hi everyone welcome to my YouTube [Music] channel you very good luck and uh don't forget to subscribe to our Channel okay um so first of all this only some money so similar way organizations a aure right Google CL Computing platform entire world okay okay system okay secting systemic Network and operating system te involv so team de ready first inv then resour thenation okay lomers are coming fine but okay so so definitely we will land into lot of troubles obviously okay like you know for startups okay a across the globe they are giving account application deploy okay Bas per second per minute per GB per month okay we technically call it as a pay as you go mechanism okay that's a first Advantage [Music] create okay that is the advantage with this Cloud servicer L compared to okay then us manag Solutions rights oper company Capital expend almost no capital expenditure okay so these are the two advantages with this Cloud right so again public CL open for everyone mainten for example okay or something something dat Center who is responsible for that okay okay service down he will take care about it okay um Azure in that Microsoft guys will take care about it transport will take okay Outpost premise private Clem private okay just you know transort right third one hybrid CL hybrid CL okay hybrid CL combination of any two already existing environment new requirements a okay okay form something okay [Music] right so we can treat this also as a hybrid Cloud okay comp standards [Music] re okay public Cloud private Cloud hybrid Cloud Community Cloud deploy models of the cloud computing okay so okay docent n definition of cloud computing I'll suggest you to go through this okay so n National in of standard and Technology like direct PDF link direct PDF link n definition of cloud computing okay official definition of cloud computing advantages okay advantages netk ACC okay okay B basically advantages servy model private Community hybrid okay you can correlate service models service model um software as service platform as service Serv tradem mechm okay service models understand Google so service models of cloud computing Okay Google okay full copyrights to that website okay on premise right Sy nro nro hypervisor ghen hypervisor GH Microsoft hyper so then fin application then okay what we mentioned here these all components uh service Prov then you take it you use it okay so sof Serv just go to light s click on create server as a service when coming to technical things these all components like network storage servers virtualization OS and middleware PHP that's it you are getting an entire platform as a service here okay PHP only mandat thing then window windows responsibility network storage servers vir Okay so Okay cooking process interest okay methods no you take any cloud service provider whatever service you are going to pick okay these u u basically like you know comes under service models of cloud computing so let's uh discuss AWS Global infrastructure Global [Music] infrastruct basically I can say one [Music] thing okay manual process but Google datab just you can launch and you can start using it okay so Advantage okay so if You observe history of a okay let's go to images Java Tage um if You observe this image in 2003 designed a documentation okay P andin simple service then3 then ecommer amazon.com 0 low so then 2011 LW some EBS problem Cindi and 2012 L they started reinvent annual conference every year November last week December first week Las Vegas they conduct some annual conference reinv okay so they started and 2013 first certification certification exam concept multiple certification very basic practition certification and solution architect associate developer associate admin associate associate two three years experience found practi very basic account management service overviews building cost management okay project manager practi okay years experience associate okay solution profession and Dev apps professional and some specialist categories security specialist and database specialist Network ctif I think 200 17 16 practition Sol okay okay but later okay okay okay uh see no you take something you name something okay machine [Music] learning okay at least re [Music] okay okay um yeah this is history now a Indian [Music] so Global go to this link okay different different parts geographical location okay geographical location or physical location at moment we have total 31 regions and region okay as I mentioned no technical definition just a physical location avability Z data centers recommend you one specific video go to YouTube and um look for Google data center Insider yeah inside a Google data center just five minutes video dater even Data Center pictures Data Center pictur availability zone or a so a is nothing but a data center or or it might be combination of multiple data centers also region and D just a physical location or geographical location where Amazon segregated entire world okay at1 99 availability Z minister so he inaugurated a data center in Hyderabad 20 data center data automatically replicate to another data center also okay so okay for example Israel coming soon Thailand coming soon Singapore already Malaysia coming soon okay so you hover your cursor here click and it will show how many uh availability zones we already have in that specific singap okay region um Mumbai AP 1 a 1 b 1 C soab avability AP South 1 a AP South 1 AP US geographical things yeah in AR Virginia highest six availability zones okay for examp okay so China regions uh ning okay not open for everyone [Music] first request CH if satisfy then what allow you to use like okay they allow us to use this okay uh um so primary components loation of presence location of presence locationd points contat latency also increase right you can access easily Cal Reg CDN end points content delivery end points introdu we call that as a edge location so Edge location okay um later okay um yeah so at location 400 plus Edge locations Edge location purf like you know many customers are accessing business CD and services okay application customer loation near to customer all locations customer click on list view okay uh let's take this Asia Pacific regs Edge locations okay hyad should be somewhere here okay so yeah dat these three are the primary components in a global infrastructure components like local zones wavelength zones low latency applications okay low latency applications local Z okay for example Hightech cities areas right so more it companies yes local Z latency delivery okay so this is all about a global infrastructure account [Music] creation a and search account creation okay three years back one year back video okay first email address phone password confirm password options first email address email address verification link okay verification pass option so then remaining all options are same like first email address confirm password contct information okay okay [Music] so so information VIs card American Express and discovery card so then CIT dets okay two rupes okay verification phone verification voice verification so text message phone numberone verication verification [Music] support this basic so then developer support plan9 business Lo so developer support business1 resp how we can improve security fall tolerance High availabilities okay full suggestions okay so business support plan it starts from $100 per month in Enterprise support plan it starts with the $15,000 okay so $15,000 he treated as a royal customer 15 minutes system [Music] okay okay 15 minutes and [Music] also okay operational reviews and suggestions annual reviews operational review so once again always recommend you to go with the basic support for practice purpose okay so next conratulations click on go to the Management console months free tire limitations free tire follow okay next to that my first option a management console.com click on enter so sign the console top right L sign the console okay com discuss password okay so now I logged into my a account as a root user account close okay support So current Bas so I can go here click on change and I can change my support plan basic developer Business Review upgrade and it's a pay as you go so so I can pay additional information so [Music] down not only $29 yeah click on C pricing details and samples yeah developer $29 29 3% $29 3% okay $1 10% $10,000,000,000 so okay see Enterprise on ramp 5500 or 10% of your monthly okay so Enterprise 15,000 or same pricing almost so $5,000 so support plans option support consle account related issue pH oring related technical pH so click on create reling related service business production system production system imp business production [Music] system so the business critical system within 15 minutes okay technical at least business support plan support support plan is basic support plan okay so that's the reason I'm not able to create any technical uh support cases here okay um status resoled okay that's a problem okay um yeah this is uh about like you know logging as a root user account creation and Global infrastructure video we are going to discuss what are the first steps you need to perform after your account creation okay whatever emid you have used to create your account so that actually call as a root user so email ID so just uh like you know the us then I'm using my password then two of us one is root user root user he will have full permission on our account complete billing level credit card information invoices downlo support account transfer such type of account management permission issues okay policy buy can do it so situ we can lo as this root user then we can do it okay so technically he is the highest privileges guy on our account okay so as I mention account create as a first thing they recommend us to enable multifactor authentication Facebook number Dev type of device sction it's more secure actually so we'll see so go to this account security credentials option go to security credentials now I'm working as a root user If You observe top right so you see here as a first thing it's saying you don't have MFA assigned as a security best practice we recommend you to assign MFA that's what we are going to do now so click on assign MF device device name my mobile my mobile for um prodad account right authenticator security key security key we want to connect to this laptop while Lo okay see this it that that specific device time based one time password okay so then click on next first device then okay first option easy pocket friendly Okay Google Microsoft options okay a list of compartible applications scroll down and Android us iOS gole gole author okay logo right so now go back here click on show QR code okay so then application open option code option options one is scan code second one is enter a setup [Music] key number number for every 20 seconds it's going to expire okay it's going to expire soon you should not skip any CES in between number so 57 9885 then add right M device device add okay so now test it whether it's really working or not sign out now sign into the console then root uh now ID click on next password pass comprom sometimes what happen Okay click on the troubleshoot MF first applicationin Alors number okay so okay so whenever you like you know you got ertic display or like you know you lost your mobile or accidentally uninstall your uh application you can use ad option okay so now I'm logging to my account even R options we have an option to contact support case ticket um just we need to search MFA support case Okay so last unusable let's go here and you see I'm still having problem and would like to contact support problem root user email address account ID 12 digit account ID we get a 12it unique ID full name alternative then submit one of the AWS engineer will contact you okay option right so now so then next first user I'll always recommend to create a am user Maxim like we have seen eight members who manage the account administrators okay so 24 support like the environment volume is huge so for examp okay account multiple okay unrestricted access even okay so whenever we are into a situation where no user okay so then we can go with this option I am user option Iden and access management just go here search for identity and access management okay so am users right groups policies right so users I'm just cleaning it up okay so now user but I'm using this user for different purposes let's delete this guy also we'll create one more guy okay now in account groups users roles in your case it's going to be zero policies talk as I told now purpose service related a issues S3 related related S3 object based storage like gole Bal services so now add user user name so I'm calling this as S3 now you are giving a usern us should be unique within your account right I'm giving S3 admin okay individual user direct like permissions everything MP okay so S3 admin is a username and cons Ty of Access One is managements okay command I mean you want to access some Services you want to tweak some Services then PR now I'm selecting provide user access to Management console and I'm going to select this second option I want to create an I am user then like yeah custom password so the best option is secure option is Auto then Loess it will enforce him to create a new password situ best practice then click on next I told you something simple right so same first second copy permissions so USM so this is one of the easy option third option so I'll prefer to go with the groups always click on create group group name S3 admin group okay then policy and F3 full access policy is nothing but a document that set of permissions okay socy it provide full access to all buckets via Management console right that is what I want so create user group then make sure you this Okay click on next who cre when cre kind of met then click on create user now user created fine user login you join this welcome to the team okay credentials so sign in url username password but sign in url this contains our account ID account ID okay okay so now I'm going to download this file credential sign us password security cral manage cons okay now it's opening right usern name sign Ur number click on create but important thing is aliah's name should be unique and changes giving error so now AV so changes instead of remembering this account ID simple user account simple okay okay and also password set default minim character ler character not at all secure and password a password instead of that user password okay first requ then okay tightening the security turn on passport expiration okay passport lifetime for every 60 days passport is going to expire and giving or three here prevent password reuse system last two times okay it won't allow you okay so I'm going with reuse as a two standard three let go passord administrator meet he need to raise a ticket instead of meeting allow users to change their own password yes I want to allow user to change their own passwords I am user change password not really required okay fine password policy now let's Lo and same browser use okay no you need to log by using different browser or inog window okay so he need to use this signin URL or he can use this URL also URL simp copy okay just observe e Ur okay Ur ID a.com sign in then then here instead of this you will into this page you for username and password now username S3 admin password I'll copy I'll get it from the document okay so then password it sign it's enforcing me to create a password so give your old password autogenerated one give a standard password for example I'm giving 1 2 3 4 5 click on confirm password change it's saying either you not authorized or enter passwort does not comply with passwort policy administrator second statement is true even I also feel one thing it should some like suggestions I don't know but that's a good option e but maybe password that comply with the password policy we already set up okay then confirm password change now password CH as user account Lo okay right fine let me try to access okay folder okay but bucket name uni Li bucket name should not start with DOT should not end with DOT no double dot should not resemble IP address minimum three characters maximum 63 characters. YouTube scroll down create bucket okay so bucket success S3 admin no permissions no permissions no permissions nothing am database error so we have successfully restricted this S3 admin to work only on S3 service by using IM am user method yes so right so in user right so now all future videos I want to not even enforcing it attach policy directly so administrator access then click on next review screen create user now he administrator is it same as is it same as right root user and administrator policy user almost root user okay okay so I can say should not allow only root usort okay support so who is responsible right so uh like recently observed so Al right so V it's almost equalent user but not manmin Def my then you need to scroll down bit I am user and Ro access to building information User access administrator access he can easily access that billing information if he try to access this okaye back permission root account option en now if I go here okay user I'm going to add permissions attach policy directly okay permissions and cost management permissions Okay now click on next add permissions so this guy can access this billing dashboard okay if he just wait for a minute or two right you see a permission he can access this Bing information S3 plus Bing I strongly recomend one thing 12 months 12 months service Services first 12 months free see this 12 months free 12 months free database s32 so out from that free tire limitation you may get some like you know paid services alert prerit enable this option then so then what happen Okay so I strongly recommend that okay so this is all introduction to am so practice us is completely free Serv small project less user management and all okay so yeah so I strongly recommend you start this a journey with IM am okay the root user administrator access throughout all our videos you know same policy it's a document written in Json format permiss okay so now right so first I'm going to call this user um task one I user so consle create US Auto generate password or else I'm going to set a custom password right then click on next or you can attach policy directly three types of policy so when you go to this policy screen okay so go to this policies okay are maned based on the a service based on the a service Poli okay policies for example3 s full access only access network administrator okay and okay user creation network manager support user permissions okay so the process and so satisfi with exting then obviously we need to create a policy okay okayer managed for examp customer managed policies simple sock on create policy firsty creation poliy creation visual we can import we can optimize for readability we can optimize for the size size consts okay so we can optim optimize for the size and we can generate cloud formation template also so go to visual S3 frequently so I'm going to choose S3 okay so now if youer here okay I need I need a user us [Music] sble to list able to read but when he tried to create a new resource that is what I'm going to do now so I'm going to give I'm going to give all okay so then click on next if you want to click on add more permissions right expand this a service first list permissions read permissions on all resources right then click on next so then give a policy name give a meaningful