what we've already talked about so in the template we Define all the logical resources for our cloud formation stack and we use this template to create a stack and this tack intends provisions inions all the actual or physical remote resources in AWS account so for today the goal of today is if you remember when we started looking at the template from last week we were hardcoding and putting all the values for arguments in our uh resources inside our template so we made the template um known portable by doing that so today we want to improve on that by uh trying to make templates we create templates we use portable okay any question yes bro yep yes who what the question I think he was agreeing with you great okay the goal for pable the pability is what I was uh can you just just explain that again that last part please so if you remember when we were creating our template last week or when we started cloud formation we defined resource resources right and for example a in know template the section for resources and in here we Define The Logical name for ec2 and this ec2 had properties and an example property could be what um Ami um instance type and these properties we give them values right correct we give them values and these values we passing it directly inside our template for example the Ami ID that we copied from from the console and is to type for example T2 micro right so imagine that that we created this template and MAA has this template yes else question for me your hand is raised is there a question BR he said uh he was asking you to unmute him to what he sent on in the message he's telling you to unmute him he's new in the class he's just joining today I know take the message he said it on the in the message to unmute him doesn't look M though he's m so please just lock lock out and and rejoin so imagine that we have different projects or different users that are trying to use our template then because we've already had coded this value the Ami ID instance type it makes it little bit difficult for let's say we have different cases we have a development environment we have a production environment right and the production environment needs a bigger instance let's say 33. large by instance type and we also want to deploy this um in a different region okay so the Ami ID which we've had coded in here Will not be available in an region which is which um basically the Ami IDs for each two instances are different for different regions so because we had coded Ami from a specific region for example us east1 if we move this template and we want to deploy it in Ohio region then we have a problem so because of that this template is generally referred to as it's non-portable so in order to increase or to make our template generic in order to make our template generic or portable then we will parameterize most of our values all right okay we parameterize most of the values for the resource argument good I'm with you so for today I want us to we've started looking at these templates creating resources in the template but we do not discuss the template an anatomy so we'll look at the template Anatomy basically we want to look at the different sections in the cloud formation template then we would look at some build in functions in cloud formation that greatly help us to parameterize or uh parameterize our our uh cloud formation templates to increase the portability okay so you have some build-in functions any idea um or contact with with with um Tita yeah that's true he's not been here for a while we haven't seen him in a couple of sessions um when we meet uh PR privately as a small group I think we should try to reach out with him after this after this um today we should have his phone number as so we can call Great it might be easier because I'm in Germany I can easily ping him so we will look at the template the different sections of our template sorry for the interjection let's just go ahead we'll talk about this during a break and we'll look at some of the buil-in functions that would help us to parameterize of templates and increase the portability of whatever template that we are trying to create okay so this build-in functions are U generally refer to as um intrinsic functions there some in intrinsic cloud formation functions this what we call Studio parameters and obviously um the parameters which we declare which um I would say custom because we are declaring them and defining them as we want any question so far just snip it please don't worry don't worry about snipping you'll see everything again okay great can go back to the one before this one when you explain portable um possibility just wanted to take it no the one before this one see here that hard coding so hard coding these values make the templates non portable because of hard coding values had coded values thank you is this concept clear the problem with this template problem with the hard coding because we've hardcoded it makes it very difficult to um use the template for different use cases okay yeah great Prof the analogy will probably be using variables right in terraform the analogy is exactly it's variables in terraform so in Terra form you call them variables in um uh cloud formation is called par okay so inter form your variable liing however you want to put it but here we are parameterizing okay so before we get to uh um parameters and parameterizing our functions and making them poble let's look at uh so I want us to just look at skeleton of cation template template sections basically I think I thought I could see diagr for it basically so our cloud formation template has different sections so in our section you have we already talked about you have the um template format f give me a minute I share a different screen so you see this writing it down I think you had it open just now yeah I want to share um completely a different screen do you see my screen yes bro what do you see we see the templates I mean we see a template with the with the different sections great this larger please sure sure so these are the different sections of our cloud formation template so whenever you're creating a template you said uh I think there are nine of them 10 different sections of cloud formation template and of all the different sections in the cloud for cloud formation template the only required section is the resource section so if you're defining a cloud information template only required section is a resource resource the and you must declare at least one resource in the resources uh resource section of a cloud formation template so the template format version this is basically the version of the template which is cloud which the CL AWS service cloud formation is using at the time of you um um or creating your stack so if you omit this then ad Wills pass in that by default the description section of the cloud information template is where you can describe um uh the template what the template is all about what the template is creating for example if you're creating installing specific applications inside the specific use case of that template so basically so that somebody who is maintaining your template was picking up this template knows exactly what his name so this is also an optional section so the metadata section of the template is basically um a section that can be used to include additional information about your template okay and the parameters section which is what we want to look into today is where you define parameters for re which you going to declare in the resources section so the parameters or the resources section is where you define The Logical resources for your AWS for AWS and if like E2 like S3 like um Dynamo DB whatever resource you want to create in your R you declare that in the resources section and these resources section these resources as we saw before have what we call properties and these properties have values so properties like what we just saw it's to instance um ID uh is to instance AMR ID um keypads um volume types volume sizes and stuff like that those are the different uh attributes which need you to pass in values so we can either hard code which is not the best practice or you parameterize by passing those values needed for your template in the parameter section you'll see that great um Emma I don't know if I made you call good any question so far no no question sir good so and the the rules section is where you define rules to validate parameters passed in the parameters inter section for example I can decide that oh I want specific I Define a parameter or um database user or database password right and I'm going to use that parameter to create a database but I need the param the database password to conform to specific standards so to ensure that the password that whoever is using this template meets the standards then I would basically create a rule in the rule section and the rule section will be evaluated validate whatever parameter which you pass in the parameter section during your stack that it conforms to to this rule does it make sense yes Prof is it only for parameters in terms of set no that was an that that was that was an example but yeah what do you mean by is what only for parameters okay pardon is it um like um is it only to like Define the logic for the parameters to pass or the the arguments to pass you're you're def you're not defining the arguments in the rule section you're defining you're trying to validate it's mainly used for validating the parameters which you pass in the parameter section like I said let's use a use case of a database and you know that you know that database user unit for example um um what is it called um password and we want to ensure that the password that you're creating for this database should conf to certain standard nine characters 11 characters is it um Alan numeric is it having special characters and stuff like that that is the requirement for the I want to ensure that whatever password that you're passing to the database when you're creating it confirms to the rules so during your creation process you would decide that your password I guess you most of us have already face this with different systems that we are using online but the password the rule section the rules which will Define in the rule section we check that password which you're giving to ensure that it actually confirms to the requirements for the password make sense yes bro good so basically keep just keep in mind that you can use rules you can set rules in the rule section to validate parameters which um are passed during St creation okay so we also have condition section which if you remember doing we doing terraform we looked at conditioners so if you want to set a condition that oh um resource a or resource B should only be created on when um under certain conditions so either yes either either when the condition is true then create resource a when the coration is false then do not create resource a then we would set all those conditions in the condition section of the cloud information template yes yes yes Dr ters can you hear me he just needs I believe microphone his audio is working he needs to set up his microphone before joining properly whatever microphone he's using that's where the problem is yeah good and um we another section called transform this is where you you pass in something like cloud formation macros that's really advanced stuff and I'm not sure sure even look into it but macros is something like let's say to do some find and replace in our cloud formation template once before