Hey, this is Andrew Brown from exam Pro. And cloud computing has now become one of the essential skills that you need to learn in order to make it in the web development industry in AWS, Amazon Web Services is the most popular cloud computing service used by startups. So this whole course is about getting AWS certified for the certified cloud practitioner, which is the entry level certification. And the idea here is that by getting the certification, you are going to be able to prove that you can work with cloud computing, prove that you can work in AWS and you're gonna have a lot more job opportunities available to you. So you know, let's get to this and start learning about AWS. Hey, this is Andrew Brown from exam Pro. And I'm going to try to answer all the questions you might have about the CCP, which is known as the certified cloud practitioner to determine whether it's the right certification for you. Okay, so the CCP is all about AWS foundational knowledge. So what that means is that it can show that you know how to poke around and you can use the service console and you know, the general offerings from AWS, it's like a lite version of the solution architect associate, okay. But the CCP has some very unique offerings, which no other certification on AWS has, which is they have a strong focus on billing and business centric concepts. Okay. And that's why it's going to make a lot of sense why a lot of people who tried to obtain the CCP are in sales and management because it's going to give them that knowledge to help them inform VPS or CEOs, the reasons why to use AWS. Okay. Alright, so the next thing you're probably going to ask me is, what value does the CCP hold? Well, it's not a Gilda title. It can help superficially increase your a recertification count if that's something that some companies care about. But it's not recognized as an important certification for developers on resume. So if you think by getting the CCP, it's going to help you get a job, I probably won't help too much. If you were a bootcamp grad, then it could be a good indicator that you're a little bit familiar with AWS. So it can be okay in that one circumstance. But generally, for developers, it's not going to help you too much. Alright, so maybe you're thinking so far? Hey, Andrew, this doesn't sound that great. Why would I want to even bother getting this and you might be thinking about skipping the CCP. But I'm going to tell you that that is not what you should do, you should actually go get the CCP. And why is that? Well, it's for a totally different reason. It's because the CCP is going to help you build confidence. And it's a very easy one, because it's the easiest certification. Because it's the most inexpensive certification, it's the perfect opportunity for you to get comfortable for when you actually go take a real exam, okay, so the other exams, the associates, and everything beyond that are very difficult. And you don't want that to be your first certification you go for, because you're gonna go the exam center, you're going to be very nervous or stressed out, or something's gonna go wrong. And so by taking the CCP and going to the test center, you're going to learn your test center and learn how you have to be on time, and the what the environments going to be like, okay, and that is the big value out of the CCP. So that's why I want you to go after it. And also just some people day just to just prepare, because they might get overwhelmed once they start with a solution architect associate. And so it is a very easy way to ease into the associate certifications. Alright, so let's talk about study time, how much time do I have to put in to pass this exam. Now, if you are a developer, so you're already working in industry, you can pass this in less than a week. If you're a bootcamp grad, I'd say about 15 hours. So we're talking about a week and a half of study. And if you're in sales and management, you probably don't have a lot of developer experience, or with a cloud infrastructure. So we're looking at 20 hours of study, but the thing is, is that you can, you know, book this exam a week ahead and use this course and you will pass because it is a very easy certification, and it's not a huge time requirement. Okay, so that just gives you kind of an idea of the time you need to put in. Alright, so when it comes time to take this exam, you're going to have to go to a test center, which is partnered with AWS, and there are two test center networks, we have psi and Pearson VUE. And so before the only way you can take this exam, you had to go in person to a test center. But now that Pearson VUE is part of AWS as its offering the exam through their network, Pearson VUE is known for their proctored exams. So what is the proctor exam that's when you have someone that who is supervising or monitoring your examination and specifically for online Okay, so what that means is that you can sign up and schedule an online exam and through a web camera and if you You would just take the exam and somebody would watch you to make sure that you're not cheating. Okay. So now it's even easier to get a VA certified because you can take this at the convenience of your own home. But I would strongly recommend that you take it at an in person test center, if there is one nearby, just because when you go for this harder certifications, they may not offer proctored exams. And so I at this point, I recommend that you try to go to a test center. But if you just want to get even certified, and you're really excited, definitely go take it online. Alright, and now we just have some remaining questions here. So what does it cost to take this exam, it's $100 USD is the most inexpensive eight have a certification, it's going to take 90 minutes, that's the time that you're allocated during the the exam, it doesn't actually take that long, you could probably get it done in under an hour it again, it's not a very hard certification. But I do recommend that when you go to the exam, you maximize all of your time and review your questions. Because it is a very good habit to get into when you take exams, there are 65 questions, the passing score is 70%. I think that actually is a hard number. With all the other exams, it's kind of a floating number. So it's never exactly that amount. But I'm pretty sure for the cloud practitioner, if you get over 70%, you are going to pass, okay. And then when you get the certification, it's going to be valid for three years. So it's going to be with you for quite a long time. So there you go. Hopefully that answers all the questions you have about the certified cloud practitioner. Hey, this is Andrew Brown from exam Pro. And here I have the exam guide pulled up, because I'm going to give you a quick walkthrough of it. So you have an idea what AWS wants you to know, in order to pass this exam. So the first thing we're going to do is we're going to scroll on down to the content outline, and just give the domains a read and understand the weighting of the actual exam. So we have four domains. Here, we have cloud concepts, security, technology, and billing and pricing. And so the largest portion of the exam is technology at 36%. And billing and pricing is the lowest amount which is kind of funny, because I find that the most valuable thing in the entire course is billing and pricing. Okay, we're going to learn a lot about billing and pricing, AWS here. But that's just how they waited it out. But let's just talk about these four domains. So we understand what it is that we need to know for each of these domains. So for domain one, we need to be we need to be able to define the AWS cloud and its value proposition, we need to be able to identify aspects of Eva's cloud economics list of the different cloud architecture design principles, okay. Now for security, we need to know a variety of different AWS security services. And we need to know the shared responsibility model, okay, you need to know that for every single exam, it's always brought up like 100 times over. But yeah, that's part of the security donate onto technology, you're going to need to know all the core database services and also a bunch of other AWS services. And you're going to need to know global infrastructure. Okay, so we're talking regions, azs, and edge locations. All right. And then on to billing and pricing. So we need to be able to compare and contrast various pricing models for AWS recognize the various account structures in relation to Eva's billing and pricing and identify resources available for billing support. So that is the content outline. So the next thing I wanted to go over with you is the response type. So when you're taking the exam, you're going to be presented questions in one or the other format. So we have multiple choice and multiple responses for multiple choice, you just choose one out of four, okay, and then for multiple response, it's going to be two or more correct responses out of five or more options, okay, but generally, I find that it's two out of five or three out of six. Okay. And then the last thing here is white papers. So white papers are generally core to studying for AWS, for the CCP, however, you do not have to read a single white paper, everything in this course covers anything that could possibly pop up in these white papers here. And white papers are super boring. Okay. But just so you know, we have the overview of Amazon Web Services architecting for the cloud, eight of us best practices, how AWS pricing works, cost management in the in AWS cloud, okay, so those are your four white papers recommended and then a fifth one, this isn't a white paper though, but they just say compare the a of a support plan. So you go to the webpage and you read about the support plans. Okay, so there you go. That is the exam guide in a nutshell. Hey, This is Andrew Brown from exam Pro. And we are looking at what is cloud computing, which is the most important question on our journey to become a certified cloud practitioner. So what I've done here is I've pulled up the textbook definition of cloud computing. And we will read through this and then I will give you a bit more context on what is cloud computing. So Cloud computing, from the dictionary is the practice of using a network of remote servers hosted on the internet to store manage and process data rather than a local server or personal computer. Okay, so what does that mean? Well, to really understand that, we need to understand on premise and cloud providers, so now most people are using cloud providers such as AWS, GCP, or Azure to run their actual workloads. And prior to that everyone was doing on premise. So what you would do with on premise is you'd own the servers. So it'd be the hardware and the software, you'd hire the people to configure those servers and those applications, you'd pay or rent the real estate to house all these physical servers. And you would take all the risk. Now on premise is still well and alive today. And there's definitely good reasons to have an on premise solution. But a lot of companies are now starting to use cloud providers. And so cloud providers are like AWS, GCP, and Azure, as I said earlier. And so here, it's someone else owns the servers. So you are not responsible for that hardware, and to different degrees, they will configure the software layer for you, or you have control over yourself depends on what kind of service you're using. They're hiring the IT people, and they're watching these servers around the clock for you. So you do not have to pay for that. And someone else is paying for or renting the real estate. So they are buying the real estate to house these servers, which are data centers. And now you have a shared responsibility. So you're responsible for configuring cloud services and the code that you deploy on to the services. And so these cloud providers are going to take care of the rest for you. Okay, so that is generally what cloud computing is, Hey, this is Angie brown from exam Pro. And we are looking at the six advantages and benefits of cloud computing. And so this section really is about why go with a cloud provider over on premise. Okay, and so let's jump into the first point here. So we have trade capital expense for variable expense. So with on prem, you'd have to pay for your data centers, and the servers. And so that would be an upfront cost where with a cloud provider, you're paying on demand, so you only pay when you consume those computing resources, and pretty much nothing else. Okay. Moving on to number two, we have benefit from massive economics of scale. So when you're using cloud computing, you have usage from hundreds of 1000s of customers aggregated in the cloud. And so you are sharing the cost with other customers to get unbeatable savings, which you cannot get on prem. The next point here is stop guessing capacity. So eliminate guesswork about infrastructure capacities. So instead of paying for idle or underutilized servers, you can scale up or down to meet the current needs. So where on prem, you just buy your servers, and they would either be underutilized because they would just be way too big for the job, or they're just not being utilized all the time. So moving on to number four, increased speed and agility. So with cloud computing, you can launch resources within a few clicks, within minutes, instead of waiting days or weeks for your it to implement the solution on prem. Then number five, we have stopped spending money on running a maintaining data centers. So the idea here is that if you don't have to pay for the servers, the IT staff and a bunch of other stuff, then you can just focus on your customers, okay? So rather than that heavy lifting of racking, stacking and powering servers, and the last point here is go global in minutes. So deploy your app in multi multiple regions around the world with, with a few clicks, provide low latency and a better experience for your customers at minimal costs. And so when you have an on prem environment, that data center is, I don't know how many people can afford multiple data centers. But with AWS and cloud computing, you're gonna have a lot more reach. Okay, so those are the six advantages or benefits of cloud computing. And this definitely shows up on the exam. So you do need to know these six points. Hey, this is Andrew Brown from exam Pro. And we are looking at the types of cloud computing we have three here for us. So we have software as a service platform as a service and infrastructure as a service. And you can see that we have this nice pyramid here. I promise you It's not a scheme scheme, it's just a way of showing how one is built on top of another. Okay. So starting at the top here, we have Software as a Service, also known as SAS. And these are for customers, okay, so the idea is that you have a completed product that that is run and managed by the service provider. So you don't have to worry about how the service is maintained, it just works and remains available. So if we had some examples of sasses here, maybe you'd have your Gmail or your office 365 or your Salesforce, okay, going down to platform as IT services is really intended for developers, it removes the need for your organization to manage the underlying infrastructure and focus on the deployment and management of your applications. So the idea here is you don't have to worry about provisioning and configuring and understanding the hardware. Alas, it just works. So you have an app, you push it. So for AWS, you have Elastic Beanstalk. Then there's also Heroku, which is a very popular service. And then I believe there's one called like engines for Google. And then the last one on our list here is infrastructure service. And this is really intended for admins. And so when you're using AWS, GCP, or Azure, this is what infrastructure as a services. So it's the basic building blocks for cloud it. So it provides access to networking features, computers, and data storage space. So you don't worry about the IT staff, the data centers or the hardware, but you have access to all those resources to build whatever you want, okay, and so obviously, a, if you wanted to build your own platform as a service, you'd build that up on top of IT infrastructure service, if you wanted to build your own software as a service, you could build that on top of the platform as a service, or an infrastructure as a service. So there you go. Hey, this is Andrew Brown from exam Pro. And we are looking at cloud computing deployment models. So there are three different kinds here. And so we're gonna start with the cloud on the left hand side work on to on prem, and then talk about hybrid. So Cloud is where you are fully utilizing cloud computing. So here I have a few services such as Squarespace, Basecamp, and Dropbox. And it is very well suited for startups, because it's extremely low cost. It's great for SAS offerings, where with on prem or hybrid, they might never get to the size where they need to deal with regulatory bodies, or, or it's just the nature of the applications are not that complicated. Or if it's new projects or companies, they don't have red tape, because they have existing infrastructure, okay, and they can design to be 100% on cloud. So now going on to on prem. So on prem is when you are deploying resources on premise using virtualization and resource management tools, and is sometimes called private cloud, and so on prem is still being utilized by a lot of companies today. And generally, you will see public sector so the government has on prem data centers, when you're dealing with super sensitive data, such as hospitals, you have like health records, there is an aversion to putting that into the cloud, or you have large enterprises with heavy regulation. So insurance companies, and I mean, these organizations are starting to soften and start utilizing cloud, but there are still holdouts, and reasons, both technical and, and business or political reasons as to why you cannot use Cloud, okay, then you have hybrid. And so hybrid is where you use a combination of both cloud and on prem. So you connect the two with hybrid services. And so we see a lot of banks. Using this, we see FinTech or investment management, or even large professional service providers. And a lot of the reasons why is that they can adopt cloud but they have legacy on premise environments, or some of their customers or clients still are not comfortable with cloud computing. So in some capacity, they are using a cloud. But it's totally possible that if they started from day one, they would just only use cloud. So there you can see I have C IBC, which is a bank, then you have the C CPP Investment Board, that's a Investment Board in Canada. Then you have Deloitte, which is a large professional service. So those are the three cloud computing deployment models. Hey, this is Andrew Brown from exam Pro. And we are looking at ABS global infrastructure. And what we're going to figure out here is where does all this cloud computing stuff run? Okay, so we have 69 azs, within 22 geographical regions around the world and we have lots of edge locations more than available. azs. But what does that all mean? So eight of us serves over a million active customers in more than 190 countries and they're steadily expanding their Mobile infrastructure to help customers achieve low latency and higher throughput. And so that global infrastructure, our region's azs, and edge location. So a region is just a physical location in the world with multiple azs. An AZ is one or more discrete data centers owned by AWS, and then edge locations or data centers owned by a trusted partner of AWS and maybe owned by AWS themselves. And so now that we have that overview, we're gonna jump into those three types of infrastructure. Hey, this is Andrew Brown from exam Pro, and we are looking at regions for the AWS global infrastructure. And so a region is a geographically distinct location, which has multiple data centers, also known as azs for AWS. And I've highlighted in red geographically distinct, because that is the most important thing you need to remember about regions. Every region is physically isolated from an independent of every other region in terms of location, power, and water supply. Every region has at least two diseases. So again, an AZ is a data center. So it has at least two data centers running within that region, the largest region for AWS, US East, so that is north Virginia. And new services almost always become available first in US East. And not all services are available in all regions. Okay. So if you definitely want to use a new feature or service via AWS, your best bet is to switch over to US East, and US East one, which again, is north Virginia is the region where you see all your billing information. All right, and you can just see here on the left hand side, I have a bunch of flags. For the countries where these regions are run in here, I might not have all of them in here. But I definitely have a lot here. So you can see there's a lot of coverage here. So now that we know what a region is, let's just go take a look at some of the features of regions. Okay, so I just hopped over to the AWS website, because I just wanted to show you a little bit more about regions visually. And so here we have our, they say region maps, but these are really just a particular continent that has a bunch of regions. So looking at North America, you can see we have regions on the west coast and the East Coast. And so we have Ohio or Oregon, North California. And we have Canada and North Virginia here. Okay. And so you can see in Canada, there's only two availability zones. And they are working on third one, it was just recently announced. So AWS can always say that they at least have two ACS in every single region, but they're definitely coming close to being able to say they have at least three in every region, which is very important because most companies or enterprises have to run in at least three azs. So now going on to South America, you can see that there is a single region here, and that is in Brazil. And then we have over here in Europe. So we have a few here we have London, Stockholm, Frankfurt, Paris, and Brahim, I'm sorry if I pronounced that wrong. I've forgotten already. Oh, and then we have Ireland. Okay, sorry, Ireland. I know you're you're there as well. Okay. And then on to Asia Pacific. So we have Mainland China, Sydney. So I would think that that would be Australia there Tokyo such Japan, Seoul, so that is Korea cannot see that. But that's another place in mainland China. And we have another place in Japan. And then a Mumbai is I believe that is India. And then we have Hong Kong. So that's Hong Kong. Okay. So yeah, those are the regions and then we just hop over here to the regional table. This gives you an idea what services are offered. So when we said that not all services are available, you can kind of see that like, for example that Amazon Connect is only available in a few regions. So we have North Virginia and North Carolina, okay? And then deep lense really is only in Northern Virginia. So again, as I said, everything is north Northern Virginia. You can see we have checkboxes all the way down here. And this is also broken up based on those geographical continents. So if I go here, you can see Ireland seems to be having all the ones in Europe, and then in Asia Pacific, it looks like I guess Singapore Singapore looks like they have the majority of services there. Okay, so there you go. That is hey, this is Angie brown from exam pro and we are looking at availability zones, also known as AZ. So an AZ is a data center owned and operated by AWS in which 80 of us services run. Each region has at least two azs and at best is getting pretty close to being able to say that they have at least three ACS and all regions. ACS are represented by a region code followed by a letter identifier. So US East one is region that would be North Virginia. Na is the data center. Okay, and so from North Virginia, there are six azs. So you'd have a, b, c, d, e, f, okay, then we want to just talk on the concept of multi AZ. So this is when you're distribute your instances across multiple availability zones, which allows for failover configuration for handling requests when one AZ goes down. Okay, so that is very useful. And then one more thing to note is that the latency between availability zones is a sub 10 milliseconds. Okay, so there, these days, these are purposely positioned to be exactly that far apart. Okay. And so there you go. Hey, this is Andrew Brown from exam Pro, and we are looking at edge locations. And this is all about getting data fast or uploading data fast to AWS. So an edge location is a data center owned by a trusted partner of AWS, which has a direct connection to the AWS network. These locations serve requests for CloudFront, and relativity three, and requests going to either of these services will be routed to the nearest edge location automatically. So we also have s3, transfer acceleration and API, a gateway. And the idea here is that this is where you want to upload data quickly to AWS, you're going to use these two services to hit a special endpoint at an edge location to then transfer stuff quickly via the AWS network. Okay. So the whole takeaway from this is that edge locations allow for low latency no matter where the end user is geographically located. Alright, so we're back on the AWS website here where we were looking at regions earlier, but this time, I want to give attention to edge locations. So edge locations are the little blue dots here, and you can see there are a lot of them. Okay, and so down below, we have an idea of how many edge locations there are, you can see that there are a lot. So even just in Atlanta alone, there are five. And so they definitely outnumber availability zones. Okay, so just to give you an idea, those are the ones for North America, then down below, we have just a few there. Okay. for Brazil, then in Europe, we have quite a few here. And then in Asia Pacific, we have more edge location. So there you go. Hey, this is Andrew Brown from exam Pro. And we're going to take a look at Gov cloud. Okay. And so Gov cloud is a very special region that allows customers to host sensitive controlled unclassified information and other types of regulated workloads. So the Gov cloud region is only operated by employees who are US citizens and us or on US soil. So it's definitely not something that I can use. Because you have to be a US identity and root account holders who pass a screening process in order to use this particular region. So who is this very special region for it's for customers, that need to architect secure cloud solutions that comply with FedRAMP, the Department of Justice, the US international traffic and arms regulation, export administration regulations, and the Department of Defense. Okay, so it just makes it a lot easier if you're working with us with these government bodies in order to utilize cloud computing. Okay, so I just hopped back over here on the AWS global infrastructure regions page, because I just wanted to highlight here, those Gov cloud region. So there actually are two, there is one on us West and US East. As far as I'm aware of, there aren't any other Gov clouds other than for us at this time, maybe in the future, AWS will have it for other countries, but for the time being, it's just the US. And just to look at the Gov cloud page here in more detailed here, you can see all the nice graphics here for that address security and compliance. So if you want to build something and sell it to the government or govern government related industries, by using Gov cloud, you are going to become compliant. Okay? And that's gonna make business a lot easier for you. So yeah, that's all you need to know. Hey, this is Andrew Brown from exam Pro, and I'm going to show you how to get set up with your AWS account. So here I am on the AWS homepage, and we have two buttons that we can click on, click the one here in the middle, or click the big orange button to create our account. I like to press the orange one. So that's what I'm going to go ahead and do here. Okay. Okay, great. And so now we're going to be presented with a form here. So I'm going to go ahead here and just fill in an email. We're going to do Andrew, plus fresh at exam pro.co since this is a fresh account, okay, and I'm just going to supply Have some kind of password here, I'm going to call this the exam Pro, a fresh account. Okay. And I'm just going to go ahead here and continue. So, now in order to create this account, we're going to have to provide some additional information here. So I'm just gonna mark this as a personal and I'm going to fill in this