next sections we're going to take a look at each of these and build our own custom VPC that we'll use throughout this course Amazon defines a VPC as a virtual private Cloud that enables you to launch AWS resources into a virtual Network that you've defined this virtual Network closely resembles a traditional Network that you'd operate in your own data center but with the benefits of using the scalable infrastructure of AWS a VPC is your own virtual Network in the Amazon Cloud which is used as a network layer for your ec2 resources and this is a diagram of the default VPC now there's a lot going on here so don't worry about that what we're going to do is break down each of the individual items in this default VPC over the coming lesson but what you need to know is that a VPC is a critical part of the exam and you need to know all the concepts and how it differs from your own networks throughout this lesson we're going to create our own VPC from scratch which you'll need to replicate at the end of this so you can do well in the exam each VPC that you create is logically isolated from other virtual networks in the AWS Cloud it's fully customizable you can select the IP address range create subnets configure root tables set up Network gateways Define security settings using security groups and network access control lists so each Amazon account comes with a default VPC that's preconfigured for you to start using straight away so you can launch your ec2 instances without having to think about anything we mentioned in the opening section VPC can span multiple availability zones in a region and here's a very basic diagram of a VPC it isn't this simple in reality and as we saw in the first section here's the default Amazon VPC which looks kind of complicated but what we need to know at this stage is that cidr block for the default VPC is always a 16 subnet mask so in this example it's 172 . 31. 0.016 what that means is this VPC will provide up to 65,536 private IP addresses so in the coming sections we'll take a look at all of these different items that you can see on this default VPC but why wouldn't you just use the default VPC well the default VPC is great for launching new instances when you're testing AWS but creating a custom VPC allows you to make things more secure and you can customize your virtual Network as you can Define your own IP address range you can create your own subnets that are both private and public and you can tighten down your security settings by default instances that you launch into a VPC can't communicate with your own network so you can connect your vpcs to your existing data center using something called Hardware VPN access so that you can effectively extend your data center into the cloud and create a hybrid environment now to do this you need a virtual private Gateway and this is the VPN concentrator on the Amazon side of the VPN connection then on your side in your data center you need a customer Gateway which is either a physical device or a software application that sits on your side of the VPN connection so when you create a VPN connection a VPN internel comes up when traffic is generated from your side of the connection VPC peering is an important concept to understand a peering connection could be made between your own vpcs or with a VPC in another AWS account as long as it's in the same region so what that means is if you have instances in vpca they wouldn't be able to communicate with instances in VPC B or C unless you set up a pairing connection pairing is a onetoone relationship a VPC can have mult multiple peering connections to other vpcs but and this is important transitive peering is not supported in other words bpca can connect to B and C in this diagram but C wouldn't be able to communicate with B unless they were directly paired also vpcs with overlapping cidrs cannot be paired so in this diagram you can see they all have different IP ranges which is fine but if they had the same IP ranges they wouldn't be able to be peered and finally for this section if you delete the default VPC you have to contact AWS support to get it back again so be careful with it and only delete it if you have good reason to do so and know what you're doing this is a demonstration of how to create a custom VPC so here we are back at the Amazon web services Management console and this time we're going to go down to the bottom left where the networking section is I'm going to click on VPC and the VPC dashboard will load up now there's a couple of ways you can create a custom VPC there's something called the VPC wizard which will build vpcs on your behalf from a selection of different configurations for example a VPC with a single public subnet or a VPC with public and private subnets now this is great cuz you click a button type in a few details and it does the work for you however you're not going to learn much or pass the exam if this is how you do it so we'll cancel that and we'll go to your vpcs and we'll click on create a VPC and we're presented with to create a VPC window so let's give our VPC a name I'm going to call it simply learn uncore VPC and this is the kind of nameing convention I'll be using throughout this course next we need to give it the cidr block or the classes into domain routing block so we're going to give it a very simple one 10.0.0.0 and then we need to give it the subnet mask so you're not allowed to go larger than 15 so if I tried to put 15 in it says no not going to happen for a reference subnet mask of 15 would give you around 131,000 IP addresses and subnet 16 will give you 65 , 536 which is probably more than enough for what we're going to do next you get to choose the teny there's two options default and dedicated if you select dedicated then your ec2 instances will reside on Hardware that's dedicated to you so your performance is going to be great but your cost is going to be significantly higher so I'm going to stick with default and we just click on yes create it'll take a couple of seconds and then in our VPC dashboard we can see our simply learned VPC has been created now if we go down to the bottom here to see the information about our new VPC we can see it has a root table associated with it which is our default root table so there it is and we can see that it's only allowing local traffic at the moment we go back to the VPC again we can see it's been given a default Network ACL and we'll click on that and have a look and you can see this is very similar to what we looked at in the lesson so it's allowing all traffic from all sources inbound and outbound now if we go to the subnet section and just widen the VPC area here you can see there's no subnets associated with the VPC we just created so that means we won't be able to launch any instances into our VPC and to prove it I'll just show you we'll go to the ec2 section so this is a glimpse into your future this is what we'll be looking at in the next lesson and we'll just quickly try and launch an instance we'll select any instance it doesn't matter any size not important so here the network section if I try and select simply learn VPC it's saying no subnets found this is not going to work so we basically need to create some subnets in our VPC and that is what we're going to look at in the next lesson now private IP addresses are IP addresses that are not reachable over the internet and they used for communication between instances in the same network when you launch a new instance is given a private IP address and an internal DNS host name that resolves to the private IP address of the instance but if you want to connect to this from the Internet it's not going to work so then you'd need a public IP address which is reachable from the internet you can use public IP addresses for communication between your instances and the internet each instance that receives a public IP IP address is also given an external DNS host name public IP addresses are associated with your instances from the Amazon Pool of public IP addresses when you stop or terminate your instance the public IP address is released and a new one is associated when the instance starts so if you want your instance to retain this public IP address you need to use something called an elastic IP address an elastic IP address is a static or persistent public IP address is allocated to your account and can be Associated to and from your instances as required an elastic IP address remains in your account until you choose to release it there is a charge associated with an elastic IP address if it's in your account but not actually allocated to an instance this is a demonstration of how to create an elastic IP address so we're back at the Amazon web services Management console we're going to head back down to the networking VPC section and we'll get to the VPC dashboard on the left hand side we'll click on elastic IPS now you'll see a list of any elastic IPS that you have associated in your account and remember any the elastic IP address that you're using that isn't allocated to something you'll be charged for so I have one available and that is alloc at to an instance currently so we want to allocate a new address and it reminds you that there's a charge if you're not using it I'm saying yes allocate and it takes a couple of seconds and there's our new elastic IP address now we'll be using this IP address to associate with the N Gateway when we build that AWS find a subnet as a range of IP addresses in your VPC you can launch AWS resources into a subnet that you select you can use a public subnet for resources that must be connected to the internet and a private subnet for resources that won't be connected to the internet the net mask for the default Subnet in your VPC is always 20 which provides up to 4,096 addresses per subnet and a few of them are reserved for AWS use a VPC can span multiple availability zones but the subnet is always mapped to a single availability Zone this is important to know so here's our basic diagram which we're now going to start adding to so we can see the virtual private cloud and you can see the availability zones and now inside each availability Zone we've created a subnet now you won't be able to launch any instances unless there are subnets in your VPC so it's good to spread them across availability zones for redundancy and fail over purpos there's two different types of subnet public and private you use a public subnet for resources that must be connected to the internet for example web servers a public subnet is made public because the main root table sends the subnets traffic that is destined for the internet to the internet gateway and we'll touch on internet gateways next private subnets are for resources that don't need an internet connection or that you want to protect from the internet for example database instances so in this demonstration we're going to create some subnets a public and a private subnet and we're going to put them in our custom VPC in different availability zones so we'll head to networking and VPC wait for the VPC dashboard to load up we'll click on subnets we'll go to create sub net and I'm going to give the subnet a name so it's good to give them meaningful names so I'm going to call this first one for the public subnet 10.0 1.0 and I'm going to put this one in the US East one B availability Zone and I'm going to call it simply learn public so it's quite a long name I understand but at least it makes it clear for what what's going on in this example then we need to choose a VPC so we obviously want to put it in our simply learn VPC and I said I wanted to put it in Us East 1B I'm using the North Virginia region by the way so we click on that then we need to give it the cidr block now as I mentioned earlier when I typed in the name that's the range I want to use and then we need to give it the subnet askk and we're going to go with 24 which should give us 251 addresses in this range which obviously is going to be more than enough if I try and put a different value in that's unacceptable to Amazon it's going to say it's going to give me an error and tell me not to do that let's go back to 24 and click on a cut and paste list by the way just cuz I need to type something very similar for the next one click create it takes a few seconds okay so there's our new subnet and I just widen this you can see so that's the IP range that's the availability Zone it's for simply learn and it's public so now we want to create the private so I'm put the name in I'm going to give the priv the IP address block of that I'm going to put this one in Us East 1C and it's going to be the private subnet obviously I want it to be in the same VPC Vil zone of Us East 1C and we're going to give it 10.0.2 do0 D 24 and we'll click yes create and again it takes a few seconds