name Alo S3 list and read description if we associate this policy user or Ro can list and read resources on on S3 can read all resources resour now scroll down create policy namey then create policy now so I can give refresh I can search then click on next then create user now user created us console Lo incognit window so then log as that new created user okay I am user my account Al user one user password already just to save some Lo sucess now nowmiss I want to test some right permission so click on upload add files file select then scroll down upload just unique name space so just aash test. YT video right some random IDs so bucket names then when I'm creating and what it is saying access denied permiss okay customer managed policy examp exle policy creation Now okay but like when is working from specific Network particular Network okay use a condition on all resource reest fromp so add I add secat SEC only should not work when you myp okay so that means that specific public IP address okay so ask specific public IP address then next so policy name um my network S3 alo alo everything from my home network okay so now create policy okay so go to users task one user see so S3 attach policy J my network S3 alow next add permission so task one user key I'm aning everything but on one now go back to that user give a refresh okay go to buckets okay it's loading no problem why because can I delete okay that's Okay add add Okay add 1640 add 180 181 then next same changes okayy now3 okay all errors no if you wait for a minute or two no refresh we fail to satisfy this condition follow another along with IP add another condition so like SCE so qualifier for all value or anyue reest region AP call it should like you know string equals if exist AP one so Source IP add Source VPC right so a usern name user ID lot of conditions we can add so this request requested region IP address common only used once okay policy creation process okay so now polic and we'll evaluate it requirement want to allow all the services but not S three okay so I want to allow everything but not okay us that's what I recommend he can access everything okay any service we have in E access access RDS the database RDS database service RDS so okay even can see no error nothing in database I but requirement S3 or delete option like IND top of this existing policy creation everything onlyy we cannot do it okay that's another thing so so go to policies create policy again step same okay so now click on this pit to per see only uplo okay so put object and upload okay and delete object delete operation uplo [Applause] okay okay sock or go to properties grab it and give that Arn here and Slash star okay so inside folders subfolders okay any part inside the bucket upload now click on next give name um Denny put delete on 255 bucket okay same description is Right create policy file delete okay right file delete sucess Del okay and I restricted upload um verify uplo files added something upload [Music] up everything able toy so entities attach theny access effect times is going to take effect okay now 100 times User Group resource okay will take effect will have always highest priority in the form of evaluation okay so now test it now know I'll try to upload something click on upload add files select a file then upload and you see upload failed the up upload delete specific bucket key it's it it denies okay so policy Simulator the policy simulator option if you to this policy Sim operation specific operation bucket creation simp delete object or put object upload e permission op run simulation it allow okay so uh put object should not allow right so uh Delete let let me test delete delete object in the Run simulation maybe some okay resource level but the thing [Music] isic okay so you can run okay so basically global settings right so services okay like 1 is simulating okay just action okay Sim policy simulator refresh ask one user by having these policies S3 bucket creation okay let me refresh again right three okay delete object run simulation see end of the day for example what if policy Sim help okay right it's an important service not possible important service important module so recently and hours I have plans to do same video in t also so definitely soon okay right so simply open Google for example Google but what is back arure right so Google organiz thousands ofch issues issues something the up and running then only we can access right WhatsApp service whatsa for 30 minutes for 15 minutes backend the server problem okay so you are accessing something back there is a server Facebook Instagram Twitter whatever you take back thousand of okay generalized organ application okay and different first question e ec2 stands for elastic compute cloud in simple so reur also changes right unict workload we have a category called onand instc end of the day terminology different so instance is nothing but server that is clear now e in inst okay let's go to a documentation only on demand e to instances right where is that no this is not the proper One On Demand instances yes cont contract so I'll talk about that no commitment then you can delete it okay predictable workload then simply go with this on demandant small cost R medium server medium cost L right High configuration now if You observe purchasing options reserv cont simp two years or three years years inst okay so res instan category reserved instan different options okay so reserved in standard reserved instances convertiable reserved instances okay standard reserved okay standard res in res ex can be exchanged okay instance family inst type platform okay right options reserved inst on demand okay first point second demand and Supply mechanism okay thenu important information okay okay these are the best practices first spot instances this could practic we will discuss now okay so these are the three primary ones with okay host if you are going with this on demand yes chances are there tency option but okay soed mean Shar okay dediced hosted instan Moni it's a dedicated host is a physical server that dedic to your use purchasing options right so now okay talk okay we canect for example CP 4B then I can select this T2 medium or latest cl3 right3 mod on demand Linux on demand on demand Windows the pricing minut minut doesn't matter minimum 60 seconds minimum 60 seconds okay so then purchasing option next purchasing option go to reserv instances purchase resered are fixed we cannot Exchange Medi okay T3 Medi so first11 okay1 $4 monthly okay no payment option key same configuration T3 medium with Linux operating system with Shar tency mechanism standard storage class with all three payment options for one year okay n all3 okay so noly pricing right okay again tample okay standard all purchase options T3 medium okay term one year term then search okay all three options I want to see okay $231 okay but 20 .27 like 27 cents 27 Sor okay $231 0.13 option 0. 0.2 0.27 0.2 okay so right three purchasing options res observe the pricing now see 2 25 standard So based on your requ purchase then regular screen scre hours res instances mechanism SP request here so go to spot request request Spa system okay Maxim okay SC Scroll downum 2 CPUs maximum 4 CPUs minimum 4 GB Ram maximum 16 GB right config CPU CP only 8 GB 15 8 gigs 4 gigs 8 4 CPU 8 gigs Ram okay okay AP last mon Okay C last three months pring 0.4.4 okay now one more thing okay on demig On Demand comp 58% discount so 50 plus perc discount good amount of disc only right only problem price increaseing options option not only okay flexible pricing model you can save up to 72 perc but option capacity reservations Capac okay sometimes what happened am okay right so e to introduction and E to pricing options okay easy to it's a place okay okay first Windows instances Windows instance Windows Server window connect okay first okay so now now go to this instance screen Enterprise effective option for example 100 servers okay out ofers window then click on add new tag for example a project later easily we can filter the information project let's assume it's for Project X and client a platform Windows Windows Linux [Music] vol netork okay so then scroll down next means Mach template of an operating system Windows inst syst this is am available currently Linux flavor Windows reded Linux dbn window Windows Windows 20 22 2019 2016 2012 operating system operating system always okay B 2019 so I'm going with 2022 or 2019 anything is fine in 2019 now yes by anyone okay Community like who are part of this community they can publish based on operating system operating system okay for example firewall firewall um place like buyers and okay just going with Windows Server 2019 then inst configuration configurations right scroll down both okay different purpose instan balanced performance CPU performance memory performance Network performance stable workload we can use this general purpose instances okay2 T3 T T2 T3 T3 a T4 G okay keep on updating differences okay gra see gra okay but latest obv latest okay m7t processor okay int processors small Point okay so the configuration okay so if first the general purpose table performance compute optimized C category also CP so compute means C compute start with C CPU starts with C so all C categories comput okay okay okay different again AMD based so different configur CP CP better performance better coprocessors okay like more graphic power more data pattern matching optim more uh storage uh IO operations iops operations like input and output operations per second and latency and data when we are reading from that hardk writing data from hardk Laten HPC performance computer high performance Compu deep learning mechanism complex simulations scenario we can go with this HPC optimized different ceg we have optim I can likeit CP in that Cas memory optimed right again so G micro Som Mumbai reg not available okay okay US password option and private mechm proce without CLI on create new key Windows okay format PPK format so private en Okay window create okay [Music] okay nwork NK like defin probably next week hours or four hours video okay basically we call it as a security groups Security Group instance level fir so better create a new Security Group okay again security group name window window inp me remote windows okay description Security Group for Windows instances or in simple Windows SG this makes some sense always number right RTP port number 3389 and uh HTTP port number 80 https port number 443 DNS port number 52 and 53 and mssql port number 1433 MySQL port number 330p stdp stps right Windows now question doesn't matter valid username okay anywh option okay3 second option third option okay what myp add okay only third option second option custom Network IP address for ex for example okay okay random okay only Okay so so only okay so then Network option so again okay but RP operating system window any Linux okay group option root volume that root volume operating system so 30 G Windows same cost that is recommended so gp2 or gp3 anything is fine gp2 Purp later now click on launch instance then launch instance Okay so Windows minutes or four minutes minutes or four so okay we are good operating system Sy window syt a Microsoft Remote Desktop tool and okay if right window Windows operating system default remote desktop tool okay RP tool mstsc Microsoft terminal service console open run run open Windows okay Windows R cck msts click enter finger window okay now server running now almost 2 to minutes now let's get connected to this instance IP add private IP address IP address it's a unique one across the globe across the globe IP address butu okay some small cost only Network IP add free to use okay home Wii delete just okay go to top rightner public IP address friendly name YT demo server friend the server click on connect okay scr down DS DS US password click on get password this is associated so click on upload private key file private then cck on open then scroll down see here again you can verify same password copy then click on continue small iation fingerprint authentication just click on continue Windows Mach yes now any purpose okay so Windows instance la Windows Mac operating system just assume Windows window public IP address or public DNS know paste that public IP here then continue okay then JC connect RDP client whatever the username shows enter that problem the reason Security Group okay again confuse just just yes okay connectp remote automa demo if you open that option download REM file okay download remot file double click enter password get connect so right uh Windows Server connectivity process okay l so click on launch instance okay Linux Linux Linux open so then scr down different configurations avable as always one T2 micro then key pair last video window okay open source open source Developers options we can okay okay ini but later P so moment click on create ke downlo okay now Security Group only 3389 open but 3389 the best method edit give a name window Security Group for all Linux instances okay now group R so obviously the L my okay local so then scroll down 8 GB is fine Linux key okay then launch instance okay okay but the it's in running State now okay running connect usern user okay connect window con number 22 only home network obvious Security Group edit J okay SSH open fores it will work this is easiest option to get connected your Linux inst okay just browser pop BL okay stion Windows Mach Windows server for example okay yeah let's assume Windows Windows laptop Windows laptop s okay L discuss recognized Enver simp C okay instance Linux server connect command s space iph I what then space e to iPhone user default username now IP addp add click on enter are you sure you want to continue connecting yes now I got connected to this Linux instance again who am now so the command teral sorry command Laptop Windows so Downs download okay so website. go to p.org I'll recommend this option you will get everything downlo I'm downloading that file here it downloads location double click typical Windows installation and next next next okay common tools inst not required then finish in laptop treat it as a laptop person laptop okay okay this is exactly looks like we need to convert p to PPK show conne private key f for Authentication cck on browse desktop then say format defa no supported authentication method available okay loel this load desktop location all f open it successfully right imported private without yes then you give your name so same pem format file is now converted as a PPK format file so same okay okay [Music] um uh public IP then SSH expand SSH authentication expand credential cral private key f for auth open then open again you want to lo as E2 iPhone user used one is MOA xterm MOA xterm widely used one okay for Windows command promp SSH option Windows operting syc operating system okay firstc operating system 9 instru so we are good nextop location loation space iph I YT I Linux ec2 Ione user space then inst add paste it here enter Then are you sure you want to connect yes Ty okay sometimes bad permission issue unprotected Space 4 y other users other groups same user I I you connected to the Z2 instance Linux instance connectivity process like drives right volume Creer right so coming two videos to discuss video dedicated for Linux operating system video for Windows operating system okay um okay uh let's uh go to ec2 instances inst volume so then Amazon Linux 2 operating system okay so T2 micro we are good with that and Linux KP Security Group I'm using an existing Security Group option root volume root volume operating system Ro so same operating system Roe G purp SD s so SSD faster okay expensive yeah ssda more expensive better performance so here shock resistant GH non mechanic flashing GH best for storing operating systems gaming applications frequently used files SSD works better [Music] previous verting Sy okay SD s operating system so gp2 and gp3 gp2 GP okay input and output operations per second input output operations how much data we can write how much data we can can read from that hard disk driver iops means input and output operations per second okay so now now okay um SSD purp SSD two one is gp2 second one is gp3 both properties3 latest verision i i i blpr difference all three almost same work gp3 I I performance okay so highest performance only specific e to instance categories nro instances categories even if you scroll down you can see this only e specific okay workload vir desktop gp2 or gp3 gp3 same price gp2 so prefer to with gp3 nowadays okay so minimum size 1 GB maximum 16 TB for one individual volume performance i1 and I 64000 and but minimum minimum 4 GB maximum 16 so categories SSD categories but okay scr standard minim Maxim storage okay so e basic workload uh basic work uh available types and properties okay so expand GP GP i1 or I2 so gp2 or gp3 most of the workload suitable okay so now again you can simply click on fight details or show details and you can set it to okay first 8B volum volume no scroll to right okay now inst okay Linux iph KP e to iph user address just yes and volum already okay volume we can give L command okay read format okay operating systems okay [Music] okay X okay now volume screen okay just click on create so click on create volume gp2 gp3 click on create volume inst volum if I click here say and volume addition volume so then click on create volume now volumateur Sy action LS X XB volume okay now again E2 user home directory so lsblk command okay right file system F output only no file system file system already system so F yes click on enter output okay xpdf 2B volume okay windows Sy mkfs mkfs I what type of file system xfs a volume Dev xpdf key now click on enter e command file system fine well and good now if you run this xpdf yeah mkd YT volume let's execute it okay DF Capital it's capital okay now okay xpdf related ec2 Ione user YT volume lonely okay okay just complete new line press I to go to new line so then p s press Escape colon WQ right and quit now run a command Mount all all right now even system rest 2B volum user volum okay so that is the process to actions modify 3B operation almost completed is being modified okay in use optimizing okay okay xfs grows xfs GRS command okayed install and xfs p o gs xfs now xfs grsd now XB again DF capital xss command okay so this is how we manage volumes in Linux operating system Windows uh e Okay window Windows volume volumes right uh so Windows Server uh 2022 okay micro okay SEC window okay Windows security group create edit Windows Des Security Group for Windows instances okay RDP open 3389 that is okay to get connect could the storage requirement to run operating system okay uh GP G okay and volume inst yes then laun inst Windows inst properties connectivity options okay at Okay window I want to get connected to so Windows connectivity process again new connection under PC instance IP so then password Windows click on connectp okay password click on get password Okay window to service running so it will take some time okay so it should be ready as for my H okay okay once we will connect so again next important important okay uh still no connect RDP client get password yes it is ready upload private key file okay now desktop L key pairs folder Windows as well as Linux key okay now password click on continue click on continue window Windows Windows mg management [Music] CP windows Windows mgmm disk manag manag man okay man tool option computer manag computer manag man okay tools manag screen option create volume create volume 100 GB 200 GB 2 GB Li the volume actions attach volume Windows select it attach it again attach okay first right initi simple volume next next what is a drive letter you want to give d e f then click on next Windows F fat 32 nfss and file systems okay next Sy okay then management action refresh okay refresh okay volume next next finish so earli 2B system system. 