deploy it then we'll pass in those uh uh uh requirements in our micros in our transform section the name gives it away right so it basically transform um results based on the conditions or based on the um uh strings or based on [Music] whatever however you want it to be so if if if you for those are already um vers with if you have a bunch of string and I want to basically find all characters that let's say um the name Victor is the string and want that oh wherever I see Victor please all right I have to define a micro and put it in the transform section then once you want to deploy the stack cloud formation first of all evaluates the micros that in the M section um transform your template to make it um to update it to what you want it to be before rolling out the template okay so the analogy in this one is like when you're editing a Word document and you're using uh control F or is it yeah find something like that find and replace that's a good good good good um uh good basic example but you can use cloud information macros it's a very Advanced or very useful feature of cloud formation to do a lot of uh customizations and transformation for your entire template before you can deploy the stack okay great have no questions uh Prof what did you say the output section the map pin what the map pins I don't think I got the map and line 16 what did I say mappings are I don't think I got it I qu it so mappings the mapping section is basically another section of cloudformation template that you can Define your uh key value pairs okay that can be used to specify values that will be passed to resources in uh resource section so you can also use this to create uh uh uh values that will be used under certain condition in uh that will be used by resources in the parameters in the resources section under certain conditions okay most of these things as I'm saying them now you might not really um perceive them but I think we have a good example that would for this things to memory okay yes bro good so the output section just like in Cloud for sorry not Cloud just like in terraform if you remember when we discuss terraform we also discuss outputs that if you want to Output attributes from a specific resource for example I want VPC ID and I want um that the VPC ID should be available for other Stacks or other templates to use then we can define those things in the output sections okay so you can do a lot of things in the output section yes if you don't um um if you don't output any stuff it means you can't access it from a different stock you can access it from a different stock okay you can access it from a different stock so when you want to do it what we call cross tack referencing is very important the output section is very important also um you can also use the output section to output for example specific URLs or output public IPS of an of an is instance so that um uh users can basically get it and another thing about the output section is whatever output which you define in the output section is available on the cloud formation template so you will see an example if you define the output if you go to cloud formation Cloud information console if you remember you have what we call the stock events the resources there's a toab there for output so all those outputs would be available there you can easily go there and grab um whatever you outputed in your template directly from there make sense yes bro so again I like to do the analogy so the output Block in the terraform code typically does the same thing typically output block yeah exactly all right thanks so I guess you guys can see some similar uh similarities between um ter and clation ter and cloud formation exactly so now I want also discuss um those ining functions that are defined in cloud formation which you can use to basically improve the um portability of your the templates which you define okay you still see my screen yes bro it's still the same my great give me a second please so I want us to look at intrinsic functions so there are a bunch of intrinsic functions already defined them okay but I just want us to take a couple of U inst functions which you're going to face so me as you start looking at cloud formation templates so there are so many intrinsic functions we can just um pile look take a look from the documentation itself and you can see that you have um where the template reference intrin functions so these are the different intrin functions which you have R transform um cers condition for spine and all these but I want us to look at uh some of the um commonly used inct functions so that as you start looking at cloud formation templates that are parameterized and um with so many of this the things at least you understand what this is all about okay so yes um one of the common in function defined by cloud formation is the Bas 64 function so the B 64 function is a function if you remember when you want to when we're creating ec2 and um if you want to pass in user data into the is2 instance to bootstrap your instance during creation process then you need to encode ensure that that user data is B 64 encoded the console I'm very sure you do not take note but it's already there once you put your user data in the console and during the creation process AWS already B 64 in code start for you so however using IAC you have to ensure that this data which you're passing into your is2 instance or as user data property is B 64 encoded okay cider function uh FN FN cider is also an in function that returns an array of CER address blocks okay so if you can see um how what is the simp so this is the syntax of how you use this inst function so you pass the instrict function when you're doing I'm sure we all in the core knows when we talk about Side Up block you already know what I mean here right I do not have to yes bro is it this function the same as as a side sub and stuff like yeah the S Sub doesn't work the same subnet and some very similar we using it for the same purpose mind you they are trying to solve the same problem or trying to enable the same functionality but they are not exactly functioning the same okay so the function here this is basically your IP block which could be something like 10.0.0.0 sl24 and you're putting it a account and the count here how many subnets do do I do I want okay for example if I have my IP block if I have my IP block which is um yes 10.0.0.0 16 then I want four count of four and side a bit and I say I I want um side bits equals 4 and count equals 3 what this basically means that I want three I want this side of this function to split my the IP block which or the side side which I give it and add this bit so I'll have three four subnets with um four subnet with Slash what is it 24 2 ex exactly so have four subnets with SL 20 okay so the count basically tells me how many of how many subnets I want you want from the IP block which you're passing into the function any question so Prof how would you um differentiate the subnets whether private or public this is about the CER ranges you know this uh um we not at this point deciding which subnet is public remember that you're creating your subnet and that subnet needs a side and what makes that sub public is that there is an Internet G on the VPC and there's a rout on that subnet that goes internet gate so this making it public has nothing to do with our FN cidr here okay yeah so so Prof the the very last um one that say CER bits you said something about three I wasn't sure whether I got that I know the count was four to make it 20 20 but you said something about yes I I I I said three but I wrote four okay okay so the the CER bits that's the last uh you know the third part of that uh um square brackets where it say side yes what what does it do so basically it it adds yes okay I have I have a CER block with a prefix of yeah my prefix is um I tou iten thank you so I muted him so I have a CER block with um our slash what is it you see this so this is our prefix 16 yes and we are and we are saying that we want a count of four and side of bits of four so count of four means I need four Siders to be generated I didn't he I didn't hear Dr I want for Siders to be generated from the supplied IP block give me a second let me do with um U Dr tus can you hear me I I hold on me hold on can you hear me um are we okay with the count yes bro yeah I don't hear more I don't hear and the bits Victor yes I don't I don't hear anything I I hear the sorry I see the counts the counts fine it's a side up bits that I'm um I'm trying to figure out what it does in that yes give me this what I'm oh my God I mute him and this is what I'm getting to so the the side in this case we've said that the CER bits is four and this CER bit adds onto the initial CER nwork prefix okay that's how we are moving from um 16 i l when I touch the link the link is not open this is how we move from 16 to 20 so basically this is saying that for the IP which I've Side Up block which I've given you I want one four of them adding this CER bit in this case four to the original Network prefix okay so the original Network prefix 16 so it means that I will have four I want it to split this original netw prefix which is 10.0.0 16 and give me four different sides four different subnets with a new prefix of TN are we together Victor yes I'm I'm with you now so this 20 is coming from original 16 plus the four this four is coming from here four is coming from the count right four is coming from the CER bits count is just telling me how many of the subnets I want oh okay okay okay okay I'm with you now and the the reason I say this is that there's also another analogy with terraform my brain keeps going back that does it's another analogy with terraform I think it's called C sub or something but they bunch of them there so they're trying to solve exactly the same problem so you can see the use case here how it's used and uh if you look at this we have okay I don't want to get into this now because we've not talked about all this different um inic function so it might not make sense let's go ahead so that that will be for our side Inc function um Prof sorry to take you back can you elaborate a little bit on the base for 64 um function I didn't quite understand so the B 64 function basically converts if you remember when you're creating an E2 instance you're passing user data into that is2 instance right so that user data that you're passing into an is2 instance is not um passed during bootstrapping in plain text like if you say um jch student studying is2 or studying terraform if that's the data that you passing into your instance the OS doesn't interpret it in plain text like that the operating system the Kel of that operating system doesn't interpretting in PL text like that it needs to be B 64 encoded so on the console AWS already does that when you once you pass in that data okay AWS already does it but because you're using IAC now you have to ensure that that whatever information that you're passing as user data into um into your e instance is B 64 encoded and you can use the uh uh Bas for base you can use this function to ensure that that data is base 64 encoded okay we'll see we'll see an example of it I think next week find in the last class when we'll do um transformation helper scripts so look at like that and you see that right is that clear you understand the the use case of this yes yeah yes I want I wanted to say so the simple thing is usually I mean using the user data thing you talked about user data is usually written in Json right so something