information here. Okay, and so I'm just gonna have to go here and fill that in. Okay. Okay, so now I have that information filled in there. And so I'm just gonna have to check here to say that I agree to their customer agreement, okay, and we can go ahead and create our account. Now, in order to use AWS, you have to have a valid credit card, you cannot use AWS without a credit card. Okay? So that's just something that you're going to have to do. So I'm going to go ahead here and provide my credit card here. Okay. All right. So now I have all my information filled in here. So I'm just gonna go ahead and verify and add. Okay, and then now just wants to also verify on my phone number, this is definitely something that's required. So I'm just going to provide my phone number here. Okay, great. My phone numbers in there, I'm just going to supply the security check here. So we'll just fill that in. Okay, and then we will just send an SMS and confirm. Great, so that text message came in here. So I'm just going to fill in the confirmation here. 0448. Okay. And great. So now we're verified. Okay, so now we're going to choose our support plan, we're definitely going to go with basic here. Great. And so now we just have a little bit of information here. Um, I don't really need to do any of this. I'm just ready to go sign into the console. Great. So now that we've created our account, I believe we could probably go ahead and sign up here, I'm not sure if we have to confirm our email because we did confirm by phone number. But let's just give it a go here and see if we can log in. Okay. So we'll just put that in there. I'll just provide the password. Great. So we have made it into this AWS account here. So this new account is realized. So there you go. And maybe we'll just have to poke around here to see if there's anything else we need to do. But yeah, we're in good shape. Hey, this is Andrew Brown from exam Pro. And what we're going to do now is make sure you do not get overbuilt and there are three ways we're going to do that. So there are some billing preferences, we're going to set, we're going to set up a budget Eva's budgets, and we're also going to create a billing alarm. Okay, I'm just going to talk to you also through as to like the advantages and disadvantages of some of these things. And also just make sure we do not get over billed within our account. So the first thing I want you to do is I want you to make your way over to support or sorry, maybe under your account here, I'm going to go to my billing dashboard. And when you get over here, I want you to click on the left hand side here and go to billing preferences, okay. And so we're going to have a bunch of preferences here. And they're all really good. So the first one is receive a PDF, invoice by email, I would check that on receive free tier usage alerts, this is definitely important. Because if you have a free account, you want to know when you are going outside that free tier, and so then you just provide your email there. So I'm just gonna do Andrew plus fresh at exam pro dotco there, and then we have received billing alerts. Okay, and you definitely want to turn that on. And there is this detail billing reports down here. This is a legacy feature. This has now been replaced with cost and usage reports, okay. So it's not necessary to turn that on, and actually do show you how to use cost and usage somewhere in this course here. So we will cover that. But anyway, make sure these are all three ticked on, provide your email and save your preferences. Okay. And now you're going to be in the loop of some of your billing information. Okay. So now that we have these preferences set up, let's make our way over to eight of us budget. So I want you to go to the top here and we're going to type in budgets, okay. And so what budgets do is they allow you to tell you whether you are getting over or whether you are going over your defined budget, or it's going to also provide some forecast costs to you as well. Okay, so now that ad was budgets here has loaded, what I want you to do is create a new budget, you get two free budgets, in AWS. So we can definitely set to there It's two cents per day for budgets. And so that doesn't sound like a lot. But if you made your third budget, it's going to cost you $14 per month. Okay, so for more additional ways of tracking costs, we're going to use billion lines, which really are inexpensive or end or free. But we'll do budgets first, because it's good to at least have one budget set here for all costs. So here, I'm just going to say, overall costs, okay. All right, and we will leave it monthly here, I can't remember if overall is one or two L's, I think it's two. We want this to be a reoccurring budget, we're going to have a fixed cost, and we're going to set it some something very low such as $20. Okay, since we are using again, the free tier, we should not be expecting to see a bill for quite a while. And $20 is a good low bill there. And we definitely want all costs unblended. So this is great. And everything is checkbox there. So we'll go ahead here and configure alerts. And we're going to provide our email against Andrew plus fresh at exam, pro dotco. Okay. And we'll just hit Add there, it's already been added. You could also use SNS, but we're gonna leave that alone. And we can also get alerted when we are approaching it. So we haven't surpassed 100%. But actually, I'm just going to set it to 100. Because $20 to me is not a lot. And we can do this for actual or forecasted. And leave that for actual, okay. And I'm going to go ahead there and create that budget. Alright, and so we don't have any information here. But if I just give it a hard refresh. So if you are, if you are using an account where you're doing stuff, if you do refresh there, you'll probably see more information. Okay, great. So we've created a budget. So now that we have our budget created there, let's go make a billing alarm for a higher amount. Okay, so what I want you to do is go to services and type in cloudwatch. Okay. And once we are over here, we are going to make our way over to alarms. All right. And so we're going to make our way over to a billing here. And what it's going to tell us is that we need to switch regions, because billing metrics always live in US East one, okay, so generally, it's always good to switch to that region there. So what we'll do is we'll go up to the top here and switch to US East one. Okay. So now if we go to billing, we can now set our billing alarm. Okay. So, notice down here that we get 10, free alarms, and 1000 free email notifications. So it's definitely more free than budgets. Okay. But budgets does have a lot more functionality there. But you can use definitely use both. Okay, so here, I'm creating a new ability alarm. And I'm just going to scroll down here. And we can set the amount. So here, I'm just going to set a larger amount such as $100. And so if it's greater or equal to that, then is going to alert me. Okay, and we'll leave cat and estimated charges there alone, we'll look at some additional configuration. This is all good. We'll hit next. Okay. And then the next thing is, we need it to actually notify us. So we're going to say add notification here. And oh, I think I already had one here. So it was not necessary, but we needed to send it to something. So it's going to need an SNS topic, we don't have one. So we'll create a new one. Okay, and we'll call this notify me. Okay, and then I'll just provide my email there again. Okay, and we will hit Create topic. And then we'll go ahead and hit next. And we'll just say, so this $100 100 Bill 100 building alarm. I don't know if it'll let you do spaces there. So I'm just out of habit, I always leave out spaces. Great. And so we're just previewing it here. So just scroll down. This all looks good. And so now we have a billing alarm. So you know, it's not uncommon to create multiple billing alarms. So you could have one at 100 and 150 and 202. So you can keep track of that stuff. And of course, you definitely want to make use of a diverse budgets. So you have to there that you can utilize. So maybe once you start using your account and you use the live we see two instances you just want to monitor that you create a budget for that. But yeah, we have all bases covered here. And the only thing that is left to do is we need to confirm this, the email that was sent out to this so that our billing alarm it will take effect Okay. All right. So um, that notification was sent to me for the billing alarm there for notify me, so it's just me subscribing to that SNS topic. I guess we only have to do this once. I think we add additional ones we won't have to confirm but I'm just gonna go ahead here and hit confirmation okay. And so, now that is confirmed there, okay. And I think if I do a refresh here, it should say that this is now different state Okay, so just has nothing there, which is good. So yeah, we are all set up and we don't have to worry about getting overbuilt. Alright, so there's a little bit more work we need to do to have our account fully set up. So we can start working with AWS. And what I want you to do is make your way over to IBM. So just go up here and type in IBM. If you click that there, you'll end up in the same place that I am here. And so we have a bunch of recommendations here that ABS wants us to do. So we need to turn MFA on our root account, we need to create individual users, because we generally do not want to be using the root account, which is what we're logged in as right now. We'll have to set some groups and assign permissions and apply an IM password policy. So let's go ahead and do that. But just before we do, I just want to make it easier for us to sign in. So what we can do here is changed this URL. So just go ahead here and customize. And we're just gonna say exam pro fresh, okay. And that is a unique name. So if you type in something, and it says it's not or it's taken through, just have to change it until you get something that you like. So now that we have that set up, let's go turn on MFA. So we're going to want to turn on MFA for this account, specifically, the root account here. And the reason why is that let's say someone stole your email and password to this root account, then they would be able to do some serious damage. So by turning on MFA, there's going to be an additional layer of security. So the idea is, when somebody logs in, they're gonna have to provide an additional code based on the MFA delivery mechanism. So just let's go here and hit manage MFA. Okay, and so it's gonna pop up here and just say what we're already doing, which is to start securing our account. And so I'm just gonna click off there, go to MFA and activate MFA. And so now we're going to be presented with three options. We have virtual you, UTF, and other hardware. So virtual is going to be for mobile devices. That's what we're going to do. So we're just going to go ahead there and hit Continue. Okay, and what we want to do is we want to install a compatible application on our phone. So just going over here, if we scroll down, it's going to tell us which ones are compatible. I definitely know authenticator is one, so I'm just going to search for that there. Where are you? Yeah, down here. So if you're on Android or iPhone, you have authy, too, or Google Authenticator. I'm using Google Authenticator, I find that more easy to use. And then the idea here is you'll just hit show QR code. And then using once you have authenticator installed, you're going to open up the authenticator app. I know, you can't see me doing this. So I'll just have to talk my way through it here. And there's a plus button in Google Authenticator, and it says, scan a barcode. And so now I'm holding my, my phone up to the computer there, it's grabbed the code, it saved the secret. So now what I need to do is enter in two consecutive codes. So going down here, I'm going to enter this code in before it expires. So this one is 786763. And then there's a little wheel that is spinning, and it's going to then give us a new set of numbers. Okay, and so now it is now 984816. And so I'm just going to hit assign MFA there, and now it MFA is turned on. So now that we have MFA turned on, we can make our way back to our dashboard and proceed to the next step. So now we're going to proceed to create ourselves our own user, because again, we do not want to be using the root account, which should be rarely used. And we should just create ourselves a user. So we'll hit Manage Users here, we're going to hit Add User, I'm going to create a new one called Andrew Brown, we're going to give it programmatic access and access to the console, we're going to let it auto generate a password for us. And we're going to make sure that it requires a password reset the next time this user logs in going to permissions we don't have any groups. So we're going to create a group here. And we're going to call this group admin or admins, I should say, and we're going to give it administrator access. Now, generally, you don't want to be giving too many users admin access, because it gives you full access just like your root account. But for our purposes here, this is totally fine. It's not unusual to have one or two admins within your entire account. But generally you want to set most people as power user. Okay, and this is it gives you full access. But there are some limitations such as you don't have the ability to manage users and groups. So power user is a very good one here, but for this one here, we are going to stick with admin. I'm going to hit Create group and we are going to go ahead hit next Review. And we will hit create user. And so now what we'll do is we're going to get an access key ID a secret and a password. So I'm just going to expose those here. And I'm just going to copy these off screen. Alright, and then we will just proceed here. Okay, so I just copied at least my password off screen here. And what I'm going to do next is I'm going to make my way back to the IM console. So just go up here services, and we can just type in I am. Okay, and so now we have done pretty much everything here except for setting a password policy. So just before we go ahead and set a password policy, what I want to do is I want to log into this new user. So we have this nice long URL here. So I want you to copy that URL. And what we're going to do is we're going to log out and now a log in as that new user, okay, so I'll just go ahead here and log out. Great. So I'm logged out here. And so the way we can get to that page is we can paste in that URL up here, which will bring us to the console. And so you can, you can always use that link. Or if you can remember that alias, you can always just go to the console and type it in there. So my name was Andrew Brown here, I'm just going to go off screen and grab my password. And I'm just going to hit sign in here. Alright, and so now I just need to reset my password here. So I'm going to provide the old password and we are going to set a new password. Great. And so now I'm logged in, not as the root user, but as a new user I've created. And just one more thing here, I want to go back to you I am here. And the reason I want to go back here is that I exposed my access key and password to you. And anytime that actually happens, we're going to want to do is go to your user there. And I'm gonna go to Andrew Brown here, and we're gonna go to our security credentials. And you can see that was that access key and you saw that password. So what I can do is I can make it inactive, and then I can create myself another access key. And I'm not going to show you the secret this time around. But it's just, you know, anytime you accidentally share your credentials, you're definitely going to want to reset them there and the password that you saw earlier, it doesn't matter because I reset my password when I logged in here. Okay, so now that is all set up. What we will do is we will log out of this account, and we will log back in as the root account to set up a password policy. Okay, and I just want to show you when I go to sign into the console, it's going to show me this filled in. And so whenever we're logging in as the root account, we actually have to click this link down below. And so we would just type in our email here. But if I wanted to log back in as that user, I could just type in here exam pro fresh, and it would bring me back to here and I would fill in this information. But if you're always logging in as the root user, I'm just gonna click back there. It's always your email. I know that's a little bit confusing, but that's just how it works. And so this time around, I got the MFA, so I can't just log in willy nilly. So I'm just going to use my phone, and I'm going to open up authenticator, and I have to provide it that code. Okay, so it's those numbers again. So this one's gonna be 904361. I'm gonna hit submit. And so now I'm back into my account. And we'll make our way back to I am and do that last step. And so we just have one more thing that AWS wants us to do. And let's apply an IM password policy. So we'll go down here and click Manage password policy. And so what we can see is a bunch of stuff. And we really just care about this part up here. So I'll set password policy. And now we can see some rules. So you can enforce the minimum characters, you can require at least one uppercase one lowercase, at least one number require at least one of these enable password expiration. Yeah, I could do that. I suppose password expiration requires admin reset, maybe not allow users to change their own password, definitely prevent password reuse. So ensure they don't use the same password, I would probably just crank this up as high as possible, we'll leave it as five. And we'll save changes. And so now, if we go back to our dashboard, we should satisfy that entire list. And so we have so we've met every requirement of AWS. So generally, from now on, you should just log in as that user and stay out of your account. Okay. Hey, this is Andrew Brown from exam Pro. And now that we've set up our account, I want to go through the motions Using some of the most common database services with you here, so you can gain some confidence here on the platform itself. And just to have some practical hands on experience, this is not going to be a very difficult section, it's not important for you to remember anything, but just to again, gain confidence. And just before we get started here, I want to make sure that you are in the north Virginia region. Okay. So North Virginia, also known as US East one. The reason why it's one is because there's another USC, which is USC two, this one is US East one, because it came first. But based on the region you're in, is going to change the the offerings that you have, because not everything is available in every single region. Generally, they are across all regions. But like, if I was in Canada Central, we have a fewer availability zones, those are data centers, where in North Virginia, we have like six, and if there are any new features, they're definitely going to be in North Virginia. So I'm just gonna ask you to change over to that region and follow along with me there. Okay. So the first thing I want you to do is I'm going to show you how to launch a server. So a server is going to be using EC two. So going up to services here, we will type in EC two. And we will make our way over to the EC two console. So once we are here, I want you to go ahead and launch a new instance. So there's a big blue button here. So we'll just hit launch instance. And now we're going to be presented with a bunch of options to configure our server. So we are going to choose what OS we want to use, we're going to stick with Amazon Linux two, because it's part of the free tier. And saving money is a great thing when we are learning. The next thing we need to do is choose the size of our of our server here. So these are called instance types. And so you can see that the memory gets larger in the amount of CPUs get larger, we're going to stick with TT micro because again, that's part of the free tier and we want to save some money. going next to instance details, we can choose how many instances we want to start an instance is a server. So if you have attendances that's 10 servers, and we have a lot of options here, we're going to launch it in our default VPC and into the default subnet, it is going to be auto assigned a public IP. So it's going to be public facing. And we're going to want to create an IM role here. So what I want you to do is go ahead and just right click here and make a new tab, because we want to give this a bit of permissions. So up here, I'm just going to go to the IM Management Console. And I want you to make your way down and create a new role. And so we are going to be presented with a bunch of options. So we are creating a role for EC two. So we'll select TC two, we're going to go to next to permissions. And I want you to type in SS M and I want you to use Amazon easy to roll for SSM. SSM is simple SYSTEMS MANAGER. And that's going to be a way for us to actually log into that machine. Okay. And so we're going to get here and I'm just gonna say a my easy to roll. And I want you hit Create roll. And so now that roll has been created. And we will just go ahead and close that tab there and we will drop this down, you can see that says none, so we'll hit the refresh button here. And we'll choose my EC to roll. So now we have that, that set up, we are going to leave everything else blank. And I want you to go to storage. So here you can choose how much storage you want. It's gonna have eight gigabytes by default, you change the volume type, we're gonna stick with general purpose. And we're going to go review and launch. And we are going to hit launch. And it's going to ask you to create a key pair. And so key pairs are used to get into the server. But we actually don't need one because we are using SSM, which is another way of logging into the server. So we're going to proceed without a key pair. Okay, I will just say I acknowledge that I will not be able to connect to this instance, unless I already know the built in password, which is not true because we can get through SYSTEMS MANAGER, but we will go ahead and launch this instance. Alright, and so this instance is now launching. In order for us to see it, you can either go view instances, we'll just click that down below here. Alright, and so now this instance is launching, and you're gonna see a pending state, and we're waiting for two status checks to pass. So this is going to turn from yellow to green. And then we're going to wait for this to initialize. And once that's done here, I'll see you here in a moment, go. Okay, so after a short Wait here, I think I waited about three to four minutes. Our server is now running and it also has two checks. So that means that the server is in good shape. So now that our server is running, we'll just take a peek down here, because we get a variety of different information such as when it was launched. The Im role, the security group that is in which was the default one what size it was, and we can see that it has a public IP address and private IP addresses. Okay, so now that the server is ready Running, this is a costing us money. Now we are on the free tier. So I guess technically it's not. But if we wanted to shut this down, and we're not going to shut it down just yet, but I'm just showing here that we would just go here to terminate, and that would shut the server down. And then we would no longer be paying for it, we could also stop the instance. And that wouldn't destroy it, but it would not have it not running more. And we'd also be saving money, okay, so whether you stop or terminate that instance, will ensure that you save money. So now that this is done, let's actually learn how to get access to this instance. Alright, so there's a couple different ways we can get into this instance. One way is using SSH. So if we had created that key pair, we could have used it to get into that server here. Or we can use simple SYSTEMS MANAGER, sessions manager, which is the my preferred way, and AWS, AWS is recommended way, which is what we're going to do. But just before we go head over to SSM, I want you to right click here and just go to connect. And you can see that it's actually giving you instructions. So if you had downloaded that key pair, you would have to jump on it, you would have had to do a bunch of other stuff. So you have to use SSH and provide that key to get into it. So there are instructions there. There's also this easy to instance Connect. And so this is another way to connect, I'm not sure if it would let us in here without our our key pair, but I'll just give it a go here. And it did. So this is one way this is actually I guess the third way to access it. So actually, I'm in the server right now. But the way I want to show you how to get in is via simple SYSTEMS MANAGER. So I'm just gonna go ahead there and close that I want you to go the top here and type in SSM, which is for simple SYSTEMS MANAGER, even though they never display the simple word there anymore, definitely as part of the name. And then once we are over here, I want you to go to the left hand side and go to a session manager. And we're going to start a session. And so we can see we have our instance. So remember when we created that Im role and we set it with that SSM UCT roll that was so that we could use sessions manager. And the advantage here of using sessions manager, it's going to log every time somebody uses a session. So I just hit start on that session there. And so it's very similar to that other Connect screen here. And it actually logs in as the root user not too easy to user, which is a bit frustrating. So we'd have to do sudo Su, EC to hyphen user. And now we are the correct user. And we are within this instance. So you know, that's how you gain access to it, we're not really going to be doing much with this instance, today. So I want you to go ahead and terminate this instance, or sorry, that session there. But that session history is recorded. So by forcing everyone to use sessions manager, you're going to have a bit more visibility over what's going on with these machines. Whereas SSH, might not provide that same visibility without you manually putting that effort in there. Okay. But we'll make our way back to the EC two console here. So just type in EC two here again. And once we are here, I want you to go on the left hand side two instances. And so here we can see our server. So we now know how to get into this machine. And I would say that, we probably want to go ahead and stop this instance here. So I want you to go ahead and just stop it. Okay. And that way, it's not going to cost us anything. And now we can do our next step, which is to create an ami. Alright, so now we're going to learn how to create an ami and you can think of an ami as like a snapshot or like saving a copy of your entire server. So what you're going to do is go up to the mixer, the instance is selected there go to actions, we're going to go to image here and create an image now we could create an image, whether this is stopped or running, if it was terminated, the server wouldn't exist anymore, so there would be nothing to create an image of, we'll go ahead here and create an image. And we are going to have to provide it some information. So I'm just going to call this fresh hyphen 000. Okay, and then you can see that it has an instance volume. And so that is the hard drive that's attached there. And we're just gonna leave it as the default settings and create an image. And so now it's creating the image and it's view pending image creation. So we'll click on this blue link here. And we'll just wait until that is created now doesn't take too long. The idea here is now once we have an ami if we wanted to launch another copy of this us the server, we're just going to have to hit launch here okay, but the real reason I wanted to do to set up this ami was because we are going to next set up an auto scaling group and we're going to need an ami to do that. Okay, so I'll just see you here in a little bit Once this is done, and I just wanted to show you here that it is done. Alright, and so now if we wanted to launch a version of the server, we could hit launch. And it's going to go to the second step. So if we go back here, you can actually see that it chose fresh 000. So if we were to proceed through this, it's a way for us to upgrade our server or make other changes to it, or just so that we have a copy of it, so we can launch multiple servers. And just to get back to the AMI there, I'm just gonna click on left hand side