okay sem me sort by name so there we are we can see now we've got our private subnet and our public Subnet in fact let me just type in simply there we are so now you can see them both there and you can see they're both in the same VPC simply learn VPC now if we go down to the bottom you can see the root table associated with these VP and you can see that they can communicate with each other internally but there's no internet access so that's what we need to do next in the next lesson you're going to learn about internet gateways and how we can make these subnets have internet access welcome to the networking section in this section we're going to take a look at internet gateways root tables and Knack devices and we'll have a demonstration on how to create each of these AWS VPC items so to allow your VPC the ability to connect to the internet you need to attach an internet gateway and you can only attach one internet gateway per VPC so attaching an internet gateway is the first stage in permitting internet access to instances in your V PC now here's our diagram again and now we've added the internet gateway which is providing the connection to the internet to your VPC but before you can configure internet correctly there's a couple more steps for an ec2 instance to be internet connected you have to adhere to the following rules firstly you have to attach an internet gateway to your VPC which we just discussed then you need to ensure that your instances have public IP IP addresses or elastic IP addresses so they're able to connect to the internet then you need to ensure that your subnet rout table points to the internet gateway and you need to ensure that your network access control and Security Group rules allow relevant traffic to flow to and from your instance so you need to allow the rules to let in the traffic you want for example HTTP traffic after the demonstration for this section we're going to look at how route tables Access Control lists and security groups are used in this demonstration we're going to create an internet gateway and attach it to our custom VPC so let's go to networking VPC bring up the VPC dashboard and on the left hand side we click on internet gateways so here's a couple of gateways I have already um but I need to create a new one so create internet gateway I'll give it a name which is going to be simply learn internet gateway igw and I'm going to click create so this is an internet gateway which will connect a VPC to the internet because at the moment our custom VPC has no internet access so there it's created you simply learn igw but it state is detached because it's not attached to anything so let me try and attach it to a VPC and it gives me an option of all the vpcs that have no internet gateway attached to them currently so I only have one which is simply learn VPC yes attach now you can see our VPC has internet attached and you can see that down here so let's click on that and it will take us to our VPC but before any instances in our VPC can access the internet we need to ensure that our subnet route table points to the internet gateway and we don't want to change the main rote table we want to create a custom root table and that's what you're going to learn about next a root table determines where Network traffic is directed it does this by defining a set of rules every subnet has to be associated with a root table and a subnet can only be associated with one root table however multiple subnets can be associated with the same root table every VPC has a default root table and it's good practice to leave this in its original state and create a new route table to customize the network traffic routes associated with your VPC so here's our example and we've added two root tables the main roote table and the custom roote table the new root table or the custom route table will tell the internet gateway to direct internet traffic to the public subnet but the private subnet is still Associated to the default route table the main route table which does not allow internet traffic to it all traffic inside the private subnet is just remaining local in this demonstration we're going to create a custom root table associate it with our internet gateway and Associate our public subnet with it so let's go to networking and VPC the dashboard will load and we're going to go to Route tables now our VPC only has its main rout table at the moment the default one it was given at the time it was created so we want to create a new root table and we want to give it a name so we're going to call let simply learn going to call it rot table RTV for short and then we get to pick which VPC we want to put it in so obviously we want to use simply learned VPC so we click create we take a couple of seconds and here you are here's our new root table so what we need to do now is change it root so that it points to the internet gateway so if we go down here to roots at a minute you can see it's just like our main route table it just has local access so we want to click on edit and we want to add another route so the destination is the internet which is all the zeros and our Target and we click on this it gives us the option of our internet gateway which we want to do so now we have internet access to this subnet sorry to this root table and we click on Save save was successful so now we can see that as well as local access we have internet access now at the moment if we click on subnet associations you do not have any subnet associations so basically both both our subnets the public and private subnets are associated with the main root table which doesn't have internet access so we want to change this so we'll click on edit and we want our public subnet to be associated with this root table so click on save so it's just saving that so now we can see that our public subnet is associated with this route table and this route table is associated with the internet gateway so now anything we launch into the public subnet will have internet access but what if we wanted our instances in the private subnet to have internet access well there's a way of doing that with a KN device and that's what we're going to look at in the next lecture you can use a n device to enable instances in a private subnet to connect to the Internet or other AWS services but prevent the internet from initiating connections with the instances in the private subnet so we talked earlier about public and private subnets to protect your assets from being directly connected to the internet for example your web server would sit in the public subnet and your database in the private subnet which has no internet connectivity however your private subnet database instance might still need internet access or the ability to connect to other AWS resources if so you can use a network address translation device or a n device to do this and that device forwards traffic from your private subnet to the internet or other AWS services and then sends the response back to the instances when traffic goes to the internet The Source IP address of your instance is replaced with the natat device address and when the internet traffic comes back again the N device translates the address to your instance's private IP address so here's our diagram which is getting ever more complicated and if you look in the public subnet you can see we've now added a knat device and you have to put KN devices in the public subnet so that they get internet connectivity AWS provides two kinds of knat devices a knat Gateway and a Nat instance AWS recommends a knat Gateway as it's a managed service that provides better availability and bandwidth than Nat instances each Nat Gateway is created in a specific availability Zone and is implemented with redundancy in that zone and that instance is launched from aat Ami an Amazon machine image and runs as an instance in your VPC so it's something else you have to look after whereas in that Gateway being a fully managed service means once it's installed you can pretty much forget about it and that Gateway must be launched into a public subnet because it needs internet connectivity it also needs an elastic IP address which you can select at the time of launch once created you need to update the root table associated with your private subnet the point internet bound track to the N Gateway this way the instances in your private subnets can communicate with the internet so if you remember back to the diagram when we had the custom route table which was pointed to the internet gateway now we're pointing our main route table to the net Gateway so that the private subnet also gets internet access but in a more secure manner welcome to the create a KN Gateway demonstration where we're going to create a KN Gateway so that the instances in our private sub that can get internet access so we'll start by going to networking and VPC and the first thing we're going to do is take a look at our subnets and you'll see why shortly so here are our simply learn subnets so this is the private subnet that we want to give internet access but if you remember from the section n gateways need to be placed in public subnet so I'm just going to copy the name of this subnet ID for the public subnet and you'll see why in a moment so then we go to natat gateways on the left hand side and we want to create a new natat Gateway so we have to put a subnet in there so we want to choose our public subnet now as you can see it truncates a lot of the subnet names on this option so it's a bit confusing so we know that we want to put it in our simply learn VPC in the public subnet but you can see it's truncated so it's actually this one at the bottom but what I'm going to do is just paste in the subnet ID which I copied earlier so there's no confusion then we need to give it an elastic IP address now if you remember from the earlier demonstration we created one so let's select that but if you hadn't allocated one you could click on the create new EIP button so we'll do that okay so it's telling me my net Gateway has been created and in order to use your net Gateway ensure that you edit your root table to include a rout with a target of and then on that Gateway ID so it's given us the option to click on our edit root tables so we'll go straight there now here's our here's our root tables now here's the custom rout table that we created earlier and this is the default the main rote table which was created when we launched our when we created our VPC so we should probably give this a name so that we know what it is so let me just call this simply learn rtb main so now we know that's our main root table so if you take a look at the main route table and the subnet associations you can see that our private subnet is associated with this table so what we need to do is put a root in here that points to the KN Gateway so if we click on roots and edit and we want to add another route and we want to say that all traffic can either go to the simply an internet gateway which we don't want to do we want to point it to our natat instance which is this natat ID here and we click save so now any instances launched in our private sub will be able to get internet access via r that Gateway welcome to the using security groups and network ACL section in this SE we're going to take a look at security groups and network ACLS and we're going to have a demonstration on how you create both of these items in the Amazon web services console a security group acts as a virtual firewall that controls the traffic for one or more instances you add rules to each security group that allow traffic to or from its Associated instances basically a security group controls the inbound and outbound traffic for one or more ec2 instances security groups can be found on both the ec2 and VPC dashboards in the AWS web Management console we're going to cover them here in this section and you'll see them crop up again in the ec2 lesson and here is our diagram and you can see we've now added security groups to it and you can see that ec2 instances are sitting inside the security groups and the security groups will control what traffic Flows In and Out so let's take a look at some examples and we'll start with a security group for a web server now obviously a web server needs HTTP and https traffic as a minimum to be able to access access it so here is an example of the security group table and you can see we're allowing HTTP and https the ports that are associated with those two and the sources and we're allowing it from the internet we're basically allowing all traffic to those ports and that means any other traffic that comes in on different ports would be unable to reach the security group and the instances inside it let's take a look at an example for a database server Security Group