that is simple but you say you're saying that AWS will typically do the encoding in the back end for us so we don't really have to bother it happens autom user data is not usually J if you remember most times when you're passing user data they are B scripts right B scripts yes so but AWS takes that script and Basics and quotes it before it bootstraps that is to instance gotcha gotcha so that's the machine the so the machine can read it so the machine can understand it exactly all right thank you great so this is a side of sum they are condition functions I'm just going to pick a few and we touch because I guess you'll see a lot of this so this is um the fine in map function the what was Maps so this is an example of a map so you can see this is a snippet of our cloudformation template and this is the mapping section okay this is the mapping section this is the resources section and we are defining Maps here so we have defined the first map and the map is called region map and these are the different values of our map of our um uh region map okay but now in order for us to get the value which is which is defined in our find in map function which is defined in our map then we need to use the intrinsic function called find in map okay and this is the syntax of our intrinsic function you need to pass in the map name in this case our map name is region map you need to pass in the top level key this is the top level key and your second level key is the second level key what are we trying to achieve here EX for example we want to launch an E2 instance and we need the ec2 instance Ami then we can use the find in map function in this case to get this Ami I think it's high time I talk about the ref function which is give me a second I'll come back to this my find in map I want to uh start explaining these bir this is another intresting function which we've not covered so let's talk about it immediately function good so the ref intrinsic function um retains the value of any specified parameter or resource so once we Define parameters if you remember we said parameters are way that you can pass in values which you would use to pass or which you use for arguments in resources right yes Prof good for those that can please you put on your video so at least I can judge your facial expression and I know if this is sinking or not that would help me great so this ref function is very important because we can use the ref function we can use the r function to reference values which we've already defined in the parameter section if you remember for what is it terraform we we will say um bar dot what is it resource ID you remember ID so this would give us the value find in a variable called resource ID right okay does it make sense yes BR yeah are you sure yes yes good so that is for terraform so for cloud formation we use a ref function to re reference that value which we defined in the parameter so what that expression in ter form because in ter form you remember you would Define a variable and I said this variable is um called let me say instance ID which we all know get the value which I've defined in this in this variable then I would call it sa dot what is it instance ID and these would you're breaking up oh no not much but can you hear me hear you though so these once we do this inter Terra form this would reference the value which we defined in our variable called instance ID so that's terraform now in cloud formation we are not using variables we are using parameters we already established that fact and we want to reference the value which we defined in the parameter so this is just a very short snippet or small snippet the reference function can be used to reference values which we've defined in a parameter or attributes of logical resources or resources which we Define for example you you created a VPC right so in our Cloud information template in the resource section we defined a VPC when you create that VPC what happens on the console you have a VPC ID right yes yes BR good we can use the reference function to get that VPC ID of our VPC for example if I had um my resources section I go back to this example here I had my resources session this is cloud formation please so this is my template so I have my resources session let me try to make it clear enough so I have my resources section resources right and under the resource extension of our Cloud information template we Define a logical resource let me call this logical resource VPC remember this VPC logical resource has type and it has um other properties that in my need right now we've deployed this into our into our AWS account we've deployed this resource into our AWS account and it has created it has created a VPC once it create see what happens this VPC now has what we call a VPC ID do we all agree yes yes sir good I want to create another resource you Frozen now BR bro God can you hear me yes we can hear you now good so I want to create an E2 instance but this is2 instance needs a VPC yes so now I need another resource so I go back to my resources section I have um ec2 so let's assume that this ec2 has a property called subnet or whatever VPC I want to reference the VPC that that was created by the other resource then I can use the ref function and for these resource PPC does it make sense don't you specifically have to point to the VPC ID or the ref just automatically picks up the ID from the from the resource okay that's a very good question the um each resource will tell you what the ref function directly gets the ref function can for example in the VPC can get directly the VPC ID or what if there are multiple vpcs like even the default VPC and the others how would it differentiate the one you want to attach that e remember that these VPC which we are defining here is this logical VPC which we've already defined here so this is a name that we're bringing here this is The Logical name it's not the yes it's a logical name of that resource it's a big name okay so this is our logical name all right are we together what was your question again um I think you've answered it you said um um the each resource will tell us what the ref points to so I presume each resource each resource itself would tell us what rev do however not all attributes of that resource will be uh you can reference it using the ref function or ref interest ref inting ref in inic fun okay so for you to get all resources or other attributes of that resource there's what we call the get attributes function we'll look at that so sometimes is easy to just use the ref function but if the refed function is not actually getting me the the attributes which I need then there is another inting function called the get which you can use to get that specific attribute of that resource make sense yes yes it does um are there any default attributes that the ref function will um you know for sure it will get or is just every every resource every resource tells you what you would get for example this was our resource called template resources what E2 did you do E2 or it let me just do it this way is CL information is to this can you see that so you can see the return values if you see the return values here it's telling you that this ref function when you pass the logical ID of this resource to the interesting ref function ref ref the instance ID so the ref function in this case you can use it to get the instance ID but you can also use another instance function called the get attribute function which we're going to look at very soon to get other attributes of this instance and the return return values here can you see that top um top right return values which is highlighted what happened what the title The Written values can you see where written values yes bro yeah good so this written values tells you whatever attributes or whatever attributes of that resource are available you remember we we looked at the same thing for terraform right Victor yes yes yes I see that but I don't see exactly I don't see any values on the though maybe is that hidden you don't see any values here so the written values is here written values these are the different values it returns instance ID it returns private DNS name it returns private IP it returns public DNS name it returns public IP it returns VPC ID the ID of the VPC in which the instance is running so I can also use the this get attribute function in this case to even get the ID of the VPC in which this is2 instance is being launched does it make sense yes sir yeah you can drill down to the specific attribute then you can do it on through specific attributes so but for every resource it tells you what the ref function would get so if if you're using the red function if we defined a logical is to Resource and we reference it using the ref function gives us just the is to the logic it gives us the instance idea of the this is instance but if I want other attributes of the instance like the private DNA name the private IP the public DNA's name public IP VPC ID then I need to use the get attributes for which will interesting we look at now got you yes are we together yeah Prof can you just do a quick syntax how the ref should look like in the code this is exactly this is this is right don't when we go to the demo you see a lot of it inside good I think Dr chilos is still having a problem he is yes and I think Ado is trying to help him through the cell phone but um it has to do with the way he's configur I sent the link to him for him to log in on his desktop which he did now yeah so I don't know why he can't hear you if you look at this this is our syntax so this is the syntax how to use the ref function so this will be the syntax right so this is the Syntax for the rare function and yeah saying that okay for you remember cloud from is Json and yamama so this is the yamama syntax this the Json syntax so you can use the ref function and The Logical name The Logical name here will mean the the name which you define for whatever resource okay yes are we together yes sir I am 100% sir good so this is an example here let's look the Y the yam section of it in this case we are trying to create a resource so this would be our resource okay this will be a a resource on the resource section of our Cloud information template do we agree here this is just a snippet okay so these are just Snippets so this will be an e EIP so we want to create a resource called elastic IP and this is the type and these are the properties so it needs an instance ID it means that inside this cloud formation we've already defined another resource somewhere and The Logical name of that um instance is called my E2 instance do we agree yes sir yeah so in order to get that instance ID we use this ref function and that will give me the instance ID of my ec2 instance are we together yes okay got you so it's a bang ref in yo it's a bang no that's a short um short hand so they short everywhere not just you writing so this is the long form or this is the full form if you want to do it you do rep column col on The Logical name if you want to um remember how you call um yam is all about ination so you can still move the logical name uh next and you leave the the the top the top this will be the the the Amo indentation ah got you gotcha but this is the short form it's even written here so the short form you just do bank and you ref name okay so we use all forms inside our so you understand what is actually happening there's a there's a reason why I'm covering this because if you look at cloud formation templates there's there's