here. But yeah, that's all we need to know for ami, and we'll move on to auto scaling group. Alright, so now that we've created an ami, we are ready to make an auto scaling group. So down below, I want you to go to auto scaling groups. And so what an auto scaling group does is it allows you to ensure that multiple instances or servers are running. So if you always wanted to guarantee that one server is running an auto scaling group would have a rule that would check to say, is at least one running and if not then launch a new server. Also, auto scaling groups are used to meet the demand of whatever traffic you have. So let's say you have a web application or website and it's getting a lot of traffic, and it's going to need more servers will auto scaling groups will determine based on certain metrics, that the the web application needs more servers, and it will spin up more servers. And when the the demand of traffic becomes lower than it's going to remove servers to meet the demand. Okay, so what we'll go ahead and do here is create a new auto scaling group. And oh, they just change this ami. So I'm a little bit confused. But we'll just hit getting started, I think that's just a bit of a thing there. And then we're going to choose our ami. So this is very similar to launching a situ instance. But we already have our own ami. So I'm gonna go to my am eyes, I'm just going to select that fresh one there. And we're going to stick with T to micro, we'll go next, we're going to have to name it this launch configuration. So we'll just name this fresh LC, we're going to use the my EC t roll there, we're going to go ahead and add storage. The defaults look great there, the security groups look right there. And we are going to create launch configuration and we are going to drop the down proceed without a key pair. Because we don't need one, we're going to create that launch configuration. So now that we've created the launch configuration, we can go ahead and create the auto scaling group. So we're going to call this one fresh as G is CS for auto scaling group, we're going to set the group size to one. So the number of instances the group should have at any time. So at minimum how many servers should be running, then we have to have a, a network or a VPC. And we need to choose some subnets. So we're going to choose one and then we're going to choose a another one here. Okay, we just need a couple there, I'm just gonna check advanced details, this all looks great. We're going to configure our scaling policies, scaling policies are ways rules that you can use to determine how the auto scaling group should react to changes within its environment, right. So if you have a lot of CPU utilization, maybe that's when it spins up servers, maybe it's only when there's a lot of data transfer in or when there's a lot of memory. So that's what's going policies allow you to do, then we'll go to notifications, then we'll go to tags. And then we will review. And we'll go ahead and create that auto scaling group. Okay. So it says that auto scaling group has been created, we'll hit close. and here we can see our fresh, fresh HSG. and choosing our launch configuration, which is our fresh LC, currently, there are zero instances running, the desired capacity is one, the minimum servers that should be running as one, the maximum servers that should be running is one, okay. So if we just move this up here and go to instances, it should try to start spinning up servers to meet the minimum demand, which is one. So I'm going to hit a refresh here. And I'm just kind of expecting to see a server starting here. If we're not seeing one here just yet. What I want you to do is right click here on instances, and go here. And I bet you a server is starting up. So I don't see any servers running here as of yet. Okay, so I'm just gonna hit refresh here, because usually, they would just start spinning up here. But yeah, we'll just give this here a little moment here, because maybe it's just taking some time to get started. So yeah, we just had to wait even just a minute there. And I just hit refresh. And already we can see that this is now one. And under our instances, it is launching a new instance ID. So or sorry, an instance that's just the ID of the instance. So if we go back to our instance tab, and we just do a refresh here, we can see a another instance is spinning up. Okay. So what we're going to do is we're going to just wait for that instance to start. And once once it does, we'll move on to the next step. Alright, so after waiting a few minutes here, our instance is now started here. I'm just going to select this one off here, but this is the instance here that is running. That's part of our auto scaling group. So Again, we said that auto scaling groups, they can ensure that there's always at least a minimum of servers running. And so if we were to terminate this instance, so I'm just going to go ahead and terminate it, what's going to happen is, once it shuts down, we're gonna go back to our auto scaling group, it's going to detect that this one is no longer healthy. Okay, so see over here that says healthy right now. But it will after a while, determine that it is unhealthy, and then what it will do as a response, it's going to launch a new instance. So we're just going to wait here for a little bit until this is now flagged unhealthy, okay. All right. And so we can now see that this instance is unhealthy. And so the way this auto scaling group is going to respond is by launching a new instance. So now, we're just going to wait here a little bit and just keep on hitting this refresh button until we see another instance spinning up to replace this unhealthy one. Okay, so I just hit the refresh here. And so that unhealthy instances gone. And so I guess what we're just going to wait for here is now a healthy instance, to replace that unhealthy one. So just to get back to that, that minimum of one server running. Okay, so we'll just go ahead here and just refresh. And so there we go. So we can see that we have a new server that is starting up. So we'll just wait until that one is totally set up here. And we've now accomplished what we wanted with auto scaling groups, and we will just destroy this auto scaling group. Alright, so our replacement instance is now healthy and in service. So what I want to do is go ahead and remove this auto scaling group. Now I believe that when we delete this auto scaling group, it's going to take down the instance as well. So we're not going to have to delete that. So I'm just going to go ahead here and delete the auto scaling group. And we're going to say yes. Okay, and so we are going to just watch that delete there and hit refresh there. And also, since we have that instance, tab open, we'll hit refresh here. And so we have that instance running. So what we're hoping to see is that this instance is torn down when we have deleted this auto scaling group. So we'll just wait here a little bit and see what happens. All right. And so if we were to do a few refreshes there, it indeed is shutting down that instance, that was spun up by the auto scaling group. So when you delete your auto scaling group, it's going to take down those instances as well. So you know, that's it for the auto scaling group section, and we can move on to elastic load balancer. Hey, this is Angie brown from exam Pro, and we are going to learn about elastic load balancers, also known as EBS. And what they do is they allow you to put a load balancer in front of your instances. And the idea is that when traffic comes into your web application, it's going to flow flow through the load balancer, and it's going to evenly distribute that traffic to multiple instances. And your instances generally will be running in different availability zones. So if one AZ becomes unavailable, then your traffic will then go to the other AZ where you have an instance running, so you do not experience downtime. And your web application remains running. Okay, so now that we have an idea what lbs are, let's go ahead and launch a few instances so that we have something to load balance to. And so I'm going to choose Amazon Linux two here, we are going to stick with the TT micro because it is free, I want you to select a two instances here, okay. And we're going to leave all the settings alone, maybe we'll give Iam role we do not need to SSH into or sorry use SSM to get into that instance, but it doesn't hurt to attach it there, we're gonna leave storage alone, we're going to go past tags, we're going to go to our security groups, I'm going to set it to an existing one and use the default one, every time you create an instance, it seems like it really encourages me to keep making new scritti groups, we don't need to have a bunch of these. So we will just go and use the existing one. And I'm going to review and then launch, I'm going to drop down here and proceed without a key pair because we don't need a key pair. And so now these instances are going to start up here. And I'm just going to wait until they get into a running state with two status checks. And we'll go ahead and create our EOB. Alright, so our two instances already here and I just want to go ahead and give them a name. So I'm going to just call this one instance a and then we will call this one instance B. Okay. And now that I have those two instances, let's go make our way over to load balancing here. It's under the ECG console. And so we will click here. And what we will do is we will create ourselves a new load balancer. Now there are three types of load balancers. We have application load balancer, network load balancer and classic load balancer. We are going to be using application load balancer here and that's generally what you're going to be wanting to use. We are going to type in a lb Or maybe my al v here, it will be internet facing. Okay, we need to ensure that it's running in at least two availability zones, or it's going to complain to us. So we will go ahead and do that, we will go to the next step here, we aren't using SSL or HTTPS, so we don't have to do anything here. For security groups, we will use the existing security group the default one, so that's totally fine. And for configuring routing, we're going to have to create a new target group, a target group contains a reference or a reference to the instances which we want to route traffic to. So we are just going to make a new one, I had to say my target group here. And we can route things to different things. So it could be instances or specific IPS, or lambdas. So we're going to stick with instances. And we're going to go ahead here and register those targets. so here we can see we have instances here, I'm just going to select them and add to register. So now they are registered up here, we're going to hit next. And then we are going to go ahead and create Okay, and so it takes very little time for load balancer to create, we will then hit close here. And this load balancer is now just provisioning. So we're just going to wait here a little while until this is provisioned. And you just have to hit the refresh here, and see when this is ready. Alright, so our load balancers ready didn't really take that long, it took about a minute or so. And so just to poke around here, you can see that this load balancer here has a DNS name, okay, so this DNS name, just looks like a domain name. And the way you would route your traffic to the elastic load balancer is you would actually point it to here. Okay, and so all the traffic would go here, and then it would then go on to the listeners, and the listeners listen on a particular port. So this is Port 80. And then it's going to then have rules, which is going to forward this traffic to that target group. If we click into this target group here, alright, what it's going to do is it's going to show us the actual targets. So if we go over here and look at targets, it's going to then route it to the registered targets. So that's how an elastic load balancer works. And that's all we really need to know for this, but just to show you how to make an elastic load balancer. So now that we're done here, let's go tear this stuff down. So we'll go ahead here and we will just go delete this load balancer. Now, unlike the auto scaling group, which would actually tear down the instances, we have to take these instances down ourselves. And so what I want you to do is select a and b here, and we are just going to terminate these here. Okay, and that is our elastic load balancer section. Alright, so we're gonna learn a little bit about s3 here. So what I want you to do is go to services here and type in s3. And we will go make our way over to the s3 console here. And so the first thing I want you to notice that when you come to s3, that it is global here. So s3 does not require a region selection. However, the buckets that we're going to create will be region specific. And the idea here is a bucket is just a place to contain your files. Okay. So we will just create a bucket here, and we're going to give it a name, I'm going to call this exam pro fresh. Now these names are globally unique. It's just like selecting a domain name. So if the name you have here selected is not available, you'll just have to change the name. And we have the option to choose choose the region. So I'm going to go ahead here and create this bucket. So now I have a bucket, and we can start uploading files to this bucket. So I'll go ahead here and just hit upload. And what I'm going to do is I'm just going to add some files. And so for my desktop, I have a photo of me, I'm going to hit open here, I'm going to upload that there. And so now we have a, a file here in s3, okay, and so if I want to download it, I can just hit that download button there. And that will allow us to download that file. And there's a variety of different things that you can do in s3, but that is just the most basic things you need to know about s3, okay, but we aren't going to delete this bucket because we're going to use it in combination with our next thing, which is using CloudFront. Okay, so I'll just gonna make my way back here to the homepage here. And we'll move on to the next part. Alright, so we're going to take a look at CloudFront. So CloudFront is used as a CDN, a content distribution network. And the idea here is let's say you have files, static files or video files that you want to share across the world. But you want those to load as quickly as possible and make the shortest route to the end user. And that is where CloudFront, which is a content content distribution network comes in. So it's going to take whatever your static content is. It's going to then copy it to multiple edge locations around the world. And so when someone tries to access your content, it's going to go to that nearby edge location, as opposed to going really far away to get that content. So let's make our way over to CloudFront here, so drop down services and type in CloudFront. Okay. And we will make our way over here. And we're going to need to create ourselves a distribution. And we'll just get started here. And I want you to drop this down and just choose that s3 bucket that we created. Okay. And pretty much all the settings here are totally fine. So we're just going to go down below here and create that distribution. Okay, and creating distributions take quite some time to to happen. But the idea there is remember Hi, upload that one file to my bucket there. So what this distribution is going to do, it's going to copy that file and then move it to all those servers around the world. So that now my content is a super fast, okay. And just like elastic load balancer, where it had a DNS name, where you could hit it like a domain name to access those instances. CloudFront is similar. So here, we have a domain name here, so your traffic would hit this domain name, and then it would then route your traffic to the nearest edge location. Okay. So that's all there really is to it here, distributions take a really long time to create. So we don't really need to wait for this to complete. So I'm going to just disable this here, okay. And it's going to just disable and once it's disabled, you can delete it, even if you don't delete it, it's not going to cost you anything here because it will be disabled. But yeah, once it's done disabling, you can go ahead and select it and then delete it. Alright, so that's alright, so now we're going to look at RDS which stands for relational database service. And it is for setting up relational databases. So I want you to make your way over to the RDS console. So go to the top here and type RDS. And we'll click that. And once we're here in the console, we're going to create ourselves a new database. So on the left hand side here, go to databases, and then create a database. And we're going to be presented with quite a few options here. Okay, and so by default, it has the Amazon Aurora engine selected, this is one of the most expensive options, so we definitely do not want to use that. So we will just use Postgres for our case here. And the next thing is we have some templates to get started here. And so we have production, dev test and free tier. And these are all suited for different needs. So the idea with production is, if you are a larger, a very, very large company, they're setting you up with every Bell and whistle under the sun here, we're def test is for small to medium size companies. And free tier is definitely just for a gain hands on experience, which is what we're doing here, or just for testing simple application. So I just want to show you the price difference here. So they have a calculation down below. So if I scroll all the way down below here, you can see that for production, it's $600 a month, which is quite a bit of money. And then if we have a dev test, and we scroll down here, now it's $262, still quite expensive. And then we go the free tier and now there is no cost shown because it is free, okay, but you only get 750 hours on RDS, and so on for a T two micro and then once that is used up, then if you use the T to micro for a month, it will cost you around $15 per month. And again, if you are a very small startup, you can run on the free tier and the lowest tier for quite a while. But you know, for some reason, AWS decides to always have the most expensive one selected here with RDS so we just have to be careful there. So let's go to free tier because it is the use case for us. We have the DB instance identifier, we'll leave that alone, that's totally fine. We need to set a password so I'm just going to type in Postgres 123. Okay, and then Postgres 123. Then you have your DB instance size, we of course want to leave it on T to micro here, because we want to have the smallest instance there's nothing smaller. There's no nano here on RDS litc to then we choose our storage, it's set to 20 gigabytes, there is auto scaling for storage, so it will automatically increase the size of that runs out. I have to turn that off. Because we don't need that you have your multi AZ you can determine where this RDS should launch, like what VPC, we're gonna leave in the default. For database authentication, we can use the standard password authentication, or if you want to allow Im users to authenticate directly. You can use that which is pretty cool. I'm just going to leave it to password authentication. And then we have additional configuration which you definitely want to set. So you have your initial database name. So if you do not specify database name RDS does not create a database. So I'm pretty sure we want to create a database So we're gonna have to name this here. So I'm gonna call this exam Pro, fresh, okay? And we're going to turn backups off. Okay? And oh, I guess apparently, I can't use a hyphen there. So I'll just remove that. Actually, it looks like I can use an underscore. And so but anyway, so if we turn this off to zero days, that means it's not going to take a snapshot right away, or a backup right away, it's going to launch a lot faster. And we're not doing much with a server. So you know, let's just get through this as quickly as possible. We don't need performance insights, I'm going to turn that off as well. And, yeah, we were all good to go. So we'll go ahead and create that database. Okay, and so we're just going to wait for the creation of that database there. And it will just take a little bit of time here. And we'll be back in a moment. Alright, so now our database is available here. And you can just see when clicking into it, that we get stuff such as the CPU usage currently, and how many current connections are connected to this database here. Now, in order to actually access this database, you'd have to assemble all the requirements. So you'd have to use this endpoint, you'd need this port number, we need the database name, username, password, which we had set earlier. And then you could use a traditional tool, maybe table plus or something to make a connection and start using that database. Okay. But, you know, for our purposes, it was just a matter of showing how easy it is to create a database here. And so now that we have created our own database, let's go ahead and just destroy that database. Okay. And so I'm going to go ahead here, and I just have to type in, delete me. Okay, and that's RDS for you. So this will just delete here, I'm just gonna hit refresh. And we're totally good here, I'm just gonna go back to the management. So we're gonna take a look at a with lambda here and see how to run a lambda function. So what I want you to do is go to the top here to services and just type in a lambda. And we'll make our way over to the lambda console. And once we're in here, I want you to go ahead and create a new function. And we are going to author one from scratch. So I'm just gonna say a my lambda, okay, and we have a bunch of different runtimes that we can choose here, we have no GS, etc, I'm gonna choose Ruby, because that's my language of choice, we're going to drop down here, and we are going to have it create us a new role with basic lambda permissions so that it can write to cloud watch logs, and we're going to go ahead and create that function. Okay, great. So that function has now been set up here for us. And if we just scroll down here, you can see that we have this nice little inline editor that allows us to work on our function, okay. And so the big benefit of lambda, it's, you don't have to worry about the the servers, you just write your code, and it will run. The trade off here is though, that these only run for a small amount of time. So lamda can only run for up to 15 minutes, but generally they're they only run for one second or less. That's definitely how they're used. Let's go ahead here. And let's just put a puts in here. So I can just say hello world, just so we can see that our lambda works. And what we can do here is we can go up and make a test. So I'm just gonna go ahead here and make a test. And we already have one here called hello world. And I'm just going to type this in again, hello, world. Here, oh, maybe I have to do this. And I'm just gonna hit Create there. So now I have a test. And I'm just going to go ahead and hit test there. And we can see that it succeeded. And we got a status code. So this is what it would return. And if we were to go check the logging here, if we were to go to monitoring here, all right, we should be able to see that that puts that we have there. Okay, so we just click on this button here, view logs in cloud watch. And we can see that lambda ran there. And you know, the reason I don't have any output here is I forgot to hit Save there really finicky about that. And now if I hit test, okay, it's worked. And now the output here actually has HelloWorld. Okay, so that's from the logs. And if I go back here and give this a hard refresh here, okay, I might have to go back one step here because now it's in this one up here, and we should have our, our puts, click the right one. Maybe just says, oh, there it is. Okay, so I've just been patient here, but it showed up. So there you go. So you can see lambdas are pretty darn simple. And just going back here up To the function lambdas get triggered from a variety of different services. So if you want to add a trigger, you can go here and drop down and choose a service. So you could have it. So anytime something is inserted into dynamodb, it would then trigger that lambda function or from a variety of things. Okay, and there's even integration with third party, third party, Amazon partners. Okay. So yeah, that's all we need to know for lambda. So we're going to take a look at the ECP pricing model. And there are four ways we can pay with EC two, we have on demand spot, reserved and dedicated. And we're going to go through each section and see where each one it makes sense. So we're going to take first a look at on demand pricing. And this is whenever you launch an EC two instance, it's going to by default use on demand, and so on demand has no upfront payment, and no long term commitment, you're only charged by the hour or by the minute is going to vary based on ecsu instance type. And that's how the pricing is going to work. And you might think, okay, what's the use case here? Well, on demand is for applications where the workload is short term spike, you're unpredictable, when you have a new app for development, or you want to just run an experiment, this is where on demand is going to be a good fit for you. So we're taking a look at reserved instances, also known as r i, n, these are going to give you the best long term savings. And it's designed for applications that have steady state predictable usage or require reserved capacity. So what you're doing is you're saying to AWS, you know, I'm gonna make a commitment to you, and I'm gonna be using this over next period of time, and they're gonna give you savings. Okay, so this reduced pricing is going to be based on three variables, we have term class offerings, and payment options. And we'll walk through these things to see how they all work. So for payment options, we have standard convertible and scheduled standard is going to give us the greatest savings with 75%, reduced pricing. And this is compared to obviously to on demand. The thing here though, is that you cannot change the ri attributes, attributes being like instance type, right? So whatever you have, you're you're stuck with it. Now, if you needed a bit more flexibility, because you might need to have more room to grow in the future, you'd look at convertible, so the savings aren't going to be as great, we're looking at up to 54%. But now you have the ability to let's say, change your instance type to a larger size, you can't go smaller, but you can always go larger, and you're going to have some flexibility there, then there's scheduled and this is when you need to reserved instances for a specific time period. This could be the case where you always have a workload that's predictable every single Friday for a couple hours. And the idea is by telling AWS that you're going to be doing out on schedule, they will give you savings there that's going to vary. The other two things is term and payment options. So terms is how long are you willing to commit one year or three year contract, the greater the terms, the greater the savings, and you have payment options. So you have all upfront, partial upfront and no upfront, no friends, the most interesting one, because you could say, you know, I'm going to use a server for a year, and you and you'll just pay at the end of the month. And so that is a really good way of saving money. Right off the bat, a lot of people don't seem to know that. So you know, mix those three together. And that's going to change the the outcome there. And I do here have a graphic to show you that you can select things and just show you how they would estimate the actual cost for you. A couple things you want to know about reserved instances that can be shared between multiple accounts within a single organization and unreserved, our eyes can be sold in the reserved instance marketplace. So if you do buy into one or through your contract, you're not fully out of luck, because you can always try to resell it to somebody else who might want to use it. So there you go. So now we're taking a look at Spa instances, and they have the opportunity to give you the biggest savings with 90% discount compared to on demand pricing. There are some caveats, though. So eight of us has all this unused compute capacity, so they want to maximize utility of their idle servers. It's no different than when a hotel offers discounts to fill vacant suites, or when a plane offers discounts to fill vacant seats. Okay, so they're just