7. prig things okay windows volum then then size increas okay Linux okay so okay so first so Qui launch and options okay Linux then operating system Amazon Linux 2 so then I'm selecting Micro Key existing key PA and Security Group grp Security Group act as a fire wall at instance level okay okayo SEC group name demo Linux okay description you can give anything YouTube demo for Linux AP you can give okay so I'm good with anywhere then instance 8 GB is fine okay then launch instance instance launch first we need to connect lot of dependencies okay and additional St man installation easy okay compared to Windows Linux installation easy nowadays okay doesn't matter to me but connect what operations you doing important okay so now desktop this one I can use to get connect okay SS space iPhone i e to iPhone user inst IP add type yes okay we can confirm if you type who am I it is saying okay figing okay usly us update M install STP e to iPhone installp Enter dep okay service STP status status then click on enter okay service name okay service dpd start click on enter so service start okay now how to verify again okay [Music] so obviously we want to use standard process enir chkp Sy okay now start okay now trpd start service sorry status running sorry Security Group Security Group the port number okay again trffic okay HTP or google.com only that is reason go to inbound rules security groups have to take care about only inbound r traffic sttp then save rules now go back here give a refresh okay instead of test page okay first inst HTML default okay fine V index.html okay press I to go to insert mode I this is my okay uh Apache demo web page head F only configuration related things service go and refresh this is my yes welcome I mean you can do that okay cont one of the very good website okay so HTML okay sotl scr down CSS right uh where is that examp symbols Theo okay so okay sotm V okay W3 help. HTML then click on enter press I HML press W okay3 help HTML okay so important right so again port number know sometimes CC okay L mod okay right can scr down default okay so configuration stpd all right so okay groupb rules P number8 open issues in same way Windows Windows very familiar okay windows web server YT demo and uh Windows 2022 B 2019 B but one CPU one gig of the ram very low configuration Windows very Windows very lur group Windows only web server configuration add user management I want to discuss Okay g okay minutes okay windows Windows okay so we have to take care about one thing security so obviously number so rules okay HTP open anywhere for ipv4 and HTP anywhere IPv6 okay okay so I want to connect to this instance IP address okay so so then public IP address it's us okay so the username is administrator password click on connectp get password when you click on get pass Okay so okay so then coming videos window okay resource consumption more secured Okay so that is reason also least so baser okay so but okay RDP client get password still not completed uh okay so click on connect okay get password already put ready in the upload private key uh my desktop there is a key pirs folder selecting the key pair decrypt password system password password authentication now we got connected to this instance inst connect okay uh let's uh install that I windows minb CP okay okay okay through number 80 open for everyone manager manag Okay add roles andat click on ADD roles and features okay that is a way how identify that initial load complete okay at least videoy higher configuration fine okay then click on ADD roles and features then click on next role based or feature based installation then select server from server pool same server next next so then again next next then install inst everything Windows Okay so refresh okay go go IND index HTML okay so then header this is my IAS web page so then header closes then save JC control s okay okay default default as a HTML document okay refresh is a process I'll try to cover that enity en google.com Al okay on again Google we can do one thing disable continuous window so server manager left side local local at Le okay option I want to discuss second window only first time connect okay server manag tools computer manag okay computer us okay us man window who am I as a what user you working ad okay give right click sorry give right click set password okay password we are good to use that custom password from now onwards ad so test user okay special character y test user destion password standard password password minimum eight characters user password next change it next Lo then cre so user like click on ADD search Okay YT test user check names a user automatically apply okay REM local as reme same instance IP address okay pass friendly name another user then add then add you double okay cral okay same us connect okay so maybe test user us okay just edit right so another user YT test user just double check checking password then add then save double add 3110 212 236 2123 326 so same so at your time two different users logging into same server own desktops so concr LIC so basic things windows I strongly suggest you to get familiar with Linux okay Enterprise back option right okay service okay like some important so Disaster Recovery purpose data migration purpose SN back okay now okay volb volum SOB volum 2B volume okay volume just create okay simple sample dat so now 2 GB volume application is continuously writing some data back select 2B volume actions create snapshot I don't have any snapshots here okay so go to this 2GB actions create uh sorry actions create snapshot description 2GB volume snapshot then create snapshot only within the region different availability teally volume volume account making it available or not process importance we can make it available for everyone but security risk security concern we should not do that okay possible scenarios snapshot go to actions create volume from snapshot now name okay so name for one b instance okay then create volume snapshot simple actions attach volume I can select the TC to instance so then attach first scenario example both instances same region but in different availability zones I think what if you another in Singapore region or somewhere else so select actions copy snapshot copy a region key I'll show you something [Music] okay right do I have no's assume Sy how it is possible what is syy okay Syne AP Southeast 2 AP Southeast 2 select J name okay name copied from Mumbai then copy snapshot 2bn Sydney see here fromeast avability I can create create not encrypted so not encrypted snapshot account key but snapshot D default master but okay Point whenever you are sharing with another account actions modify permissions now privately they can create a volume then they can attach to their easy to instance okay in Mumbai region public snapshots owned by en Mumbai reg snapshots okay 1900 something plus public snapshots okay possible scenarios now importants snapshot mechanism important points snapshot pointy 15 okay 45 or 420 snapshot volum snapshot point in time cop okay and snapshot back not bucket aat back me okay increment back respons simp okay so another important thing and okay one more small Point EVS volume okay the EBS volume already encrypted enry Vol okay but volum f it's a very valid method okay so let's observe snapshot volume un encryptions create image thisum then ke default master key name encryption test then create volume volume screen volb volume 2GB volume create it's still creating okay observe volume encrypted earlier technically both are same but unencrypted encrypted okay so encryp snapshots important points okay and possible scenarios fine man we can use life cycle manager option ccle manager snapshot policy select JC Next Step only specific individual volumes we can option for example a volume name where name is equal to from one instance where name is equal for one only 100 volum doesn't matter a volume all those volumes comes under this backup job inst name inst name okay observe the instance name a instance volume I can add Ro Vols operating system right root volume excl for examp task exclude volit excl okay so just uning both policy description my daily backup default it gains required permission to perform the operation enable click on next now schule name soily daily how frequently daily back weekly backup monthly yearly I'm going with daily backup for every 24 hours back starting from this 9 a.m. UTC okay so 9 a. start for every 6 hours or every 12 hours also 12 hours daily two times back now fine want retention period for examp example retention period I'm going to set count as a 10 and most recently created 10 most recently okay so AG last days if you want to rec okay okay not only that enable sharing volum creation from You observe here it's build per minute additional chares Supply okay then review policy policy every 12 hours starting from this time okay create for every 12 hours name equal volume test entire instance including root volume not excluding root volume so it it creates that create policy policy creation automatic snapshot creation service data what is your easy to instance backup Strat man particular we are going to create a snapshot automatically and retention last days backups last three days backup based on criticality of that application okay so snapshot and data life cycle manager option okay soing on ited settings Ami operating system for example okay [Music] re okay the requ 2GB volume and Apache web server delivery okay options option launch right one e to instance and do all custom settings or customizations then create a image then we can launch n number of the instances e option second launch 10 brand new instances connect each and every instance and perform customizations so obviously okay e base instance okay let's connect B inst add volume so by installing stpd install stpd iPhone y okay service sttp start chk config stpd on right so now navigating to W HTML index HTML file create header this is my uh web server let me header close WQ all right so now index.html file cre Security Group requ port number open port number 8 is open so yeah we good and E to inst 2 inst temp create okay go to am I don't have any images in this region Imes create Imes name so my YT demo image okay golden Ami demo for y YouTube now 8 okay and and termination okay so not only then create image cre instop stop best practice but not mandatory Okay so [Music] yeah okay golden Ami main purpose okay vol five six years like you know he's taking care about the process okay uh yeah here this creation still in pending so go to snapshots snapshot creation ini right we can verify again you better stop this instance inst run if you stop this instance and if you creating so the as for my knowledge I'm mentioning that a process snapshot creation process 8 GB 2 GB deler on termination set to True uh snapshot uh backend volume types into okay entire E2 instance along with all the settings OS running Services data inside that everything N I want to share it to Singapore region or Sydney region okay option then go to actions edit Ami permissions group accounts groups whoever knows our amid whoever have amid so just like a I want to show that let's give a try see snapshot Del two snapshots okay right now inch inst from Golden Ami instead of quick start my Ami select already prep then a configuration a key okay a security group us then two volumes mandatory okay so copy one public IP address test okay and test it e instance okaye the required data also avable with same settings launch go to Golden Ami sealing group okay automation okay application load balancer second one is Network load balancer Prim but it's actually DC like stop supporting like you know Market plac third party firewall Solutions M Focus application load balur Focus okay of all two of scal scaling second one horizontal scaling vertic scal configuration service monitor with the help of cloud serviceit okay so let's assume okay IMM T3 T4 class so T4 class latest class large extra large configuration it may deliver all the client request okay scaling per currently it is T2 micro okay configuration right go to actions instant settings up okay vertic scaling first instop okay so observe I'm stopping this instance so this stopping State then it is going to change stat sto state only actions instant settings change instant type currently it is T2 micro t4g latest grait on processor category t4g small then apply okay uh architecture is not a valid architure for this instance okay uh then T3 so T3 micro T3 medium okay apply comp I need to do little r I'm not earlier micro one CPU one gig of the ram T3 medium T3 medium uh right T3 medium configuration okay 2 CPUs 4 gig of the R 4 GB memory 2 CPU also okay sotic scaling adding resources to same instance so vertical scaling vertical scaling add horizontal scaling multiple servers Lo distrib okay soal scal scal it will take all the load okay good okay so yeah maybe what istic scal SC okay okay official also same different pump it will stop sending traffic to that's unhealthy servers okay so load balancer primary concept will give multiple options okay application load balancer then Network load balancer so then we have Gateway load balancer if you scroll down exp load balanc so application load balancer okay it's basically layers layers application layer presentation layer session layer okay transport layer Network layer data link layer right physical layer so application load Balan layer seven load balancer the traffic routing NK load Bal okay so data routing right so first as I told you focus first application load balanc again primary difference support protocols application load balancer HP stps protocol support okay so go and click on create traff combination of instances combination of targets or multiple instance combination Target group so as for this diagram application3 load Bal it listens on 443 and 443 traffic name okay so this is how that application load balancer works alation before creating load okay two different we server AP 1 1 AP 1 okay okay so but two different IP add single point of contact load balanc okay so now load balancer name so my YT Al my YouTube application load balancer then internet phing intern intern phing just likeing outside of the world even browser I want to test it so internet pH and IP add IP okay so okay okay okay okay then SEC group actually okay software number soate new security group group name myb SG so then description myb Security Group then add rule simple HTTP port number I'm going to open for everywhere anywhere so anywhere IP create SEC group okay number it on port number 80 but inst so click on create Target group group okay okay official documentation okay application load balancer yeah this one load balancer types application load balanc okay Target group instances number listens okay then it send traffic to this target group port number 88 for example 443 8 okay so now okay app YT application Target group for you app okay so it is working with it is working with 80 I'm good so thenpc make sure you select appropriate VPC health check concept locy inst not 100% lb yeah I think uh right so this is a simple diagram so load balancer okay 80 targetp 8 so traffic load balance number but okay okay simply explain so okay load balancer PS so again hpoc Us number 80 so balanc load balanc need to give response so response or request respon load balc reest within two seconds respon okay so first thing second threshold healthy threshold and unal thresh thrh two continuous heal checks continu heal checks how frequently it need to give response within two seconds response okay that is healthy response unhealthy it remembers okay load balancing con index that's a default page right exp Advanced Health check healthy threshold unhealthy threshold time out so within two seconds load Balan responsive within threein second and uny okay so stat 200 for this health healthy responses key most of the times default but it's good to know back end Okay now click on next instan only so so select both the instances that's reason okay load Bal port number 0 blind so load balanc DS traffic Target group instances are request respons so then scroll down create load balancer load balancer create cre load okay and that application load Bal of course okay simp okay command application load okay so yeah and tet inst State initial State Target registration is in progress so load Bal Target group instances status okay includ SA okay good so load Bal load balss okay so then second application load B default application load Bal okay least outstanding request okay already 80% for example 80% us 20% us so now cpad B 50 traffic here 50 traffic least outstanding request mechanism group so go to Target group scr down Lo then traffic redirection so application load balancer algorithm so okay okay tet group attributes stickiness edit this enable stickiness load Balan generated cookies so now s then ches okay okay in some time it stopped you see traffic all traffic going to only one year server for coming two hours two hours actually cook okay load Bal stickiness okay okay just number only port number 88 both respons okay group create J load balancer port number 808 8080 web server Amazon Linux 22 micro and Advan details just time user this is my 88 web server launch instance obviously USI us okay us okay last option expands okay e command index HTML file I'm writing data okay 80 8 web server ready output okay only number it's list and grou click on create Target group Target type inst app YT 88 so again port number 8A same um VPC H check and all default options click on next 88 then create Target group okay so Target group group create okay Target group okay port number 88 okay now 8 it listens Target group 808 cre I'm selecting that then scroll down add okay so okay important SEC Group Security Group 88 port number open if a port okay listeners and rules for example 8 not load Bal Security Group problem so Security Group inbound add rle okay custom TCP in 808 anywhere I'm opening anywhere save rules immediate 8 it started working so Bal okay multiple versions of applications mple same load balancer port number 80 okay two set of e instan whatever traffic coming on traffic Target grou then I can add okay whatever the traffic coming on tet again we need to open 8888 open for anywhere save rules load balancer DNS name j load balancer DNS name so again okay E2 instances traffic a reason reason okay security group of inst SEC group SEC group okay rpb load balanc Security Group but e to instance public IP address Okay so C we can open for everyone also but opening for everyone not so recommended setting okay application load balancer Network load balancer concept almost okay so we will discuss in our next video And subscribe to this YouTube channel okay more videos all right and right previous application load Balan configuration important things so load balancer configuration almost similar the first difference Network load balanc supported protocols Network load Balan Network load Balan right uh TCP UDP TLS certificates say protocols support appp okay first primary difference second difference