group now imagine you have a SQL Server database then you would need to open up the SQL Server Port so that people can access it um which is Port 1433 by default so we've added that to the table and we've allowed the source to come from the internet now because it's a Windows machine you might want RDP access so you can log on and do some Administration so we've also added RDP access to the security group now you could leave it open to the internet but that would mean anyone could try and hack their way into your box so in this example we've added a source IP address of 10.0.0.0 so only IP arranges from that address can RDP to the instance now there's a few rules associated with security groups by default security groups allow all outbound traffic so if you want to tighten that down you can do so in a similar way to you can Define the inbound traffic Security Group rules are always permissive you can't create rules that deny access so you're allowing access rather than denying it security groups are stateful so if you send a request from your instance the response traffic for that request is allowed to flow in regardless of the inbound Security Group rules and you can modify the rules of a security group at any time and the rules are applied immediately welcome to the create Security Group demonstration where we're going to create two security groups one to host DB servers and one the host web servers now if you remember from the best practices section it said it was always a good idea to tear your applications into security groups and that's exactly what we're going to do so if we go to networking and VPC to bring up the VPC dashboard on the left hand side under security we click on security groups now you can also get the security groups from the ec2 dashboard as well so here's a list of my existing security groups but we want to create a new security group and we're going to call it simply learn web server SG Security Group and we'll give the group name as the same and our description is going to be simply learn web servers security groups okay and then we need to select our VPC now it defaults to the default VPC but obviously we want to put it in our simply learn VPC so we click yes create takes a couple of seconds and there it is there's our new security group now if we go down to the rules the inbound rules you can see there are none so by default a new security group has no inbound rules what about outbound rules if you remember from lesson a new Security Group by default allows all traffic to be outbound and there you are all traffic has destination of everywhere so all traffic is allowed but we want to add some rules so let's click on inbound rules click on edit now this is going to be a web server so if we click on the drop down we need to give it HTTP so you can either choose custom TCP Rule and type in your own port ranges or you can just use the ones they have for you so h DDP this pre-populates the port range and then here you can add the source now if I click on it it's giving me the option to saying allow access from different security groups so you could create a security group and say I only accept traffic from a different Security Group which is a nice way of securing things down you could also put in here just your IP address so that only you could do HTTP requests to the instance but because it's a web server we want people to be able to see our website otherwise it's not going to be much use so we're going to say all traffic so all Source traffic can access our instance on Port HTTP at I want to add another rule because we also want to do https which is hiding from me there we are and again we want to do the same and also because this is going to be a Linux instance we want to be able to connect to the Linux instance to do some work and configuration so we need to give it SSH access and again it would be good practice to tie it down to your specific IP or an IP range but we're just going to do all for now then we click on Save and there we are there we have our ranges so now we want to create our security group for our DB servers so let's click create Security Group and then we'll go through it and give it a similar name simply learn DB servers SG and the description it's going to be simply learn PB servers Security Group and our VPC is obviously going to be simply learn VPC so let's click yes create wait a few seconds and here's our new security group as you can see it has no inbound Rules by default and outbound rules allow all traffic so this is going to be a SQL Server database server and so we need to allow SQL Server traffic into the instance so we need to give it Microsoft SQL Port access Now the default port for Microsoft SQL Server is 1433 now in reality I'd probably change the port the SQL server was running on to make it more secure but we'll go with this for now and then the source so we could choose the IP arranges again but what we want to do is place the DB server in the private subnet and allow the traffic to come from the web server so the web server will accept traffic and the web server will then go to the database to get the information it needs to display on its web on the website or if people are entering information into the website we want the the information to be stored in our DB server so basically we want to say that this the DB servers can only accept SQL Server traffic from the web server Security Group so we can select the simply learn web server Security Group as the source traffic for Microsoft SQL Server data so we'll select that now our SQL Server is obviously going to be a Windows instance so from time to time we might we might need to log in and configure it so we want to give RDP access now again you would probably put a specific IP range in there we're just going to do all traffic for now there then we click save and there we are so now we have two security groups DV servers and web servers a network ACL is a network access control list and it's an optional layer of security for your VPC that acts as a f wall for controlling traffic in and out of one or more of your subnets you might set up network acl's with rules similar to your security groups in order to add an additional layer of security to your VPC here is our Network diagram and we've added Network ACLS to the mix now you can see they sit somewhere between the root tables and the subnets this diagram makes it a little bit clearer and you can see that a network ACL sits in between a root table and a subnet and also you can see an example of the default Network ACL which is configured to allow all traffic to flow in and out of the subnets to which is associated each Network ACL includes a rule whose rule number is an asteris this rule ensures that if a packet doesn't match any of the other numbered rules it's denied you can't modify or remove this rule so if you take a look at this table you can see on the inbound some traffic would come in and it would look for the first rule which is 100 and that's saying I'm allowing all traffic from all sources so that's fine the traffic comes in if that rule 100 wasn't there it would go to the asteris rule and the Astic rule is saying traffic from all sources is denied let's take a look at the network ACL rules each Subnet in your VPC must be associated with an ACL if you don't assign it to a custom ACL it will automatically be Associated to your default ACL a subnet can only be associ iated with one ACL however an ACL can be associated with multiple subnets an ACL contains a list of numbered rules which were evaluated in order starting with the lowest as soon as a rule matches traffic it's applied regardless of any higher numbered rules that may contradict it AWS recommends incrementing your rules by a factor of 100 so as plenty of room to implement new rules at a later date unlike security groups AC are stateless responses to allowed inbound traffic are subject to the rules for outbound traffic welcome to the network ACL demonstration where we're just going to have an overview of acl's where they are in the dashboard now you don't need to know a huge amount about them for the exam we just need to know how they work and where they are so let's go to networking and VPC and on when the dashboard loads on on the left hand side under security there's Network ACLS so let's click on that now you can see some ACLS that are in my my AWS account so we want the one that's associated with our simply learn VPC so if we extend this VPC column that's our Network ACL there simply then VPC now let's give it a name because it's not very clear to see otherwise also I'm kind of an obsessive tagger so let's call it simply learn AC L and click on the tick so so now it's much easier to see so we click on inbound rules so this is exactly what we showed you in the lesson the rule is 100 so that's the first rule that's going to get evaluated and it's saying allow all traffic from all sources and the outbound rules are the same so if you wanted to tighten down the new rule you could click edit we would give it a new rule number say which would be 200 so you should always increment them in 100 so that means if you had 99 more rules you needed to put in place you'd have space to put them in in between these two and then you could do whatever you wanted you could say you know we are allowing HTTP access from all traffic and we're allowing or you could say actually you know what we're going to deny it so this is the way of blacklisting traffic into your VPC now I'm not going to save that cuz we don't need it but this is where Network ACL sit and this is where you would make any changes it's also worth having a look at the subnet associations with your ACL so we have two subnets in our simply learn VPC so we would expect to see both of them associated with this network ACL because it's the default and there they are it's both our public and our private subnets are associated and you can also see up here on the on the dashboard it says default so this is telling us this is our default ACL if you did want to create a new network ACL you would click create network ACL you'd give it a name just say new ACL and then you would associate it with your VPC so we would say simply learn VPC takes a few seconds and there we are there we have our new one now you can see this one says default no because it obviously isn't the default ACL for our simply learn VPC and it has no subnet associated with it so let's just delete that cuz we don't need it but there you are there's a very brief overview of network ACLS welcome to the Amazon VPC best practices and costs where we're going to take a look at the best practices and the costs associated with the Amazon virtual private Cloud always use public and private subnets you should use private subnets to secure resources that don't need to be available to the internet such as database services to provide secure internet access to the instances that reside in your private subnets you should provide a knack device when using Knack devices you should use a knat Gateway over natat instances because they're a managed service and require less Administration effort you should choose your cidr blocks carefully Amazon VPC can contain from 16 to 65,536 IP addresses so you should choose your cidr block according to how many instances you think you'll need you should also create separate Amazon vpcs for development staging test and production or create one Amazon VPC with separate subnets with a subnet each for production development staging and test you should understand the Amazon VPC limits there are various limitations on the VPC components for example you're allowed five vpcs per region 200 subnets per VPC 200 root tables per VPC 500 security groups per VPC 50 in and outbound rules per VPC however some of these rules can be increased by raising a ticket with AWS support you should use security groups and network ACLS to secure the traffic coming in and out of your VPC Amazon advises to use security groups for wh listing traffic and network acl's for blacklisting traffic Amazon recommends tiering your security groups you should create different security groups for different tiers of your infrastructure architecture inside VPC if you have web tiers and DB tiers you should create different security groups for each of them creating tier wise security groups will increase the infrastructure security inside the Amon VPC so if you launch all your web servers in the web server security group that means they'll automatically all have HTTP and https open conversely the database Security Group will have SQL Server ports already open you should also standardize your Security Group naming conventions following a security group naming convention allows Amazon VPC operation and management for large scale deployments to