no way you can create a portable cloudformation template without embedding all this 80 70% of this intrinsic functions in there okay this is very important good so that was the rep function so before moving to the ref function I was talking about the find in map so if we go back to our find in map function which return the corring value to keys in a twole map so if you can look at this this is the syntax again we using the find in map function and it needs the map name it needs the top level key it needs the second level key so this is our map okay this is our map and Let's ignore everything that's here here for now let's just ignore everything that is here and this is the only map that I want to consider uh consider this part want to reference my Ami so I'm creating a resource and I'm saying that this is the resource which I'm creating is an e to instance you pass the type then in the property section it needs an Ami ID and I'm saying that use the find in map function to find values in this map so if you look at the syntax here it says that I need the what do I need first map name map name so what is the map name of our map region map so this is the map name and the next thing I need is a top level key so this would be the top level key region no the US region so the the the top level key here is US east1 now there's also another thing yeah this this things are also up some uh interen there's something called this is what we call a Pudo function which you can use to get different regions AAL if we had our basically this evaluates to our us is one so I don't want us to the point here we talk about this ones we go to to to um pseudo functions pseudo parameters which are also another parameters that are defined by cloud formation okay so we'll look at them very soon okay is that clear yes yes so this evaluates to our second level key and we are still using the ref function you see why I decided we talk about the ref ref intrinsic function because it's almost everywhere so that you now you can understand what this is doing okay so this evaluates to the second level key it be us is1 does it make sense yes BR it does Prof can I phrase something just so for my understanding so a map just like find it in all the various uh times we're doing the I the map actually has a key and a value right sure but but in in some cases you can have uh several keys in well keys and sub keys and each of those each of those ke will then have values as well mhm right yes so if for example you wanted to reference the in this case uh H VM G2 that's the second line that second line which is a secondary key see there are two SEC second level Keys exactly you reference that second one instead of just just the first so basically I would just put hvm what is it here G2 uh where would you put it though oh gotcha gotcha all right I'm with you explicitly are we together so this will be first level key understand the G2 so what he's asking is if you look at this map this map that we considering look at the map that we want to consider this is the map so the the the the the map itself because we like parameters or like resources in the resources section each each resource has a name so this map here has a name called region map and the map has sub nested Maps inside and this is a key for the nested map and it also has what we call key value p so this will be our key do it this way these are the values so I want the value of a second key of this nested map so what am I doing what are we doing find in map function says it needs top level key which will be our map no it needs the top level key it needs the map name sorry begin so it needs the map name which will be our map name if you look at the usage here this would evaluate to our map name so region map here corresponds to our map name so this will be top level key yes so map name here will correspond to map name here will correspond to region map you see that yeah then the top level key top level key will correspond to this thing here like I said this is another what we call Studio parameters we'll talk about it very soon but these all evaluates to give you the region code so aw. region AWS col col region would evaluate to give you the region so if this was um us east1 region so he's going to evaluate to give me us east1 if this was in the what's orio us east2 yes2 so if this was us east2 then this thing here will evaluate to give me Us East 2 or if it was us West one then this will give me to if I'm deploying this stack in US West one then this will evalate to give me Us West one then is going to look for the value in the US West one map does it make sense yeah yeah yes so we trying to make it we're trying to make our cloud formation um template portable portable okay by not by not hard coding that thing right down in here and uh the second level key this second level key would correspond to our second level key here so which is this does it make sense I'm trying not to make it look a little bit or make it look too diry okay I think I got it now has a second line of that um of the of the of the key from the B from the map yes line okay so in this in this in this thing this would be my key name or this would be my this will be my map name this will be my top level key so I can use T LK and second level key will be my any of these with the second level key make sense yes makes sense any question EV no sir I'm I'm okay thank you I understand it thank you great for those that are off oh their cameras are off are we together this is very important okay we are not just I I'm taking time to go through the because you will find this almost everywhere when you start looking at cloud formation templates and once you're also creating cloud formation templates it comes in handy okay so that was for our find in map function and we can look at our get attribute function so the get attribute function is a function that rains the value of an attribute from a resource in a template so if you look at this we already defined we already defined this um we already defined this resource so this is our resource and the resource is called EB or my EB so the get attribute function says what's the syntax the syntax is you need the logical name of the resource which is the logic my EB and the attributes which we are looking for and this attribute which which you are looking for comes from the return values of that resource you remember we just looked at this a few minutes ago okay are we together yes bro yes sir good so that's pretty straightforward any question here or this is clear then I can move forward uh in the in the in the line of the code can you show me where it says get attribute okay I see it it's right at the bottom there in on the right hand side in the Y code yeah I see it okay so this our get attribute okay so the get attribute is getting attribute it needs what it needs The Logical name of the resource The Logical name of this resource is my EAB and it needs the attribute name so if you go to this resource AWS elastic load balancing colon colon load balancer you look at the return values there is a return return value called source security group do owner alas you will see this there so this corresponds to uh return values yeah so you can somebody can check and confirm that okay but it is there that I promise you 200% but that won't be the attribute name though because for the elb what the the attribute name um for the elb for example for the for the this is not this is not um um attribute name this is a a a my security ing group this is another resource and that resource has uh properties and the properties is Security Group Ingress example and this Security Group Ingress also has an argument called source security group owner ID it needs this value where is this value coming from this value could be getting uh you could get that value from um the EAB which you created by using the get attribute intrinsic function The Logical name of the EAB and the attribute name of that E from the return values of the E we'll see this I think we'll see examples in the C make more sense then action yeah you see that in action so the get AES this is also another very important is um logical resource which you can use and they get A's uh basically returns an area of that Leist the AES for a specified region so you can see that you give the get AES inter function and you specify the region that you want um to be okay however yes um me once you're using the get A's inic function you can pass in the region but because if we do not know the region we we can also use the thing which I already mentioned which are called uh parameters sudo parameters so you can use sudo parameters and the CIO parameters has something we call AWS colon colon I'm trying to write it be clear writing is not that good your writing is not a colon colon region and this would always evaluate so this would always evaluate to to the region where the stack is being deployed make sense so yes once you have to get a function and you have this empty string are you seeing this that's right so once you have this empty string a assumes that you're also calling this intrinsic function all right I was going to ask that question but you just answered it so it assumes that you're calling this inic function so it means that is going to be FN colon colon get A's colon AWS colon colon region does it make sense yes bro good I'm glad so the the other option to that thing you just said if if you actually inputed something into those double quotes it it will be an explicit um an if you put something in the quote it would work but for example I can put us E1 it would work then it's going to get me the a for us east1 but this decreases the portability of this template because if I move this template to us East US West too then we have a problem yeah got you but because I'm using this sodio parameter it means that if I deploy it wherever I deploy it it evaluates the current region where I'm deploying that stack and gives me that value understood call I don't seees I'm here you guys are very quiet are we together yeah your microphone just went F same using data in terap exactly the same like they using data so that's what dat is going to do for us but uh I will not say exactly the same data does a lot of things but data also do does this that's what we are doing here yeah okay yes sir great so the select function this is also another very good import fun intrin function the select function basically selects is given from the name right so the select function selects don't like that color the select fun function would select um a value from a list all right so you can pass the value of okay if I have a list if I say I have um a Leist say A B C D E F this is my list and this list has 1 2 3 4 five six six values and what is the index of of a zero Z exactly so it has index 0 1 2 3 4 5 and the select functions basically says I want to know the list so this list in this case this would be the list and I want to know the index of the value one so if I put my index of let's say three what would the select function give me from this list is D exactly Delta that's I'm fact sorry that's um that's straightforward okay yes BR good so you can also see the uh usage of it so let's see we are defining a parameter which we've already talked about so this is a good example so you see here they defining a parameter so they defining a parameter here so in the parameter section this is snippet so the parameter section defines our parameter can we pass it a key what can we pass it like a key um let's say like an