IP address application fix okay differ supps round Ali least out staring request appliation but Network performance Network load balancer gives best performance performance wise millions of request per second that by maintaining ultra low latency Okay so perance first supported protocols is primary thing the application load balanc layer seven load balancer Network load balancer as well as this classic load balancer will layer four load balancers right firstar group um web pages delivery just tonight okay maybe Security Group problem peline mechm Implement so port number 80 as a source okay so find output okay Serv okay and the target group name NLB I I8 okay NK load balc so okay um T TCP port number 80 ipv4 same VPC default VPC health check TC on next so inst private IP address gra we can give that here and give another then click on include as spending below create Target group okay for appliation load balanc creation okay okay IP V4 add assigned by [Music] okay so cancel it getk demo elastic IP add firstate ELP okay now come back to network load balancer screen refresh and assign by okay okay uh NLB YT demo inter faing right two subnets two different elastic IP address even NS look command DNS load balancer DNS name okay then scroll down then create load balancer load balancer creation like you know 2 minutes group right inst okay NLB I TG 88 okay then click on next 808 server this include as spending below then create tet grou go to load Balan it listening only on port number 80 port number 80 it listening and it is forward into Target group okay 8 8 okay right so uh the still status provisioning okay Target group status still initial St okay initial stage okay right Point video useful please take a minute and subscri YouTube I mean okay just take NS lookup load balancer end point name 249 76 and 249 same Bal okay but application load balp add fix so okay okay so go and grab this DNS name and also 888 server respon Network load Bal Network load balancer Auto scaling you know basic introduction okay okay inst okay two three sufficient okay during aut scaling group concept autal GR this I just want to show this image uh image actually Auto scaling groups okay maybe a right so Auto scaling group creation okay so first instances okay back so he can access my application with that load balancer DNS name okay so then load balancer load balancer empty load balancer Auto scaling group part okay and also load balanc DNS name 500 eror Ser error and a service all right so first part second part clear now let's configure this Auto scaling Group auto scaling group creation okay a instance configuration raali a Ami raali a security group raali okay a sto supporting it toch template launch template for Autos scaling group okay provide Auto okay go here in okay micro why because fre availability zonee so okay so network settings not then create launch template okay so am instant type key pair Security Group template cre okay aut grou okay a okay YT as okay La temp I'll talk about that so now Auto scaling group settings okay Security Group inst typ okay then on next Network only Okay so okay so default El that is okay then click on next so I'm selecting that load balancer so I'm selecting attached to existing load balancer okay so then turn on load balanc okay he doesn't matter dur 300 seconds inst okay initial software inst okayl page so 60 seconds is okay right enable default inst like you know um we can ignore these options instance warm up so resource okay so I'm going to leave this to default default seconds then click on next ACT option actual running instances Des running instances okay but we need to adjust minimum and maximum I don't have any running instances instances terminate but I don't have any running instances here okay now desired count two minimum capacity one maximum capacity 4 scaling policies okay then click on next don't know what no issue then click on next ASG instance tag new instances also okay then click on okay so then create I just want to show couple of things G running and target load balanc load balancer DNS name okay tetou okay let's do that now create autoing group okay okay autou okay refresh okay so run instances in running state right okay okay so right so both servers something happened to one of the instance Desir count two now actual instances I have two instan right actual count desired count two but actual one differ okay okay you give a refresh autom times delete always running match mismatch immediate aut scaling group a auto scaling group core concept mind aut scaling current Des count three edit change this count again Des count three Des count three actual instance count only two then immediate in okay okay initial stage in a minute or two just in a minute yeah you see here okay request it's delivering by total three2 instances so sction scheduled scaling based on time okay for example re and night next obviously resourt 9 to evening 6at okay automatic scaling create set or let's demonstraing set minim Max okay every day at 9 or 9:15 that only Monday to Friday you can simply take this Crown job okay so Cloud watch CR job examples no not this let's depend on official documentation a yeah schedule expression using so examp every day okay at 105 every day okay Monday to Friday 6 p.m. so I can simply take this Crown job so Monday to Friday where is that yeah Monday to Friday at 6m 61 610 local time zone okay so like yeah 18 you can even set endek or two weeks ORS Monday to Friday 6 every day every day testing okay one time testing six uh 12 okay currently time 69 61 then click on create so and 61 Mar automa okay so scaling in okay a ination policy so first inst termination inst multiple so then after if same L template or 63 e instance 61 61 63 6 five which is closes to next okay whichever is closest to next billing hour so 85 8 so the closest two instances f71 selected 01 F7 so 61 ke closest to next okay so so select Ty 65 so then it will select and it will terminate closest to next filling mechanism conne connection draining actually takes 300 seconds so7 And1 instance F7 and triple 0 instance select and it is okay so inst okay um then aut scaling I'll recommend okay okay so part two of auto scaling group discuss okay so we will discuss okay Auto simple scaling a scal SC seconded scal last two days one week two weeks or eight weeks maximum previous load or okay Dynamic scaling option whenever we are creating again multiple options Target tracking scaling policy I have one image from a documentation okay um just I download it for our purpose see I mean I took this image from a documentation Target tracking 50% T scaling policy Min maximum SC byep process okay increase step byep step scaling policy okay step scaling policy okay so let's give a try Okay step scaling policy configuration step scaling CP CP [Laughter] % okay forgot okay okay okay good so current count one okay to 40 or0 to 50 %% per to Infinity obviously 100% okay easy to inst CP okay by scaling policy okay so again configuration very easy but I have a very simple uh script okay uh where is that script yeah here okay 10% okay okay so uh for every 5 Seconds it will take and it keep on increasing the load so 90% 0% 30 minutes 90% cpti so script I'll even share it um over a link okay so create Dynamic scaling policy step scaling so step demo Cloud alarm select metric okay e to select easy to Low by Auto scal sot minut basic monitoring en deta monitoring basic monitor minutes so maximum CP utilization 5 minutes greater than or equal to 50% then on next alarm notification this click on next alarm name so step test the alarm name then click on next scroll down create alarm Okay Okay one step two step three step four step okay 50% whatever the existing desired count happy no problem at all 50 okay okay so % only 50 70 then create then click on create okay so it keep on increasing output if you really want to test that output yeah okay instance running let's connect SS toolss user v m okay okay so step size 20 ASG Lo press I to go to insert mode paste it Escape col WQ okay so now CH mode execute perm okay again first repo enable Chase once complete then you can run this install Okay inst once inst I'm going to execute it okay the package installation again I'm running that script obser for temporary purpose okay Maxim duration one minute and even last one hour last 15 minutes so okay yeah it will take some time so activity only right so okay again keep on adding load right 90% so obviously current US okay so as for our configuration I realized so yeah again so it goes to 90% right approximately 100% 90% but lo0 if You observe the scaling policy okay three we can verify it here so again [Music] second okay so that means a total 1 2 3 4 five instances First Step scaling policy okay output but like you know uh I'm trying my best to show this output okayy simp scaling policy simple scaling policy okay uh simple scaling policy l okay all right so create Dynamic scaling simple scaling policy okay low usage a alarm Okay create one cloudwatch alarm for low usage and one for high usage select metric e to by Autos scaling group okay um M name YT ASC right so CP CPU utilization selectric CP utilization minimum 5 minutes less than or equal to 20% okay then click on next I'm going to get an alert on this notification then next so I'm going to call this as a low usage alarm then click on next L I'm going to set my desired counter you can add or you can even remove also I'm going to set my desired C to just one again again uh difference between one execution to another exhibtion the 60 seconds is fine then create so low us CP less 20% okay so capacity um it's running with uh six I mean the previous scaling policies can possible so this is all about autoscaling group okay Auto scaling group um for example inst actions uh create where is that modify template temp all right that is all about Auto scaling group again aing group please a launch template free okay but we can even delete the L template and load balancer delete so then Target group delting load balancer then after Target group make Ami us golden Ami us go to Ami actions don't ignore that okay so yeah that is the termination process even okay Dev device multiple servers okay then multiple okay same MF Okay so okay it's more secure and reliable so durability 119 percentages and availability 99.99% avability elastic F system standard storage first 12 months okay elas file system syk system 41 4.2 okays Network file system okay port number 2049 right so okay again lamb function okay right so the thing is very simple video system what we writing it stores in centrals okay so right First Security Group so first so click on create Security Group security group name my YT EFS description EFS SG so avpc low right default VPC low I'm running it so I'm selecting default VPC and a RS only okay again private IP add option okay private IP address right so only two2 instances right I want to be go more SEC instances key Linux SG so so kind ofel Mech then create Security Group okay okay let's go to EFS service go to EFS uh elastic file system create create file system e option my [Music] um Storage class3 hours video okay most the right last 30 days open0 Days even we can set it up for one day also a okay purely your option real enir so cost savings perance enhanced performance High through levels most of the workload key enhanced sufficient okay bursting of the instances message right so specific band we are un to predict the workload going to be constant okay 10 MPS provision maximum read through 30 MPS but cost 6 okay but I've seen many went with this elastic option only so tags then click on next you want to run this andity group my and also for example AP okay okay so we need to take care so obviously no issue at all then next but yeah I'm going with standard OS level settings us only no one should perform right operation Anonymous access enfor traffic right going with all default options okay next so click on attach Comm okay let's do that now again to easy to instances me I'm going to make these two as a web servers okay a I'm going to use okay so let's connect to this instance and do that installation videoo then you can continue okay install [Music] stpd why so once install services start thpd on okay so now so so now copy this command ex and before executing okay soal e file system okay EFS from AP sou NFS protoc okay browser method uses the Nika okay so connect to this instance write clearing the screen install HPD y Serv start chk config tpd on right so again now put in I'm doing this mounting okay now give that mount command enter so I can verify DF space system okay it is working as expected there is no problem so it's working as expected okay as okay let's take that instance one IP address as well as instance 2 IP address onep default page okay maybe wrongp address okay private add okayl even okay so now HML page okay uh where is that yeah simple HTML cont I'm going to use this index. HTML okay right press W right IND cont rights right uh plus PFS my desktop right so inst first let's take VPC mple instances my okay easy to connect just inst yeah to inst and right EFS symbol or e shf e inst yeah it is shared here sotm HTML okay so concept okay same Windows window Windows FSX windowss Amazon FSX for Windows file server okay so just like efss create create file system okays for Windows File Ser open system so then Singa SSD Gala right I already made a video on this EF FSX um long back video if you have some time if really Windows important you can refer that all right that is all about a EFS service where file system thousands of of all [Music] right options discuss okay so [Music] iple instances and multiple datab load Bal for examp just some some back it will show you CP and last hour last 5 minutes maximum C at some point of time five minutes stress okay we can monitor cpz status hardw traffic incoming and outgoing traffic Rel memory so cloud watch interested okay okay Advanced option okay monitoring option uh detailed Cloud watch monitoring option okay again okay okay en after you enable deta monitoring cons minut then click on confirm minut uh upd okay now I can select one minute maximum CP utilization from last 15 minutes see somewhere it is 91% okay so Auto refresh for every every 10 seconds aut refresh one minute refresh okay so individual instance for examp each and every monitoring option okay CP not easy right just search for cloud watch Cloud watch screen go to dashb aut a okay create dashboard dashb name we canine name watch YT demo then create dashboard a matrix then cck on next okay okay really interested in this CPU utilization then create [Music] [Music] widget for then click on next database cluster identifier so uh okay I deleted actually okay volume us last 15 minutes 6 hours last 12 hours actually low right I'm going to take an S3 bucket okay S3 bucket low storage metric right uh um bucket number of objects in create WID so then you go here search for load balancer the network EB ah First Option sorry so uh per just create videt okay the St area format n so want to monitor CP utilization account am user cre just monitoring option so we have an option to share the dashboard conf priew policy usame password sharing just Tope sh policy cre okay [Music] service okay just urur okay mon okay but okay right alarm notification what is maximum CP utilization greater than or equal to 90% 80% for one consecutive period of 5 minutes so then alarm trigger us okay equal 80 for one consecutive period of 5 minutes two consecutive period of 5 minutes means 10 minutes okay so 5 minutes monitor then create action enable this okay what alarm action I want to stop or I want to terminate or I want tooot stop okay and create F testing purpose minutes okay okay again average Kaka maximum usage from last one minute okay one minute period dot for every one minute it is updating okay I want to add some load and I want to like um increase a cpz STP en right L okay um e command 300 seconds CP minutes interest maximum for 1 minute or for 30 seconds okay not good with time zones okay okay every 10 seconds right so watch useful option currently CP 40 and it will go on 90% 99 it will go on okay Advantage um uh for VC I want to capture okay I'm going to send it to Cloud watch logs okay custom log group or VPC log group then okay log next 621 next 622 then after 623 deta but it comes with small cost so yeah um Cloud watch dashboard create share and important options eventd en it supports a lot of things andur puren processes second processes process running okay running St immedi instance alerts topic SNS topic okay SNS topic creation simple and just uh click on create topic select topic type as a standard top create subscri subscription okay already okay so right so inst stopen process okay process five minutes for every five minutes I want to do something Prim options okay first as a first use running sto stopping create rule rule name instance alerts so description alerts my users when instance stopped or stopping so r with event pattern time based or CR based so rule with an event pattern click on next event sour right Partners atlan bitline okay gitlab GitHub right o authentication purpose sales force right so okay so a partner services ec2 okay snapshot notification volume notification volume oric volume specific volume okay so but as I told you instant State change notific any inst or only specific inst okay event source2 in change stop specific instance State sto then okay destination right okay okay in Transformer inut Transformer path input template output right config not really interested in that configuration okay uh just go with matched events click on next then click on next R screen create rule so sorry let me log into my mailx okay okay fine right instance running loan okay now instance State second okay even driven process example scheduled process okay after minut after R stop based on time rule with event p then continue to create rule Monday Friday examp for every two minutes or two hourss process SNS okay so topics after minutes okay it will go and it will do this operation for every two minutes minutes okay on next next create rule so example automa 2 minutes inst a stop Target and okay right okay instance stopping state right so yeah I'll talk more about lamb function blueprint google.com and within this I'm expecting Gmail as a string okay Lambda function how frequently you want to ex rule create patter or remate function lamb function minutes aoma okay expected Str okay okay now go to event BDS rules create rule rule name Kary invoke or Lambda invoke schedule option continue to create role so now rate format n for every five minutes or make YouTube video five minutes then on next okay so now click on next next create R function L function inv okay inv Lambda has capability to detect the changes okay so now minut local okay so yeah if you wait for some more time and if you test this okay pass sorry check pass again check pass again one minute and disable right 49 invocation 50 invocation 51 inv right so yeah that is um what this Cloud uh sorry uh EV Bridge rules option okay and recent and they trying to improvise more so option too good service okay dis right all right roles and cl config [Music] B management cons navigating to Crea provide user access to management cons OFW password uhom password policy I'm giving full access click on next sign Ur usern password sign UR op okay already right access access keys application running inside an EC to instance or