become much easier always span your Amazon VPC across multiple subnets in multiple availability zones inside a region this helps in architecting high availability inside your VPC if you choose to create a hardware VPN connection to your VPC using virtual private Gateway you are charged for each VPN connection hour that your VPN connection is provisioned and available each partial VPN connection hour consumed is built as a full hour you'll also incur standard AWS data transfer charges for all data transferred via the VPN connection if you choose to create a knat Gateway in your VPC you are charged for each natat Gateway hour that your NAT Gateway is provisioned and available data processing charges apply for each gigabyte processed through the N Gateway each partial n Gateway hour consumed is build as a full hour this is the practice of assignment for designing a custom VPC where you'll create a custom VPC using the concepts learned in this lesson using the concepts learned in this lesson recreate the custom VPC as shown in the demonstrations the VPC name should be simply learned VPC the cidr block should be 10.0.0.0 16 there should be two subnets one public with a range of 10.0.1 0 and one private of a range of 10.0.2 do0 and they should be placed in separate availability zones there should be one internet gateway and one n Gateway and also one custom route table for the public subnet also create two security groups simply learn web server Security Group and simply learn DB server Security Group so let's review the key takeaways from this lesson Amazon virtual private cloud or VPC enables you to launch AWS resources into a virtual Network that you've defined this virtual Network closely resembles a traditional Network that you'd operate in your own data center but with the benefits of using scalable infrastructure of AWS there are three types of IP address in AWS a private IP address this is an IP address that's not reachable over the internet and it's used for communication between instances in the same network a public IP address is reachable from the internet which you can use for communication between your instances and the internet and there's an elastic IP address this is a static public persistent IP address that persists after an instance restarts whereas a public IP address is re Associated after each restart Amazon defines a subnet as a range of IP addresses in your VPC you can launch AWS resources into a subnet that you select and a subnet is always mapped to a single availability Zone use a public subnet for resources that must be connected to the internet and a private subnet for resources that won't be connected to the internet to allow your VPC the ability to connect to the internet you need to attach an internet gateway to it and you can only attach one internet gateway per VPC a root table determines where Network traffic is directed it does this by defining a set of rules every subnet has to be associated with a root table and a subnet can only have an association with one root table however multiple subnets can be Associated to the same root table and you can use a naap device to enable instances in a private subnet to connect to the Internet or other AWS services but a act device will prevent the internet from initiating connections with instances inside your private subnet a security group acts as a virtual firewall that controls the traffic for one or more instances you add rules to each security group that allow traffic to or from its Associated instances a network access control list or network ACL is an optional eray of security for your VPC that acts as a firewall for controlling traffic in and out of one or more of your subnets today's session is on AWS let's look into what we have in our today's session so what's in it for you we would be covering what is AWS why do we need AWS sagemaker what is AWS sagemaker Services what are the benefits of using the AWS sagemaker machine learning with AWS stagemaker how to train a model with AWS stagemaker how to validate a model with AWS and the companies that are using AWS Hemer along with that we will be covering up one live demo on on the AWS platform now let's understand what is AWS so what is AWS it's an Amazon web services it's a largest or most widely used public Cloud platform offered by Amazon it provides services over the Internet aw Services can be used to build Monitor and deploy any type of application in the cloud AWS also uses the subscription pricing model that means you only pay for whatever the service is you use for now why do we need AWS sagemaker let's look into it so let's consider an example of one of the company that is proquest now before AWS sagemaker the proquest is a Global Information content and technology company that provides valuable content such as ebooks newspapers Etc to the users before AWS sagemaker the proquest requirement was to have a better user experience maximum relevant search results now after aw s maker they were able to achieve those uh results uh so they achieved more appealing video user experience they achieved more relevant search results for the users now what do we mean by aw sagemaker why this service is primarily used so Amazon sagemaker is a cloud machine learning platform that helps users in building training tuning and deploying machine learning models in a production ready hosted environment so it's kind of kind of a machine learning service which is already hosted on the AWS platform now what are the benefits of using AWS Hemer uh the key benefits of using aw sagemaker are it reduces machine learning data cost so you can do the cost optimization while running uh this particular service on the AWS all ml components are stored in a particular place in a dashboard so they can be managed together highly scalable so it can be scal on you can scale this particular service on the fly it trains the models quite faster maintains the up time so you can be assured that your workloads will be running all the time it will be available all the time high data security so security becomes a major concern on the cloud platforms and it ensures that you have the high data security along with that you can do a data transfer to different AWS services like S3 bucket and all with the simple data transfer techniques now machine learning with AWS sagemaker let's look into it so machine learning with AWS Sage maker is a three-step function so one is to build second is to test and tune the model and third is to deploy the model now with the build it provides more than 15 widely used ml algorithms for training purpose now to build a model you can collect and prepare training data or you can select from the Amazon S3 bucket also choose and optimize the required algorithm so some of the algorithms that you can select are K means linear regressions logistic regression sagemaker helps developers to customize ml instances with the Jupiter notebook interface in the test and tune you have to set up and manage the environment for training so you would need some sample data to train the model so train and tune a model with the on Sage maker sagemaker implements hyperparameter tuning by adding a suitable combination of algorithm parameters also it divides the training data and stores that in the Amazon S3 S3 is a simple storage service which is primarily used for storing the objects and the data hence it is used for storing and recovering data over the internet and Below you can see that AWS Sage maker uses Amazon S3 to store data as it safe and secure also it the training data and stores in Amazon S3 where the training algorithm code is stored in the ECR ECR stands for elastic container registry which is primarily used for containers and Dockers ECR helps users to save Monitor and deploy Docker and the containers later Sage maker sets up a cluster for the input data trains it and stores it in the Amazon S3 itself so this is done by the sage maker itself after that you need to deploy it so suppose you want to predict limited data data at a time you use Amazon sagemaker hosting services for that okay but if you want to get prediction for an entire data set prefer using Amazon sagemaker batch transform now the last step that is to deploy the model so once tuning is done models can be deployed to sagemaker endpoints and in the endpoint realtime prediction is performed so you would have some data which you would reserve and validate your model whether it is is working correctly or not now evaluate your model and determine whether you have achieved your business goals now the other aspect is how we can train a model with AWS stagemaker so this is basically a flow diagram which shows you how to train a model with the AWS stage maker and here we have used couple of Services of an AWS to get that done so model training in aw stage maker is done on machine learning comput in instances and here we can see there are two machine learning compute instances used as helper code and the training code along with that we are using 2 S3 buckets and the ECR for the container registry now let's look into what are the ways to train the model as for the slides So Below are the following requirements to train a model so here in the diagram you can see these are the following requirements to train a model the URL of an Amazon S3 bucket where the training data is stored that is mentioned the compute resources on machine learning compute instances so these are all your machine learning compute instances then the URL of an Amazon S3 bucket where the output will be stored and the path of AWS elastic container registry where the code data is save the inference code image lies in the elastic container registry now what are these called these are called as the training jobs now when a user trains a model in Amazon sagemaker he she creates a training job so we need to First create a training job and then the input data is fetch from the specified Amazon S3 bucket once the training job is built Amazon Sage maker launches the ml compute instances so these compute instances will be launched once the training job is built then it trains the model with the training code and the data set and it shows the output and model Artic crafts in the WS S3 bucket so this is done automatically now here the helper code performs a task when the training code fails the interference code which is in the elastic container registry consist of multiple linear sequence containers that process the request for inference on data the ec2 container registry is a container registry that helps users to sa Monitor and deploy container images whereas container images are the ready applications once the data is trained the output is stored in the specified Amazon S3 bucket so here you can see the output will be stored here to prevent your algorithm being deleted save the data in Amazon sagemaker critical system which can process you on your ml compute instances now how to validate a model let's look into it so you can evaluate your model using offline or using the historical data so first thing is that you can do the offline testing to validate a model you can do an online testing with the live data so if you have a live data coming or realtime streams coming you can validate a model from there as well you can validate using a holdout set and also you can validate using the kfold validation now use historical data to send requests to the model through the Jupiter notebook in Amazon sagemaker for the evaluation online testing with live data deploys multiple models into the endpoints of Amazon sagemaker and directs live traffic to the model model for validation validating using a holdout set is part of the data is set aside where which is called hold out set so the part of the data is left which is basically called as the hold out set this data is not used for the model training so later when the model is trained with the remaining input data and generalize the data based on what is learned initially so whatever the data which is left out will be used for validating a model because we have not not use that data while training a model the kfold validation is the input data is split into two parts one part is called K which is the validation data for testing the model and the other part is K minus one which is used as a training data now based on the input data the machine learning model evaluates the final output now the companies that are using AWS Hemer one is the ADP Al so you must be knowing about ADB zelando Dow Jones which is the stock market proquest and the intute now let's look into the demo that how we can actually run the AWS stage maker so we'll use the r algorithm and then package the algorithm as a container for building training and deploying a model we are going to use the jupyter notebook for that for model building for