easy to answer this is lying around, it would be better to give people discounts then for them to do nothing. So the only caveat though is that when you use spot instances, if another customer who wants to pay on demand a higher price wants to use it and they need to give that capacity to that on demand user. This instance can be terminated at any given time, okay? And that's going to be the trade off. So just looking at termination termination conditions down below. instances can be terminated by Avis at any time. If your instance is terminated by AWS, you don't get charged for the partial hour of usage. But if you were to terminate an instance, you will still be charged for any hour that it ran. Okay, so there you go. That's the little caveat to it. Um, but what would you use spot instances for if it can if these incidents could be interrupted anytime? Well, they're designed for applications that have flexible Start and End Times or applications that are only feasible at very low compute costs. And so you can see, I pulled out the configuration graphic when you make spot. So it's saying like, Is it for load balancing workloads, flexible workloads, big data workloads are defined duration workloads. So you can see there is some definitions as to what kind of utility you would have there. But there you are. So we're taking a look at dedicated hosting, which is our most expensive option with EC two pricing models. And it's designed to meet regulatory requirements when you have strict server bound licensing that won't support multi tenancy or cloud deployments. So to really understand dedicated hosts, we need to understand multi tenant versus single tenant. So whenever you launch an EC two instance, and choosing on demand or or any of the other types beside dedicated hosts, it's multi tenant, meaning you are sharing the same hardware as other AWS customers, and the only separation between you and other customers is through virtualized isolation, which is software, okay, then you have single tenant and this is when a single customer has dedicated hardware. And so customers are separated through physical isolation. All right. And so to just compare these two, I think of multi tenant is like everyone living in an apartment, and single tenant is everyone living in a house. Right? So, you know, why would we want to have our own dedicated hardware? Well, large enterprises and organizations may have security concerns or obligations about sharing the same hardware with other AWS customers. So it really just boils down to that with dedicated hosts. It comes in an on demand flavor and a reserved flavor. Okay, so you can save up to 70%. But overall, dedicated hosts is way more expensive than our other ACP pricing options. So we're on to the CPU pricing cheat sheet. And this one is a two pager, but we'll make our way through it. So EC two has four pricing models, we have on demand spot reserved instances, also known as RI and dedicated looking first at on demand, it requires the least commitment from you. It is low cost and flexible. You only pay per hour. And the use cases here are for short term spiky, unpredictable workloads, or first time applications, it's going to be ideal when you want workloads that cannot be interrupted, whereas in spot, that's when you can have interruption and we'll get to that here shortly. So onto reserved instances, you can save up to 75% off, it's gonna give you the best long term value. The use case here are steady state or predictable usage. You can resell unused reserved instances and the reserved instance marketplace the reduced pricing is going to be based off of these three variables terms class offering and payment option. So for payment terms, we have a one year or a three year contract. With payment options, we can either pay all upfront, partial upfront or no upfront. And we have three class offerings, we have standard convertible and scheduled. So for standard we're gonna get up to 75% reduced pricing compared to on demand. But you cannot change those ri attributes meaning like, if you want to change to a larger instance type, it's not going to be possible, you're stuck with what you have. If you want a bit more flexibility we have convertible where you can get up to 54% off, and you get that flexibility. As long as those ra attributes are greater than or equal in value, you can change those values, then you have scheduled and this is used. This is for reserved instances for specific time periods. So maybe you want to run something once a week for a few hours. And the savings here are gonna vary. Now on to our last two pricing models, we have spot pricing, which is up to 90% off, it's gonna give you the biggest savings. What you're doing here is you're requesting spare computing capacity. So you know, as we said earlier, it's like hotel rooms where they're just trying to fill the vacant suites. If you are if you're comfortable with flexible Start and End Times spot price is going to be good for you. The use case here is if you can handle interruption, so servers randomly stopping and starting, it's a very good use case is for non critical background jobs. instances can be terminated by ABS at any time. If your instance is terminated by ATMs, you won't get charged for that partial hour of usage. If you terminate that instance, you will be charged for any hour that it ran in. Okay. And the last is dedicated hosting, it's the most expensive option and it's just dedicated servers okay? And so it can be can be utilized and on demand or reserves you can save up to 70% off. And the use case here is when you need a guarantee of isolette hardware. So this is like enterprise requirements. So there you go. made it all the way through ECP pricing. Alright, so there are many AWS services that do not incur a cost and so these are free services. So for example I am, which is used for creating users and groups and roles to access a different resources, creating any of those components of IBM are not going to incur a cost. So I am is essentially a free service where you have these other services which are free, such as auto scaling cloud formation Elastic Beanstalk everything in this blue box, but they can provision other AWS services, which costs money. So, on the exam, I would not be surprised if you come across a question, which kind of implies that cloudformation might incur a cost, but you just need to know that the service itself is free, but it can provision other services. Okay, so I've highlighted in bold here, two services, which I think would most likely show up on the exam. But I've given you more of a full list of things that definitely do not cost money. So there you go. So each of us has four different support plans to help you out when you need it. And when you first make an AWS account, you by default are in the basic support plan. And this is going to give you access via email for billing and account information. So let's say you aren't sure about the cost of something or you think that you might have been overbilled or you are suspecting that you may be overbuild. Because you might have misconfigured, something, you have this available to you at all tiers. But yeah, that's the first thing that you have access to. And so you just send them an email, and they'll help you resolve that. Now, coming into the paid tiers, we're gonna start with developer starting at $20 USD, and this is gonna give you access to technical support via email, okay, and generally, they will reply within 24 hours. But they do allow you to choose the response time, like the nature of the issue, which is going to determine how fast they reply. And so we have general guidance and system impaired, okay. Now in the developer tier, it does not provide third party support. So let's say you had a web application, whether it's Ruby on Rails, or Django or express GS and is running on an EC two instance, AWS is going to help you with easy to instance, but they're not going to help you with the actual third party part, which would be, you know, again, rails or Django and etc. Okay. So, so you know, that's what's going to be limited to, going into the next year business was starts at 100 USD, this is now where you're going to have access to chat and phone. And this is any time, okay, so if you want to call them at 3am in the morning, you can or chat with them. And generally, it might be a bit slower to connect with them, but they definitely will connect with you. And you can work through your problems, okay. So the other advantage here is that now that you can do chat and phone, you can also do screen sharing with them, so they can actually send you over a link. And now they can see your screen, and they can work through the problem with you. And this is extremely useful and definitely makes the business here, something worth purchasing, especially if you're running a production system. Okay, you're also going to get faster response times, in the case of if you have a production system impaired or down. Okay, so this might be important to you. And so also the business tier and enterprise here does support third party, okay, so on these tears, they will make the best effort to try to help you through things that aren't database related to solve your problem. Okay, so that is an additional bonus, they're now coming into the enterprise account. This is the most expensive plan starting at 15,000 USD, it was previously 10,000. But it was has increased that and this plan is special because you actually get to dedicated resources, these nysa resources, I mean people and so you get a personal concierge and a Tam which stands for technical account manager. And also you have a new response time where they can respond within 15 minutes. In the case for a business critical system down. Okay. So um, there's that and then we have advisor checks. Okay, so for advisor checks for the basic developer, we have seven, and then for business enterprise, we get all checks. Do we have another section in this course here where we covered trusted advisor so you can see what all those checks are. But for the exam, you're going to need to know the difference. pricing for the different tiers, you're going to need to know those response times the 2412 for one hour, 15 minutes, you need to know when are people assigned your accountants only in the enterprise. You're going to need to know when third party support is is there or not Yeah, so there you go. So here in this follow along, I want to show you how you would go ahead and create a case, in AWS support, I am using the business support plan here. And you can see that I have a bunch of different support cases, I definitely have a lot on cloud front, because it's given us a lot of trouble. But anyway, let's work our way through this and create a new case here. And then you're going to be presented with a type of case you want to choose. So if you were on the basic tier, technical support would be grayed out, you'd have access to both account a billing support and service limit increase. So if I just click here, you can see here, if I want to report a billing thing, I can choose the type. So I'd say billing, I would choose the category. So I could say I have a question about the free tier. And then you could specify the response time here, okay, Lord, I guess they call it the severity and you'd write your subject description, you can attach up to three attachments there. And you can only choose to talk to them via email. Okay, so we have chat and phone, but these are disabled. But I think the real interesting thing to show you in support here is technical support. Okay? So with technical support, this is where we're going to be able to ask technical questions about Ada services. So if I wanted to drop something down, and we would type in a cloud front here, because again, I say cloud front is something we spent a lot of time on. And then you choose the category. And so now the category is going to narrow down based on the service. And on the right hand side, there are going to give you suggestions, okay, but we can go through here and say I'm having an issue with caching, okay. And then you could choose the severity. So we'll just leave it general. And then sometimes they ask you to provide additional information, it's optional, but it's going to save them time to help you out, you'd have to go through your account to find those values, it's going to change based on the service. And then down below, we can write in whatever we want. So I could say, I'm having issues with my distribution. Okay. My cash values aren't showing up, aren't being served. Okay. And so you can choose the preferred contact here. Now, this is very simple, you don't get any type of formatting or bolding. So you have to be a bit creative to display that information. But you definitely want to try to create all the steps for them to replicate it. Okay. And then down below, we have web chat or phone. So we'll give chat a try here. Okay, and I'm just going to hit submit, and then we will we will get here is, um, a chat window pop up there. Okay, and so we'll just wait here for a little bit. Well, I just wanted to give you actually a better example here. So I just left that window there and opened up a previous case I had here on this one actually is with CloudFront, lambda edge. And so once you are chatting with the cloud engineer, it will actually save all this within the case later on. So if you need to read what you were talking about, that's going to be saved there later. If for whatever reason, the cloud engineer cannot solve it, and they need to go off and try to replicate it or reach out to someone else in the team, they will do so and then they will come back to you with the answer later on. And so they will provide that there. And that's what happened in the case here. Okay, um, and generally, sometimes they will go out and actually bring back even more information for you there. Okay. So you can even see that this cloud engineer had to go talk to the cloud formation team to resolve this case here. So you definitely can really reach the experts within AWS to solve your problem. So there you go. That's generally the follow along here in a nutshell, for crina case, okay. So now we're taking a look at AWS marketplace, which is a curated digital catalog with 1000s of software listings from independent software vendors, and allows you to easily find by test and deploy software that already runs on AWS. So on the right hand side, there, you can see we have a bunch of categories such as operating system security, machine learning, and the idea is that you would click into one of those categories. And now you have a bunch of products that are being offered to you in the form of Amazon machine images, cloudformation, templates, SAS offerings, laughs rules and a variety of more. And these products can either be free, or they could have an associated charge, more likely the ladder and discharge will become part of your AWS bill. And if you want to sell things yourself, there is a sales channel for ISVs and consulting partners. So you definitely It cannot just be the one buying but also selling, okay. So in this fall long, I want to show you the AWS marketplace and the things that you could possibly buy in here. So just looking here, on the homepage, here, we have a bunch of categories where we can narrow down the thing that we're looking for. Or we could choose a vendor, if we knew in particular, what we want, you can see there's 1361 vendors. So there's quite a few here. Or if you want to determine your pricing plans or delivery methods, okay, and then you have those popular categories, which is a very easy way to start exploring, maybe we would be interested in machine learning. So I'll go ahead and click there. Okay. And now that we are in machine learning, we can see that we have a variety of different offerings here. So let's say we wanted to do some deep learning. with Python three and TensorFlow, I'm just going to click into here. And it's going to give you an idea what kind of product we have here. I believe this is an Amazon machine image, I'm just kind of trying to find where it says that, and right down there. So we see that the delivery methods is an Amazon machine image. So it's going to determine what that is. And we have a variety of information here, such as the product overview, it'll do price estimating estimations based on the easy to instance that you choose. And there can be useful information such as how to actually use this. Okay, so yeah, so if you wanted to do that, I mean, you could create a subscription from here. But generally, when you're launching Amazon machine images, you'd want to go ahead and launch that with in the EC two, console there. So let's hop our way over there and try to find something in the marketplace. Okay. All right. So here I am in my AWS account, and I'm going to make my way over to EC two. Okay. So a lot of times when you want to use a marketplace resource, generally, you're going to launch it within the context of what service you're using. So there are laughs rules that are sold in the marketplace. So when you're using laughs in the last console, you can purchase them there. And when it's going to be an ami, it's going to be via EC two. Okay, so I would just go ahead here and launch an instance. And as soon as I launch an instance here, or you get to the option to choose to watch it instance, whatever it decides to load, we are going to be presented with the AMI that we need to choose, okay. Alright, so now we can choose our ami, on the left hand side, you're going to see AWS marketplace. And so this is where it's going to make it easy for us to choose a service there and subscribe to it. So if we wanted that machine learning one, I think it was TensorFlow. Okay, so we typed TensorFlow there. I'm not quite exactly the same one. But if we just wanted to launch one here, so here we have deep learning ami, which is an Ubuntu image. And it would have some kind of associated cost here. So I go here and select it. Okay. And right away, it's going to show me the pricing here. I don't see any additional costs, probably because this one is an AWS, deep learning ami, it probably doesn't have any additional cost, but it does estimate that stuff out there. So maybe we'll go back and actually choose something where I know there will definitely be a cost. Maybe we try launching guacamole. Okay, so guacamole is a if you can spell it is a is a bastion, I'll just type in Bastion, that's an easy way to find it. And so here's guacamole, it gives you a free trial. And here you can see the pricing here. So you see 0.3 cents to 33 point 52 cents per hour. And so I will just go ahead and select that, okay, and choose that ami and it can tell you that it has a free instance. And then you'd hit continue, okay. And then you just launch your instance. So based on this here, I'm restricted to that. So I'll just do a small here, and I'm just going to go ahead and review and launch. Okay, and this is definitely not part of the free tier. So I'm going to definitely want to destroy this immediately after creating it, okay. But I just want to show you how easy it is to create something from the aect marketplace here. Okay. We'll just download that and launch that. Alright. And so now I actually have a subscription to that market. Place service. Okay. So as is launching there usually doesn't take this long, but today, it seems to be a bit slower. I want to show you the actual ABS marketplace subscription. So when you start accumulating subscriptions, you can go to ABS marketplace subscriptions here and see that apparently it's not supported in the Canada region. So we'll have to move over to US East. That's not uncommon for AWS, because a lot of times with billing and other things. They are only available in the US East region. But here you can see we have guacamole, okay, it's saying trial ends in five days. And then I have over here a lamp certified by bitnami. And it has no additional costs. So if you are using a bunch of things from the marketplace, and you're trying to keep track of them, this is where you're going to find that information. Okay? So I mean, that's pretty much all you need to know, for the ABS marketplace. And I'm just going to make sure to shut down that instance, there, since I do actually not want to do anything with it. Okay. But I just wanted to show you how easy it was to start subscribing to a resource there. So I'm just going to go here and quickly shut down that instance there. So if you're following along, you do the same. So I'll just go ahead here and terminate that instance. Okay. And there we go. Hey, this is Angie brown from exam Pro. And we are looking at trusted advisor which advises you on security, saving money performance, service limits and fault tolerance. The reason I have that saving money in red is because we are looking at billing and pricing. Okay. And for trusted advisor for every single account, you're going to get for free seven trust advisor checks, if you have either business or enterprise support, you're going to get all trusted advisor checks. And an easy way of thinking of what trusted advisor is, is think of it as an automated checklist for best practices on AWS. So trusted advisor has five different categories where it can advise you on and it has a checks. And these are all the checks that are possible that are at the paid tiers, okay, for the free tier, there's quite a few less, I honestly can't remember what they are. So I'm not going to show them here to you. And we're just going to focus on the fullest here going through each category. So first looking at cost optimization, where you're going to be able to save money. The two most common ones where it will recommend you on is idle load balancers, and on associate AIP. So for idle load balancers. So if you spin up an elastic load balancer, the minimum cost per month is $15. Okay, but let's say you just don't happen to have any easy two instances that are being balanced on there, it's going to say, hey, this load balancer is not doing anything, maybe you should get rid of it to save some money. Another one is IPS. So that's elastic IP addresses. Okay. And so the idea is that if you have an easy to instance, and you want to give it a static IP, you can reserve an E I, II, II p from AWS. But the thing is, is that it's not attached to EC two and says it's associated, it costs you money, because AWS wants you to release that that IP address so someone else can use it. So that's a recommendation that will make to you looking at performance. Let's say we look at high utilization Amazon ECS instances. So for that one, I believe that it's let's say you have a very high CPU usage on an on a CPU instance, it's going to say, hey, maybe you should use a larger instance, okay, to get better performance out of this, this machine here, okay? Now, for security, we have MFA on root account. And this is not only trusted advisor tells you to do this, but so many other services tell you to do it, because it's such a important security measure within your AWS account. Another thing could be Iam access key rotation, so you have access keys that are used by users. And it might suggest, hey, it's time to rotate these out to make sure things stay secure. Okay, so looking at the last two categories, we have fault tolerance and service limits. So for fault tolerance, it would recommend that, let's say something for RDS backups, okay, so just to make sure that you have backups in place, or have them turned on. So in the case that your database goes down, you can recover it, okay. And then you have service limits, and there's none in particular chosen here. But there are limitations on the certain amount of things that you can use enables allows you to increase those limits. So it's just kind of like a safeguard for you to be less be allowed to go beyond that, I guess a really good one would be SEO. So SEO allows you to send out emails, and probably by default, it caps you at like 5000 or 10,000 emails. And if you had to go beyond that, you would ask for a service limit increase. Okay, so those are all the checks there and the five categories to give you an idea of what trust advisor can help you with. So in this follow along, I want to show you, the trusted advisor dashboard and how it makes recommendations to you, and how you can keep up to date when it discovers new things. Okay, so here in this exam pro account, we have business applied, so we have all the AWS advisor checks. So let's go take a look at cost optimization here. And you can see that we have things in green. So these things are a Okay. And then you have things with warnings. And one thing we explored earlier was an associate associated elastic IP addresses. If we expand there, it's going to show us that we have one IP address and our US East region that's not currently associated with any running instance. So this thing is costing us money, okay? So so then you'd have to go take action and go over to I believe it's VPC, the VPC console and then just an associate that and you start saving money, okay. And so we have that for a bunch of categories here. If you wanted to download a report, I believe you could go up here and download an XLS. Yep, that's an XLS there. So you can bring that into Excel and look at that information. But the number one thing I'm going to show you is preferences. And under preferences, you can actually set up email notifications on a weekly basis. So you would just set those email addresses checkbox and save those preferences. And you would get these notifications, anytime there would be a change, where it has recommendations for you, you can take action on that. So that is all you really need to do for trusted advisors. So there you go. So we're gonna take a look here at consolidating billing, which is a feature that is turned on by default when you're using a service organizations and you have multiple member accounts. So you're going to have one account, that's considered your master account within your organization. And then you'll have all these member accounts underneath. And all of their billing information is going to be sent to the master account, as well as the master account is going to be responsible for paying the charges for all its member accounts. Okay, so it makes billing a very simple and straightforward. And also, you'll be able to use cost explorer to visualize the usage of the billing per account. So if you wanted to see all the expenses, just for the developer account, or the data science science account or the security account, you're going to be able to segment that data within cost Explorer. consolidate billing is offered at no additional cost, okay. And if you do have a member account, and you have it, leave the organization that cost export data is going to be no longer available. So just keep that in consideration. Okay. So another thing we want to touch on about consolidating billing is volume discount. So each of us has volume discounts for many services. So what that means is, the more you use something, the more you are going to save Okay, and so consolidate consolidated billing lets you take advantage of volume discounts, because it's going to take the usage from multiple accounts and treated as one and then whatever that surplus of from another account is going to end up in another bracket of lower discount. So just to really illustrate this here, we have usage from two different accounts we have odos usage and data's use, DAX is usage for data transfer, okay, instead of the data transfer is going to cost at the first 10 terabytes 17 cents per gigabyte. And the next 40 gigabytes is going to be a 13 cents per gigabyte. Okay? So if you were just paying for odos usage and daxue separately, which would be unconsolidated, you could see that comes out to 2088 and 96 cents, okay. But when you consolidate the billing and group, the total usage, you're going to have that usage overflow into tier two, which is where you're going to save that money, okay. And so now you can see the consolidated billing, it's going to be $2,007.04. So we have roughly there about $80 worth of saving, okay, and so, if you if those costs weren't consolidated, we wouldn't get those savings. So that's one motivation for you to take your individual accounts and make sure they're in an organization. Okay. Hey, this is Andrew Brown from exam Pro. And we are looking at AWS cost Explorer, which helps you visualize, understand and manage your AWS cost and usage over time. So with cost Explorer, if you have multiple AWS accounts within an organization, all the costs will be consolidated into the master accounts of cost Explorer is very good at giving, getting an overview