third party or outside running you don't have any other option okay user key okay administrator access so security under security credentials access ke secr access okay I'm not really using this deactivate so then I'm deleting okay access key secret access key enir okay windowed command and okay no operable program or B [Music] prating system Windows operating system okay first C tools a. amazon.com so then Windows window okay relas and Amazon Linux Amazon okay it will display iph version 22. so verion already rights I want to list out all my S3 buckets S3 L it is trying to access trying to access and unable to locate credentials and you can by running ACC SEC access access ke secret access key okay now let's go to security credentials create access key I access Keys may not recommended to use avoid using long-term credentials like access keys to improve your security problem access key and secret access key US password just like a username password access secr access Al in ID basically a has its own ID so integrated ID which supports a toolkit okay so that enabling authentication through idty Center third party Services alternative method am roles longterm credential right Ro user credal temporary Security cral application running outside alternative recommended understand click on next okay then create access key access key create ACC okay access key access key secret access ke copy secret access default reg most of the resources okay soam default default outut formaton aore user e user ke policies access let's verify space S3 SP LS3 un to local a space S3 space MB make bucket S3 col okay a.y. demo 926 so today OS dat okay like it's showing that bucket so us that is reason it is just right so list I users usern name user what access key what total user user created when his password loed okay okay go to the C reference guide all services list okay S3 service then scroll down scroll down to bottom all available commands Okay okay S3 command really interested reference guide then space a command um for example uh describe command so describe Network ACL command describe key pa examp e to describe ke a okayand right let's verify this and already a space easy to Windows or Windows KP okay problem power disconnect okay mob okay uh mobile connect now um Okay window right Windows right long back finger ID instances run instances okay scroll down again take an example obviously ini okay so example Just Launch inst with user data launch instance add tax right L instance with additional volume and just default settings default VPC default submit to information run instances image ID image ID instance type key simple command inst so Allah we can always depend on the CLI command reference guide to uh work on this C okay fine so C okay sh click on this CL shell space MB S3 AAS do Cloud shell alternative option only recing us to go withoud shell C Mac okay Windows window fential okay access ke secret access key so for examp you are able to got it Som so first recom to use this CL sh permission okay so that is a reason it's not highly recommended to use this C okay and access sec okay don't try to don't get that and don't try to use that okay A3 SP or any command [Music] okay iPhone iph debug parameter useful option okay second for I access key ID V okay U secret key region AP and channel so then prod access key okay then PR Secret key so then default region AP South iPhone one right A3 SP l sec like back F okay config ENT default accr accessa edal F okay so location unry and not recommended to use this access key ID and secret access key okay so even with C Linux am2 micro an existing key pair okay default VPC okay existing secrity group information all right S3 information ACC ACC secr access click on connect okay right inst connect first C okay unable to loc credential so any other resource describe okay so again specify region iph Ione region AP South iPhone one okay unable to locate the credentials a space list users users r r option service access okay Al option right so alternative op okay I'm navigating to service actually roles different scenarios you see access secr access right cross account thing option web identity options okay so default exmissions def right if You observe this roles L selecting ec2 okay e different use Cas E2 E2 systems manager SP spot instances spot Fleet scheduled instances I'm going to use ec2 then click on next us okay all servic related all okay name S3 full accesss session token service associ create Ro go to actions security modify am Ro currently no Ro option you go and you attach appropriate Ro option instance with roles I'm calling it as Amazon Linux 2 T2 micro existing keypad existing Security Group expand this Advanced details roles so click on am then click on launch instance brand new instance okay just existing one the not really using so I'll terminate this okay inst Action Security modify ams3 okay good so now let's connect to this instance connect connect do soace clearing the screen okay a S3 SP LS S3 okay yeah I have all these files verify so files here right S3 commands sucess teally but okay for example list users am right then click on next I next okay uh YT admin access then create ro ro create now already running running go to actions security modify am Ro refresh y admin access upd let's try that command again now you see so a always recommend us to use this roles option instead of C so C hard coding the access key secret access key from your non workloads like it's a different configuration first C certificate establish Anor then roles config then we can like you know use ad option I'll try to make a different video pending topic but uh you can expect that video in English Okay so that is what uh role concept storei right session manageri run command patch manageri okay so first Sy okay okay um SS smyt demo and Amazon Linux 2 and T2 micro is fine and and existing Security Group 8 G is fine then instances okay mob windowsand inst contion fine e option okay but next to that session manag e option systems s okay so connect us connect your instance without SSH keys without a Bastion host or opening any inbound ports so sessions are secured using KMS service and session connect s is no connection between this instance and systems manager start S e to instances key so as a first thing I'm navigating to and I'm going to create a role navigate to roles create a role I'm going to different use cases easy to roll for systems manager okay next screen inore I mean multiple options then click on next Ro name uh YT I SSM full access right then create role go to actions security modify am rooll and uh uh SSM full access and second inst okay so we need to wait at least for 2 minutes session we will take session in just a minute or two Sy option okay Security Group a open port number 80 open for everyone okay port number 80 open for everyone justserve okay Security Group problem okay but service inst need to get connected to it and I need to install the commands right I need to get connected I need to install commands right systems manager R command option possible okay so session right let's go to session manager then start session somewhere here you can verify SSM SSM agent starting SSM agent per so now go to session manager a instance connect demo then start start S right so then we able to connect what happen if we remove this specific port number 80 so still okay yeah system session key which encryption key you want to use and session duration need reinitialize session so if 10 minutes 5 minutes s right operating system users default root user any custom user right right Windows profile Linux systems manager session manager possible okay okay watch window only Windows Okay window window right options uh [Music] run run shell script Discord window then no then agent second option resource grou Resource Group creation click on view resource groups create a resource Group tag where name is equal to um name okays smsm PR group resources name value Resource Group okay then create group group already so option simp name where demo okay so yeah that is another option without toting run shell script bash M install httpd i y service httpd start I'm making it as a log on service CK config sdpd on okay Echo command the US stringate this issm demo close header this is SSM demo for YouTube then information HTML index. HTML file save right so now a instances manual I'm good to give the tag also simp cck on [Music] run now giving refresh current status sucess and scroll down [Music] output op multiple inst number group option res window option it's in English you can refer that video okay so R command option okay Chef recip right agent watch agent window window window commands ex run command option window as get start okay then configuration options so a install Okay so custom scan schedule daily SC I want to use a function it will show the information Pat basine okay operating systemes and group ofs any you want to install it your time then scroll down create conf based on the lines automates so patch manager option patch manag system man systems manag main window create a maintenance window maintenance window right R format right main window during that mainten window per so systems manager multiple options okay so yeah that is all about systems manager and load Bal multiple instan main focus application development don't want to take care about infrastructure right again INF management I really don't want to perform all those things so just PR so now let's select elastic beack create application option go here and create application application name okay then create application so click on create environment we server environment long running workand elastic.com thenat the net core on Linux net on Windows Docker go language Java nodejs a based on that you simply go and upload your okay okay name email address right a theme movie it's a very simple one okay noo uh I'll call this as YT being stack right I'll I'll browse this okay local F label ver then click on choose right use cases single I don't have any running instances do I have any instance no running instances stop okay and auto scaling group and load balancer create high availability using spot as well as on demand instances then click on next exting service create and service okay permission okay so copy policy trusted entity easy to Amazon so logic simple go to roles create Ro scr down so then click on next polies poliy so then then cck on next okay details VPC okay okay uh yeah again there is a problem okay default VPC right I don't have a default VPC okay so let's go to that uh rooll thing okay previous okay okay uh let's upload this click on next andate exting good so skip to review okay VC I recall then click on okay a new instance create okay aut SC grity option inst PHP installation see here right okay I want to change something delage codre let's do this okay I'm editing with text met okay simple not uh where is that the title okay on okay okay so so then okay environment upload and deploy choose file so again but we are using that platform to host okay deployment on demand El stack concept okay so next video e to instance backend mechanism St okay group okay so right I hope you find this video informative again first go to environment actions terminate environment okay environment grab that name give that name here terminate envir then go to application then simply go to actions and delete application okay first environment terminate then like you know application terminate environment all right that's it for this and inst okay and backp okay so status so inst isolation di okay first phic interf physical inter Sy right okay soting systemy okay so then gu only okay host mechanism Okay so to share my multiple customers share okay so instance isolation mechanism status system status check system status check inst status Che system St underlying Hardware levels Bo issues right issues syling Hardware low network connectivity power connectivity issues software issues on physical host or hardware issues on physical host so host system okay system okay in incorrect network configuration Startup configuration memory fully exhaust corrup F Sy stop and start okay most of thef so system one stop and start most the okay okay inst action monitoring and trouble get system l issuu volume replace volume repl simp issues fix first reboot so then verify why it is failing at OS level okay so stop and stop multiple times andot start and stem iny okay even e to serial console connectivity option okay and tency model and now respons so obviously respons responsibility and inst okay and uh data center security okay a data center data center access power connectiv Network connectivities okay the responsility encrytion obviously customer responsibil so actually Shar responsibility security model things security of the cloud and Hardware G regions availability zones compute storage software maintenance responsibility customer responsility configuration security groups Network AC shared security responsibility model shared security responsibility okay so shared security responsibility model and okay okay okay but if you want to contr connectivity okay Network okay so cluster placement group transfer okay so cluster placement group okay so par group okay share but partition one resources partition two resources connec network connectivity basically okay distrib F system plac group better okay spree spre okay so the placement groups existing okay cluster PG cluster plac okay group option right placement group a placement group cluster placement group two inst inst okay partition group uh placement group uh concept right so yeah the okay for example inst experiment console experiment data protection and security always new volum click on volume 100% should be enabled with encryption block Public Access [Music] access and experim review rows view settings all right um yeah easy to modu so the one of the important module so Ro 53 DNS service DNS regular google.cs so automatically back and lo DNS service domain naming system domain naming service addp add okay it just like phone contacts mob so this Sim way okay so dnice name for googlec Google learn. you cannot even purchase that okay so so you cannot purchase good or uh name.com or big rock okay for example a a with a okay so9 first year 9 remaining two years three years with9 okay 53 so first Ro 53le I'm talking about this a with so domain name let assume.com so.com purch so then then. work okay only within this a account within this specific VPC and Mumbai region onlys within the organ within the network okay and second one is s record start off Authority record and name servers record four name server record important writing it and now E4 name domain name. okay options default default option default name I want to use my own name second option I use my own okay adver Adine Mumbai region inst E2 simple weage simple weage right first host okay Del now we have to create one more record create for example. okay le. IP add we have to Simply take thatp addp so then scroll down create record okay seconds okay yes you see here when name okay 6685 rights okay so okay not so commonly used option load balancer most of the so create record Rec Ty a and bable resource list okay so choose end point application load Bal then it will ask you it's not a common DNS Rec MX Rec right TT okay commonly used ones okay so now simple roting policy click on create Rec you wait for some okay so load Bal load balanc private private access re okay. enter right uh https config that is a problem okay PR n simple roting policy simpley polies nexted policyed based on the load we configured based on the weight we configured 2 2 100% okay so based on this weight reest 80% anding okay okay so same exactly 100% traffic Northern Virginia 0% traffic Mumbai enable application load Balan and simple rting policyed policy mum now add another record Rec type traffic application load Bal load Balan simple routing policyed routing policy 100% traff now rec. access times I Chang my mind okay USA okay and mumai half traffic so not able to do that okay so and 100% trying to access matter okay so what is a differentiator here differentiator configured weight okay so let's htps okay still us right so as I told you 300 okay okay so waited roting policyed policies okay next lat policy Laten requeste 53 53 mum respons us lat time to get response time to deliver that let's configure this the testing us connect access create record a record Route traffic to application region Mumbai load balanc and latency routing policy reg Mumbai reg Mumbai and add another record as a yes Route traffic to application load balancer region Northern Virginia then select a load balancer simple routing policy simp create the differentiator is latency so testing [Music] okay with my domain so douet okay let me clear the screen firstate learn. Lear name us so thenation rting policy geolocation roting policy okay so based on End customer geographical location for examp okay for okay or apart from India Mumbai web server responsive okay no big reason okay testing purpose aard traffic to application load Balan reg Mumbai Mumbai load balting policy okay first right norn virgin routing policy GE location every key if okay us forver respons now add another record alas as a yes application load balancer reg mumai region load balanc existing load balancer okay and rting policy from for example United States Okay so only United States so Mumbai web server for USA create right. USA we respons okay again DS changes we have to wait. okay 53 command C HTTP col learn us okay so based on our root 53 configuration USA we respon so location routing policy right so NS nsup okay keep it same NS look up resp okay working now right 17451 1750 is it same as load Balan Mumbai load balanc respon USA web server Mumbai web server us because of this gation routing policy right so geolocation routing policy second okay so primary one healthy heal Che create heal check okay heal my web simple second okay so even yes we can for example Us learn.co in click on next then create Unown so yeah keep on checks the domain status so Rec type A alas so primary noria I'm selecting primary as Northern Virginia fa routing policy Okay add another record a recard Alias say a yes application load balancer mumai region and obligation load balancer fail over routing policy secondary secondary he okay doesn't matter but now all traffic will go to the primary one so primary us Balan okay it will take some time I assume okay again not taking effect yet minutes and meanwhile Health stat unhealthy we have to wait okay us load Bal okay again um traffic okay let me save this Ur Mar so traffic okay he okay okay okay so again we have to wait for some time and configuration okay multivalue answer routing policy routing Andes ored oration and Fa I'll check still failing okay sucess okay okay so load uny passive connection mechanism heal fail rting policy primary routing policy so this is all about Route 53 okay and uh certification point of view low you can expect some questions in your solution exam all right um English already playlist only you can refer that if you really want okay VPC basics configur but add [Music] private okay okay IP address cross the globe okay private onlyn okay private okay within the netk so simp so private IP add add name okay so okay So currently Network IP address 192 168 0.160 what is myp add.com okay what is my IP address 492641 IP address 100% uni depends onet service provider configuration okay so yeah the public IP address and priv private IP address and IP address format two Ty of IP address one is ip4 second one is IPv6 ip2 IP V6 12it logic simple can understand Z or one right Zer and ones see how many ways we can fill up that slots ipv4 128 okay recently compon okay eation Class A 0 to 126 okay Class B 128 to 191 Class C 192 to 223 class D 224 to 239 Class E 240 to 255 class D range broadcasting and multicasting purposes class purp okay remaining cl cl a Class B Class C okay IP address range IP address Class A I add first 127 127 lo lo so 127 Lo back purp same 127 Local Host 12 okay now laptop IP add add okay to 126 CL 172 171 19 okay without paying anything to anyone networ okay service Prov only private 10 series 10 to right 1726 to 172 31 192 168 to 192 168 255 255 e ranges three ranges for internal usage fine but Network and most of the home networ 1as we will discuss okay 192 series most soons of networks okay now okay first mob okay group so first remaining three parts hostes class first two parts Network remaining two parts host class last Maxim 127 12al 126 Network and the next question e 0 to 125 0 to 125 0 to 12 2 combinations 1.0.0 1.or then 1.0.1 1.0.2 okay so then 0 1. 