model training for model deployment and the code for the demo is in the below link so you can see here that from this link you can get the code for the demo let's try to do a demo on the AWS now I would be using a link which is uh provided by Amazon to build train and deploy the machine learning model on the sagemaker as you can see on my screen and in this tutorial uh you would have some steps where you can put those steps and the code python codes into your aw sagemaker Jupiter lab so in this tutorial you will learn how to use Amazon sagemaker to build train and deploy a machine learning model and for that we will use the popular XT boost ml algorithm for this exercise so first of all what you need to do is you have to go to the AWS console and there you have to create a notebook instance so in this tutorial you will be creating a notebook instance you will prepare the data train the model to learn from the data deploy the model evaluate your ml models performance and once all those activities are done then we'll see how we can actually remove all the resources in order to prevent the extra costing now the first step is we have to enter to the Amazon sagemaker console so here you can see I'm already logged in into the sagemaker console you can click on the services search for the sagemaker here and here you get the Amazon sagemaker service now the next step is that we have to create a notebook instance so we will select the notebook instance from the sagemaker Serv and then after the notebook instance is selected we'll put a name to our instance and we'll create a new IM Ro for that so let's wait for the sagemaker studio to open so here you can see the studio is open and uh you just have to click on the notebook instances and here you have to create a notebook instance so here you can see couple of notebook instances have already been created one of them is in service so this is The Notebook instance that we are going to use for uh creating the demo model I'll show you how you can create a notebook instance you just have to click on create notebook instance button and put your notebook instance name so you can put something like demo Das sagemaker 987 or we can put it as model we'll go with notebook instance type as default which is mlt2 do medium and in the permission and encryptions under the IM R we'll C click on create a new IM Ro now why we are creating a new IM Ro so that we can allow the sagemaker to access any S3 bucket that has been created on our account just click on create a role and here you would see that the new IM Ro will be created with the set of permissions then rest of the things we'll keep it as default and then you just have to click on create a notebook instance the notebook instance creation takes some time so you just have to wait for a couple of minutes to get that in service we already have uh one of the notebook instance that has been created so we will be using uh that to create a demo now going back to the steps so these are the steps that we have already performed now once the notebook instance is created then we have to prepare the data so in this step we will be using the sagemaker notebook instance to pre-process the the data that would require to train the machine learning model and for that we would be opening up the Jupiter notebook and uh then we have to select an environment a kernel environment in the Jupiter notebook that would be condore Python 3 so let's follow these steps go back to the sage maker click on the notebook instances select the running notebook instance and here you would select the open Jupiter lab now here you would see that the Hemer would try to open up the Jupiter notepad and we would be performing all our inputs uh into that Jupiter notebook and uh executing the results there itself so just wait for the notebook to open now here you can see the Jupiter lab notebook has been open so I would be selecting one of the notebook that has been created so this one so like likewise you can create your own notebook also how you can do that first of all let me select the kernel environment so I would be selecting Kore Python 3 and just click on select so how you can create your own notebook just have to click on file click on new and here you can select the notebook just name your notebook select the environment condore Python 3 to run this demo so I have my notebook open so in the tabs I would be putting up the python codes and I would be executing those codes to get the output directly so the next step is to prepare the data train the ml model and deploy it we will need to import some libraries and Define a few environment variables in the Jupiter notebook environment so I would be copying this code which you can see that would try to import numai pandas these are all requ to run the python syntax so just copy this code and paste it into your notebook right so once you do that execute your code and here you can see that you get the output which is that it has imported all the necessary libraries that have been defined in the code now the next step is we would create an S3 bucket into the S3 service and for that you have to copy this python code just that you have to edit it so you have to specify this bucket name that you want to get created so here I would provide the bucket name which should be unique should not overlap so something like sagemaker Dash demo is the name that I have selected for the bucket and now you have to execute that code it says that the S3 bucket has been created successfully with the name s maker - demo 9876 so this is something which you can verify so you can go to the S3 service and there you can verify whether the bucket has been created or not now the next task is that we need to download the data to the A sagemaker instance and load it into the data frame and for that we have to follow this URL so from this URL which is build train deploy machine learning model would have a data in the form of bank uncore clean. CSV and this will be deployed onto our sagemaker instance we'll copy this code and paste it here and execute the code so it says that it has successfully downloaded bankor clean. CSV which is which has the data inside it and that has been loaded into the sagemaker data frame successfully now we have a data to build and train our machine learning model so what we are going to do we are going to shuffle the data and we are going to split it one into the training data set and the other one into test data set so for the training data set we are going to use 70% of the customers that are listed in the CSV file and 30% of the customers in the CSV file data we will be using it as a test data to train the model so we'll copy the following code into a new code cell and then we are going to run that code cell so I'll just copy it for training the data so that we can segregate the data model 70% for building the model and 30% for testing the data so click on run the execution and here you can see that we got the output successfully now we have to train the model from that data so how we are going to train that model and for that we'll use sagemaker pre-built XG boost model which is an algorithm so you will need to reformat the header and First Column of the training data and load the data from the s three bucket so what I'll do is I'll copy this syntax and paste it in the not shell so it has the train data it put train the model click on run execution now it is changing the S3 input class which will be renamed to training input because now we are training the model with the training data so we just have to wait for some time till it gets executed completely now the next thing is that we need to set up the amazon sagemaker session to create an instance of the XG boost model so here we are going to create this sagemaker session we are going to create an inst of the XT boost model which is an estimator so just copy that copy that code and paste it here execut it and here you can see that it will start it has uh basically changed the parameter image name to the image uncore URI in this stagemaker python SDK V2 now we'll follow the next step that is with the data loaded in the XT poost estimator we'll set up train the model using gradient optimization and uh we'll copy the following code and that would actually start the training of the model so copy this code and this would actually start training the model using our input data that we have reserved 70% of that data that we have reserved for training the model so just copy that again initiate the execution and it will start the training job now we'll deploy the model and for that I would copy the deploy code put that in the cell and execute it so it says parameter image will be renamed to image URI and using already existing model so XG boost was deployed already uh if you have not done that uh if you're doing it a first time so it will initiate another XT poost instance so where you can find your XT poost endpoints created you just have to scroll down and here under the inference uh click on the end points and you should find the XG boost end points defined here so here you can see that today I have uh created one XT boost uh endpoint and that is uh now in process of creating so just refresh it so it is uh still created is going to take some time to get that in service now our endpoint is uh in service state so now we can use it so going forward with the next steps uh we'll try to predict whether the customer in the test data enroll for the bank product or not for that we are going to copy this code put that in the Jupiter cell function and execute it so here it gives you the output that it has actually evaluated and the same output we got in the screenshot uh of the demo as well now we are going to evaluate the model performance so what we are going to do we are going to get the prediction done so based on the prediction we can conclude that you predicted a customer that will enroll for a certificate of deposit accurately for 90% of the customers in the test data with AE Precision of 65% for enrolled and 90% which are which haven't enroll for it so for that we are going to copy this code and execute it here in the cell so if it is predicted correctly that means our model is working absolutely fine so here you can say the overall classification rate is 89.5% and uh there is the accurate prediction that has been made by the model and that's what the output we can see here in the screenshot of a model so that means our model is absolutely working fine it has been built deployed and trained correctly now the next thing is that once you are done with that you terminate your resources and for that you just have to copy uh this code and put that in the cell function so that the additional resources and the end points and the buckets that have been created by the jupyter notepad should be uh terminated so that you would not be incurred with the extra costing so just execute it and here you would see that it is triy to it would try to terminate all the additional resources that we have created from the Jupiter today's tutorial is on AWS cloudfront let's look into what we have today in the cloudfront so what's in it for you we would be covering up the concept of what is AWS what was earlier uh before AWS cloudfront after AWS cloudfront what were the services that were introduce how it benefited what do we mean by AWS cloudfront benefits of the using AWS cloudfront and how AWS cloudfront actually is known as a Content delivery service the theme of the companies that are using AWS cloudfront and we would be covering up one live demo now AWS is the Amazon web services it's a cloud service provider that basically offers a multiple Services variety of services such as uh compute power database storage networking and other resources so that you can uh create your Solutions on the cloud and help the business grow now with AWS you only pay for whatever the services you use so for example if you're using a service for a couple of hours then you pay for only that many hours that you have use that service before AWS cloudfront so there is an example that we are going to talk and that is uh you must be aware of an application called Spotify so when you used to access Spotify and uh when you click on it it kept on loading and at the end you used to get the error and the error was that the connection failed and why you received that error because of a latency issue probably a network error right so how you can solve these kind of a latency issues and that is also going to these kind of an issues are also going to impact the performance of an application so with the introduction of AWS cloudfront this problem of loading the application got resolved so after AWS cloudfront with the help of AWS cloudfront Spotify gives the facility of updating new features