of all your costs, no matter what accounts they're in. Within Eva's cost Explorer, you have these things called reports, okay? And Asus gives you a bunch of reports, by default that you can use. So if you need to start breaking costs down based on services, or excetera, they're just one click away. And you of course, can make your own reports. Within cost Explorer, it has a feature called forecasting, which allows you to see future costs, so you can plan for the future or maybe make adjustments so you can lower your bill. Within cost explorer if you want to view the data monthly or daily, that is an option that is available to you. And you get these nice graphs within class Explorer. So you can group the information in a variety of different ways. You can see there's tons of different ways and you can also filter based on a lot of options there. So if you want to filter out very specific services or Yeah, very specific regions or based on tags, or maybe you just want to look at one particular, like accounts, maybe you have a developer account, you just want to see what they're spending, then you, you can use those filters to narrow that stuff down. All right? Hey, this is Angie brown from exam Pro. And we are going to do a quick follow along here in Eva's cost explorer here. Okay. And so here, I have an exam pro at ghost account, which has some expenses within it. So hopefully, we will find some useful information here to look at as an example, on how would you use cost Explorer. So here I am on the home, right. So if I was to click here, this is what we would see. And right away, we're going to get month by month today cost. So here so far, we've spent $185, this month, and then it's forecasting $466.18, I do need to point out that these forecasts, forecasted monthly costs can be misleading. So if you have a large spike, or bill at the start of a month, because you might have large services, so like you're paying for EDA support, or you're registering domains, like one time fixed costs, this value here can be extremely misleading. So next month, I'm not paying $466. I definitely know that. But you know, just be aware of that, if you see that it might shock you. Okay, so just to start looking at information, we go to explore costs, okay. And right away, now we have our nice graph here. And it allows us to now filter this data however we want. So here we have that group by and so the most convenient one is generally by service, okay. And so what you'll get is a stacked bar graph here, which will break down service costs. Now, it doesn't always show everything. As you can see, here, we have our business support RDS, some other EC two instances that are probably managed by AWS, maybe ECS or something, then we have kinesis analytics, and then we have others, okay, so you don't get a full picture there. But they do have a cost listed down below, you can download the CSV and work with this raw data here. Okay, and you could break this down monthly, so I can go to monthly here. Okay, and then this will just change the graph. So now it's a monthly breakdown. And you can change the scope of how far you want to go back there. Okay. But we'll just go back there and change it to daily. And apparently, we have some other options here. So if you don't, like stacked and you like line graphs, you can have that or if you'd like bars, okay, but stack stack is my preference there. Okay. And then on the right hand side, we have filters. So if you want to start filtering, it might look like this is grayed out, but what you do is you actually click here, okay, and so then I could type something like register, okay. If I can remember how to spell it, there we go. And that's for registering domains on Route 53. And if I just apply that filter there, you can see I have one class there, okay. And there's tons of different filters in here, okay, tons and tons. But like, the one that you'll notice the most is like linked accounts. So if you wanted to filter out for like a developer account, like a discount, or something like a variety of different accounts, you can do that to figure out the exact costs of particular teams. Okay, and so that's that there. Now, just to show you those reports, there are those default reports here, if you go on the left hand side here, we can go to save reports. Okay, and so here are a bunch of them there, and you can get an idea of what's inside of them. Okay. But yeah, you basically would just create whatever configuration you want, oops, I went into reserved utilization there. I don't care about that. But yeah, whatever, whatever filters you want, you just go ahead and make any report. You go cost and usage, okay. And from there, once you pick, choose your configuration, you hit save, and you can have this report for later. Okay, so if you really want to monitor, like CloudFront. So CloudFront is something that we heavily use that exam Pro, and it can fluctuate based on how many people are consuming videos on our platform, we might want to just create a report for CloudFront. Okay, so yeah, there you go. Hey, this is Angie brown from exam Pro. And we are looking at AWS budgets, which is a service that helps you plan service usage, service costs and instance reservations. I like to think of it as billing alarms on steroids. And when you use AWS budgets, each budget costs about two cents per day. Okay, and you have up to a limit of 20,000 budgets, but the first two budgets are free of charge. So if you have any adverse account, you definitely want to go ahead and create yourself a couple of budgets. Okay. All right. So we're looking at his budgets here, a little bit more detail. And so the idea here is that you can set up alerts if you exceed or are approaching your defined budget. There are three types of budgets you can create. You have cost usage and reservation, okay, so costs is where you're just plugging in $1 amount There, okay? For usage, it's going to be based on a usage unit. So you could choose something such as EC to running hours. And then you're going to use supply whatever the unit is. So that's going to be ours in this case. So here I've supplied 100. And you can track budgets based on monthly, quarterly or yearly levels, okay? And so just if you set it for a year, then that alert is really going to be designed to be delivered at the end of the year. Okay. So for reservations, that is for reserved instances, and it is budget supports, etc, to redshift or RDS and elastic cash, okay? Now, when you are defining your budgets, you can define them based on a fixed cost, or you can plan planning upfront based on your chosen level. So you could say for, for each, so for next six months, you could say for this month, I want to spend this and for this month, I want to spend that etc, etc. Okay, and if it was quarterly, you could say what you want those budgets to be for those quarters. Okay. You can also easily manage Eva's budgets via the dashboard. And they also have an API. So if you need to do something programmatic, you can definitely do something there. And normally, you'd get notified by email, but you could also have the notification sent to chatbot. Okay, so for chatbot, that is a newer service for AWS integrates with common services such as slack or chime, so those could, your budget information will be pushed out to there, okay. Hey, this is Angie brown from exam Pro, and we are going to look at Avis budgets in this follow along and learn how to set our own budget. So we'll go ahead here and create our our budget here. Alright, and so we're gonna be presented with either a cost budget, or usage budget, or a reservation budget. So I'm going to choose cost. And we're going to set your budget. And so they give you a suggestion, like monthly easy to budget, okay. And I could just say all my costs, so overall, overall costs, okay. And then we can choose the period. So monthly seems good to me, but you have monthly, quarterly and annually here, alright, you can have a recurring budget or expiring we want this for every single month. And then you can choose your budget amount. So we have a fixed or a monthly budget planning, this is a little bit more complicated. So I guess if you're a startup and you assumed your costs were going up, you'd want to fill this go up and up and up. Or if you were a seasonal business, and you assume your budget would change based on the demand, it would definitely make sense to a set monthly budget planning, okay, but we'll go back to fixed here and we can just have a cost, you can see it shows my last month cost was $126. Let's just say I wanted my cost to always be $100 per month, it will draw this line here and give me an idea of whether I'm over or under, okay, and we could filter services. So if I wanted to go here, I could just choose EC two, okay. And I'm just going to look for EC two, I'm not sure why I didn't show up in search ghosts already. Yes, instead, because that was a bit easier to find here. So apply filter. So but just an idea to show you just how that works there. Okay, and I'm just going to remove that filter there. If I figured that out, there we are. Okay, and we'll just apply that filter again. And we do have some advanced options there. But everything seems pretty good. So I'm just going to go ahead and configure alerts. Okay, and so you can get alerted if you're if you go over the budget, so you can get it based on the actual cost or forecasted, I would get so many emails, if I or at least I'd always get a email if I had forecasted because forecasts within my account are always spiked, okay, but here, you could set the alert threshold. So when you're approaching that budget, so let's say you're 80% On the way there, it should send you an email, and then you'd add your contact here. So I could just say Andrew at exam pro.co. Okay, um, maybe I did that button. Yeah, just the one there. Okay, and you could also notify via Amazon SNS so if you already have a topic Arn, you could provide that there. But apparently, you do not have to do that here, which is kind of nice. But apparently they have a new feature, which is the chat bot. So I suppose if you're using Slack, you could integrate that alert there. So nothing super exciting there. But yeah, so if you were using Slack, or I'm sure it integrates with AWS version of slack, which is called chime in, there's probably another service there. So that's kind of interesting there. But we'll go ahead and we will confirm our budget. We're going to get an overview of that. And we'll go ahead and create that budget. Okay. And so now we have this budget, and we just have to wait some time before we can actually see some information here. But generally what would happen is it will Oh, here we go. I just did a refresh there. So it showed my budgeted my forecasted the current versus budgeted and then the forecast. Okay, so yeah, there you go. That is a budget. So I just wanted to show you that the email here came through for those budgets and just what it looks like. So here, you can see that it says that I exceeded the amount of $80. So when we entered in that 80%, it calculated the dollar amount for us there. It just shows us that information. Okay, so there you go. That's all you need to know for those budgets. Hey, this is Angie brown from exam Pro. And we are looking at the decio calculator, which stands for the total cost of ownership. And this allows you to estimate how much you would save when moving to a dress from on premise. So it provides you a detailed set of reports that can be used in executive presentations, the tool is built on underlying calculation models that generate fair assessments of value that you can achieve given the data provided, okay? And the TCL helps by reducing the need need to invest in large capital expenditures. Of course, this tool is for approximation purposes only. So it's really a persuasion tool to use for at the executive level, okay. But the idea is that you just launch the TCL calculator, you describe your environment, you're going to get a three years summary of cost comparisons, and then you can download that detailed report, okay. All right, so we're going to take a look at the total cost of ownership calculator here. So just Google and find your way to the TCL calculator on AWS, when you arrive, this page, you know, you're in the right place, and you're gonna be looking for this big yellow button. Now, it does take sometimes quite a bit of time for this to load. So I've already clicked that button and have it open here on a new tab. Okay. And so you get here, and the idea is you choose your currency, we're gonna stay with us dollars. And you can choose whether you're on a premise or colocation, we're gonna say on prem. And you can decide whether they are physical servers or virtual machines, you can see some options there. And now you're going to go ahead and fill some stuff in here. So let's see if I can figure something out here. That is a good example. So maybe you'd have a non database server. So you have your own web application. Okay. And let's say it is using whoops, it is using the number of VMs, you have six running, and each have, I don't know, eight cores, and you're using that's 1024242048 amount of memory, oh, that's gigabytes. That's too high, we'll just say eight gigabytes there. Okay, we can choose the hypervisor, the OS there, I'm going to add another row here. And we'll choose a database this time, and we'll just say Postgres here, okay. We'll say Postgres. And maybe we don't have as many Postgres servers running here. So we'll say two, and we will say, four cores. And we will say, have four gigabytes of memory here. And that's running on VMware. And then we can choose storage here. So we have some storage here. I guess we could just put something in here. So we could say, we'd have 500 gigabytes, maybe 500 gigabytes of storage. Okay. And so now that we have all those things, we're going to go ahead and hit Calculate the TCL. And we are just going to wait here for this report to generate all right. All right. So after a little wait there, we can see this report has generated and we have a comparison between on prem and AWS. And it's saying that we could save up to 70% a year, which would give us a total savings of $200,000 over the course of three years. Okay, so here, we get a cost breakdown, and we get the total cost of ownership there. So we have the server, the storage, the network, and now we have this additional cost, which is it labor, okay, because this is, in the case that you have on prem, you're gonna have to hire it to manage the infrastructure on AWS, it's, it's taken care of for you, okay, so you're not paying for that cost. And then it shows you your on prem environment, and then it shows you the equivalent in AWS. So if you had if this is what you're using, this is what you'd want to use on AWS. Okay. And then down below, we have some additional information, okay, and then we have a cost breakdown. So it just compares those breakdowns for you. Okay, and then we got other things here, like calculations. Oh, boy, that's a lot of stuff. methodology. Okay. So a lot of stuff that you can use within a presentation to make the case to move to AWS. Okay. And then up here, we can just download that report. Okay. And that would download it as a PDF. Alright, but there you go. So that's the the TCL calculator. Hey, is Andrew Brown from exam Pro, and we are looking at Ava's landing zone, which helps enterprises quickly set up a secure Avis multi account. Now I have enterprises in red there because if you read them Marketing page, it doesn't say that it's for enterprises, but it definitely is because from what I remember, it has a very expensive upfront cost, okay, which but for enterprises would be a very little. So it's not gonna be for the small to medium sized startups. But the purpose of Eva's landing zone is to provide you with a baseline environment to get started with multi account architecture. So what does that mean? Well, the idea is that you have these companies and at best recommends that you run in multi account, but they don't know how best to the company itself doesn't know how best to set up multi account and make sure it's secure. And, and, and good for future growth. And so landing zone is basically that setup for you. Okay. And the way this all works is through a service account vending machine, also known as a VM, which automatically provisions and configures new accounts via a service catalog template. And the way you're going to access these accounts is going to be using single sign on. Okay, and so the environments here are customizable to allow customers to implement their own account baselines through a landing zone configuration and update pipeline. Okay, so now that we have an idea, let's go take a peek at the landing zone page. So here we are on the Ava's landing zone marketing page, I just want to scroll down here for you. So I can just show you that they have some architectural diagrams here to give you an idea what you are getting with landing zone. So here it says the solution includes four counts, add on products can be deployed using a service catalog. So when you get this you're going to get four accounts are going to get this master account here, they're going to have a shared service account log archive account and secret account. So when you are setting up your organization's you should always have a login account and should also have a security accounts that are isolate from your other accounts, because it's just good for for auditing purposes, okay, and so at best is giving you the best setup possible by doing that for you. All right. And so when you need additional accounts, then you use that account vending machine, okay, and so that account vending machine will just create new accounts for you. And so that's really all you need to know about a landing zone that it is giving you a baseline environment, and then it's going to allow you to add additional accounts that are going to be secure, with a lot of other good best practices baked into the Okay. Hey, this is Angie brown from exam Pro, and we are looking at Ava's resource groups and tagging. So we've got two different things here. But they are strongly related. So we need to learn them both at the same time. So tags are words or phrases that act as metadata for organizing your AWS resources. And then you have resource groups are a collection of resources that share one or more tags. Okay, and so the way you'd access those resource groups, is there's a drop down right beside services where you get to create a group and manage your tags. Okay. So the whole purpose of resource groups is to help you organize consolidate information based on your, your project, and the resources that you use. And resource groups can display details about a group of resources based on metrics, alarms, configuration settings, okay. And at any time, you can modify the settings of your resource groups to change what a resources appear. Okay, so let's say you had a database server, and maybe an s3 bucket and you wanted to group them all together, you'd give them all the same tag, and then you could put them in a resource group. And so that's the concept there. Okay. So in this follow along here, I'm going to show you how to use resource groups and tagging. So we're going to spin up a couple of servers, give them some tags, and associate those to a resource group see that they are in a group, and then we'll turn down those servers. Okay, so what I want you to do is make your way to EC two. So we'll go to services at the top here and type in EC two. Okay. And we'll just make our way over to the EC two console. So once we are here, we'll have to go ahead and launch some instances. So let's press the Big Blue Button. Okay. And now that we're in here, I will just choose Amazon Linux two, okay. And we'll stick with the micro tier because that is the free tier. And then we're just going to set up two servers, okay. And we're going to go on to storage and pass onto storage onto tags, and we're going to add a new tag and I'm going to call it project and I say tarok nor okay tear rock nor, and that is a Star Trek reference. If you're wondering, okay, and we don't have to worry about secure groups, we'll have to review and launch we're gonna hit launch here and I'm going to drop down Percy without a key pair. We're not doing anything with these servers, just tagging them okay. And so, they are launching, we're gonna go down to view instances in the right hand side there and then they are launched. I'm just going to click on one of these, even though there's a loading thing, you can still click the checkbox. And we're going to go to tags here just so we can see our tag. And then what I want you to do is ROP resource groups down here and I'm just going to create a new group, I'm going to open a new tab to make my life a little bit easier here. And we'll just wait for this to load. Okay, and so here, we are creating a new group. And we need to choose our group types. So we have tag based and cloud formation stack based, so we're going to be going with tag base today, okay, and so then we have our grouping criteria, this is going to determine how things will be grouped. And so we can choose a resource type, but we'll just leave it to all supported resource types, okay, so that allows it to be anything easy to or anything, okay, and we will need to supply our tags. So going back over here, I just want to make sure it's 100% the same, so I'm just going to copy and paste that there. So we got project, and then we have tarok noer. Okay, and I'm just gonna hit Add. And so now we have our criteria set up. This is where we would see those group resources, we don't see any as of yet, okay, I'm just going to click here to see what we see. Oh, sorry. So you hit that there. And now, those instances have been found, and also the volumes the EBS volumes attached there also have the tag applied appears to be, so we actually have four resources. And that's why and so I'm just going to type in tarok. Nor here, okay. And we have some options, here to tag the actual group here. That's not necessary, we'll just hit Create group. Okay, and so now we have grouped resources, okay, so whenever we want to look at our saved groups, okay, we can go here, we can see terok nor, and we can see all the resources and then quickly click through to find other resources with those tags. All right. All right. And so now that we know how to create a resource group, let's actually go look at manage tags, okay? Because this is a very convenient way to find resources. All right, based on tag, so what we can do is we are, it's certain it adds the region that we're in, so we're in Ohio right now. And we could choose the type of resource I'll say all resource types, and I'm gonna just type in projects, see how it autocompletes there, and I can use tarok, nor Okay, I'm going to add, I'm gonna hit Search resources, okay. And so what that has done for me is it's actually found them all for me. And if I want to export them as a CSV, those resources I could do so. And I think I have a checkbox here and go to Manage tags, selected resources, I can now remove the tag from all these resources here, or add additional tags, okay, so I can go here and then say, Federation, Starfleet, okay. All right. And I believe, if I hit review and apply tags, it's going to go now apply those tags to those four resources. So we go back to EC two instance here, we might have to do a manual refresh up here. And so now we have an additional tag applied. If we wanted to remove those on mass, it's going to be the same story, right? So we're gonna go to project we're going to go to terok. Nor we're going to hit all resources here, search for those resources. And I can select them all manage them, and remove that tag. Okay. So um, yeah, it's pretty darn straightforward. I think I actually removed our original tag there. So if I go back here and do a refresh, now we just have Federation Starfleet. Okay. So, you know, that's as simple as it is. And there's tagging found out throughout so many services within AWS. Okay. And I'm just going to go and shut down these instances, because we are done with them. So we want to terminate them. And we want to say yes, okay, and so that's all of our cleanup there. So there you go. Hey, this is Angie brown from exam Pro. And we are looking at AWS quickstarts, which are pre built templates by Ava solution architects, and Amos partners to help you deploy popular stacks on AWS. And so the benefit here is that it can reduce hundreds of manual procedures into just a few steps. Okay, so quickstart is composed of three parts. So you're going to get a reference architecture for the deployment. So it's going to be like an architectural diagram and description. And then the actual quickstart itself is just a cloudformation template, and cloudformation templates are used for provisioning multiple AWS resources. So it's going to automate configured that deployment for you. And it will have also a deployment guide explaining the architecture and implementation in detail. Okay, so most quickstarts are reference deploy deployments enable you to spin up a fully functional architecture in less than an hour. Okay, so you can get operational pretty quick with these things. And on the right hand side there, you can see that I've cherry picked one out there from onica and that's one is for setting up an IoT camera connector. Okay. So here I just wanted to give you a quick tour of Eva's quickstarts just so you have an idea of what there is available to you here. And so on the left hand side we have a bunch of filtration options to choose Or to narrow down some nice templates here for us. And on the right hand side, we already have some templates, let's go into analytics here. And right away, we have a one here by Cambridge technology, which automatically deploys a clickstream analytics environment for you. So that sounds pretty cool. So if we just click into this actual quickstart here, what we're going to see down below is that architectural diagram, I was talking about how we're like a bunch of descriptions as to what it is doing, this stuff varies based on quickstart templates that don't expect to see the same stuff everywhere. But they'll generally give you instructions on how to deploy, and then the costs or licenses involved. And so if we wanted to launch this, we go view deployment guide details, maybe here. Okay. And, oh, we got a big white paper. So this one's a bit different here. Sometimes, the buttons are a little more clear. Oh, yeah, here it is. So again, this will vary based on each one. So I've never done this one before. But we'll say deploy into a new VPC. Okay, and what that's going to do is set up that cloudformation template for you. That's what I'm expecting anyway, so yep, there it is, it's going into cloudformation. Okay. And we're not going to go through this whole process, I'm just showing you, at least to this stage, okay. And so here, we have that template, we go next. And I'm just going to see if it asks us to provide some information. So yeah, these a cloudformation template has a bunch of variables that you fill in. So based on the Quickstart template you have, it's just going to have different options here. As you can see, this one has a variety of options, but we would just fill that in, go next review and launch and then it would spin up that clickstream for it. So there you go, that is a quickstart. Hey, this is Andy brown from exam Pro. And we are looking at AWS cost and usage report. And this is a service which will generate out a detailed spreadsheet enabling you to better analyze and understand your AWS costs. So just as it says, you have a big button and you download a spreadsheet and there you get a nice big breakdown, the report gets placed into an s3 bucket, you can use Athena to turn that report into iqueryable database hour, or you can use quick sight to visualize your billing data as graphs. Okay, so you have a lot of options here to work with this data. All right, but maybe you just want the spreadsheet. Okay. So that is Ava's cost usage report. So in the following, I just want to show you how to use Amos costing usage report to get that spreadsheet, okay. And so what you're gonna do is you're gonna go up the top right corner here, you're gonna go to my billing dashboard, and you're going to make your way to the cost of usage reports here on the left hand side, okay, and then once you get here, we're gonna have a nice big blue button that we can press to create our reports, let's go ahead and do that. So we're gonna need to give us a name. So we're gonna say my, my use cost and usage, okay. And we can include additional