0 1 2 1 2 2 combinations 0 to 255 combinations m 0 to 255 combinations so combinations generate one series Network okay so 127 networks each Network 16 million okay first two parts Network 172 160.0 example 172.16.0.0 first part second part network ID second part host ID again first two 16,000 Networks 16,000 128 to 191 so 1281 netork 1282 netork 1282 129 1912 16,000 netor 16,000 netor 1726 do 0 okay do0 0.102 255 1. 1.2 255 25,000 so 19 to 168 class first three Network last one host so first three Network last one 2 3 4 2 2 12 196 1920. netk 19201 Network 192 1.0 Network 192 255.255 223 2552 first 192 168 1 2 3 100 200 right so Network range 250 it gives answer for the question Okay so right okay 32 out of 322 already Z and lot of ones treat as already SLS so V4 32 bit out of 32 bit 32 slots already Z that means 32 out of 32 of zeros waiting lot of ones waiting so 2 to the power one okay total slots 32 empty slots slot 30 empty slots two slots two slots Zer and outut four IP address four four 0 0 1 1 0 1 one four possible scenarios with with the help of zeros and ones so 30 and9 okay so total 32 slots out of 32 29 already full three empty slots two the power possible SL 0 0 1 0 1 0 1 0 0 0 1 1 1 1 0 1 1 1 so total eight 1 2 3 4 5 6 7 uh something uh 101 yes 101 okay 32 2 slots 2 2 into 2 into 2 into 2 right okay so 26in okay total 32 16 already full so 16 empty slots 2 to the power 16 65,536 okay so VPC maximum 32 minus last 28 okay so four so 2 to the power 4 16 minimum Maxim okay minimum value maximum value fine but 16 IP add okay so out of 16 General networks General networks okay IP address Reserve so two IP address a reserves another three IP addresses a 65,536 inst 65 536 minus 5 so 6,531 usable IP concept usable IP for okay so regular Networks [Music] okay 14 I add Okay 14p add represent 24 technically again so 254 12 within that VPC okay so with the help of that visual submit calculator first okay internet phing so any internet phing any non inter phing private then VPC VPC next okay public IP address private IP address Network host sl32 sl28 second VPC VPC part two videos videos videos useful don't forget to subscribe my YouTube channel Okay so Network option okay default VPC okay default VP default VPC okay okay so now default First Option default option with one cck okay so custom VPC creation so V8 9 okay so okay applications two Tire three Tire applications two Tire three Tire one tire problem optionc six subnets three AP South 1 technically H AP South 2A okay AP South 2 Mumbai okay that is a reason okay okay so let's go to visual subit calculator visual sub a Ser 10 series 10.0.0.0 16 17 till 31 or 19 to 168 series then any IP address private 62 okay so now IP add right so using this sl26 and sl26 okay okay if you really want you go with another range also okay right 172 192 comfort NK soet application IP add manag okay2 VPC okay so let's start creating the resources delete default VPC delete okay nowc deleted okay EMP EMP okay so let's create so click on create VPC everything first option custom VPC YT okay so uh PPC name IP V4 okay no IPv6 tency go with the default tency dedicated dedicated hardware user back so simp onate VPC default Network okay right so now second okay 2 a and 2B R availability Zone L spread I'm doing I'm spreading my resource across 2 a and 2 so 2 okay create subet and okay subet custom bpc YT public I one uh 2 a okay so now preference 2 a IP range I will pick VPC C okay 166c YT public 2 and avability 2 and 192 168 064 VC y private app 2 okay availability 2 a and IP range so copy that IP range IP range okay now 2 and IP address range 192 1681 okay same subt db2 right select right so ranges 1.128 sl25 okay 1 2.25 right configuration CLI onate okay six subnets application subnets database subnet public subnets okay so now so go to internet gateway create internet gateway I'm going to call this as custom VPC then create internet gateway internet gateway create but St go to actions attach to VPC select the VPC okay step three also completed step four priv only loal okay they can communicate each other okay table R okay private So based on my requirement okay first rout sub asso Association rout Ro enable root table Roots option edit Roots add a root Gateway so select save changes internet access internet gateway help okay Ro purpose okay so easy or proper management robl subb gateway table Gateway entry so root table configuration fine we are good to launch our instances now okay actions Ed sub settings IP okay soost so go to actions edit VPC settings enable DNS host Nam VPC configuration completed enat enir better create flow logs on our VPC so flow Lo not allowed okay watch V so better go with the VPC level screen okay Serv na share so first create a policy policy describe log group logy okay then click on next name name see YT I VPC log okay so now create policy go to roles create Ro trust e to next Ro name YT VPC flow logs so trust okay Rel [Music] Rel edit rust policy a remove then update policy group okay now go to VPC flow locks create flow log flow log my VPC log traff only group okay left p L groups create log group VPC logs okay then create so now VPC VPC default format traffics and everything so monitoring option loging option VPC VPC configur PPC instances first okay screen window private okay okay so windows2 that T3 micro fre it will C you okay eligibility option3 mro hyd YT uh or yate okay now custom VPC okay public subnet Security Group okay description RP 3389 anywhere fine so then 30 gigs is okay then instance la V okay VPC click on launch instance okay operating system T3 micro same and group create Private Security Group so Linux anywhere is okay jally anywhere not recommended initial pH okay 8 gigs also okay then launch inst private okay okay so now uh next window Microsoft remot okay yeah new connection new pc I'm giving that and friendly name jump server internet gateway connectivity EST usame password click on connectp client us administrator password passing that password here then click on continue continue custom VPC okay permission issu s e to I user public IP address private IP address it will try to connect it will try to connect and it fails so the reason outside world we cannot connect okay I will download the puty tool download okay right confirm start browsing so let me download p.org website okay download okay downlo I'll prefer installation method okay sorry download okay next next install finish okay right private load desktop all files f see then save Private key without any password IP address so give that IP address under connection expand SSH expand authentication cred uh credentials click JC private key file forth now lo as okay okay so I got successfully connected to my private inst private first question private inst l.p. go. 100% pocket gole all right next private inst interet right okay SOC and private okay Gateway and instance inst to connect to Google so go to gateways click click on create Gateway my Gateway so Gateway custom okay soate in so Roots edit Roots add root I'm going to allow all traffic via private Okay so easy SEC okay Network I mean okay pending but it should start working no it's not working yet okay right avable St Ro okay and google.com conc gole googlep so indl download Google content diam I will try to show you that VPC VPC okay okay okay install okay okay okay so yeah inst click on browse more am Community VPC so operating system purpose design okay so so now Gateway deleted okay so how to testate inst andp traffic and stps traffic stdp and sttp yes I I'm opening for anywhere okay so then only it works so okay actions security networking Source okay specific Mi s so then Security Group STP stps open then Source destination check disable I'm opening all traffic inst okay entry so connected to Google Group onlyp Security groupm traffic open okay okay customer point of Okay so um so Gateway option right so instance and Gateway option okay okay installp y okay inst WEP chk config CPD on okay so page create HTML index hi welcome to ainash a sessions Escape WQ okay private adds okay sttp col output [Music] immed okay now Target group create load balancer inst so Target group name appg number 80 VPC select the VPC right click on next app includ as spending create Target group Target group create then load balanc application load balancer okay YT demo internet phing ipv4 custom VPC select two two even as diam also okay next okay so now load ALG ALG same VPC sttp is good for now AC certificate e just okay whatever traffic coming on port number then create a load balance okay load balance create same VPC so these two can communicate each other buter so we are securing our application eess L Okay so Network AC Network ACL act as a fire wallet VPC level traffic for example I want to filter okay we have to wait till this active okay outut okay okay fine e URL anyone can access e URL across the globe anyone can access saying lot VC okay so somehow you identified you are getting some unnecessary traffic from one specific IP address then network default create network ACL custom nandini okay then create network AC right custom Network go to subnet Association edit subnet Association sub it's trying toad it's trying to load and it's going to fail inff okay so NK traffic rules rule number 100p traffic rule number 20p windowss and rule number 400 concept ports temporary ports so temporary port24 to 65es going out so outb traffic so now again rules rule number 100 okay uh https rule number 300p Ru number 400 rule number 500 ports temporary ports okay then save changes then it will start works then nkp port number 80 allowed for everyone okay sttp port number 80 allowed for everyone in inbound as well as out rules right okay yeah somehow this is some issue but okay let's assume Network okay unary traff rle number 100 ches outb rules add rule rule number 99 again Network lowest rule number takes highest priority okay IP address then changes okay soart fromp okay okay right yeah we have to troubleshoot and I okay sttp and stt B anywhere save rules okay still got little sorry so maybe browser okay so some back browser again problems okay okay output inbound outbound now Port number8 open for everyone okay right add ruler rule number 100 allow for everyone rule number 99 that stdp traffic okay so the networks so rule number 99 HTTP given that IP address okay then to okay rule number 100 allowed but rule number 99 is the need for Network for example Rule Number 8 Rule Number 8 show you for example rule number number STP Okay so rule number 50 sttp traffic same rule number 9p add rule number it's working right so lowest rule number rule highest priority so 100 times will okay subet Network helpful option it act as a fire wallet subnet level all right so that is all about Network ACL n instance and N Gateway options um private submit Lo instances ke for example private okay double gate only local ACC okay usig optional okay even reg parameter iph region AP South iPhone one okay so private okay command pass A3 SP LS so thatp con S3 platform 443 it is using stps protocol so internet Prov mple types of PPC gate gate so now create end end S3 Gateway end but again this private Ro so private Ro table then click on create end point end private link S3 okay again okay3 region parameter right so this is how exactly we can create end points end points not only S3 for example D Bing end private link dyn any other service access Prov end point concept okay so I hope our topic clear and good know and ser don't forget to subscribe and next topc okay MC VPC in option first activate request IP address range and accept IP address range same 19262 VPC 192 16.02 can I enable communication between these two vpcs no we cannot okay so then like you know okay so go to instances Mumbai VPC or Mumbai bearing instance and Amazon Linux is to now okay and uh uh put key and existing key pairault okay for everyone 17231 and E add different so EAS communication okay right so it's in pending state so let's wait till it get running State okay already right it's stopping so not able to connect to Hyderabad I mean Mumbai region private subnet E2 instance okay so okay Mumbai region easy to instance IP address under connection expand SSH authentication already I'm using that ke I'm trying to connect it's trying to connect it's trying to connect obviously first MB VPC information okay VPC YT okay request VPC IP address Mumbai in our case docent different request VPC Mumbai AC VPC Hyderabad accept VPC Mumbai right so request VPC Hyderabad information first I'm giving so then VPC ID AC information mumai information Mumbai region VPC cadr range Mumbai reg VPC ID so AP sou one correct and account as this okay okay so now so now go to Hing connection createing connection name so hyd2 Mumbai pering and VPC ID local VPC n M so then createing connection createing connection okaying connection pending acceptance Mumbai Mumbai VPC connection okay accept request appearing connectivity accept again we need to do some okay Mumbai Region C and Mumbai region Ro table Hyderabad C so logic simple hyad VPC address Mumbai region VPC addressing entri so let's grab this Mumbai Civ edit root add root now Mumbai Region C R and connectivity connection connectivity so public subnet instances now can communicate with Hyderabad one Mumbai ones so then again beinging connection Ro Hyderabad C why pering connection select pering connection then save changes it's asking me login as Mumbai region e to instance internet one of the private flpc VPC VPC A connec to B and B connec to cun okay so PPC concep okay VPC VPC is okay top so I already made a video on that video description so a video really interested you can go through that and also if you want to go through I'm adding that video also in our video description so that you can go through that relation datab user information credit cardit card information back datab relational datab so MySQL po comp so then we have mssql MySQL poq Rel databas operating system purch open so okay operating system but operating system patches we have to take care database installation configuration backups High availability platform service datab Serv okay so let's get started let's create okay so on create database stand default options I'm going with standard create standard datab bed Tey right and database features really useful my Community Edition multi I'll talk about that next video multi and two features next okay option so then dis no issue for now so what is theb passw so to secure that information secr okay so but um yeah man but if you really want secret manag but secret manager com eligibility okay and is okay right password okay2 micro3 micro micro so better to go with theg micro 2 extra 8 vcpus 32 gigs of RAM So based on the configuration you selecting here a DB engine performance CPU performance Ram performance dep demg micro is absolutely fine and already e so same Andis GP G is okay and even I'm also okay with gp2 Stage a 85% 10% of an existing storage or 5gb 20 GB storage for example 19.5 GB already stage SC 5gb or 10% of 10% of 20 GB and 2GB okay but 2 GB or 5 100 GB 10% of existing storage or 5gb 10% of 100 GB 10 GB and right so the storage Auto scaling option not really interested at moment and connectivity okay so aut go and don't connect to now okay so then default VPC I prefer to go with the default VPC VPC videos already discuss okay so default first E2 application subnet okay and E2 database subnets then database creation go to sub groups name uh VPC DB subet group so then description any custom VPC RDS DB subnet groups and and 1il zes ending with 43 and 38 okay so ending with 38 and 43 datab scroll down create okay good okay VPC vpcb subet group def okay subet group importance access access most of the databas contains lot of lot of sensitive information so okay VPC let me show you that architecture a create okay yeah so subnet okay two subnets two private subnets Okay so datab so then datab okay so yeah and private okay I'll talk about the later so we need to adjust our also okay SEC group The MySQL MySQL actually runs on port number 3306 so 3306 based on the sub group we selected so proxy we talk later additional configurations and authentic pass pass ENC enhanced monitoring en while creating we can enable so not really interested at moment and additional configuration initial datab initial datab for example demo so datab options group parameter group and options gr parameters 290 properties kind of properties so for example B so related information bin log okay so flush Q Comm Max bin SI bin for [Music] example trans is an isolation G sets grou options grp okay default options so then backup automated backup option so if you really want you can enable this or uncheck enable so I just want to show output Sameer next so it will save some time so enable automated Backup backup redention period one day and backup redention period maximum we can set up 35 days back based on the environment last days back cop nonu last three days or last two days backup cop sufficient okay again back back window we can choose a window okay for example morning 4 a.m. UTC window but better to give a window and back enable replication in another region comp Pur okay so then autn okay encryption option database encryption key uses encryption so we can use a KMS service and yeah it's recommended to enable encryption okay and log exports so database level a log error log General SL Lo aits so then main aut upgrade option and maintenance window main window uh choose a window Saturday uh morning 3: a.m. UTC hour window maintenance window and backup window should not Collide okay so no problem okay good option back and STS volume 6.2 2.62 7.97 based on Mech okay scroll down and and create database datab okay dat and database private private we have to like you know Security Group okay so yeah so now back so I'm going to start that lach okay initi let start with Windows Windows Server 2022 base T2 micro okay so then key exting but Network Network database and This Server dat so then datab my workbench just workbench microft so let's get connected to this jump server okay so I'm grabbing my public IP address password key given one click on connect RDP client get password upload private key file okay I think yeah Windows GP okay then password select JC I'm giving that