to access to million songs that you can access instantly so with the use of AWS cloudfront or the latency issues were solved and successfully you can basically access your application now what we mean by AWS cloudfront so AWS cloudfront is a globally distributed Network that is offered by AWS Amazon web services which securely delivers content to the end users across any geography with a higher transfer speed and an improve or a low latency now what are the benefits of AWS cloudfront there are multiple benefits one is the cost effective so it helps you to do the cost optimiz ization when you use the cloud front it is time saving so it is implemented easily and also lot of issues with respect to accessing the application uh with respect to latency and all can be resolved content privacy so the content is placed to the end users and also to the cloudfront servers in a secured manner in a secured way it is highly programmable and you can make the changes amend the changes on the Fly and you can Target any location any geography across the globe along with that it helps you to get the content deliver quickly now how AWS cloudfront delivers the content let's look into the architecture so this is a flow and the flow is with respect to how the user is going to get a content from the cloudfront Now The Client First access a website by typing a URL on the browser and in the step one it tries to access the application then the client requests when the website is open the client request for an object to download such as for example a particular file now at that time the DNS routes user request to download that file to AWS cloudfront the AWS Cloud front connects to the nearest Edge locations Edge locations are basically the servers where it caches the files documents and the web codes AWS cloudfront connects to its nearest Edge location in order to serve the user the request at Edge location AWS cloudfront looks for its requested cach file once the file is found let's say if the file is available in the C of an edge location AWS cloudfront then sends the file to the user otherwise if the file is not found in the C memory of an edge location ews cloudfront compares the requirement with the specification and share it with a respected server that means a web server or a server where the file is actually available the server the web server responds to the edge location by sending the file back to the cloudfront edge location and then as soon as the AWS cloudfront receives the file it shares with the client also adds the file to the C of an edge location for a future reference this is how the flow of a cloudfront is now the name of the companies that are using the AWS cloudfront so one of them is go7 app which is which is a very popular app so it uses Amazon cloudfront to deliver 15 paby of audio and video to its subscribers globally which is a huge data Sky News uh it uses the service in order to unify the content for faster distribution to subscribers or the Discovery Communications uh also uses the cloud front it uses the service for delivering API static asset and also the dynamic content and then uh the TV1 EU streaming Europe is basically also uses uh the cloud fromont service that helps in improving latency and performance that results in fastest delivery of content now let's look into the demo how to use cloudfront to serve private S3 bucket as a web website now I'm going to run a cloudfront distribution demo on the AWS console and uh we'll basically try to deliver the content from a private S3 bucket and then map that with the domain name using the Route 53 service so what we need for this demo we would need a domain URL we would need uh Route 53 service we would need Cloud front uh we have to create a out front distribution and that will be linked with our S3 bucket the private S3 bucket right and in the S3 bucket we would have uh one HTML file the index.html file so let's uh move into AWS console so right now I have opened up the cloudfront distribution and here you can see uh that couple of distributions have already been created so what I'm going to do I'm going to create a distribution now there are two types of delivery method for for your content one is the web distribution and the other one is rtmp rtmp stands for Real Time audio or video distribution it's basically used for distribution of a media content or a media file which are available in the S3 bucket here we are going to select a web distribution because primarily we will be using files which uses protocols HTTP or the https so you have to click on get started and in the origin domain name you have to specify the bucket where your code is available so I have a bucket already created here you can do is you have to create a bucket with the URL name or the domain name which you would be mapping with the Route 53 service so this is a bucket that has already been created let me show you in a new tab so here you have to go to the storage under the storage uh you have to select the S3 bucket let's open the link in the new tab and let's look into uh how we can create the S3 buckets now here are a couple of buckets already created I have created one bucket with the domain name that I'm going to use and map it with the roote 53 service so that is uh basically map to a region which is in Ohio and if you open up this bucket here you will find an HTML web page the index.html has been already added right so similarly you have to create a bucket with a domain and an index.html page needs to be uploaded there now again we'll go to the cloud front we'll try to create a distribution just have to click on create distribution select a web delivery method select An Origin domain which is sunshine learning. in and origin path you don't have to specify origin ID is this one so basically when you define An Origin domain name automatically the origin ID appears you can customize this origin ID as per your requirement also so rest of the things primarily we keep it as a default settings only until and unless if we require some customized settings to be done so let's say if you have to change the C Behavior settings you can do that otherwise we'll keep it as default now in the distribution setting uh you can either select use all Edge locations for the best performance so what does AWS uh basically do here it uses all the age locations um which are associated with the AWS across the globe otherwise you can specify based on the regions also right apart from that if you want to enable file firewalls or the access control list you can specify here and then um what you need to do is in the default root object here you have to specify your index.html page which is in the S3 bucket the distribution state has to be enabled and if you want to use IP version 6 as well you need to enable it click on create distribution now you you can see here a distribution has been created it's in progress and it is enabled and it takes around 15 to 20 minutes to get that distribution completed the reason is that the web codes the web pages will be distributed across all the age locations across the globe so hence it takes time to get that done right let's move on to root 53 service and uh let's create the hosted zones so so we'll type root 53 here scalable DNS and domain name registration and what we are going to do here is we are going to map our URL the domains um pointed to the name servers that will be provided by the roote 53 so we have to create a hosted Zone let's wait for it so now the root 53 dashboard is open and uh you can see one hosted zone is already created so just click on the hosted zones and in order to point the traffic from the external domains towards the AWS you have to first point the domains traffic to the uh hosted Zone in the Route 53 so I'll click on create hosted Zone but before that I will first delete the existing one and then I'll uh create another record Another hosted zone right put your domain name let's say I put as sunshine learning. in and it is acting as a public hosted Zone rest of the things will be default click on create hosted zone now it gives you forone name servers and these phone name servers has to be updated in the domain so you have to update these name servers in a platform from where you have purchased the domain right so this is half of the work done then what you need to do is you have to go and create records now in the records you can select a routing policy so right now what we are targeting we are targeting basically that the traffic from the domain should be pointed directly towards the cloudfront distribution hence we are going with a simple routing right now click on next here you have to specify the record sets so we are going to create the records uh just click on defiled simple record put here as worldwide web and you have to select an endpoint so endpoint we are selecting for the cloudfront distribution so we have to specify alas for the cloudfront distribution now here we are going to put uh the cloudfront distribution URL and then we are going to define the simple record set so what we need is we need a cloudfront distribution URL which you can find it uh from the cloudfront service itself and uh you can find uh the domain name here itself you just have to copy that and then paste it here in the distribution and then just uh click on Define simple records again click on create records and here you can see the record set has been updated now this domain is basically pointed towards these name servers which are further pointed towards the cloudfront distribution right now the only thing which is left is that within the domain from wherever you have purchased the domain you should update these phone name servers and then you can see the live traffic coming on this domain will have an output from the cloudfront distribution today's topic is on AWS Auto scaling so this is Akil I would be taking up a tutorial on the auto scaling let's begin with our tutorial and let's look into what we have in today's uh session so I would be covering up why we require AWS autoscaling uh what is AWS Auto scaling what are the benefits uh of uh using the scaling service how these autoscaling works the different scaling plans we have uh what is the differ between the snapshot and the Ami what is a load balancer and how many types of load balancers we have and along with that I would be covering up a real life demo on the AWS let's begin with why we require AWS Autos scaling now before AWS Cloud scaling there was a question in the mind of Enterprises that uh they were spending a lot of uh money on the purchase of the infrastructure if they have to set up some kind of a solution so they have to purchase an infrastructure and onetime cost was required so that was a burden for them in terms of procuring a server Hardware software and then having a team of experts to manage all those infrastructure so they used to think that no longer they require these resources uh if there was a cost efficient solution for their project that was the project manager used to think now after the AWS Cloud scaling that was introduced uh automatically the auto scaling maintains the application performance Performance Based on the user requirements at the lowest possible price so what does the auto scaling does is that whenever there is a scalability require it manages it automatically and hence the cost optimization became possible now what is AWS Autos scaling let's look into deep so AWS Autos scaling is a service that helps users to monitor their applications and the servers and automatically adjust the capacity of uh their infrastructure to maintain the steadiness so they can increase the capacity they can even decrease the capacity also for the cost optimization and also predictable performance at the lowest possible cost now what are the benefits of autoscaling it gave the better fall tolerance applications uh you can get the servers created and you can have a clone copy of the servers so that you don't have to deploy the applications again and again better cost management because uh the scalability is decided by the AWS automatically based on some threshold parameters it was a reliable uh service and uh whenever the scaling is created or initiated you can get the notifications uh onto your mail IDs or to your cell phones uh scalability as I mentioned uh is always there in the auto scaling it can scale up it can scale down as well and it has the flexibility the flexibility in terms of whenever you want to schedule it if you want to stop it if you want to keep size of the servers at a fixed number uh you can always make the changes on the Fly and the better availability now with the use of the Autos scaling we come around with uh the terminology called snapshot and the Ami let's look into the difference between the snapshots