actual object to a map Ian an object pass it like a key to retrieve the value I'm trying to you you're talking with the select function with a select function say we pass an object then um an object with a key to get a value from that if your value is in the map if your values are in a map not in a list then you use the find in map function okay oh find in map okay you use theine in map function interesting function to get those values in a map so if you have a list and you want this list and most likely this arrays then you can use the find the select function okay so yes ma Bas basically so this is an example of it so we've defined a parameter and the parameter is called uh DB sub IP blocks this are just Snippets that I got from the documentation itself I'm not inventing the wheel here and we are basically using it for um for example this is a commod delited list of three Siders so we have um index Z index one index 2 and we want to create a subnet so this is a a resource that creates a subnet and the subnet needs a CER block and we are seeing that go to the lease the DB which this is a lease right do we all agree yes those that do not agree say we do not agree so that I can convince you that list don't okay so we're saying that go to this list but how do we call the list we are now using again the ref function to refer to this list defined in the DB subnet parameters so this evaluates and brings me this list the value defined here and it picks um the value which is at index zero so it's going to give me what is it going to give me can somebody tell me not MAA not not not not Victor EV what is it going to give me what do I expect to be the value of this pleas I'm not putting you on the spot I just want to understand if you actually get it if you do not get me get it please repat your question um I'm actually having someone talking in my background that's why I'm quiet yeah saying that this is if you if you understood how the select function works the index I'm using select function here yeah and I want to use the select function to get a specific so that I can create so I can create my Subnet so the select function look at this the syntax it needs an index and in the list we using the ref ref function here we using the ref function here to refer to a list which we've defined inside the parameter section of our template okay so what do you expect this to evaluate to so the index is zero which is going to be um the first s 10.0.0 10 what 10.0.0 48.0 24 exactly exactly for everybody yeah yes bro yes pardon I just wanted to know why this is a list um because it doesn't have the square brackets and it looks like a string or maybe it's just y delimited I think maybe that's why come onited oh okay we together yes good that said I think that's the the other function is the sub function which you see a lot so the sub function basically substitute right so um if you look at it we have the sub function substitute whatever variable which we are inputting inside so for example this is whatever this is an example of variable that's a very simple example of the variable so this is another um again parameter this is another par Studio parameter and this studio parameter would always evaluate this will always evaluate to the stock name to what whatever name you give your stack during creation so this sud parameter will give me that stack name so I want to know the stack name want to evaluate it to this so I uh use the substitution function and the substitution function will will evaluate this so basically what happens is during run time this is evaluated first so AWS colon colon stack name evaluates and it gives me the stack name so let's say um Victor Cod that's stack during creation JJ take demo so change it means that the final string what what's going to be the final string [Music] exactly it's going to be in the SSH Security Group SS Security Group Four J demo make sense yes so basically it evaluated this variable which we have in here got the value and replace it if we saw something very similar um this uh thing in terraform how do we call it interpolation syntax remember I said that so many times yeah so Prof I mean I I think we're going to be switching our hats um often with terraform and this thing because there's there are very many s similarities just um you know they go about it slightly differently but it's the same thing more or less yes exactly so they are very similar they are trying to achieve the same thing but a little bit differently okay yes sir that's why they always say when once you know one programming language is becomes easier for you to pick up others because the concepts are almost the same you just need to know how um uh this guy decides to to call or call or pass their value it's the same thing with Cloud once you understand AWS very well it's easy for you to pick up gcpa pick up Azure Cloud the concepts are the same now um they will have different names and slightly different ways of doing things but networking is networking there's nobody that is going to invent the wheel they can decide to call their own in a different way but it is the same concept in the background that's why we always say please get the concepts not about just doing demos and having those results at the end once you get the concepts life becomes easier are we together yes sir any question good if no question then I want to look at Pudo parameters just touch a little bit of those Studio parameters and these are the different Studio parameters for terraform sorry cloud formation yes so these are the different Studio parameters so you have AWS colon colon account ID this will always evaluate to this will evaluate to give me the account ID this will evaluate to give me SSN is it SS SSN simple notification surface s s SNS SS NS SNS so this we the SSN uh topic ANS and this this is no value this is I'll skip this for now we'll talk about it later partitions um what I want you to take note of are basically the um account ID the uh region the stack ID and form any question you can look at those so basically what are pseudo parameters pseudo parameters are parameters that are predefined by cloud formation I already said that right so you just declare and use them in your cloud formation templ it's nothing for you to do as you as you declared custom parameters the parameters which you declare in the parameter section I I like to call them C parameters because you're defining it you the one is different from what I have in my template or different from what abdalah has in his template and Francesca has in her template and stuff like that so those are custom parameters the studio parameters standard and every cloud information template can then make use of those we together yes sir great any question if no question then um I think we can call it great oh can you send us that um note you have this is my one note does not have rules for not sharing right you get your one note to work like that though where you could expand it I mean because it looked like you clicked on something question pardon um does it allow us to pass the four values in cloud formation we get there yes the four values so now we want to create um new stack with parameters and in these parameters just like for cloud information if you remember for terraform um when you create the variable and in that variable if you do not pass a value to that variable once you do terraform plan then the CLI ask you for that value remember yes good that is exactly the same thing that's going to happen here so now we've defined parameters and we've just Define the type this is the only required um attribute for a parameter you cannot Define a parameter type and we we've not defined values for this parameter so these parameters Cloud information is going to ask for these values once we want to create our parameter so let's try to create a stack using this build infrastructure composer next what so I want to create this this is valid please be valid yes you are you want to create a stock and I want to call the stock name uh CFN uh what do you call it um parameter parameter CFN okay parameters cloud formation stock and you can see now we have the different parameters which we Define can you see yes Ma and we said if you look at the parameters we said the Vault type is a string the volume size is a number the Ami is a string and it's saying that volume size enter a number because we we Define the type for the data type the volume type enter a string and the Ami does it make sense yeah so far so good so go again go explain it again please good if you remember when we created the first stack yeah let's do that let's go back to stack let's go to create stack with standard resources built from composer compose I want to put in my stock here and I want to create a stock with no parameters so validate create all template and I see uh CFN with no parameters you see look at the parameters section it says parameters are defined in your template and allow you to input custom values when you create or update a stack and it says that no parameters defined in this template do you see that yes sir now we want to create a we parameterize our stack and we want to create now with a stack that has parameters defined and this is our parameter defined stack this is valid validate or create our template confirm and continue next so CFN cloud formation with parameters now do you see the parameters which we've defined and now we can see the different parameters and in here you can pass in the values you need so what does this mean this means that I can have this basic template it's a very very very basic template however he can I can take this template and decide to deploy it in Frankfurt or in India and pass in the different values the same base template pictor can decide to deploy it in us is1 and pass it the values that they need are we together yeah do you see the the the use of this or the what we trying to achieve yeah see clearly waa Fran we together it's EV back yes sir I'm here trying to understand pardon trying to get it if there's something not clear please stop me rather than me piling more information on you that you did not um completely get the base okay I wait together here before I add more information yes sir we are Prof let me ask you a question when you deleted the St did it it didn't create he hadn't created any resources right we we did not create we did not create subit the stack okay all right just just curious all right so where does um line 23 come from like the 200 how did you get it iops type of volume iops inut output per second so this is a value which um yes yes it's 200 okay it should not be lesser than 200 how did you get okay so this now are attributes that are that are EBS specific right so you can look at that and this is type of i1 you can you can check that this is this this is not an EBS class this is cloud formation this is cloud formation it's I can check it from EBS volume where you want to create you see it you want to create EBS volumes you need these different attributes yes okay yeah got it we we started by giving you this Basics or this Cloud the a Services themselves now we are just filing things on it so this is not said is good to start to have a comment I don't know if that's true yeah um I listen to someone said that it's good to start from DS and then go to a than otherwise how true is that oh what that it's good to start learning devops first before going to learn aw yes how to that's that sound you is devop not just we started with devops it would have been um Dev is not