password here then click on continue all right very just browser open J Okay Google Loc right so MySQL workbench download off my workbench download my workbench onlo simple installation okay next next so then workbench install CH then my work it's a tool to get connected to our database okay datab okay I'm going to copy the OST name add port number 3306 usern name DB then click on test connection okay con so then it will try to test host name connect aiki and datab curron we are not able to connect unable to connect okay rules ex port number 3306 inst IP address okay inst private IP address actually open for everyone buttion so to jump server then click on Save rules okay so now okay I given my password click on okay so successful connectivity establish click on okay and okay so I'm opening it so now datab connect I can give right click I can create a schema and T okay we can go to Administration okay data import or export us self F oper datab okay so that is what RDS it's launch process and connectivity process okay so and RDS create so if You observe screen SN we cannot delete Snapshot right so database connectivity process okay okay okay okay first create standby inst m deployment option en okay mainten theny okay create I think good um YT I MyQ I so configuration micro right aut ipv4 no Public Access same Security Group as existing one password authentication KMS key Auto version upgrade interested not interested then create r possible already you know not allowing us okay right so we will discuss that option after some time I single back only okay dat avability okay so for example avability Zone oper issu some issue happened okay so then avab another stand okay deployment important for example M Master Copy cost $100 per mon approxim $100 m look up now RS Endo let's take RDS Endo trying copy uh not pasting okay recent what I will do simple text pad create okay okay right okay fine okay Master Copy IP address 258 secondary copy IP address will verify okay okay it will take lot of time Master stand Master Copy and standby copy same end point okay stand water responsibility okay and it cost I want to show and second thing DB inst DB configuration um something like t4g medium and storage gp2 20 gigs is fine and costs database cost $61 storage cost $2 total $63 approximately $64 option enable is that mulb option so that's reason stand read standby inst operations in Stand M cluster mechm for example okay IP add with stand let's see what happens okay one or two minutes process again still IP add name okay reboot operation taking effect acting as a master it acting as a standby okay reot okay IP add 192 16 2179 2 179 okay name okay datab endp add 5879 deoy concept um fall to purpose okay fall to purpose High availability purpose design is the solution Okay so createa then replica DB instance identifier YT I MySQL read replica or you can give any name no need to give this iPhone read replica so configuration T4 M andum storage 20 gig is fine not interested in Auto scaling DB instance single DB instance public accessibility no password authentication yes encryption automatically enable encryption not enabling Auto Min vertion upgrade then create R replica the appr to 10 minutes see okay Master datab Okay so read operations as well as write operations everything Mastery and Master Copy it's taking lot of data right datop datab okay application operation simp another copy Master Okay so for example sy so then I can create okay so information coniguration yes we can do thater at some point of time replication breting replication Reen and okay so yeah creation initiate Master Copy so there is no issue we can start working on this okay let me connect password okay passw right okay connection first connectivity option Master Copy or primary so then name MySQL red replicant create okay when we go here action and create R replica create existing datab ex VPC already but that's not a suggestable option create existing datab okay primary we can Define fa priority Tire Z TI one lowest TI value in case of any failures okay so modifying so modifying St running state immediately connect let's copy that end point let's try 3306 usern name DP admin test connection okay password click on okay connected successfully soopy okay let me do one thing Master give a right click create schema schema name test 1 two 3 and now okay so then click on apply apply finish now test 1 123 SCH 2 without any further delays okay so giving a right click and okay refesh per let's try give a right click create schema Test 2 3 4 5ck on apply apply server is running with iPhone I read only option right oper okay drop datab set to default okay so at some irreversible process okay so let's try okay but again all right so multi deployment concept and read okay back okay Advanced addur aut back so based on two things it creates for every 24 hours detects any major operation happening on our database back backup cop just like instances so snap back okay system back we don't have an option okay toap snapshots and so system back system backy to create so backup cop create snapshot important okay not only most of the okay specificy restor sot snapshot demo snapshot restore demo so configuration storage g vpcc a subnet group and a security group okay so then options almost similar to database creation rest at this time October 9th 7:37 dat snap process take snapshot option take snapshot option s [Music] okay okay so backup automated backups system back delete okay retention window option maximum backup retention period is 35 days5 back option days retention daily create monthly one year retention period so template pre-configured template and name how frequently you want to for every 12 hours 24 hours weekly monthly or crown job Period start within 8 hours so complete within 7 Days andc point in time recovery p option en so then retention and so backup so then okay um jobs uh uh where is that this is backup jobs and restore jobs n onand op back okay back okay name a database select create backup create backup now start within one hour okay any ret role basically need an AM role and Backup Service L and permissions right so back options sorry um point in time recovery option something happen to new database create all right yeah that is all backup and store options we have ons that's previous video database creation comp and develop okay but simp the maximum data it supports is 64 TB but Maxim 12 okay so performance Improvement 15 and back application M across avability zones advantages and Aurora also supports serverless and recent Aurora aora multiple Lo okay another launching process connectivity process comp edol okay so one point no SQL database in no SQL database um and um then second important thing capacity provisioning okay student so then settings and default settings and uh storage class standard in frequently access on demand the capacity WR many re so onand based on reement it changes automatically but group config Auto scaling minimum capacity one maximum capacity 10 fix pricing estimated pricing and encryption mandatory enable table explore it attribute string right so first name aash Str last name right so number contact 101 where student name is equal to like another name like anep right and something like uh just just just doing some modifications right so then create item sing where student uh is a number that equals to 10 sorry I remove that so student ID where it's a number not equals to 1 or1 information back Backle backups and accelerator the Dynamo DP accelerator is a inmemory caging solution for our Dynamo DB okay okay so just remember the Dax memory solution service name Amazon elastic so elas again two open source MD and more frequently used so inmemory casing solution for RDS is a elastic Cas it supports two casing engines and is r and second one is m dyn in memory casing solution graph DB um what is that document DB document DB Amazon document DB document DB M comp okay so again creation database neun it's a fast and relable graph database right so how exactly it works so but remember no SQL Dynamo DB mongodb compartible DB and graph database Neptune and Dynamo DB in memory casing solution Dax and rdsk in memory casing solution Amazon elastic so onlineaction process online anal shift Amazon Samsung customer datab across glob datab and they will use some business analytical tools ba tools third party tools existing data anal and second one is compute dat warehousing solution one of the cheapest data warehousing solution also offering first time customers $300 okay yeah that is all about all the database options okay service yes you can refer this okay so S3 platform okay bu okay SO3 platform so searching for S3 S3 simple storage service s comp okay uniess object second component okay so bucket click on create bucket okay okay so then what we can do so click on upload f so we can go and simply select that file for example file right so yeah I'm going to open that then click on upload so usmission okay so okay we have to take some like you know settings unlimited data there is no limitations S3 unlimited dat first and maximum SI okay so multiple FES yesb liation only one individual object applicable okay so Li okay s if you want more than that 100 buckets we can okay then request increase at account level any buckets 150 buckets 200 buckets and so that we can create 200 buckets also create if you're trying to create something like a dot it will give an error bucket name should not start with DOT should not end with dot continu dot Sy like you know don't allow us to create a bucket with name that resembling IP address format okay3 basics first storage class standard3 standard it's designed to frequently Access Data daily multiple times it's recommended to choose standard standard infrequently access okay so but designed to store infrequently okay to standard standard infrequently access so then oneone infrequently access same as a standard in frequently backc chances toed foral purpose frequent standard inent standard infrequently or one infrequently or longm durity total 11 to. but R storage class durability value 99.99 so it's not recommended okay and it's not standard class one zone in frequently access so then I can select and I can open one zone okay demonstration is same Imes or we can even take a fmd okay go to properties storage class edit so GL flexible retrival instant downlo open option downlo restoration hours toes demonstration purpose for coming two days so now okay so different storage classes options so storage class P tions okay rest fer create version.txt right so let's assume now a f up modify reupload okay same F okay version test so then so then uh same file test I'm reuploading same file again lat okay okay okay L is very simple delete there is no way to get it back okay so the um important option okay uh bu and versioning enable go to bucket versions edit enable versions save changes ver test3 platform bucket upload so then version a version 2 Data M like I'm uploading then version then uplo okay so same file with same name three times with different 62 652 09 seconds 22 seconds 3 another version so then another version so buts objects most recently uploaded okay there is a chance to get back okay fine I want to get my file back into this S3 bucket exting okay will latest versions I want to retain previous versions automatically Del Okay so standard so then after one year one frequently infrequently infrequent automatic actually I have an image okay a documentation life cycle yes this is a image SO3 standard infrequently then intelligent tiring then one zone then glazure then glazure flexible management okay so so create okay LC so limit the scope of this rule using one or more filter IND like where key is equal to task and value is equ minim object SI so now management direct expiration so first option and fourth option current version of object latest version of data or current version of data applicable second option and fourth option previous version of the DAT current times or four technically previous versions current version okay first option move current version of objects between storage class default S3 standard storage class S3 standard so then 30 more days total 60 days from object creation okay so minimum 60 days so GL at some point of time I want to delete the number as the setting Day Z uplo day 30 inqu day0 on day 100 object current version of object only aut or second option move non-current version of object and permanently delete so non-current version of object infrequent after two days infrequently access sorry previous previous then at what time you want to what stage you want to delete most recent noncurrent version so then immediate day zero noncurrent day two after two days automatic recent okay I'm going to apply for all data okay based it's about to expire and also okay object downlo okay so we are able to access the file even okay so S3 next feature replication option replication option aut okay so for example okay okay and second Source bucket and Target bucket both should be enabled with versioning sourt Sy syney reg cre option default okay Source bucket or Mumbai region bucket manag replication replication rate replicate rule rule name Mumbai to Sydney replication so en and is refer that so choose a bucket in this account then click on browse so bucket okay Sy okay then choose source buet and Target bucket and Ro so replication en replication I'll talk about that in another video so onlyc and add RC replication time control 99.99% of within 15 minutes okay add cost not really interested then SA one up F okay capce okay scr down cross replication okay replication status completed that means and also observe one thing replication rule create yes we can but already replicate data yes we can replicate data to multiple Target buckets also okay so replication replication hos St hos okay okay US password so without and S3 platform avity dur 9.99 avability and 999 okay already root 53 section already complete okay a or.com or so then not re right so now bucket okay for example for sample purpose okay right content I'm uploading to this S3 bucket cont HTML temp so free default so scrolling down and St website hos option en so host static default ftml then save changes okay fine static website hosting ACC go to permissions bucket and objects not public first block all public access changes I have to type confirm then ACC objects again objects bucket and objects not public object can be public ownership okay access last option okay every okay so S3 static website hosting feature so next option policies bucket policies resource level permiss a options user LEL permission group level permissions and resource level permissions opy okay so go to users create user okay policy t test usern okay create an user custom password not enforcing him okay e user key S3 full access then click on next us buty TM uh fine if if this policy test user data access no problem but data yes I don't want to allow okay so up then there is a problem I don't want to allow so resource level restriction so buy okays usage okay uh sign in I am user click on next my username is Channel [Music] and right so can he delete something delete option this guy he's and is he able to down upload any files or any objects yes successful uplo so right I'm able to do that operations specific user policy test user bucket policy policy policy generator soete so then a user key okay so delete object option as well as um upload put object put object and Del latest fer so then statement get bucket policy option get bucket policy then click on ADD statement so then we'll do same operations refreshes I'm typing delete delete object and uplo files okay as I'm working as a policy test user okay so policy observe important effect principle usy access okay operation princip simp get Arn SL star bucket AR then add statement then generate policy he generate up access UR so a okay so Buck policy all option of information all right bucket policy bucket policy as options acck us permissions and everyone permissions okay permiss video okay management replication and static web hosting and options uh events option so let me go to one specific bucket properties scroll down and um where is that events notification okay events simple notification service justy okay there is no Lambda function so top I'm going with standard topic name my S3 alert display My3 alerts access policy we have to modify publish everyone subscri everyone okay then create a topic email and email ID so then scroll down and create subscription notification subscription confirmation really only not any supicious links right so then now if you give refresh in this SNS topic okay SNS partwise we are good create event notification my S3 so allete lot of operation get notification okay so choose from your topic important and access alerts save changes okay My3 alerts see this test okay and object a quiz. MD and then what happened okay so and what happened object removed delete marker created prettyy Json soyon Json soents management Pur okay and encryption I'll discuss in our another video intelligent tiing intelligent access okay rest intelligent right related to3 dat events upload uh dat download processess examp speed Buck for example result then definitely it is worthy to enable this option we cannot enable this transfer acceleration so yeah Francis different different tests goodi then we can consider to enable this option Francis yesim 49 up downlo right so you can decide okay then we'll go to next topic okay 152 faster so good up okay re instead of bucket owner okay dat transfer lot oflo option enable so instead of bucket owner who is requesting the data okay clri SI and total number ofs we have to create a filter scroll down view additional charts click okay request additional regular total bucket size and number of objects free okay Cloud watch service andri then create a filter give a name and apply to all data then create filter size and number of objects and downlo add so again tion so some another S3 bucket properties next video options two days 10 days 6 months one year no one should able to delete the data I need to contact customer support So customer support I prefer to create a new bucket create a bucket a.y. lock test name okay disable and enable enable and I acknowledge then create bucket scr down edit and default retention enable govern and okay during retention period okay but complain no user can overwrite or delete protected object versions during the retention period but remember uplo so auta for coming one day okay asking to delete okaying permanently delete okay so then it's asking me to type permanently delete okay ret okay I CH my mind even disable we have to wait for one day at least one day okay object lock feature object lock storage cl cl appropriate all dats so storage class analysis just a helpful document appropriate storage class so another properties on our S3 bucket we see featur Des so please refer that and0 family Dev Lo supported storage and snowball Edge SD s Sall optim 40b 39.5 datp CPUs 200s based okay so system okay so next option shipping family stage service okay certification take some time and read about the storage Gateway so okay then at the same time I'm typing delete and at the same time EV consisten so simple put off for put off new object objects read after read consistency right overring an existing object or deleting an existing object key EV consistency all right so S3 consistency mechanism and3 performance perance bucket default 