resource IDs here, I'm gonna just hit next. And then we need to configure where it goes. So I'm going to create a new bucket. So I'm just gonna say, ESP for exam Pro, cost and usage, okay. And it's going to put that in the US East. One region there. Okay, I'll hit next. And we have this nice, big policy wants will say, save that, okay. And then we can choose to what detail that we want. I'll leave it for hourly, that's totally fine. I will say daily, that's probably more ideal there, we'll create a new version of support. And now for easy integration, we do have those options there, Athena redshift and quick site, but we are just going to leave this as be I'm gonna make a zip because I want to make my life really easy here. Just because if I download to my local computer, I won't be able to unzip that with very little effort here. I'm gonna hit next. And what we can do here is go hit review and complete. Okay, and so now, it is going to deliver that. So in the next 24 hours, your first report will be delivered to an Amazon s3 bucket you configured during this report creation. So we're just going to have to wait for this creation. And I will come back here and download it and show you that report. Okay. All right. So it's been 24 hours, and I went over to my s3 buckets here, and I searched for that bucket that I created. And then I just drilled down so if you just click through to that bucket, okay, so I go into here, and then there's this folder that has no name, okay? And then you go into the cost and usage. And then you go into here, then you're going to see another folder, you click into there, and then we can get that CSV, zip. Okay. So that's going to have a zip, which contains a CSV file. And that's going to give us that raw data, which I've opened up here in Excel. And so you can see there's a lot of data here and so it's up to you To make sense of this data, but at least you can see you get all the raw data from cost and usage. And of course, I mean, the huge advantage here is that you can integrate this into quick site and Athena to analyze it within AWS. Okay. So there you go, that is a cost of usage. Hey, this is Angie brown from exam Pro, and we're looking at organizations and accounts. So when you first sign up for AWS, you are creating a single account. And that first user you're logging in, as is the root user. Okay, so just look over here on this diagram, see where we have a master account. So just, let's pretend that this was the account that we created, and we were logging is that root account user. So what you can do is you can promote your account into an organization. And so what that's going to allow you to do is it's going to allow you to create multiple accounts within that organization. So now, that original account is now a master account, and underneath it, you can create multiple accounts. Okay, so why would you want to do this? Well, if you're an organization, you might want to, like, isolate different departments within your company, and also to have fine tuned control over what they have access to on mass. Okay, so the idea here is like, let's say you have a development team on one side, and there's multiple accounts, you can put them within an organizational unit, and then use a service control policy to apply rules about what services they can or cannot use on math. Okay. So I mean, that's pretty much all there is to it. But I think this would be a lot more clear when we do a quick follow along, okay. Hey, this is Angie brown from exam Pro. And in this follow along, I'm going to show you how to use organizations and create some member accounts. Okay. So there are two places where you can manage your organization. It's within the IM console here. So you just type in Im to get to that console. But you can see here that it says organization is not in use, because we have yet to create an organization. So what we'll have to do is in a new tab, we'll have to go to the organization's console here, which is where I'm at currently. And we have this nice little wizard here to get started. So I'm going to go ahead here and hit Create organization, it's going to ask us to create an organization where we have all these features, or we could just have one consolidated billing, we definitely want to create this one here. So I'm gonna hit Create organization. Great. And so here I have created organization. And you can see that it sent me an email to finish verifying your master account, because the original account we have here has now been turned into a master account. So I'm going to go ahead and just go confirm that email here. So now I'm in my email here. And here's that verification email. So I'm just going to go ahead and press that button. And now this has been verified. Okay, so I'm just going to close that here. I'm just going to refresh. And you can see we are now verified, okay, and we can see, that's our master account, I think it might be Yep, the star emphasizes that that is a master account. So if I go back to Im console here and do a refresh, let's see if there's any kind of change. Okay, and there definitely is. So you can see that we have a root organization here. And then we have the exam pro fresh account, which is the master account. So we can't create additional accounts. From here, it's just more of an organizational structure, what we can do is go back to the organization's console here, and do some organized organizing. So before I actually go ahead and create any accounts, let's actually go look at some, some organizations are sorry to organize this account. So we'll go to organize accounts. And so over here, this is where we'd see all of our accounts. And we can create some organizational units. So I'm going to create a new organizational unit called developers. Okay. And so now I have that organizational unit, and there is some way for me to set them in the tree. Actually, by default, it has already set it here. So we already have that. Okay, so I suppose it already is associated to the root there. Okay, so now what we'll want to do is we'll want to actually create an account under this organizational unit. So let's go back to accounts here and let's make a new account. I'm going to create a new account here. And I'm going to do Andrew plus fresh plus developer at exam pro.co. Here, okay, I just gotta be here. And we'll just say Andrew Brown, okay, because every account has to have a unique, unique email for the root account. And there is this Im role, I'm just gonna leave that blank and hit Create. And what's that? What that is going to do? It's going to get us set up with a new account. And so I'm just waiting here for this to send us an email to tell us that our account is ready. Okay, so we'll just wait here for a little bit. Alright, so after waiting a few minutes here, I got a new email saying my account is ready. Okay. And just back in here, if you do a hard refresh here, you'll see that the account is set up, you probably don't want to name the account based on someone's name, I just inherently had put my name in there. Generally, you'd want to name this developers or whatever the account is called here. But this account is now ready. So how do we actually access this account? Well, the way you do it is you actually just log in as the root user. So I'm going to just close this tab here. And I need to remember what this email is here. So it's Andrew plus fresh plus developer. And we're just going to log out here and just sign back in with this as the root user. So what we'll do here is we'll just go ahead and go sign in to console. And we're just going to provide that email there. And we're just going to hit next. Okay, and what we're going to do is we're actually going to hit forgot password is the only way to set up new accounts, you have to just reset the password. And so we have to enter into this code by three by m, q q, that's really hard to see, but I think that's what it is. Okay, we'll try this again, eight, seven, E, eight, y p. Great. And so now we're gonna get an email here. And so we'll just wait for that email. Okay. All right. And so here is that email to reset her password. So we just got to go ahead here and click this link here. Okay. And so now we're just going to have to provide a new password, so I'm just going to fill something in there. Okay, and so now our password has been reset. Great. So now we'll just have to proceed to sign in here. So we'll just put in that new password, and we should be in our new account. Great. And so now we are in with within this new account. So it's not easy to get new accounts set up. And so I guess the next thing is, we'll look at how we can organize this account with the organization. So we're gonna have to log in and go back into the root account of our master account. Okay. So that's what I'm just doing here. Okay. So I believe I called it fresh. And we will just supply that a password. Okay, and so what we'll do here is we'll make our way over to organizations. And we see we have our account there. And so what we want to do is we want to add our account to an organizational unit. And so I'm just going to see how we can do that if I remember how. So I'm just going to check boxes here. And I believe over here, if we right click here, this account is currently in the route to move this, choose the move account option. Okay, so I guess that's what we need to do here. So we'll just click on move. And we'll just choose that to be in the developers route. And so now, this account is under the developers organizational unit. Okay. So if we click in there, we can see that account. So the reason you'd want to move things into organizational units is so you can attach policies, okay. And service control policies. And that's what they are, helps you limit access to certain resources. So if we only wanted that account to only be allowed to use EC two, that's what we can do. So we'd say only EC two, here as the policy name. And then we'll just filter out what it is that we want to allow. So we'll say EC two, and then we have to choose actions. So we'll say all Okay, and then we can move on to resources, I suppose, specify the resource type EC to will say, all resources here, and then we'll hit add, and then we'll move on to the conditions. And so we don't need to change any of this here. I'm pretty sure I'm happy with that. And we're going to say allow, so we're just going to allow access to all the VC to Okay, so that way, everything else will be implicitly denied. So the only thing we'll have access to is easy to and hopefully, the statement is valid. And we'll just go hit Create policy. And now that we have our policy created here, which gives us only easy to access, we now you can apply it to that organization, you have to do everything from the root. So you'd have to enable service control policies so that you're allowed to use them. Okay. And so now that is enabled, and I believe, if we go into developers, we should be able to set that policy. So I'll go here, and I'm going to just choose attach. Okay, and I'm not sure if I can detach it, but let's give it a go. Okay, and so now this one should only have access to EC two, and, but the root will still have access to everything. Okay. So there we go. So now that we have an idea how we can apply permissions to accounts, let's actually go back to the other account and just go ahead and just shut it down or terminate it because we're not going to be using This other account for anything, we don't want to leave this other account laying around. Okay, so what we'll do is we will just log out here, and I'm just going to log back into this other account. Okay, so I'm just proceeding to log into that other account there. And I just got to type the password in here. Okay, great. So we're back into our member account there. And we did say we were only allowed to launch EC two. So actually, let's go ahead and try to just create something else just to see if our service control policies working and right away, so you're not authorized to perform lambda. So our policy is working as expected, okay. And I didn't mention this before, but every time you create an account, they all have their own root account. Okay, so right now we are logged in as the root account into this member account. And let's say you wanted to get rid of this account, you can actually suspend this account. So let's go ahead and do that now. So I believe to suspend accounts, we have to go to up up here, and we have to go to my account. Alright, so but there's only one problem here is the fact that we don't actually have the ability to close our own account, because we don't have the permission. So we're going to have to go back into our master account and give us better permissions there. So we can actually go ahead and get rid of this account. So I'm just going to log out here, we're gonna go back into our master account there. And we will make our way back to organizations here. And so you might think that you could just remove the account here, but the problem with that is that it would just leave the organization. And in order to leave the organization, you'd have to attach a new credit card, and account wouldn't be would actually wouldn't be deleted or suspended, you actually can't delete accounts in AWS, you can just suspend them, which makes sure that no resources are being billed for within those accounts anymore. And that's what we want to accomplish here. So we're going to go back to our organization accounts here, right click on developers, and we're going to go to service policies, and I'm going to attach the full access and then detach on the EC two, and we're going to log out and go back into that member account. Alright, so here we are going back into that member account. And we'll just do was at Andrew plus exam Pro Plus developers. Oh, no, it's fresh, okay, fresh plus developers at exam pro.co. Maybe it's just developer. There we go. We'll enter that password in. Okay, great. And so now we should be able to get rid of our account here. So I'm going to go up and go to my account. Okay. And so we do have some sensitive information here, which I have blocked out. But within here, we are going to go ahead and close our account. So we'll just do that. So what I did here is I just scrolled all the way to the bottom, and you can see that we can close your account. And we have a big long disclaimer about it. But again, the advantage here of closing our account, which just suspends it is that it's going to ensure that we're not being billed for anything else within our account. Okay, and I'm just going to go ahead here and say I understand for the three things here and go ahead and close my account. And so this account has now been closed, and I can just proceed to logging out here. So just scroll up and just log out and we'll go back into our master account. Alright, and so now we'll just go ahead and log back into our master account and go just check on the status of that organization. And we will just make our way back to organizations here. And you can see now this is suspended. So this account is no longer active. Okay. And so that's all there is to it. Okay, so yeah, that's eight us organizations. And yeah, there is some, some visibility there on organizations within the IM console, there's not a lot there to do, you can just see the structure and look at service control policies. But just be aware that each of us is developing that in Iam. Yeah, there you go. Hey, this is Andrew Brown from exam Pro. And we are going to learn a bit about 80 of us networking here. So I have this nice big architectural diagram. And we're gonna work our way through it. Okay. So the first thing you'll want to do when you want to launch resources, you're going to have to choose a region to launch them in. And so a region is a geographical location of your network. So that could be US East one, which is north Virginia, or maybe you would choose Canada Central, which is based in Montreal. Once you've decided what region you want to launch resources in, you're going to need a VPC. And a VPC stands for virtual private cloud. It is a logical isolated section of the cloud, where you can launch at best resources. So it's just a slice of the ADA based network. Just for you. Okay, and then once you have your VPC, you're going to want to subdivide it up into subnets. And so subnets are logical partition of IP network into multiple smaller network segments. Okay, so you could have public and private subnets. The difference between a public and a private subnet a public one is generally accessible to the internet, whereas a private subnet is where it is not. Okay. So when you have things that need to be super secure, are you going to put those in a private subnet? All right. And so subnets are defined within an availability zone. And an availability zone is just a data center for your where you're going to launch your AWS resources. And those azs are contained or are specific to specific regions. Okay. So now we have a region we have a VPC, we have our subnets. And so we can go ahead and start launching resources into our subnets here. So we could launch an EC two instance, or an RDS instance. But how are how is that EC two instance going to reach the internet. So in order to do so we're going to need a gateway to the internet. And that's where internet gateway comes into play. So it enables access to the internet, you can think of it up as a door to the internet, from your VPC, outward, okay. But just having internet gateway is not enough, because the subnet has to know how to reach that internet gateway to reach the internet. And that's where route tables come in. So route tables determine where network traffic from your subnets are, are directed. So you'd create a a route in your route table to say, hey, row table, go here and go out to the internet. Alright, now that we have a way to the Internet, and we can launch resources into our subnets, what about security, and that's where security groups and knackles are going to come in. So security groups is acts as a firewall at the instance level. So here, you can see that we have an EC two instance in RDS, and they span subnets. And we have a border drawn around it to say that the security group is protecting those two instances. So that's how that works. And you have knackles and knackles is another form of security, but it's at the subnet level. So it sits in front of subnets. And controls access in and out of those. Okay, so I mean, those are the most important components of AWS networking, there's definitely a lot more. So that's all we need to know for now. Okay. Hey, this is Andrew Brown from exam Pro, and we are looking at database services. And so you can see we have a variety of different services, for databases on AWS. And for the actual exam, you probably just need to know Dynamo dB, RDS, Aurora, and redshift. But when you're taking the exam, they might throw in these other ones to just throw you off. And so by knowing all of them through process of elimination, you can determine what the correct answer is. Okay. So I think it's going to be good for us to learn them all. And so just starting at the top here with Dynamo dB, which is a no SQL key value database. And so I always like to say that it's Cassandra, like or Cassandra based, because I think at one point it was, or at least is very similar to it. And so this is a very flattened simple database, which can scale to millions of records. And we'll give you a guarantee of reads and writes per second. Okay. So if you needed to say 200 reads per second, you just enter that in and you'd get a guarantee of it. All right, moving on to document dB, which is a no SQL document database that is MongoDB compatible. So if you need MongoDB, you're going to be using document dB. Then we have RDS, which stands for the relational database service, okay. And it's probably the most popular database on AWS, and the most commonly used and it supports multiple engines. So you can use MySQL, Postgres, Maria, db, Oracle, or Microsoft SQL Server, alright. And it happens to have one other engine called Aurora. And so Aurora is really its own thing. And it is a fully managed relational database, okay. And within it, you can choose to either run MySQL or Postgres. And so because it's fully managed, it has a greater performance over the regular MySQL Postgres RDS, and you're gonna see my school, it has a better performance of up to five times, whereas Postgres has up to three times. Now, Aurora, again, is highly available and durable. And so when it when you spin up, an aurora cluster is going to be running six copies of your database across three availability zones. Okay, so with that, it definitely is more expensive than using RDS. But if you are an enterprise or you need that guarantee of availability and durability, you're definitely going to want to use a worra. Now moving on to Aurora serverless. It's pretty much the same thing as Aurora. With less features, but the huge advantage here is that it's, it's way more inexpensive. So this is kind of like a relational database where it's on a need B basis. Okay? So the idea is that you're only paying for when you're using it just like kind of like a lambda, okay? And it's really good for development workloads or web apps that are not frequently used. Or if you're using a serverless architecture, okay, so it makes it really easy to connect lambdas to Aurora serverless. Now, moving on to Neptune. It is a managed graph database. That's all you need to know. them. We're onto a redshift. So redshift is a columnar store database. Okay, so instead of reading via rows, it reads via columns. And so it's really, really good. Working with a huge amount of data, where you need to generate maybe, like reports or analytics, like a business intelligence tool, and it can handle petabytes worth of data. Okay, so there's like 1000 terabytes in one petabyte. So that is x significant amount of data. Moving on to elastic cache, it is a caching solution. So you can either choose to use the open source caching databases here, Redis, or memcached. Okay, so if you need caching, that's going to be your choices here. So there you go. That's all the database services. Hey, this is Andrew Brown from exam Pro. And we are looking at provisioning and so provisioning is just an easy way to set up a bunch of AWS resources for you or your servers in an automated way. And this could be done via code, or it could be done via a graphical user interface. Okay. And so AWS has a variety of different services that can help us with provisioning. So let's just learn the difference between all these services starting with Elastic Beanstalk. So Elastic Beanstalk is really good at deploying web applications, where you don't have to think about the underlying infrastructure at all. So what you're going to do is you're just going to prepare your code, you're going to upload it to Elastic Beanstalk choose the container you want to use with the language of choice. And it will more or less work with very little to no configuration. So if you're using Ruby on Rails, you just choose the Ruby container, upload your code, it would work. And you know, if you wanted to use Django, then you just use the Python container, etc, etc. Okay, I like to think of Elastic Beanstalk as the Heroku for AWS, if you've ever used Heroku, it's just a service where you not part of AWS, but you just upload your code, and it just works. Okay, moving on to opsworks. opsworks is a configuration management service. And it's going to help you the management help you with the configuration of your instances, using either Chef or Puppet. So those are just two different tools, developer tools that you can use to manually or sorry, programmatically set up a server. So for, for chef, you're actually using Ruby, that's what it's written in. And so you would define these things called recipes. And those recipes would go out and set up things on your actual easy to server. So if you had to install dependencies, or pull the code or do a bunch of other stuff, that's what those tools are going to do. And officeworks also has a concept called layers. So you can define your infrastructure as like three tier or two tier layers. And so you could have like an application layer, a database layer and networking layer. And it just makes things very clear. Okay. Moving on to cloud formation, cloud formation is infrastructure as code. And so the idea here is that you are creating a JSON or yamo file, and what you're going to do is you're going to define all of your AWS resources that you want to provision and how exactly how you want to configure them, you're going to upload that template and then it's going to set everything up for you in one go. Okay, so cloudformation is an extremely powerful provisioning tool. And so compared to opsworks opsworks, has some limitations as to what it can do. So it can set up some things for you, but cloudformation can do anything pretty much in AWS. Okay, so it is the most complex option, but it is also the most flexible option in our provisioning tool set here. Moving on to Eva's quickstarts. These are just pre made packages, which actually are just cloudformation templates. And they are created by AWS or with AWS third party providers through the APN network, okay, and so, they are going to have these pre packaged templates for a variety of different things. And we do cover quick sidebar. quickstart in more detail here in this course. But the idea is like, let's say you wanted to get started with ml, you'd go to the ML category, and there would be a bunch of premade configured cloudformation templates and you just launched one. Okay, so you'd have to take a look to see what there is there. But it is a provisioning tool. Moving on to 80 of us marketplace, this is a digital catalog of 1000s of software listings from independent software vendors, where you can find by test and deploy software. Okay, and so, generally, you're gonna be using the marketplace to buy managed EC two instances. So let's say you needed to set up a WordPress, you could go into the Ava's marketplace and find an ami, for wit, WordPress, so one that is very popular is by bitnami. And so the advantage here is that it's just pre configured for you. And maybe it has additional security hardening. And so you would pay a monthly subscription to use that. Okay, so those are all of our provisioning options on AWS. Hey, this is Andrew Brown from exam Pro. And we are looking at computing services on AWS, starting with geesey, which stands for elastic Compute Cloud. And you can see that I've made a division there. And that's just to emphasize how important EC two is. And the fact that basically, every service under the hood is using EC two. So no matter what you're using, whether it's a lambda RDS, or redshift, they're all running on EC two instances, they're just what might be abstracted away from you, because eight of us is managing those EC two instances. Okay. And so what is EC two? Well, it's a highly configurable server, where you get to choose your CPU, memory network and operating system. Okay, so now moving on to the other computing services, we have ECS, which stands for elastic container service. And this is basically Docker as a service. So if you need to run micro services, or a, a dockerized, application, you're going to be launching it on ECS. So with ECS, what you would do is you would just choose the type of easy to instance you you want. And that easy to instance will come pre configured with Docker running on it. And then it has a really nice interface, so that you would just define your containers within something called a task or a service, and then you would just run them on ECS. Okay, next on this list, you have fargate. And this is also for micro services. And this is kind of like the evolution of ECS. So, with ECS, you choose what easy to instance, you, you need to use fargate, you don't choose easy to instance, you just would define your, your containers within a task or service. And you would just tell them to run and AWS would just have it run, okay. And so the difference here is that you aren't paying for the EC two instance, you're just paying for the runtime and the CPU utilized. Okay, so it's kind of like lambdas, where you're just paying for the time performed and the resources used. Okay, moving on to Eks, which is Kubernetes as a service. And so if you've never heard of Kubernetes, it's becoming the de facto standard for micro services within the industry. And so since it's so important, AWS has decided that it needs to have a service to run Kubernetes and it's called Eks. Okay, so it gives you all the benefits of ECS. That allows you to run the open source Kubernetes. Okay. And