and the Ami uh snapshots versus Ami uh so in a company there was one of the employee that was facing an issue with launching the virtual machines so he asked his colleague a question is it possible to launch multiple virtual machines with a minimum amount of time because it takes a lot of time in terms of creating the virtual machines the other colleague said that yes it is possible to launch multiple ec2 instance and that can be done at a lesser time and with the same configuration and this can be done either you use a snapshot or the Ami on the AWS then the colleague said that what are the differences between the snapshot and Ami uh let's look into the difference now the snapshots basically kind of a backup of a single EVS volume which is just like a virtual hard drive that is attached to the ec2 instance whereas the Ami it is basically used as a backup of an ec2 instance only the snapshots opts for this when the instance contain multiple static EVS volume when you opt for the snapshot whenever the instance contains multiple static EVS volumes Ami this is widely used to replace the failed uh ec2 instance in the snapshots here you pay only for the storage of the modified data whereas uh with the Ami you pay only for the storage that you use uh the snapshots are non- bootable images on EVS volume whereas Ami are bootable images on the ec2 instance however creating an Ami image will also create the EVS snapshots now how does AWS Auto scaling work let's look into it so for the AWS Auto scaling to work you have to configure single unified scaling policy for application resource and this scaling policy with that you can explore the applications also and then select the service you want to scale also for the optimization select do you want to optimize cost or do you want to optimize the performance and then keep track of scaling by monitoring or getting the notifications now what are the different scaling plans we have so in the auto scaling a scaling plan basically helps a user to configure a set of instructions for scaling based on the particular software requirement the scaling strategy basically guides the service of AWS autoscaling on how to optimize resources in an particular application so it's basically uh kind of uh the parameters that you set it up so that how the resource optimization can be achieved in the Autos scaling uh with the scaling strategies users can create their own strategy based on their required metrics and thresholds and this can be changed on the fly as well what are the two types of scaling policies we have so they are basically Dynamic scaling and the predictive scaling uh now what is dynamic scaling uh it basically guides the service of AWS Autos scaling on how to optimize the resources and it is helpful in optimizing resources for availability and particular price now with scaling strategies users can create their plan based on the required metrics and thresholds so a metric can be like let's say a network in network out or it can be a CPU utilization memory utilization likewise now in the predictive scaling its objective is to predict future workload based on daily and weekly Trends and regular forecast future network traffic so it is kind of a a forecast that happens based on the previous past experiences it uses a machine learning technique for analyzing that Network graphic and this scaling is like how weather forecast works right it provides schedule scaling actions to ensure the resource capacity is available for application requirement now with the auto scaling you would need the load balancers also because if there are multiple instances that are created then you would need a load balancer to distribute uh the load to those instances so let's understand what do we mean by a load balancer a load balancer basically acts as a reverse proxy and it is responsible for Distributing the network or the application traffic across multiple servers with the help of a load balancer you can achieve a reliability you can achieve a fault tolerance of an application that is basically it increases the fault tolerance and the reliability so for example when there is a high Network traffic that is coming to your application and if that much traffic comes to your application to the instances your instances May crash so how you can avoid that situation so you need to manage the network traffic that is coming to your instances and that can be done with the load balancer so thanks to the AWS load balancers which helps in distributing Network traffic across backend servers in a way that it increases performance of an application here in the image you can see the traffic coming from a different resources Landing onto the ec2 instance and the load balancer is actually Distributing that traffic to all the three instances hence managing the network traffic quite properly now what are the types of load balancers we have there are three types of load balancers on the AWS one is the classic load balancer second is the application load balancer and the third one is the network load balancer let's look into what we have in the classic load balancer so the classic load balancer is the most basic form of load balancing and uh we call it as a primitive load balancer also and it is widely used for the ec2 instances it is based on the IP address and the TCP port and it routes Network traffic between end users as well as in between the backend servers and it does not support host based routing and it results in low efficiency of resources let's look into what we have in the application load balancer uh this is one of the advanced forms of load balancing it performs the task on the application Level in the OSI model uh it is used when there are HTTP and http s traffic routing is required and also it supports the host based and path based routing and performs well with the microservices or the backend applications the network load balancer performs the task at layer four of the connection level in The OSI model uh the prime role of the network load balancer is to Route the TCP traffic and it can manage a massive amount of traffic and is also suitable to manage the low latencies let's look into the demo uh and see how practically we can create the auto scale hi guys let's look into the demo for how we can create an auto scaling on the AWS console so right now I'm logged in into the AWS console and I am in the Mumbai region uh what you need to do is you have to go to the compute section and under that click on the E2 service let's wait for the E2 service to come now just scroll down and under the load balancing uh there is an option called autoc scaling so there first you have to create a launch configuration and then after that you have to create the Autos scaling groups so click on launch configuration and then you have to click on create launch configurations so click on create launch configuration now this launch configuration is basically uh the set of parameters that you define while launching and auto scaling so that this uniformity is maintained with all the instances so that includes let's say if you select a Windows Os or a Linux OS that particular type of an operating system will be implemented in all the instances that will be part of an Autos scaling so there are certain set of parameters that we have to specify during the launch configuration so that we can have a uniformity in terms of launching the servers so here uh I would select an Amazon lenux Ami and then I would select the type of a server which will be t2. micro click on configure details put the name to the launch configuration let's say we put it as a demo and uh the rest of the things we'll keep it default click on add storage U since it's a Linux Ami we can go with the 8GB storage that should be fine click on configure Security Group uh let's create a new Security Group which has the SSH Port open and that is open for anywhere which is uh basically Source IP V4 and IP V6 IPS any IP will be able to access that click on review uh just review your launch configuration if you want to make changes you can do that otherwise uh click on create a launch configuration uh you would need the key pair and this key pair will be a unique key pair which will be used with all the instances that are part of the Autos scaling group so we can select an existing key pair if you have that otherwise you can and create a new key pair uh so I have an existing key pair I'll go with that acknowledge it and click on create launch now we have successfully uh launched the configuration of an autoscaling the next thing is to create an autoscaling group so click on create an autoscaling group using this launch configuration uh put a group name let's say we put something like test and the group size to start with uh it says one instance so that means at least a single instance will always be running and it will be initiated and running 24 cross 7 till the auto scaling is available you can increase the size of the minimum base instances Also let's say you can change it to two also so you would get at least two servers running all the time so we'll go with the one instance uh the network would be the VPC default and uh in the VPC that particular region we can uh select the availability zones so let's say if I select availability Zone 1 a and then availability Zone 1B so how the instances will be launched so one instance will be launched in 1 a the other one in the 1B the third one in the 1 a fourth one in the 1B likewise it will uh be equally spreaded among the availability zones next part is to configure the sailing policies so click on it uh if you want to keep this group at its initial size let's say if you want to go with only a single instance or two instances and you don't want the scaling to progress you can put it keep this group at its initial size so this is basically a way to Halt the scaling but we'll use the scaling policies to adjust the capacity of this group so click on it and we would scale between let's say minimum one instance that we have and we scale it between one to four instances and uh what condition on what basis these instances will be scaled up or scaled down would be defined in the scale group group size so the scaling policies you can Implement uh based on a scale group size or using the simple scaling policies using the steps so in the scale group size uh you have uh certain metrics uh you can use average CP utilization you can define a metric related to average Network in average Network out or the load balancer request counts per Target and if you create the simple scaling policies using steps then you need to create the alarms and there you can get some more metrics that you can add up as a parameter for the autoscaling let's go with the scaling group size uh let's go with a metric type as average CPU utilization and the target value here you have to specify what would be the threshold that when the instance CP utilization is crossed then a new instance should be initiated so you can put a reasonable threshold for that let's say we put something like 85% and whenever the instance CP utilization is crossed 85 % threshold you will see that there will be a new instance created let's go to the next uh configure notifications and here you can add notifications uh so let's say if there is a new instance that is initiated and you want to basically be notified so you can get notifications over your email IDs or you can get it on the cell phones so for that for adding the notification you would need the SNS service that is called as a simple notification service and um you have to create a topic there you have to subscribe for the topic using your email ID and then you should get the notifications uh click on configure tags uh the tags are not mandatory you can basically put a tag let's say if you want to identify the instance or purpose it was created otherwise you can leave it blank also click on review and uh review your scaling policies notification tags as well as the scaling group details click on create a scaling group and and here you go your scaling has been launched click on close and you should get at least a single instance initiated automatically by the autoscaling so let's wait for the details to appear so here you can see our launch configuration name demo Auto scaling group name test minimum instance we want one the maximum instances we want four we have selected two availability zones AP South 1 a AP South 1B and uh the instance one has been initiated and if you want to verify where exactly this instance has been initiated just click on the instances here and here you will see that uh our single instance has been initiated that is in service and that has been initiated in AB South 1 B now once the threshold of this instance crosses 85% that is what we have defined in the scaling