3,500 uplo folder folder 3,500 uplo initi folder 3,500 uploads so more prefix pref examp 5,500 operation folder 5500 operation folder different prefix perom all right options hope okay resour kind ofall okay Network command it intended to design like um custom AC okay again nameb ACL right so then click on next rules rules rules uh set of permissions set restrictions groups IP address list M Anonymous IP list Linux operating system common issues light Force attack Brute Force attack posic issues bad bad BSL injections okays okay app that fils andle evu okay so a rule firstate first okay next step CL watch monitors okays rules so then it app thep pattern and OKO ACL $5 per month per ACL and um hourly basis cost out okay and Rule $1 per month and based on any request filter network distribut of service onlyest so unnecessary duplicate request poof pockets okay price $3,000 per month and data transfer cost add but don't enable this your personal account but don't enable this shield in your personal accounts okay two purposes okay two purposes customer location it has capability service CD cont Network so how CDN works Network customer reest Edge location re Okay so re YouTu okay CLR with application load balancer S3 static website hosting okay so uh our videos already in explain okay okay let me swi to okay ban configuration so please refer there okay sta Pages St quity so load difficult okay distribution onlyp only so then compr whatp request and a operations STP method distribution and 2tim so then liting okay 300 request for IP address per 5 minutes period okay liit random and scr down default so then create distribution ID cloud. and I mean not back AC okay public certificate now fully qualified domain name okay so go we have to show our ownership on the domains Val vals Val ACM certificate Mumbai reg reg sorry a Mumbai andc okay acation process and Cloud front domain naming mapping process so okay one two minutes wait status enable right okay okay so cloudfront distribution with load balancer distrib so create distribution don't want to do that access okay create .yt do cloudfront name block public accessable create bucket yeah two images to select no okay so then upload okay okay give a refresh okay a. YT cloudfront bucket okay ACC okay so click on create policy okay so then scroll down sttp to stps redirection next custom policies cing cing optimized kou recommended for S3 same as load balancer so then uh do not enable security prodection okay Landing then create distribution so copy bucket policy bucket then save changes objects okay get object permission Cloud distribution URL okay so yeah other Cloud distribution data okayy for example copy size 21 M first time but it's it's loading very quickly okay [Music] restrictions validation create invid specific F so Cloud distribution invalidation mechanism so I hope distribution manag service us DM default master key so default master keys okay any tyes ofs of encrytion basically three types okay in encryption encrytion okay okay connection to this website is not secured okay it it should be stolen by attackers not only next Okay so uplo respons now okay default master key that protect my S3 object when no other key is defined default use as a key okay okay S3 capable enough to encrypt our data click on create bucket bucket name um 14 10 2023 do AAS do encryption test so we have to go with some some kind of encrytion default so encrytion key with3 managed keys3 okay ke encrytion ke encrytion key material generated and managed by S3 platform and okay then upload so already okay so navigate to users create user a user name encryption iest and management cons US password not enforcing him to create a password so then administrator access okay administrator so I don't recommend you to test with administrator user S3 full access USS okay user name encryption test okay3 encrytion enable Okay and he can simply go here he can open that file and he can read okay so s and3 okay default Master encryption ke is ending with 21 AC okay and ENC so second option Ser encryption with KMS SS KMS so then First Option choose from your KMS two thenes L s33 ention mechm 2ms but existing ss3 SS KMS existing data3 so same as existing statement okay okay and refh file no problem to access S F also okay and3 DM okay so click on create key so ke multiple options alith key types so symmetri sing then on nexts iyt demo okay so then click on next key administrative permission who can administrate this key admin Adat only user then click on next users important Point okay then click on next the review screen finish CM free eligibility only us us permission encryption test user permission so now refr uplo add files so file name k.x so then upload so I can read all the data without any difficulty okay but ENC T us he able to access without any issue noted tot specific us encryption test user perion us cation responsibility but along with platform access platform access encrytion valm okay switch to policy so key users click on ADD encrytion test us USM administrator permm encryption test user give a refresh and Okay so op ENC can customer provided for simp ke sorry okay conf that you want to disable so disable but immediate delete option soim Max days minimum value 10 days so 10 days I confirm then schedule delation okay okay Hardware module HSM uh Hardware secure module so Hardware okay helpful and another standards standards Hippa standards right fedramp standards pcss standards stand okay so customer provided option all right KS service so lamb one of the interesting service process okay problem only so Mech okay so first thing Lambda the um serverless architure anding languag okay nodejs go language python Ruby Java six programming languages langage application with my own installation so what we can do we can create a okay I'll try to explain this lamb and instances with the help of lamb function okay so first let's create a function so click on create a function auth from scratch environment variable for example google.com searching Ur So validation so okay okay and L right so again let me give a function name YT I Kary default new with basic lamb permission option lock grou defa SNS policym with Bas okay so then Lambda function code and minut okay okay for example um so YT Lambda Ro description trigger for every five minutes so then rule type event pattern I'm giving rate format for every five minutes so for every Okay google.com Okay then create a function now Cod KMS key permissions am I encrypting anywhere I don't think so unable to configure access okay let me give a refresh use a blueprint Kary YT Canary create a new role not giving any event Bridge Okay encryption option so default Lambda encryption it's trying to use let's create a function okay default [Music] encryption okay I want to talk about pricing so cost how a is going to C okay first 41537 41 okay and lamb function memory 12 okay 12 12 so maximum memory M 45 okay so primary watchs request ID checking get check check completed and request information everything dur Maxim memory memory igur option okay okay so minimum maximum 15 okay so maximum 15 for example 16 minutes 128 memory most of the 12 sufficient so then what we can do we have to increase this memory edit4 okay so configuration part okay so that past and uh created or modified now for testing so deoy check and modifi for testing so S3 event Bridge service locally sorry event Bridge so click on create rule so then rule name Lambda test then rule with event pattern and schedule SCH okay then click on next now what is a target Lambda function UR events notifications as another tget next create every two minutes okay EV Bridge lamb function okay okay so easy okay so then another important F the V okay can use this VPC configuration option so click on edit VPC options backwork but Cloud watch grou it uses to write the lork interf onate L okay then click on next VPC access execution VPC access exk create delete private add Network interf L VPC ex L function uh Lambda YT S3 okay then create Ro function Okay click on edit so could ex ex existing roesh refresh lamb then save L function okay so now let's try to move this lamb function within the VPC VPC select JC a subnet and select JC recommended to choose at least one two subnets that's fine demo the V helpful option okay and so and okay extension ending with okay per L creation right okay I hope okay CL [Music] form okay okay proper so S3 36 buckets okay okay so now cloud formation okay so already templates I'll try to delete those and last error yeah I know that okay so right is but resource combination click on create stack okay uh like a lamp stag G WordPress blog GH okay or WordPress blog on mul Windows inst so bucket policy not an expert in this okay and okay new resource we can select Amazon S3 URL we can get the URL here okay so choose f then click on next name okay bucket click on next next then submit then 37 buckets okay earlier CL formation stack back C templat ID and reg this is a resource it created bucket one S3 bucket some random okay Soom okay okay 14 10 2023 whilea bucket name set so let's do that create stack with new resources my template is ready upload a template so bucket one yml so bucket iphon 2 then scroll down next then submit 14 okay only yes we can lot of properties it supports two programming languages or scripting languages yl yet another markup language second Jon JavaScript object notation support okay so mostly key and value okay metadata key and value a resource okay so resource properties a property okay bucket name property then value access contr 14123 life cycle management Ro and enre sck after days after okay so now let's deploy this so go to cloud formation create stack with new resources my template is ready upload a template so now template bucket 2. yml yeah bucket 2. yml just double checking the next so bucket then click on next Now options option St successful fine no issue but creation misconfiguration so bucket creation success ACL set up on that bucket also success but management r start deoy already okay R back all St only but let's take a simple example okay total three resour creation okay first step success easy to inst cre Second Step S3 sucess third step third step database creation butur datf option roll back all stack successfully cre preserve successfully provision resources back so then stack policies polic back so then click on submit now cre 37 buckets and management screen life cycle rule cre so life cycle day Zero object uploaded day 15 it's going to glazure day 30 It's So currently so somehow I just change my mind question okay okay okay just let me do a refresh okay option current replace current template upload template file so choose file bucket 2 yml right yeah so then click on next so now click on next scroll down next okay inour and okay complete let's verify that3 life cycle management screen refresh and okay and important point stack I'm deleting this stack okay so obser deleting the stack will delete all stack resources then delete so yeah really I want to delete that okay option but so yeah so that's the reason it as a parameter parameter option upload a template file select choose file select exting temp next okay doyt do par. test okay then click on next scroll down next and submit okay tempate already okay SU for okay PL okay Firefox Firefox EXT first credentials we have to share access key ID and secret access ke okay so again I am us cons and read only access only access okay last screen read only access next create user so user access secr access key so go to security credentials access key CLI I understand create access key access key secret access key generate you copy that okay then click on continue to parameters so parameters def continue to settings so account configur we have to scan okay datab right so yeah so right so display formation right different Services okay cloud formation script okay and E cloud formation script right oper different okay backw so so okay soer en encryption enable life CLE right so we have to take care okay so yeah all about cloud formation cloud formation cost okay form we have to make sure but cloud form service absolutely free and certification point of view [Music] deoy perod form okay yeah um interview perspective so basically whatever activity we do refresh okay resource creation okay every single okay default only last days we have to create Okay so cloud trail right I'm in Mumbai region CL service continuously LS your account activity okay so go Tob so everything right so again for examp Cloud not possible and if you are doing something you have to accept it you have to if you commit a mistake you have to accept it okay and including and last 30 minutes right so yeah okay minutes elastic IP address interested last 30 minutes kak okay uh from September 1st to September 30 specific event for example terminate instances okay particular September just terminate instance inst IP add okay what is that each and we can start all this data okay last 90 days logs okay inst okay only resource creation resource creation resource resource first important have to create aail data events Insight events management management free management so create a trail give a name so my test Trail organizations you can select enable for all accounts in my organization SEL cloud tril is our main focus and I'm initiating to create a bucket we can delivery don't enable this lot of unnecessary LS okay the right option and good option optional S3 the mandatory but I prefer This Cloud watch logs also any one is management second one is data event third one Insight events management events and okay resource creation resource SNS only Services data related events like activ up okay all current and future read operations oper okay only set3 S3 only l l function okay right d unusual us dat then click on next and click on create Trail last okay so F then my account ID then cloud trail year month date within the date logs immediate just right after that event happened lock giv some random ID it will take some okay so it's not real only history right okay so yeah so CL tril option and okay new [Music] first okay resource modification record all current and future resources and record all current and future resource type with exclusion res record all current and future resource types supported in this region Global resource roles S3 then click on next provide a bucket name config then click on next for3 option okay so um RDS snapshot okay to inst no public IP address non comp okay and S3 public read prohibited S3 Bucket Level access prohibited S3 account level Public Access blocks prohibited stands non and it will C us all resource only a resource know only okay timeline information okay so uh option for examp rour I have to go to settings and recording is off okay again AP South 1 2023 10th month 10th date and ZZ format okay so Amazon cloud trail and uh config options delete okay yeah and already dis okay so uh that's that's about cloud trail and config uh okay a okay so performance performance security fall tolerance and service limit cost optimization over over provision resources it depends on our support plan basic support plan just five or six are developer support supper supp underprovision resources okay underprovision Lambda function only underprovision volum security group number of rules okay and well architecture framework performance efficiency issue over utilized magnetic volume overti over provision over performance user all suggest okay groups support numbers open for everyone security and fall tolerance resource spreading across multiple availability zones okay so Lambda VPC enabled functions multi Serv for example already almost 80% request increase at account level then we canate request so trusted advisor usage okay One Stop Shop to manage all your service best practices but best practi okay management and governance option personal health dashboard personal health operations [Music] ches service problem open and recent Health ISS open and recent issues right okay what what exactly happened operational issue increased related 11 123 exactly hour option okay so a advisor and personal health dashboard okay first of all account create okay like account billing period a mon 20212 for example SE 3. 1.47 us so I'm expanding again Mumbai reg Northern Virginia so mum every sing 03 we can contact [Music] okay okay so 750 hours for T2 small instance depend on the region operating system micro3 micro so 750 hours per month windows t233 for always keep an and anding related questions [Music] charge question CH okay so Bing screen organizations us template simplified option Z okay okay monthly forec $10 actual us 85% Zer spend buget and monthly cost buet important mon rep and receive free TI alerts receive Li % and receive Cloud watch billing okay preference so and really interest in one specific month so only September 1 September 30th really interested then click on apply okay so so then it will show you 1. so the next for example okay elas Center nonce okay right so cost expor options DET okay so automated cost detection and root cause analysis so uh it's a free service okay costal detection exactly it works create cost monitor view detection history analyze the details so helpful option obviously resered instances mechanism savings mechanism savings option the computer or easy to inst savings plan so one year years inst so and Lal estim l so select metric US Dollars last one day period [Music] right nor Virginia Reg Okay C alert mechm all right so options hi everyone welcome to my YouTube channel my name is a High L overview just at least service okay first secr manag Secrets man information okay Secrets manager service secr one of the very first service sqs simple queing service sqs message applications and depl okays m best effort message but no guarantee first first so message exactly based on our requirement standard and maximum 26b and message retention period default four days and maximum 14 days and messes unable function step function purp okay okay okay mainly obser step function is a serverless function orchestrator that makes it easy to sequence a Lambda functions and multiple a Services into business critical applications okay so um example payment processess Shipp Amazon solution spech neural Gala standard Gala a language voice every voice different voices okay yeah speech synthesis Mark language for examp ML so text spech compreh unstructured text okay um basically natural language processing service sentiment analysis entity recognition topic modeling [Music] okay so revie sentiment like key tops Amazon comprehend okay so basically the machine learning okay [Music] okay Lake formation Lake formation data Lake G right so uh Lake formation dat designed for dat Solutions so quick site quick site analysis purpose Okay so uh for example perance okay quies interactive data visualization tool Big Data kind soark Flink okay EMR elastic map produce particular Dev okay okay kind so that's in Works Amazon appow Amazon appow basically integration service it's a fully managed integration Service sofware as service application data transfer for example Q app syn fully managed graphql service and for example mobile or web application mobile application real time good to know services so Services soin solution so okay see you again in next videos thank you guys congratulations next ande [Music] preps operations [Music] admin thanks for uh spending a lot of time here and uh keep learning keep sharing see you thank [Music] you