again, this is just for micro services, moving on to lambda lambda, lets you run serverless functions. So the idea here is that it you just upload your code in the form of function, and it just runs, you don't have to think about the servers, there's nothing to provision everything is taken care of for you. And you are just paying for the compute time based on how long it runs. Okay, so that's all there is with lambda. Okay, moving on to Elastic Beanstalk. And so Matt blastic, beanstalk is going to orchestrate a various amounts of Eva services for you. So the idea is it will set up up to s3, SNS, cloudwatch RDS, load balancers, whatever you need to run your web application. And the idea behind Elastic Beanstalk, it allows you to set up developer environments, that's what it's intended for. It's not really for production use. So the idea is like, let's say you're a developer, and you have a web app. And it's running on Ruby on Rails, or Django, or love rail, and you just want to get it running. But you don't want to have to think about all the services you have to set up. You just upload your code to Elastic Beanstalk, it would do the rest for you. So that's all there is there to that service. And it really just is using EC two again, so it's just going to set up EC two instances for you, but you just don't have to worry about it. Moving on to AWS batch. So Avis batch, as the name implies for batch processing, so you can plan schedule and execute your batch computing workloads across the full range of Eva's compute services and features. And so what it's doing is it's just launching EC two instances for you using spot pricing so that you can save a lot of money. So there you go, that is all the computing services, you need to know. Hey, this is Angie brown and exam Pro. And on AWS, we have a variety of different storage services that are available to us. So let's quickly go through them. So the first one on our list here is s3, which stands for simple storage service. And it's an object store, I like to think of it as a hard drive in the cloud, where I don't have to think about the actual hard drive, I can just upload files, and I don't have to worry about running out of space, because there's unlimited space. So it really is a no brainer, okay. And then you have s3 Glacier. And so it's like s3, but it's extremely inexpensive. But the trade off here is that you have to be okay with waiting for several minutes up to hours to access those files. And when you do access those files, there is a retrieval cost. So it is a really good use case for large enterprises who have lots of sensitive data. But they have to hold on to it for seven to 10 years, but they're very unlikely to actually ever look at that data. Okay, so that's where s3 Glacier comes in. Then you have storage gateway. And so I like to think of storage gateway as an extension of your on premise storage into the cloud. You could also use storage gateway as a backup solution. So for your local storage, you would just back it up onto s3 there. Okay. And so basically, storage gateway is a hybrid solution for on prem to cloud for storage. And then you have EBS, which stands for elastic block store. And this is essentially a virtual hard drive in the cloud that you can attach to EC two instances, and you get to choose what kind of hard drive you want it to be. Okay, so if you want it to be a solid state drive, which are optimized for higher I ops and better throughput, or you could use an H HD, which is going to be more inexpensive solution, okay. And then you have Fs, which stands for elastic file store, and it is a file storage solution. So it's like having a file system that you're able to mount to multiple EC two instances at the same time. Whereas with elastic block store, you're only able to attach that to one EC two. So that is a huge advantage there. Okay. All right. And so now we're looking at snowball, and it is a way of moving a lot of data around very quickly from your on premise network into AWS, or vice versa. So let's say you have terabytes worth of data, uploading that directly to this would be extremely slow and painful. So what it goes will do is you order a snowball, they'll send it to you, it's basically a computer in the form of a suitcase with a lot of hard drives in it. And what you're going to do is you're going to quickly load your data onto that snowball, and then it's going to be delivered to AWS directly into s3, okay. And then we have snowball edge, which happens just to be like a snowball with additional features, and more storage so that it actually can also process data as it's being inserted into the snowball. Okay, and then on last on our list here is snowmobile, which is super cool. And it allows you to move petabytes worth of data. So it's actually just a giant cargo container or shipping container on a semi trailer truck. Okay, so it's basically like a data center on wheels. So AWS will drive it to your on premise, location, and you're going to basically just hook up to that, and you're going to move all of your data onto there, and then it's going to be driven back to AWS and then loaded into s3. So there you go, that is the storage services on AWS. Hey, this is Andrew Brown from exam Pro, and we are looking at business centric services. So starting at the top of our list here, we have Amazon Connect, which is a cloud based call center service, you can set up in just a few clicks, and based on the same proven system used by amazon customer service teams, okay. So what you can do with Amazon Connect is you can accept inbound, inbound calls and dial outbound, you can record your calls and then store them into s3. So maybe you could then run them for analysis maybe through Amazon comprehend or something like that. And you can also set up workflows within Amazon Connect. So if you want to route a call based on a set of rules, you can definitely do that there. Next on our list here is workspaces, which just boils down to being a virtual Remote Desktop. So secure managed services for provisioning either Windows or Linux desktops in just a few minutes, which quickly scales up to 1000s of desktops. So you just would have bring your own license and you'd be able to spin up a Windows 10 server that you can now log in from the convenience of your AWS account. Okay, then we have worked docs, which is a content creation collaboration service, easily create, edit and share content, save centrally AWS. So this is a this is version of SharePoint, then you have chimes. So this is a service platform for online meetings, video conferencing and business call business calling which elastically scales to meet your capacity needs. So chime here is like, it's like having slack and also Skype. Okay. Now we're on to work mail. And this is just managed business, emails, Contacts and Calendar service, which supports for existing desktop and mobile email client applications. So this is just Gmail for but like on AWS, then you have pinpoint. So this is for marketing campaign management systems, you can use for sending targeted emails, SMS push notifications, and voice messages. So we actually use pinpoint here at exam pro to send out our campaign emails. So here, you can import a bunch of contacts, create campaigns, and do like a B testing on your your emails. Okay, so that's a useful tool there. Then you have FCS simple email service. And this is a cloud based email sending service doesn't a for marketers, and application developers who send marketing notification in emails. So we just had mentioned pinpoint, which is for marketing campaign management system. And this can send emails but FCS is more for like when you are building your web application, and you want to send out emails from that application. So let's say you had someone who registered on your platform, and you want to send them a confirmation email, you send them out through FCS and FCS supports, HTML emails. So there's another service called SNS, which also can send emails, but that can only send plain text. So that's why ICS is more designed for marketers because it has that HTML component. And last on our list is quick sight. And this is a business intelligence service. And so the idea here is you can connect multiple data sources and quickly visualize data in the form of graphs, little to no programming knowledge, okay, so you can connect a data from s3, you're probably Aurora and RDS. And you just click it. And then with a bunch of other clicks, you now have these beautiful graphs, okay. And I believe that there's also like an ml component and quick site. So there's a lot of cool things you can do there. And you can also share those visualizations in the form of dashboards to other people. Okay. So there you go. Those are the business centric services. Hey, this is Andrew Brown from exam Pro, and we are looking at enterprise integration. This is all about going hybrid, bringing your on prem and your cannabis network together. Okay. So the first service we're gonna look at here is direct connect. And this is a dedicated a gigabit network connection from your on premise to AWS. So imagine having a direct fiber optic cable running straight to AWS. So it's a really good way of having low latency and a dedicated connection. Okay. The next thing is VPN. So the idea here is that you can establish a secure connection to your network. And we have two ways of doing this. We have site to site VPN and client VPN. So site to site is when you are connecting on prem to your network, and you have client VPN. So imagine you have someone that works for you. Maybe they are maybe they work from home and they have a laptop and you just want to connect them to your network. Okay, then you have storage gateway. So this is a hybrid storage service that enables your on prem applications to use Eva's Cloud Storage. I always think of it as extending your hard your on prem hard drives onto AWS. So this can be also used for backing up and archiving, disaster recovery, cloud data processing, storage tiering and migration. Okay, and then down below, we have Active Directory. So we have a directory service for Microsoft Active Directory, also known as Eva's managed Microsoft ad. And this enables your directory where workloads and Amos resources to use manage Active Directory in the cloud. Alright, so I know that last one was pretty boring. But if you are using Active Directory, there are definitely ways to integrate that on AWS. Hey, this is Daniel brown from exam Pro. And we are looking at two logging services. Here we have cloud trail and cloud watch, starting with cloud trail, it logs all API calls, generally via the SDK or AWS COI between Ada services. So this is a really good service to determine who we should blame for something. So if you wanted to say who created this bucket, who spun up that expensive easy to instance, who launched the sage maker notebook, that's where cloud trail is going to come into play. And so some of the other use cases here is that we can use it to detect developer misconfiguration, which we just talked about, but we could also use it to detect malicious actors. So someone got into our account, cloud trail is going to maybe give us an idea What is going on? And then we could also automate responses. So maybe every time someone created a bucket, you wanted to trigger something. And so that is something that we could do maybe with cloudwatch events using cloud trail. Okay. So now on to cloud watch. So Cloud watch is a collection of multiple services. But generally, when people say cloudwatch, we're talking about cloud watch logs. And all the other cloud watch services are really based off of logs. Okay? So Cloud watch logs is just a durable storage solution for your logs. And so logs could be performance data about your database services, such as CPU utilization, memory, or network in, you could also store your application logs here. So if you are running Ruby on Rails, you could send the logs there or nginx. Just as that as well. Or let's say you're using lambda lambda, you would, you can put within your functions, a lot of console log calls. And so that would then pass that on to cloud watch. And that is just in itself, application logs for lambdas. Okay, and so moving on to the other cloud watch services, we have metrics, and they represent a time ordered set of data points. And so you want to think of cloudwatch metrics as a variable to monitor. And if that's still confusing, just think of it as like taking data from Cloud watch logs and turning it into a graph, okay, then you have a cloud watch events. And this allows you to trigger an event based on a condition so when, when you have logged data, or you can trigger based off of a metric, or other other kinds of rules. But like, the most common thing you might use cloudwatch events for is, let's say, every hour, you want to take a snapshot of your elastic block store, like the volume that is attached to your server, you can do that with cloudwatch events, then you have cloud watch alarms, and these trigger notifications based on a metric. And so you would specify a threshold and when that threshold is breached, that alarm gets triggered, and then it would send you an email or a text message however you specify, okay, then you have cloud watch dashboards. And this just creates visualizations based off of metrics. So when I said earlier that metrics, you can think of them as graphs, that's exactly what they are. And so you could take those graphs, and then put them onto a dashboard. So you could represent a lot of data at a glance. So there you go, those are the two logging services in AWS. Hey, this is Andrew Brown from exam Pro, and we're looking at know your initialisms. And so there's a lot of ad bus services and some other things that are represented by these short form of initials. And the reason why it's good to know these is that on the exam, if they were to just give you the full name of the service, it might give away the answers. So they might use the initialized version. Okay, so if you had a question about sending emails, and one of the options was sex, and you knew that he sued for email, that's a dead giveaway of what the correct answer is, it's also just going to help you comprehend things a lot faster, if every time you see auto scaling groups, you just think as G because in your mind, you're going to read that a lot quicker. Okay. So we do have a lot of initialisms here, and four services. But there's also some things such as Tam, which is actually a type of person that gets assigned your account. Or we have IoT, which is just a more generic tech technology term, which stands for Internet of Things. Okay, so there just are a lot of things on here. And these are the most common ones that I could think of. And so I figured, you know, you should study up on these and just make sure you are familiar with them, okay. Hey, this is Andrew Brown from exam Pro. And we're looking at the shared responsibility model. And this is going to deal with security of an in the cloud. So when we're talking about customers, they are responsible for security in the cloud. So what does that mean? Well, whatever data you put on AWS, you are responsible for it. So if you do not secure it, that is your fault. Or if you do not turn on monitoring services to monitor sensitive data, that's going to be your fault as well. Or there's a variety of different Ada services that you can use, and it's up to you to configure them. So if there is a misconfiguration, that fault is going to be with you. Okay, so those are your responsibilities. Then we have AWS and so AWS is has is responsible for the security of the cloud. So the hardware, the operations of managed services, and the global infrastructure, okay, so all the things that you can't touch is what AWS is responsible for. And so this is actually just a pared down version of the shared responsibility model. The full one actually looks like this. Okay, and so you can just see that there's a lot more information here. So for the customer, we got customer data platforms application on As the network the fire configuration, client side dating encryption, server side encryption network traffic protection, and on AWS we have software and hardware rights over the software, you have your compute your storage, your database, your networking, if your hardware you have an Davis global infrastructure, you have the regions and the edge locations. Okay, so I mean, this is the full list, but really, you just need to remember, again, for the customer, it's dating configuration for AWS, its global infrastructure and hardware. Okay. Hey, this is Angie brown from exam Pro, and we are looking at ETS compliance program. So what is a compliance program? It's a set of internal policies and procedures of a company to comply with laws, rules and regulations or to uphold business reputation, okay. And so we have a bunch of these cool looking badges. And the idea here is that if you need to conform to one of these compliance programs, eatables has a big list of them. So it makes it easier for you to adopt cloud computing. To that I want to point out is HIPAA and PCI. So so for HIPAA that is the Health Insurance Portability and Accountability Act of the United States, and is a legislative legislation that provides data privacy and security provisions for safeguarding medical information. So if your hospital you're going to want to be HIPAA compliant, okay? And then you have PCI DSS and so this is the Payment Card Industry data security standard. So when you want to sell things online, and you need to handle credit card information, you're going to want to be PCI compliant, okay? And there's a variety of compliance programs, this is not the full list, but just to give you a taste of what that is, okay? Alright, so I just hopped over here to the AWS website, because I just wanted to show you the full range of compliance programs that AWS has, and if you had to find out if they had some kind of compliance program, how to investigate that. So here I am, you can see we have a bunch of different logos more than what I was showing you prior there. And you can see that there are offerings in multiple countries. So if we just scroll down here, you can see there's a lot for the US. We even have some here for Canada, okay, which is where I am, Asia, Pacific Europe. Okay, so there is a variety of things there. All right. Now, if you wanted to find a little bit more about any of these certifications, if you just click into them, they'll tell you what it's for. And a lot of additional information, okay. So there is a considerable amount of information here. So when you do need to explore a bit more about compliance programs, definitely check this out. Now actually getting access to the reports for how AWS meets those compliances is another story. And so that's what we're going to look at next, which is at this artifact, okay? Hey, this is Andrew Brown from exam Pro, and we are looking at a database artifact. And the purpose of this service is to really help us determine whether a database is meeting a compliance program, because just because they have the logo on their website, doesn't necessarily mean that they are compliant, you need to prove that via a very long checklist and explain how you are meeting those, all those rules within a compliance program. So if you wanted to get access to that, you actually have to go into a bit of a roundabout way. And so 80 of us has made a service in order to generate out the report that shows that they're compliant. So what you do is you would go into at this artifact, you would choose the package, or artifact you're looking to get, it's going to generate out a PDF, and then within that PDF, you have to click a link, which will then get you the actual files that you that you are seeking. Okay, so that's what Eva's artifact is, and I'm going to show you how to generate an artifact and get to those files. Alright, so in this follow along here, I'm going to show you how to use AWS artifacts so that you can get access to a compliance report. So what I want you to do is go to the top here to services, and we will type in artifact, like remember how to spell it here. We just type in art. There we go. And so now in artifact, we're going to get a huge list of all the possible compliance programs that AWS has. And so what we'll do is we'll just look for one so since I'm in Canada, let's look for the Canada GC partner package. And what you'll do is you'll hit get this artifact, okay, and you'll be presented with a bunch of information. And what we'll do is you should probably read it and then once you've read it, check that box there and say accept and download and what that what's that that is going to do is it's going to download this PDF document. So in order for you to access to files within this PDF, you're going to have to make sure you have Adobe Acrobat Reader installed, because it will not work with any other reader. If you're on a Mac like I'm on right now, if you open it up in preview, it's not going to allow you to download those files. But I'm going to open up Adobe Acrobat, and we're going to give this a go. Alright, so I have this document opened up here in Adobe Acrobat Reader. And it even tells you right off the bat, open the artifact using Adobe Acrobat Reader. Other PDF readers are not supported. Okay. So now that we have this open, what we have to do is follow the instructions. So this is click the paperclip paperclip icon in the top left corner, so which is up here, okay, and then what it's going to tell you is a double click the file you'd like to open. So there could be a variety of different files in here. It could be PDFs, or csds, or excels. But we'll just go ahead and just double click this one here. And so now we actually have access to even more content. So now we have an XLS. So here, I guess it's just kind of a summary of what's going on. And then, within this XLS file is the file that we're actually trying to get to. So we're gonna go ahead and open this file. Okay. And here's that file open there. And so, you know, this is what we're looking for, you can see it's a very long file. Okay, so the, these documents are gonna vary based on each compliance program, because they're all different. But this is that one. And this is the file that you are trying to get to that proves that AWS is meeting this compliance program. So there you go. Hey, this is Andrew Brown from exam Pro. And we are looking at Amazon inspector. And the question we are asking here is how do we prove an EC two instance is harden? And so to really understand that question, we need to know what a hardening is. And so hardening is the act of eliminating as many security risks as possible. Okay. And so that is what Eva's inspector is helping you do. So Avis inspector runs a security benchmark against specific EC two instances. So you choose which ones you want. And you can run a variety of security benchmarks. Okay. And so it can run both a network and host assessment. So for network, it's checking to see if you're, if any ports are open, and if they're reachable to the internet. And then the host is actually checking the actual OS, and any of the applications there, based on the benchmark or security best practices that you choose, okay. So the way inspector works is that it's going to install the agent on your EC two instance, which just does this, I believe through a run command, then it's going to run an assessment for your assessment target. And then it's going to, then you get to review your findings and remediate those security issues. Okay. And so one very popular security benchmark is the CIS, which stands for center of internet security. And they have over 699 checks. And that's what we are going to be using through our follow along. So let's get to that. Hey, this danger brown from exam Pro. And we are looking at AWS whap, which stands for web application firewall, and it's going to protect us, or specifically our web application from common web exploits. Okay, so the idea here is you're going to write your own rules that are either going to allow or deny traffic based on the contents of an HTTP request. And if you didn't want to create your own rules, and you wanted to just use one from a trusted Eva security partner, you could purchase one very cheaply in the at best laugh rules marketplace. And so they call it a rule set, because it's a bunch of rules included. And generally, those rule sets will protect you against the a wasp top 10, which are the most dangerous attacks for web applications. And so whether it's SQL injection, or cross site scripting, or a host of other ones, again, those rule sets are easy to purchase and protect you against everything. Now, in order to use laugh, it has to be attached either in front of CloudFront, or an application load balancer. And so there you go, that is all you need to know for a nervous laugh. Hey, this is Andrew Brown from exam Pro. And we are looking at AWS shield, which is a managed DDoS protection service that safeguards applications running on AWS. So just to understand what the offering for the services, we need to know what a DDoS attack is, which stands for distributed denial of service and this is a malicious attempt to disrupt normal traffic by flooding a website with a large amount of fake traffic, okay. And so, in order to use a shield, it's actually already turned on for you, and it's given to all eight of us customers. at no additional charge at least the shield standard is and So, in order to take advantage of shield, you just have to make sure that you are routing your traffic through rough d3 or through cloud front. Okay? Now I said that there is a paid tier and that is shield advanced. Okay, so for shield a standard, this is going to protect you against the most common DDoS attacks, and it's already turned on automatically for you. And it's available for a lot of different database services. And then you have shield advanced, which cost $3,000 per year and you have to pay that upfront, I believe are these you have to make the commitment to pay that. And this is going to protect you against additional types of attacks, larger attacks, more sophisticated attacks, okay, and it's also going to give you visibility into those attacks, I believe you get like a dashboard. And you also get 24 seven access to some DDoS experts. For those complex cases, I myself have experienced DDoS and have paid for such a services shield advanced, so I can definitely understand the value there. And it's only available for a limited amount of services. So it'd be for roughly three CloudFront lb their global accelerator and putting things in front of or on to tip there. Okay, so that's all there is there. And I probably will just go to the website and just pull up the big comparison so we can take a quick look through it. Alright, so I've hopped over here to the AWS website to give you a comparison between shield standard and shield advance. And so as we saw earlier, shield standard is turned on for all AWS services, where shield advanced, it's going to have the same coverages of standard but have additional functionality for these specific AWS services. Okay, so if we just scroll down here, you see we have a nice large comparison, the most important thing to note is that shield advance is for mitigating large, DDoS attacks. So if someone is specifically targeting you, and sending a lot of traffic your way, you're going to want to pay for shield advance. Okay? Another thing about shield advanced is that we get that visibility reporting, so we're gonna get a lot more information as to the nature of these attacks, we're going to have response team and support. So we're going to be able to talk to people to work through that problem. And then we're also going to get DDoS cost protection, okay, so this is going to make sure because we're getting a lot of traffic's going to be hitting the servers that roughly three CloudFront EOB. And if you have a lot of traffic that would cause you to spend a lot of money. So AWS gives you these guarantees that you're not going to be going overboard and cloths. Okay, so yeah, that's the stuff I wanted to highlight there for advanced. Yeah, there we go. Hey, this is Andrew Brown from exam Pro. And we are looking at the concept of penetration testing. And so it's pen testing for short. So what is pen testing? It's an authorized simulated cyber attack on a computer system performed to evaluate the security of the system. So the question here is, can you perform pen tests on AWS? And the answer is yes, there are some limitations around it. And there are some prohibited activities. But you can definitely do pen testing on AWS, AWS. So there are eight