just AWS so I can't tell you de I paused the recording devops is not just AWS but because AWS is the call of this training then we need to start from there because now we are using AWS services to do what we are doing so you need to understand Services you didn't trust me trust trust me if we we're doing this terraform and Cloud permission and you did not understand what you expect from these Services the whole thing would just be you not have a clue it be to tell you'll be so lost if you did not know what these two instances are why will I tell you here I'll just tell you that just just see it as it is exactly like you always do doing FYI you didn't stop you didn't pause the recording by the way probably thought you did yeah oh sorry I thought I did okay let's continue yeah so Prof um before you you continue looking at this we can partise anything we want in the properties you can par anything you want want just like you can put anything you want in variables to terraform if you if you're vers with terraform now you know that every argument in terraform you can put in in variables M so you can have a cloud formation template that's how modules are right because the whole thing is variz yeah there's no value in there everything is in a variable exactly every argument here that has a value can parameterize that value yeah so one more question sir you did say that um because we didn't input anything in those um values for say type um you know string number string when we run this you said it would prompt us for for those values for you to input those values was that what you showed us on that last uh page there exactly this is what it's asking for here just like for terraform you remember when you use variables without the values when you do a plan it's going to tell you for example enter a value for E2 this enter a value for that enter a value for this then it deploys gotta so this is exactly the same so now it's waiting for this values it's telling you that enter is string because we said that the Ami is expecting a string so I need to pass in those values here then I can create my template gotcha and just like for terraform where you have variables and default values we can also specify default values for our parameters aha I was going to ask you that too good so Prof um so this one just like um terraform we can have a separate file for like this for parameters right no that is a thing with cloud formation everything should be in the same template but all the the values now are in the parameter section of the template okay just one template5 so one template but in the all the values now are in the parameter section okay okay got it good so now we can have um an example cloud formation template so this is me not inventing the wheel this is something I just customized from the documentation if you look at this this is another template so this is um Cloud G it gives you the template format version the description so we defining the parameters section we're defining a bunch of parameters from here so we've already seen an example of this mapping when we're looking at the concepts of mappings and find in map and in the resources section if you can look at this this resources what are you looking at this we still have the same thing on the screen right do you yeah yeah we're looking at the parameters which document are you referencing is the same one that you had before I don't see anything no I'm looking at something as parameters is to with default parameters yeah that's what we can do it okay but I don't see anything one you show parameters is there anything different there no it's the same exact same thing no it's not the same so now we looking at ec2 with default parameters give me a minute stop looking at the one with the we're still looking at the ec2 with parameters okay give me a minute I share again maybe there's some lack what do you see W okay now we see it now we see it good so this is a um um template that has parameters and now we have default parameters and we have also what we call the allowed values so where are all of these things coming from there is a Syntax for parameters and the cloud formation documentation I did not invent the way so if I go to cloud formation and I go to parameter section you guys are seeing the browser now right yeah and I go to working with template sections parameters I think it's co yes this is the syntax of parameters you can see that when you're defining parameters you can Define The Logical name of the parameter which in this case is for example key name instance type um SS location right yeah no mapping is a different section of the of the oh yes temp so the parameter syntax is you have a logical name you have a description and you have a types the default value allow values and this is how you can give the different allow values So based on these Syntax for defining parameters then you can define a bunch of parameters you can see that all of them confirm to these basic syntax okay so this is allow values allow values constraint description default just like um we saw for everything so there's always a syntax there for you to follow are we together Victor yes I'm I'm with you definitely say scroll down from here a little bit there's an example there you can show the longer one what just go down please yeah from here move up what are you talking about the Jason P why do you want the Jason part okay go to the air mouse so oh um we Define the parameters and we are defining a parameter called key name instance Type S such location okay and we have Al in the mapping sections we have this mappings and in the resources section this which is the main only required section we have an E2 instance and this instute instance obviously you need the type and in the property section we want to find the image ID we already saw this you remember yeah and what is it doing it's find in there it's going to parameter section it says find in map so this is the mapping and you remember the Syntax for the find in map function in it what the map name so if you go to the mapping section I should see a name called a a region act to so this is the map name and it needs the top level key which is ref and our studio paramet which is AWS region this evaluates to give me the region and if you look at that map name it has the top level map key which are different regions so whatever region we using it evaluates and gives me if it Us East is it Us West 2 is it Us West one Whatever region and it gives me and it look for the was what was the syntax first map name top level key second level key so the second level key is also still using another nested fine in map so if you look at this fine in map what is the map key a do you see that and it evaluates to give me a Top This was map name yeah that's the map this will give me the top level no this map name this gives me the reference of instance types which will give me whatever we have in here so but there's a loop here there is a parameter called instance type so if you go instance type so it eval to either of these t21 t21 micro Nano micro small T2 micro small medium or large so this would evaluate to this but we are dealing with a map called AWS instance type easy to act so once we it goes back to this parameter evaluates and gets a value then it's going to uh correspond to one of the keys in here does it make sense yeah so does it mean that um a correspond to whatever value we set when we are deploying it I'm not sure understand question in terms of the reference pointing to one of the value for the instance I mean yeah instance is it corresponds to a value which you define yeah how doesn't know which one to pick the default unless we specify when we are when we are of deploying I'm use the default value that you have the2 have the default but you have allowed values it means that you can only There's a constraint here right you can only use values that are in this range right yes BR so this now evaluates to give me our the next key so if the key is this evaluates it goes back to our parameter instance type it goes to our parameter instance type so the parameter called instance type gets a value so these are the parameter instance type so it gets a value so this will be the value which will be in this case T2 small what is it T2 small so that will be the next key and the key would correspond now to the value and this will be the second level key act so it will go to T2 small go to our mapping where do we have T2 small T2 small and gives me the value does it make sense yes good it does it does it's a little bit um yeah yeah no I have a question Pro um so I know it it picked the default value of T2 small that we had earlier but how does it know that for example if you wanted to use deploy with T2 medium how does the the parameter on the left know that's what you want to deploy you're going to see that so we deploy this stack so you see what happens okay so that is a simple stack if there's any equation hold T please just shoot so I can give you an explanation for that so exactly the same thing here you find a reference function referencing values that you've defined so there's another parameter and once you you reference a parameter which you define it gives you the if you do not specify a value it gives you the default default file so let's take our parameter our new template with default values to the console and we create a cloud formation stack Now using this new template with default values let see what happens so this is our template validate our template template is valid you can also look at the convas convas basically gives you a visual ization of what is in your template so we can create our template so cloud formation default values default parameters stock so do you see that because we set the default for instance type what was it it too small a parameter called instance type and the default is too too small it by default speak T to small however we've also said that they allowed values which is t21 T2 T1 micro T2 Nano micro small medium if you want to get a different then now they a drop down with those allowed values so you can decide that okay I want a T2 large I want a T2 medium I want a T2 micro Nano whatever gotcha gotcha okay okay okay so there is also if you look at um the parameter called key name there is a special type of parameter type for key name this basically evaluates to give you a list of the different key names that are in your that region that's why here we can it it um evaluates to give me the different um key pirs which I have in my account in that region okay oh okay so you can you can get this you can get this I should have a link to this somewhere and the a couple of of resour SC that AWS already has this in built this built in so you can use it for uh basically calling values that are already in your account where do I have this exactly this is it so that's still in the documentation right yes that's still in the documentation everything is in that Bible everything is in that documentation I always call it you can you can also specify the key name in your template you can also specify the creedy name in your template as a logical resource and reference it that also works but if you the deploying into an account that already has keys that you want to use a key that's already in the account then you can call that okay so this is a section these are the different resources which you can AWS supported parameter types so you can use these to also get um the availability zones that are in that region if you don't want to use the get