policies then you should see that another instance will be initiated so likewise uh this is basically uh I have created steps to initiate a scaling policy that means to increase the number of servers whenever the threshold crosses likewise here itself you can add another policy to scale down the resources in case if the CPU utilization goes to a normal value hello folks welcome to yet another exciting video from Simply learn are you ready to unlock the doors to a thriving career in cloud computing the job market for AWS is booming and companies are on look out for talented individuals like you AWS holds a significant 32% share in cloud computing job listings making it the gold to choice for many businesses what makes AWS so appealing well it's known for its cost Effectiveness scalability and Rock Solid security features however to stand out and succeed in the job market it's essential to be fully prepared to aise those interviews in this video we have compiled the top 20 AWS interview questions that will not only sharpen your knowledge but also boost your confidence when facing those crucial interviews as a bonus in this video along with the top 20 frequently asked questions we will also cover five questions based on case studies that you can definitely expect in your AWS interview so the first question is what is AWS and what are its key components a WS or Amazon web services is a cloud computing platform offered by Amazon it provides a wide range of services like computing power storage options and networking capabilities key components include ec2 elastic computer Cloud for virtual servers S3 or simple storage service for scalable storage RDS relational database service for managed databases and am identity and access management for security you can also Imagine AWS like a huge toolbox which has everything you need to build and run your applications without worrying about infrastructure you have ec2 which is like the section for renting virtual computers S3 for storing your file securely RDS for managing databases and I am for controlling who can access what now what is the difference between ec2 and S3 ec2 provides resizable compute capacity in the cloud allowing you to run applications S3 are simple storage service on the other hand is storage for the internet E2 is like having a computer in the cloud while S3 is more like having a hard drive in the cloud where you can store files think of E2 as a rented computer in the cloud you can install software run applications and do pretty much anything you do on a regular computer now S3 on the other hand is more like a giant external hard drive you can store all your finds there like images videos or backups and access them from anywhere on the internet now let's move on to the third question explain the concept of elastic loan balancing or elb now elb automatically distributes incoming application traffic across multiple targets such as ec2 instances containers and IP addresses to ensure no single resources is overwhelmed elb is like having a traffic manager for your website or application it automatically spreads incoming visitors or requests across multiple servers so that no single server gets overwhelmed it's like having a multiple cash registers open at a store during rush off let's move on to the next question what is Autos scaling in AWS Auto scaling automatically addresss the number of ec2 instances in a group based on demand it helps maintain application availability and allows you to only pay for the resources you actually need so Autos scaling is like having a magical elastic band around your servers when there's a sudden spike in traffic to your website or application autoscaling automatically adds more servers to handle the load and when the traffic slows down it removes those extra servers so you don't waste money on unused resources now describe the difference between I am users groups and roles I am users are individuals within your AWS account where groups are collections of users roles are similar to users but they are meant to be assumed by other AWS services or users for specific tasks okay in imagine you the boss of your AWS account I am users are like your employees they can log in and do stuff but only what you allow them to groups select teams of users with similar permissions and roles are like special hats that users or even other services can wear to do specific tasks now the sixth question is what is Amazon RDS Amazon RDS a relational database service is a managed relational database service that makes it easier to set up operate and scale a relational database in the cloud Amazon RDS is like having a personal database expert on the call it takes care of all the basic details of setting up operating and scaling a relational database like my SQL or personally SQL so you can focus on building your app instead of worrying about database management now explain the difference between Amazon RDS and Amazon Dynamo DB RDS is for relational databases and SQL Server while Dynamo DB is a fully managed nosql database service provided by AWS RDS is like a traditional database with tables rows and SQL queries while Dynamo DB is more like a super fast super flexible storage system for all kinds of data from simple text to complex Json documents it's like comparing a filling cabinet to a magic box that can hold anything you throw at it now what is Amazon VPC Amazon VPC or Amazon virtual private cloud is like having your own private corner of the AWS Cloud it's a virtual Network that you can set up and customize to keep your resources isolated and secure think of it as creating your own little neighborhood within the vast city of AWS now what is the difference between public and private Subnet in Amazon VPC imagine public subnets are houses with doors facing the street they're directly accessible from the internet private subnets on the other hand areow houses with backyard entrances they're shielded from direct internet access making them perfect for storing sensitive data or running internal Services moving on to the 10th question how does cloud front work and what are its benefits cloudfront is like having a network of delivery trucks all around the world ready to bring your content closer to your users when someone requests a file from your website or application Cloud friend finds the nearest delivery truck or Edge location and serves the file from there reducing latency and speeding up the overall experience for your users now what is the difference between Amazon S3 and EBS Amazon S3 is a giant storage locker in the cloud where you can dump all your files and they'll be safe and accessible from anywhere ABS on the other hand is more like renting a hard drive that you can attach to your virtual server you can install your operating system and applications on it just like you would do on a regular computer now the next question explain the difference between the Stop and terminate actions in e when you stop an ec2 instance it's like putting your computer to sleep all the data and settings are Sav and you can start it back up later without losing anything but when you terminate an instance it's like shutting down your computer and throwing it away you lose everything and you can't bring it back now what is AWS Lambda and how does it work AWS Lambda is like having a team of tiny workers waiting in the cloud to execute your code whenever you need them you just upload your code to Lambda Define when you want it to run and Lambda takes care of everything else scaling monitoring and billing you only for the computer time you actually use so let's move on to the next question how do you secure your data addressed in AWS think of securing your data address like locking it in a safe AWS offers various encryption options to keep your data safe from crying eyes whether it's stored in S3 buckets databases like RDS or even on your EBS volumes you can use AWS managed encryption keys or bring your own keys for added security moving on what is cloud formation and how does it work cloud formation is like having a blueprint for your entire AWS infrastructure instead of manually setting up each resource you define everything you need in a template file using simple Json or yl syntax then with a single click cloud formation creates and configures all the resources for you saving your time and ensuring consistency now the next question explain the differences between Amazon S3 EBS and EFS Amazon S3 is a versatile storage solution for the files of all types accessible from anywhere EBS or elastic Block store is more like a traditional hard drive attached to a single EC to instance perfect for storing data that requires low latency access now EFS or elastic file system on the other hand is like a shared network drive that multiple ec2 instances can access simultaneously making it ideal for shared file storage across multiple instances now what is Amazon sqs and how does it work Amazon sqs or Amazon simple Q Service is like having a virtual cue for your messages in the cloud when one part of your application sends a message sqs holds on to it until another part of your application is ready to receive and process it it helps decouple different components of your system making the more resilient and scalable yeah now the next question is what is the difference between Amazon S3 and glacia Amazon S3 is like having a storage locker where you can quickly access your files whenever you need them glacia on the other hand is more like putting your files in Cold Storage it's cheaper but slower to retrieve it's perfect for data that you don't need to access frequently but still want to keep for archival purposes now what is AWS elastic bean stock you can relate AWS elastic be stock to a personal chef who takes care of all the cooking and serving while you focus on enjoying your meal so it automates the deployment and management of your web applications handling all the heavy lifting of provisioning servers load balancing and scaling so you can just upload your code and let elastic beam stop take care of the rest now coming to the last question on our list how do you monitor AWS resources and services monitoring AWS resources can be explained as having a dashboard that shows you how your applications and services are performing in real time Aus offers various monitoring tools like Cloud watch which collects and tracks metrics logs and events from your resources an AWS trusted advisor which provides recommendations for optimizing your AWS environment based on best practices and cost efficiency and that wraps up are rundown of the top 20 AWS interview questions but wait let's have a look at those five bonus questions now number one you are setting up a website for a small shop using AWS how would you choose the right AWS tools to make sure the website stays fast and reliable whether there are only a few visitors or a lot of people shopping at once during a big sale your second question imagine you are like a tech detective investigating why a websites databas is slow for a busy online shop how would you use AWS tools to find out what's causing the problem and make the database super fast again number three as the hero for a startup your mission is to control their AWS costs while still allowing them to grow how would you do this making sure they can expand without spending too much money or slowing down their operations now your fourth question a nonprofit organization needs help migrating their data to AWS what steps would you take to ensure a smooth transition considering their limited budget and Technical expertise and the last question we have a startup wants to store their customer data securely on AWS how would you recommend they do this considering both cost and security as we wrap up the AWS full course by simply learn Paving the way for a rewarding career as an aw solution architect with demand and salaries on the rise in 2024 you are now ready to seize New Opportunities and make your mark in the cloud computing world thank you for watching this video staying ahead in your career requires continuous learning and upskilling whether you're a student aiming to learn today's top skills or a working professional looking to advance your career we've got you covered explore our impressive catalog of certification programs in cuttingedge domains including data science cloud computing cyber security AI machine learning or digital marketing designed in collaboration with leading universities and top corporations and delivered by industry experts choose any of our programs and set yourself on the path to Career Success click the link in the description to know [Music] more hi there if you like this video subscribe to the simply learn YouTube channel and click here to watch similar videos to nerd up and get certified click here