services you are permitted to do pen testing on. So you have you see two instances, Nat gateways and lbs, you have RDS, you have CloudFront, you have Aurora, you have API gateway, you have Eva's lambda and lambda edge, you have lightsail resources, which are just using a variety of other services underneath such as EC two, and then you have Elastic Beanstalk. So those are the eight permitted services. And then you have prohibited activities. So you definitely cannot perform DDoS attacks, you can't do port flooding, you can't do protocol flooding, you can't do request flooding, anything of the flooding nature, okay, and you cannot do DNS zone walking. So there's that now if there's something else that you wanted to do, I need us to run a simulated cyber attack or test, you can submit a request to AWS and they will reply up to seven days to say whether you are allowed to do so or not a year or so ago pentesting wasn't allowed at all on AWS. So they have definitely opened this up. So you can do a lot more stuff here. And just be aware that yes, you can do pen testing on AWS. Hey, this is Andrew Brown from exam Pro, and we are looking at Amazon guard duty and so the question I want to pose to you is how do we detect if someone is attempting to gain access to our AWS account or resources, and that's where Amazon guard duty is going to come into play. So guard duty is a threat detection service that continuously monitors for malicious suspicious activity and unauthorized behavior. It uses machine learning to analyze the following 80 plus logs so you have cloud trail logs, your VPC flow logs and your DNS logs. Okay, and it will alert you of findings which you can automate an incident response via cloud watch events or with a third party services. And just to add a bit of additional information, if you've ever heard of an IDS or an IPS, those stands for intrusion detection systems and intrusion protection system. And that is a device or software application that monitors and network or systems for malicious activity or policy violations. So that's what Amazon guard duty is. It's an IDS IPS for AWS. Okay. Alright, so I just wanted to quickly show you what findings look like in guard duty. So I have guardi turned on, and I have a few EC two instances that are launched, which are just in public v PCs with with very exposed security groups. And you can see right away that people are already trying to SSH brute force into my instances, because if you do have instances that are public facing with SSH, where you do not restrict the IP to only your IP, you're very likely to see a brute force attacks. But you can see here it describes what, what the finding is, and a bunch of additional information about this attack here. So yeah, there you go. That's just a guard up there. Okay, this is Andrew Brown from exam Pro. And we are looking at key management service, also known as kms. And it is a managed service that makes it easy for you to create and control encryption keys used to encrypt your data. And there's three things I want you to know about kms. And that is it's a multi tenant HSM. HSM stands for hardware security module, and this is a piece of hardware that's at the AWS data center. I mean, there's lots of them. But this piece of hardware is specifically designed for storing keys within memory. So they're never written to disk. And that piece of hardware is extremely secure. It's multi tenant in the sense that there's other customers that are utilizing that same piece of hardware, and you all are virtually isolated from each other via software. Okay. And the other two points I want you to know is that many Eva services integrate with kms to encrypt your data with a simple checkbox. So in this screenshot here, we have RDS where we're enabling encryption, and that is using kms. Okay, so a lot of services have that checkbox, and then you just choose the key from kms. And kms uses envelope encryption. Okay, and so envelope encryption, we have an example down below, on the idea here is you might have a you have a key that encrypts your data, but what is going to protect your data key from from being encrypted. Okay, so that's what we're doing is that we're encrypting the key that we use to encrypt our data with and that's why it's called envelope encryption. Because it's like putting your key within an envelope so people can't see that key. Alright. And yeah, that is kms. Hey, this is Angie brown from exam Pro. And we're looking at Amazon Macy, which is a fully managed service that continuously monitors s3 data access activity for anomalies, and generates detailed alerts when it detects risks of unauthorized access or inadvertently data leaks. So that was a very long sentence. So if you weren't following along, I wasn't either. So just to reiterate, Amazon may see it, the idea is here is that you put data in your s3 bucket. And that data can be it could be sensitive data, such as credit card numbers, or personally identify identifiable information, or it could be health record information. And so what Amazon Macy does, using the power of machine learning, and also analyzing your cloud trail logs, it's going to detect that sense of data and whether that data has a risk of being compromised or exposed. Okay, so if you put a file full of credit cards in plain text, and you upload it to your s3 bucket, Amazon is gonna say, Hey, we found some credit cards, and it's plain text, you should probably I don't know, encrypt this and and archive it and make sure nobody has access to it. Okay. So that's the role of Amazon Macy. Now, Macy has a variety of alerts. And this kind of gives you an idea, the kind of things that can detect so ransomware someone trying to lock you out your data and make you pay for it privilege escalation for someone trying to get access to stuff that they're not supposed to, at the entity enumeration somebody that is trying to enumerate over the list of stuff that you have to figure out what they can steal information loss, if you've lost data, credit credentials loss. So if you have stored credentials there, and they were lost. So there's a bunch of alerts that it can alert you on. The other thing that it can do is it will identify your most at risk users, which could lead to a compromise. Okay, so if you have someone on your team, and you know, they're just having very poor practices and access to sensitive files very often, they're going to rank it based on this. These badges, okay. And it's funny because you think bronze would be the worst user, but Platinum is actually the worst user. So the nicer the badge is the worse this user is. You got to give them that attention. Okay. But anyway, that is what Amazon may see is, Hey, this is Angie brown from exam Pro, and we are looking at security groups versus a knackles. Okay, and so these are both used to act as firewalls within your VPC. But the utility of these are slightly different. Okay, so just knowing the difference here is a good thing to cover, especially when we are in the security section here. So looking at security groups, they act as a firewall at the instance level, whereas knackles act as a firewall at the sub net level. So in that diagram, you can see that all those instances are contained within a security group, and they can span multiple subnets. Whereas the knackles sit in front of the subnets. And they're gonna control access in and out from subnets. Okay. Now, security groups implicitly deny all traffic, and so you have to create allow rules to get access to things. Okay. And so that's both for inbound and outbound. Okay. So the idea is that if you wanted to open up Port 22, so you could SSH into an instance, that's an allow rule you'd create on that security group. Now, with knackles, you can allow an end deny rules, okay. But the real utility here with knackles, is that you can block a specific IP address known for abuse, okay? Because you can have deny rules. And you can say exactly, I want to deny exactly this IP address. So the reason you can't do this with security groups is that because implicitly denies everything in order for you to, to deny a single IP and allow everything else, imagine all the IP addresses in the world, right, you'd have to create allow rules for everything for those IP addresses, and just exclude that one IP address, which is like almost impossible. So for knackles, the best use case here is again, block a specific IP address known for abuse. Okay, so hopefully that helps you understand security groups, versus knackles. And that's all we need to know here. Hey, this is Andrew Brown from exam Pro. And we are looking at a universal VPN, which stands for virtual private network. And what this service does is it lets you establish a secure and private tunnel from your network or device to the AWS global network. And so it comes in two variations, we have site to site VPN and a client VPN. So what is the difference here, so for site to site, this is where you securely connect on premises networks, or a branch office to your AWS VPC. And then for the client VPN, this is where you securely connect users to AWS, or on premise networks. Okay, so the idea here is that you are for site to site, you're connecting an entire office, or network to AWS. And the client is just like, imagine you have some employees, and they have laptops, and they're, or they're working from home, and you want them to connect them to the ADA bus network. That's what you're going to be using. So just know that you can do that. And it is a private tunnel, and it is secure. And that there are these two variations here. Hey, this is Andrew Brown from exam Pro. And we're doing a bit of variation study. And we're going to look at services that have cloud in the name because I want you to know that even though they have similar names, they're completely different services. And I just don't want you to get mixed up with these things. So we're going to learn about all the services that start with cloud starting with cloud formation. cloud formation is infrastructure as code. And it sets up services via templating scripts such as gamle, or Jason, it is used for provisioning lots of resources on AWS. Okay, moving on to cloud trail, this is for logging all API calls between Ada services. So I would say it's about who you can blame, okay, then on to CloudFront. CloudFront, is a content distribution network creates a cached copy of your website and copies that content to servers located near people trying to download your website, okay, it's going to be using edge locations to do that. Then moving on to cloud watch, which is a collection of multiple services, okay. And so starting with cloud watch logs, any custom data or log data, so memory usage, rails logs, or nginx logs, then you have cloudwatch metrics. And these are metrics that are based off of the logs. I like to think of metrics as graphs, because that's how they're represented. So it's like your log data. So like, if you want a memory usage graph over time, that's cloud watch metrics, okay? Then you have cloud watch events. And this is triggers, triggers an event based on a condition. So you could have a condition where every hour it takes a snapshot of the server, and these can be based off of metrics or other log data, okay? Then you have cloud watch alarms, and these trigger notifications based on metrics. Then you have cloud watch dashboard, and this creates visualizations based on metrics. And the last one here on our list is cloud search. It is a search engine, so Let's say you had an e commerce website and you wanted to add a search bar to search across all products on your website. Unlike just or just like amazon.com, that's what you would use, okay? Hey, this is Andrew Brown from exam Pro. And now I just want to cover services that have connect in the name. Alright, and so there are three services with Connect, they are totally all unrelated. But let's learn a little bit about these three so we can distinguish them. Okay, so the first on our list is direct connect. And it is a dedicated fiber optics connection from your data center to AWS. So this is ideal for large enterprises that own their own data center. And they need to have insanely fast connection directly to AWS. If you need to secure these connections, you can also apply a VPN, it was VPN on top of direct connect. Okay, next is Amazon Connect. And this is basically a call center in the cloud. So you get a toll free number, it can accept inbound and outbound calls, and you can automate, automate like a phone system within it. Last on our list here is media Connect, and it is the new version of elastic transcoder. It converts videos to different video types. So if you have 1000 videos, and you need to transcode them into different video formats, then, or if you had to apply like a watermark or insert in an introduction video, this is what you would use, okay. Hey, this is Andrew Brown from exam Pro, I just quickly want to do a comparison between elastic transcoder and media convert the both these services transcode videos. So it's a little bit confusing, but I'll just tell you a bit of the story here. So elastic transcoder is the old way it was the first service that came out that could transcode videos into streaming formats, and you have a video one format, and you want to turn it into another format. And so eight of us came up with another service called Eva's elemental media convert. And it is the new way of transcoding videos. I don't know if they rebuilt it from scratch. But it has the exact same use case except it has additional features that elastic transcoder cannot do. So you can overlay images, you can insert video clips, you can do extracts for caption data, it has a much more robust UI. So at one point, I believe that people were still using elastic transcoder because it just had better integration with the AWS API, but I'm pretty sure media convert has caught up. And anytime you're using elastic transcoder Avi bus is always telling you Hey, go use media convert, okay, but elastic transcoder is still around, because I'm sure they have customers that are pretty much used to it. And these things are priced pretty much the same. Okay, so you're not going to really save money by using elastic transcoder. But there is a comparison for you. Hey, this is Andrew Brown from exam Pro. And I want to just do a quick match up here of SNS versus Sq s, because these are easy services to get mixed up because they both have something to do with messaging. And they both are used for application integration. So they connect apps together. So let's look at SNS first so SNS, which stands for simple notification service it uses using pub sub, which is publisher subscriber messaging model. And so with it, it passes along messages, whereas with simple queue service, it is a messaging service, but it's all about queuing up messages. Okay, and so simple notification service, it's just passing them along, whereas Sq s you can get a guaranteed of delivery, okay. Now going back to SNS, SNS sends notifications to subscribers of topics via multiple protocols. So it can use HTTP email, it can also send it to Sq s, you can also send text messages, and it can send to lambda, as well there which don't have listed, okay, whereas simple queue service, you place messages in the queue and the and you have applications pull the queue using the AWS SDK. All right back on the SNS. So SNS is generally used for sending plain text emails, I really got to emphasize that because it cannot do HTML emails, which is triggered via other AWS services. So the best example is building alarm. So if you've ever had a building alarm and it's been triggered, it's going to send you a plain text email. Okay, so that's the exact use case there. SNS does have the ability to retry sending in the case for HTTPS. So that's when you are sending web hooks, okay. So that there is some kind of retry functionality there. Now moving over to SQL, so SQL can retain a message for up to 14 days. They can send them in sequential order or in parallel, they can ensure only one message is sent, they can ensure messages are delivered at least once. Okay, and so there's the comparison there and just the last part here, so SNS is really good for web hooks. Simple internal emails are triggering lambda functions, and we have Sq S is really good for delay tasks, and queuing up emails. All right, if you needed a comparison of other similar services for SNS, if you've ever heard of pusher or pub nub, that is basically what SNS is. And for Sq s, if you've ever heard of rabid mq or sidekicks, that's what Sq S is, there you go, Hey, this is Andrew Brown from exam Pro, I want to do a comparison here between inspector and trusted advisor, because both of these services have a security component involved in them. And so they're easy to mix up. Okay? So Amazon inspector is designed to audit easy two instances. So you can audit a single instance or all the instances within your region. And, and so it would run a script, which would then run against a security checklist, and it will come back and report to you what checks have passed or failed. So there is one very popular benchmark by the CIS, which will do 699 checks, okay. And the other side, we have trusted advisor and trusted advisor doesn't generate PDF report, there probably is a way to export a CSV or something. But it's not like something that is promoted with trusted advisor. But it gives you a holistic view of recommendations across multiple service services and best practices. And so it has a whole section on just security, okay, so it would tell you something like, Hey, you should really enable MFA on your root account. So inspector is really just about EC two instances and and making them secure or hardened. And trusted advisor is all about multiple services and security practices, okay. Hey, this is Andrew Brown from exam Pro, I just want to quickly cover the three different types of load balancers. So you have an idea of their use case. So before application, network load bouncer existed, all there was was elastic load bouncer, and now it's been renamed to classic load balancer. And it basically does the job of both application network load bouncer, but it has a way fewer features, and it works slightly different. Okay, so classic load balancer does not use target groups. And it's intended for applications that were built with the EC two classic network in mind, okay, so generally, you do not want to launch a classic load balancer you, you still can, but you're going to want to use application and network load balancer because they are specialized for their individual use case. So for the application loads, load balancer, it's working at layer seven, layer seven is the application layer. So it's dealing with HTTP and HTTPS traffic. Okay. And so if you're running a web application, this is what you're going to want to use. It has some advanced routing rules. So it allows you to get more usability out of your load balancer. So prior to this, if you needed a load bouncer for subdomain, you'd have to launch a load bouncer for each one. But now you with routing rules, you can route all subdomains to the single load balancer and make sure that it goes to the right instances that you want to target. Okay. And so with application load balancer, you are able to attach a laugh. Laugh stands for web application firewall. And so since its application load balancer and web application firewalls just for applications, it makes sense why you would be able to attach it, okay. Now, on to the network load balancer. This operates at layer four, which is the transport layer, and it's dealing with IP protocol data. So this is where you are dealing with TCP and TLS traffic where extreme performance is required. So think video games think real time. So think about handling millions of requests per second will maintain ultra low latency, okay. It's also optimized for sudden and volatile traffic patterns. So that is another advantage there. Okay. And then all these load balancers, you can attach the Amazon certification manager so you can apply SSL certificate so you have HTTPS traffic. Okay, so there you go. Hey, this is Andrew Brown from exam Pro. I'm just gonna do a quick matchup of SNS vs FCS. And so these two services are easy to confuse because they both send emails Okay, so let's learn the difference. So SNS, which stands for simple notification service. It is really intended for practical use cases and internal use cases when it comes to sending emails. All right. So with SNS you can send notifications to subscribers of topics via multiple protocols, so we're not just limited to email, but we have HTTP email, sq s SMS and we can also do lambdas. Alright, on the other side, we have se s which stands for simple email service. And this is really utilize for professional emails, marketing, emails, all right. And so it basically is a cloud based email service. Have you ever heard of sendgrid that is what FCS is All right. So going back to SNS, SNS is generally used for sending plain text emails, which is triggered via other Ada services. The best example here is building alarms. Okay, so if you ever had a billing alarm, and it's been triggered, it would send you an SMS plain text email. It's an ugly email, but it does the job. Okay. over onto FCS FCS sends HTML emails, and can also send play up plaintext emails, whereas SMS cannot do that. So SMS cannot send HTML email. So if you want something that's going to look good, you're going to have to use sts sts can also receive inbound emails, SMS can create email templates, you can use a custom domain name, or domain name for your email, and you can monitor your email reputation. So there's a lot of other stuff that is going on there with SEO. As you can see, it's really optimized for emails. So yeah, there you go. So that is the comparison there. Hey, this is Andrew Brown from exam Pro, I just want to do a quick comparison between artifact and inspector. And the reason why is that they both compile up PDF reports. So that is where some confusion can can happen. So I just want to clarify the difference between these two services. So artifact is all about why should enterprise trust at West. So does AWS meet specific compliance frameworks, such as sock or PCI? And inspector is all about how do we know this easy to instance is secure? Can you prove it? And so it runs a script that analyzes your EC two instance, and then generates out a PDF report telling you which security checks have passed. Okay, so that is the difference between these two services, but just be aware that they both compile up PDFs. Hey, this is Andrew Brown from exam Pro. And I congratulate you for making your way through the journey content. And so now all that's left to do is to do some practice exam questions. And if you're scoring, all right, that means you're ready to go book your exam, which I'll show you here in the next section shortly. Okay, so there you go. All right. So now it's time to book our exam. And it's always a bit of a trick to actually find where this page is. So if you were to search at a certification and go here, alright, and then maybe go to the training overview, and then click get started, it's going to take you to at bis dot training, and this is where you're going to register to take the exam. So in the top right corner, we are going to have to go ahead and go sign in. And I already have an account. So I'm just going to go and login with my account there. So I'm just gonna hit sign in there. Okay, and we're just going to have to provide our credentials here. So I'm just going to go ahead and fill mine in. And I will see you on the other side and just show you the rest of it here. Alright, so now we are in the training and certification portal. So at the top, we have a one stop training. And to get to booking our exam, we got to go to certification here. And then we're going to have to go to our account. And we're going to be using the certain metrics, third party service that actually manages the certifications. So we're going to go to our certain metrics account here. And now we can go ahead and schedule our exam. So we're going to schedule a new exam. And down below, we're going to get a full list of exams here. So it used to just be psi. And so now they all have psi Pearson VUE, these are just a network of training centers where you can actually go take and sit the exam, for the CCP, you can actually take it from home now it's the only certification you can take from home, it is a monitored exam. But for the rest, they have to be done at a data center. And so I'm just going to show you how to book it either with psi or a Pearson VUE here. And again, they have different data centers. So if you do not find a data center in your area, I'll just go give Pearson VUE a look so that you can actually go book that exam. So let's go take a look at an exam. So maybe we will book the professional here. So I'm just going to open this in a tab and open that in a tab and we're going to review how we can book it here through these two portals. So let's take a look at psi, this is the one I'm most familiar with. Okay, because Pearson VUE wasn't here the last time I checked, but so here you can see the duration and the confirmation number, you want to definitely make sure you're taking the right exam. Sometimes there are similar exams like the old ones, that will be in here. So just be 100%. Sure, before you go ahead and do that and go and schedule your exam. And so it's even telling you that there is more than one available here and that's fine. So we'll just hit Continue. Okay. And then from here, we're going to wait here and we're going to select our language, okay. And then we get to choose our data centers. So the idea is you want to try to find a data center near you. So if I typed in Toronto here, so we'll get sitting here like Toronto, I don't know why thinks I'm over here. And I'm just going to hit Toronto here. And we're going to search for exam centers. Okay, and then we are going to have a bunch of over here. So the closest one in Toronto is up here. So I'm gonna click one. Alright, and it's going to show me the available times that I can book. So there's not a lot of times this week, generally you have to, it has to be like two, three days ahead. Every time I booked exam, it's never been the next day. But here, we actually have one, it's going to vary based on the test center that you have here. We're going to go ahead here and this one only lets you do Wednesdays and Thursdays. So if we had the Thursday here at 5pm, okay, and then we would choose that and we would continue. Okay, and then we would hit Continue again. Alright, and so the booking has been created. And in order to finalize that, we just have to pay that it is in USD dollars, okay. So you'd have to just go and fill that out. And once that's filled out and you pay it, then you are ready to go sit that exam. So that's how we do with psi and then we're gonna go take a look over at Pearson VUE. So I'm just gonna go ahead and clear this, because I'm not serious about booking an exam right now. Okay, and we'll go take a look how we do it with Pearson VUE. So here we are in the Pearson VUE section to book and you first need to choose your preferred language. I'll choose English because that's what I'm most comfortable with. And we're going to just hit next here. And the next thing it's going to show us is the price and we will say schedule this exam. All right. And now we can proceed to scheduling. Okay, so we'll just proceed to scheduling it's given me a lot of supervillains often Alright, okay, hello, let's go. and here we can see locations in Toronto. Okay, so here are test centres. And we do actually have a bit of variation here. So you can see there are some different offerings, you might also see the same data center, so I can choose this one here. Okay, and it lets you select up to three to compare the availability. So sure, we will select three, and we will hit next. Okay, we'll just wait a little bit here. All right. Okay. Hello, let's go. And now we are just going to choose when we want to take that exam there. So we do have the three options to compare. And so you know, just choose that 11 time, okay. And so then we would see that information, and we could proceed to checkout. Hey, this is Andrew Brown from exam Pro, and we are at the end here. So I hope you set your exam and you pass and when you do I definitely want to hear your feedback. I do appreciate any kind of criticisms. You do have of the the course curriculum here of any regards and definitely be sure to share with me your success on social media, whether it's LinkedIn, Twitter, Instagram, I want to hear from you. Okay.