AES okay but this is an issue because if if there is basically you can use this to get what did you say we missed the last no I wanted to say something I stopped because um it might be a little bit complicated because something we need to talk touch before I explain what I was about to say okay so you can use this to get image ID if you want to get different image ID so it's going to give you a list of the image IDs that are in that region you can use the is for instance IDs and stuffs like that okay this are the different and this is what we're using AWS is to key P key name so an isy to key pair name so this will give us the key pairs that are inside our that we already have in our account in that region then we can select whatever keypad which we are using you can decide to create your keypad as a logical resource and still reference it inside your uh cloud formation stuck Mara you look worried together well I think uh I just have some food on the stove and I'm thinking if it's done but it's fine that's a different problem that's a completely different problem great and so that's what you get with allow values so you can see that we have the allowed values but it picks the default and there's also our SSS location what is happening with SSS location if you look at parameter SS location you say an IP address range an IP address range that can be used to SAR to the E2 instance the type is a string the minimum length is nine max length default is third however if we do not want to use all the IPS that are in the internet the this is the allowed pattern and there is a constraint description that must be a valid side arrange so basically what this does is it gives is for um uh numbers 0 to 9 numbers yes what 0 to9 and it gives you the number of characters and um so you see the do this is how do you call this thing the it's um dot for slash yeah to escape so so we have a literal dot pardon back slash no yes this back slash yes it's an Escape so we have this liter dot in in our s in our s and this is where you have the fourth slash and you have the number of characters from one to one to two so basically what does is saying that it should confirm to anything like 1 2 3. 4.5.6 SL one more dot yeah 1 2 3.4.5 dot 7 for slash um what is it8 this is also fine yes this is all a reg this a regular expression so I would evaluate so this would confirm o it could be two digits it could be 32 so they should confirm in that range so this is a valid reg reget for this uh pattern but it must also be a uh valid side range for that to work okay so we passing the default basically what this is doing is that you should be able to pass in your own side range but the CER range should confirmed with that reg regular expression are we together yes please don't be scared this is I'm not together we're good your question ask your question thank you very much what's your question from last class no that's outside that's that's out of scope so we're saying that line 33 is our allowed pattern we're saying that we want to able to get a side a network that will be able to SS into that is into an is instance which we are creating but we are defining a a parameter for the source IPS and we saying this is the default however if you're not using the default then pass in your own side range that confirms to this pattern and the D here this for this for this records basically means numbers from zero to nine and this means that we can use characters from one to three so it could it could be what is it it could be digits it could be 10 it could be 10 that is three it could be one so this is two this is three this is one so we are saying that each of this what is it octet should have characters between one to three because you have some networks like um what is it um those private IPS I think 17 172 yes 172 0.0.0 SL I'm writing call nobody saying that that's not a we watching you closely so you can see that this confirms because we have three characters it means that it's within the limit or within our pattern we we have here one character and here we it says it could either be one or two so here we have two characters you could have side networks that has do8 so that will be one okay yes so that's just a reg reg for that for that uh pattern is it typically to restrict it to our Network to SSH from our Network when this is used this is this is basically just defining a pattern for your side it is it is what you use this parameter which we defining here to do because we are saying that if you look at it SS location if you go to the instance that we are creating we create an instance and this instance is using a security group this Security Group is created here so we're referencing web server Security Group so we cre web server Security Group here but look at this part 22 part 22 needs CER and this is where it's calling that SSS thing do you see that yes yes yes please I you see this again you need to to try to look at the code try to test understand what he's doing and read the documentation if you face any issues do not hesitate in the class if you do not get what I'm trying to say do not hesitate so we can put in the basis or we can lay the good foundation all right so Pro question back at SSH location right that SSH location when you run that that this code in the um in you know create a stack from it when you get when it gets to that place it will even though the default we have there is is is like every everywhere from the internet which is0 Z then in the drop down because the allowable thing there should be a drop down right where you can type in some other an IP or other IP isn't that what it this is the this is what the allowed pattern this is uh the allowed part and this is the default but yes you can you can you can so what would we see that drop down when it comes to go and see what has happened here basically is giving you the opportunity to put in your own value ah yeah it's not aop down it's not a drop down it's just defines the pattern for your own value to get in so I can use what is my IP what is my IP I gotta so if if by chance I put in a wrong combination of ips that doesn't follow that pattern it will say something wrong yes exactly it will tell you that that is not that does not confirm to the pattern so I exactly use Now what is my IP and this would work this would mean that I can only SSH for my location location yes interesting can you put the first octet 337 I'm curious three 37 is that a valid valid is valid no it's not but I just want to see what it will say 37 so it's not going to say complain now it's going to complain when you're creating the stack and roll back okay okay I got you okay that's fine yeah I'm just totally am yeah so now it doesn't complain here because this matches the pattern you see 337 if you go to the pattern we said that that pattern should accept one to three so that that pattern it matches that pattern here it does but now you also have this constraint that it must be a valid side range if it doesn't match valid side range then it's going to complain during creation yeah they thought about everything though so so that's good good any question. slash what is it Zer zero SL yes so crates the good question is I'm not so sure this the the the Amis are Amis for this region we'll find out in a minute I think complains if it complains then that should be the reason micro I kind of yeah looks like validation Fai for the key name name key name does not exist so what do you mean by key name does not exist let's we didn't we didn't select the key name yeah we did not select the key that's the thing thank you very much because it gave you options and you didn't pick one I didn't pick one yes great any question yeah Pro I'm good and Franco we are here yeah I know you're here are we together it's what I'm saying is it making sense something is not clear please stop me so I can reiterate I have a question again this one is just what's what's on your screen right I see I see outut I see outputs no no no right so outputs is what we talked about earlier right what is this one outputting right now because I'm just curious It's a website URL um so I'm just saying that um it should apps the output just like everything like it it has its logical uh logical name here so the output logical name we're saying that it's a website URL need a description then the value so this is another intrin function which we did not look at join intr function it you can get it from the name it basically joins uh different characters or different strings which you're passing into the join uh which you give to the intrinsic function so however in its the string but what string are we getting we are giving it the first part of it which is HTTP and it's the second part but we are using the get attribute uh another interesting function to get the public DNS name of this logical resource so there's a logical resource called web server instance if you remember yes so this web server instance is an E2 instance a is to instance so let's let's go back there and check so we have AWS cloud [Music] formation as to instance so if you remember the is instance has return values and what what what are we looking for here we are looking for a return value called public DNS name so go to return values come to public DNS name so these are the different values that you can get okay so private DNS name what is it here public DNS name so if there's a public if uh the instance is in the public subn and it produces a public DNS name then we have this return value okay okay so that returns does it append it to line 92 I'm curious it appends it to line 92 exactly okay so let's deploy this tag KN if this is if this is clear is this clear yes it is I was waiting for somebody else to say yes and the fact that nobody else said it I'm not so sure it is yeah it is gone yeah his rice is burning is very clear pardon it's very clear thank you not for you where is EV where is p profits clear to an extent what is not clear FR but is not clear franisco P tell me so I can talk about it again it's EV that was talking not FR yeah I know I'm also asking the others that are silent this is the the yes I just want to know why you line up the all the instantes why not why not using just one what like the instance sizes or the instance type like T1 micro T2 yes all those yeah so this are ADV allow value so you can pick whatever value you want at wrong time oh okay look at the console you have to go back to did you delete that first but why does it look like transformation is more complex this not EAS it's actually easier it's easier than um Tero yeah what doesn't look like understand better you made up your mind to understand ter know you know so when they ask her to share her screen she can share well well us hard with terraform very hard had no choice but to to kind of do you do [Music] coding I think form after this give us home assignment sure we really need enough assignment but just one like are you serious serious why do you give me a second let me pause this and have this chitchat for 10 minutes why do you why do you I was going to say already say you just repeat everything back so my error I'm sorry about that so I'm saying that um you were talking about a easy no let's start let's start from the resource so we are creating a logical resource in the templates so in the resources section we are creating the web server we're creating the security group and for the security group needs the VPC ID for a VPC so we are also creating the VPC here and we are creating subnets so these subnets obviously need bpc ID you know for to know where the subnet will be created and we using the ref function to get the VPC ID and and um for the availability zones where we want to create that subnet we're using the other interesting function called the select interest function and we using the index zero so the G A's intrinsic function gets a list of A's in that region remember we already talked about this um empty string and we said this empty string what does it evaluates to somebody remember par um the a when deploy say that again I guess it deploy evaluates to the a that you select when you deploy didn't you say was pseudo parameter or something exactly gets all the a the a the entty string exactly represents the pseud parameter parameter not as AWS colon colon region ah colon colon region no so the the get AES is going to get give me a list of a in these region so would evaluate to the current region where you're pting the stock then give me the list of AES in that region and in that list of AES please pick the a the the the a that is at index zero then zero first one is the first one exactly and for the second subnet exactly the same thing give me the pick the a at index one and the third exactly pick the a at index two are we together yeah yes yes and um Security Group good get attribute this is what I wanted to talk about and if for the security groups IDs if you remember now we are creating an inst instance and the instute instance need needs a security group remember when when you're creating an is instance from the cons you always have to attach a security group to right yes sir so this is exactly the same thing we're doing here but how do we get the security group ID we created a security group here called web server security group we are using the interes function called the get attribute in function if you remember the get attribute intr function let me be speak talking like that let's go back to it and you see what I mean the get attribute inic function needs The Logical name of this looks to much templates template reference intr functions so they get attribute in functions you remember the C it needs The Logical name of the resource and the attribute name right if you look at what we have here this get attribute in function we need the logical name of the resource which is this research which we Define here but now what is this this is a E2 AWS E2 Security Group what is The Logical name we need group ID where are we getting this value group ID this value group ID is coming from AWS cloud formation what is it again Security Group Cloud Information Security Group return values I need the security group ID this is where it's coming from are we together yes right so that's that's the actual um name group the actual attribute attribute of the secured group but the logical name is what we Define in our stack so this name is what we C in our stack so this will be different for probably MAA but the attribute which we are looking for which is group ID comes from the resource itself so the resource has defined that specific attribute okay it's okay are we together so this is in yl if you want now you go you put it in Json if you understand Jason switch it and look at how it looks like in Jason thanks but no thanks say what's on your mind no I'm good bro I'm good glad to hear that yeah again again has a German a German imported question mark so that said you can try to create this template and see what happens so I go to Cloud information so so Prof you know just the way this is formatted you can have 300 00 lines of code if you're not careful in I have a, lines of code I've written an environment with 16,000 line of terap code 16,000 and uh there was an auditing I did not know so there was an audit Auditors that came they said they will needed to know how many lines of quote I was like seriously so we had to go there and we gave them 16,000 but it was an estimate don't point so so codes like this there are tools right that will go through your code to find syntactic ER errors configuration you know wherever it might be in that long uh list of stuff right um I'm just curious because sometimes if you can't do all all of that by eye you must have something do you mean something else so you've written the code it's been there you have used it severally you've added stuff to it you've run it sometimes successfully then of course um um somebody goes in there and purchase something or something that doesn't really work and you want to find out what changed will there be tools to be able to look at your code and say uh the last time it ran this was it that's the the two versions and then you can actually Pino what changed and what what is failing now like versioning well I don't know why it's version It's like a checking the code there was a tool called like check of is it check off they call it I don't know but it it goes through your entire code and points out anything that may have might be causing you to fail in the code I don't know what one second we'll get back to that you use anything like that at all yeah see there a two eyes I'm just I'm just worried that if the code is so long are we together them I am at least just thinking ahead good so but um do we use we have something in our environment but it's custom it's just for us it's not a tool that is outside there so it's a custom bot and you know what a bot is right like be serious so um it's a custom Bo bot it's like a robot robot like an AI thing yeah yeah so we have something that will build I did not do it one of my colleagues was actually what we call um OK ARS what's the meaning of that ok ARS they they build something like that and that runs from time to time in all our repositories and it checks that so for for a tool that's outside there to be honest I don't know I need to check no worries I'm just thinking good so if you see now this is our output why do we have no output here did it run yes it run so what is the problem let me check the template I see have the DS name okay no the problem is the public DN name [Music] and I remember building this there's no public IP here that's the reason yeah yeah and that's the output but if we if you want let's update this template yeah so we'll get um you put that in there do you had code the DNS name no how do you fix this so this is the join this and what was this is web server do public DNS name I want private now yeah I private D name so I just should just make sure that it's called private private name and we can validate just to be sure update confirm continue still everything stays the same deploy and now if we check our St we should see that this stock is updating what is the problem I know H subit he probably did not he probably did the very first one deactivated was that I want to update this template give me a second I do it again this is a template so it's yeah you didn't you didn't hit the submit yeah private private oh that looks the same the same next and submit so yes now it's updating because there was no public IP there so the output so now you see yeah now we have now we have a valid that's a private SSH is open to the entire world right now it's not you know it's not the configurations are there but remember remember that SSH foret about cloud formation SSH needs that there should be an internet gateway there should be connection to the internet for me to come from the internet into this private is instance if it's not available then there's no way I can get in there it also needs routes on the route table so all all those other pieces of they not already in my stack that's what you will do for your assignment but BR if we had if we had defined a public I then we would have seen it when we run it the first time yes if if if it had a public IP the reason why if you go to this instance these are the resources here this is the web server instance so this instance should not have a public IP that's why there there was no information there so let's just check it didn't have an IP he didn't have a DNS name so it has an IP but not public not public yeah okay so if you look at the private now it's 10 164 so let's go back to the IP 10642 interal so go back to go back to the stack um just just the I want to edit no no no not not here where you where you run it in the cloud formation I wanted to show you something uh yeah so if you go all the way to the bottom even though it says 0.0.0.0 there where is it now um right it's not I think that was the other one Victor it's not this one that was you're looking for the SSS thing yeah the SS right here it's right there yeah so even though it's saying 0.0.0.0 there it's not necessarily opening up ports from outside in it is open S open right now okay from anybody to come in SSH all right remember that there is there is firewall there is Network so this is a firewall rule but the networking con connection is not there because there's no internet gateway on this VPC there are no routes to the internet and stuff like that so you need to first of all establish that then the firewall now will kick in now the firewall is fine it would allow it but there's no network on contivity if you look at the OSI level we need to first of all establish layer three and layer four connection to this network before anything happens okay good when I say OSI you guys know what I mean right I think you guys introduction OSI l oh so Prof yes uh I don't know if I'm getting ahead but let's say we wanted to pass in the user data in our ec2 instance mhm all right can we just do it here or do we have to maybe um whatam call it like Define a parameter and just refer it in you can do it in your is to instance itself in instance should have a property for user data right let's look at the syntax it should be a property somewhere that yeah right there okay so you can do it but this has shortcomings so cloud formation has something they call cloud formation in it or cloud formation helper scripts they are better passing in user data okay because once you pass the user data here and you pass it with cloud formation it is what's the word okay let me put it this way if I have us data and I pass in and I bootstrap my A2 instance right with Cloud information and using this user data that's fine the first time you run that is bust trp everything works fine if I update that user data Cloud information doesn't pick up my changes if you pass in user data using this method but we'll look at something called cloud formation helper script so there something called CFN in CFN in CN CFN H CFN uh signal and stuff like that that's better because that's that is important and it picks up the changes and updates the in instances when you do that we'll do that next week okay okay thanks great so question if if we um in in the one the code we just run now it didn't have a public IP if you wanted it to have a public IP where in the code do we make that happen you enable public IP for the instance I guess let's look at the properties I need to check properties properties properties properties go let's go up syntax they should be AV Zone disable let me look for public so I think you should be able to gra DNS subit it's either you do it or you would have to um nice should be should be a property for that check that loation launch okay to provide you do you do do you do it at this level or at this level of this in sub subet because you need to enable make sure that the subnet is public is enabled for public DNS then it can then pick in this information I guess this private private private oh God give me a second I post the is it post