Hello everyone welcome to yet another session by scaler and in today's session we're going to look into AWS and its services so before we move on with this session please make sure to subscribe to schema's YouTube channel and also hit the Bell icon so that you don't miss our upcoming videos now before we move on also make sure to check out the master classes we conduct where you can learn Technologies and Frameworks from Industry experts for free now looking into the topics covered in this particular AWS tutorial to start off with we'll be looking into
the basics we'll be looking into what is cloud computing what is AWS and all the things necessary to understand AWS after that we'll start off by learning AWS Services we'll start off with the most integral service that is easy to then we'll be looking into VPC S3 load balancing Auto scaling then we'll be looking into Cloud Watch we'll be looking into IAM which is an identity and access management tool and also we'll be looking into AWS Lambda and once we've learned about all of these services and looked into demos finally we will have a complete
session on interview questions on AWS that will really help you so these are the things that will be covering it's going to be a really long session I hope it teaches you a lot so now without any further Ado let's begin So what is cloud computing so cloud computing is the on-demand delivery of it resources over the Internet with pay as you go Horizon so to put it even simply so it's basically you're getting the resources especially it resources over the internet and you only pay for what you have used for example a very simple
one which is Google Drive you're going to pay per gbo and pay for the storage you're not paying for the application itself you are not paying For the code itself you're only paying for the storage you're using up you're not paying for the application so basically you're paying for what you are using and that is one form of cloud services so we'll be looking into the different types of cloud services I'm just giving you an example of one type of cloud service but essentially the IT company started using cloud services which helped them scale up
and scale down which helps them to host their Applications which helps them to deploy complete data pipelines on the cloud without any hassle so those are infrastructure service is again we will be getting to that but these are some of the examples and the IT industry was revolutionized once the cloud providers came out okay so also instead of buying owning and maintaining physical data centers and servers you can access technology services such as computing power storage and databases so basically Instead of the companies buying data centers and setting up a complete physical data center by
buying all the hardware hiring professionals hiring security and network professionals which will obviously cost a lot they don't have to put in any Capital they just have to select the cloud vendor they are going to use and directly use the services they are going to provide so if you look at this image so you can see cloud computing so using a cloud Computing uh provider like let's say AWS is a resume they provide you services such as networking services and they provide you software applications uh uh Security Services data storage bi services so you can
also basically deploy your bie applications your software applications on the cloud and you can all you can basically have one Central portal from where you can access all of this so that's exactly what cloud computing is providing to you all right So on-premises versus cloud computing so on-premises uh is more of the thing which we are talking about that is a company's own data center they have their own data center where they have their own physical Hardware where they have to set up and configure everything they have to hire Professionals in order to basically maintain
and upgrade them every single day so for that if you can see to the left side of this particular image so customization and Implementation the hardware the IT personnel who are required the maintenance the training for new Personnel who are coming in and so basically the ongoing costs are a lot for example when there is a downtime let's say when your data center goes down when there is a power outage rewriting Integrations customizations if there are applications which are dependent on other dependencies then in that case you'll have to upgrade them Every single time when
the dependency is also updated and then the maintaining of Hardware whenever a new set of Hardware comes out you have to upgrade and maintain your network and your security so that there is no breaches so that there are no unauthorized person who are trying to get into your data center and basically it will cost a lot so these are the ongoing costs in an on-premise data center but when it comes to cloud computing so ongoing costs are the Subscription fee okay so basically you put in the uh money on the subscription fee because everything is
already set up by the cloud service provided for you and you just have to pay the subscription fee to use it and the implementation customization and training so basically you'll have to train your employees on the cloud service or they should be already trained in it before you hire them there are certifications which we can take and Get uh accustomed to that particular cloud provider and then implementation and customization is again will be done by those Cloud professionals so to put it very simply cloud computing is a lot cheaper than setting up a complete data
center uh because obviously you have to do a lot of work and also put in a lot of capital investment upfront in Cloud there is no upfront cost you just pay the subscription fee and you pay as you go that is every single month you pay it As a bill all right the top cloud service providers so we were talking about cloud computing service providers right the subscription fee so the top three ones are AWS Azure and gcp so AWS is owned by Amazon they started in 2006. they started off with two services ec2 and
S3 and they basically changed the way it companies start using servers and then came Azure in 2010 Google Cloud launched in 2011. so and then these guys have been at the Forefront of cloud Advancements and they are the top three Cloud providers in the world even at the moment okay so the next thing we're going to look into is the cloud deployment models and the cloud uh different types of cloud services so the three models are basically public Cloud private cloud and hybrid Cloud so the public Cloud these basically are owned and operated by a
third-party service provider while delivering their Computing resources like servers and Storage over the Internet so public Cloud to be very simple so these three are all public clouds so they are a third-party Cloud vendor who provide you resources over the Internet which you are accessing it through the portal and you are going to pay them at the end of the month for whatever Services you have used so these are public cloud service providers also private Cloud also can be given by AWS or is your Google Cloud but again a private cloud is basically cloud Computing
resources used exclusively by a single business when it comes to public Cloud let's say there is a data center that data center let's say there are 100 customers and 100 customers are using this particular cloud provider so that data center will have the servers the storage the other services of all those customers running in that one data center so it's not exclusive for one particular customer but so other customers can't access the resources Even though in one physical Hardware there can be many servers running which can be of various customers but when it comes to
private Cloud you will be provided dedicated Hardware even though it's not your Hardware you are renting it but you will be provided dedicated Hardware let's say in you have been dedicated 10 servers so in those 10 servers only your company's servers and your company's resources can run also private Cloud can be physically located On the company's on-site data center also one more thing in this case a private Cloud can also be set up by a public cloud provider like AWS or Azure you can also basically purchase a private Cloud subscription from them which will give
you basically a dedicated hardware and nobody else can basically run their resources on those particular set of Hardware it will be exclusively given to your business and finally comes the hybrid Cloud hybrid Clouds combine the uh Power of the public and the private clouds bound together by technology that allows data and applications to be shared between them this is again pretty simple let's say your company wants to have an application so the application is front end the machine critical data not the mission critical data and the mission critical code so they just want to put
the front end of the application in the Cloud in the public Cloud which is internet phasing people should be able to see your website right and then they want to put the database which is the data Mission critical data and the code which is really essential for the application to work in their own on-premises data center that's their private Cloud so that the data is not stolen or their code is not stolen okay so now the public cloud has the front end running on the private cloud has the Back end and the database running so
in this case there should be a connection between these two so in normally if you want to make those connections if you're separately using a public and a private Cloud you will have to use a VPN VPN tunneling or uh or create a peering Network so that will take some time instead you can just use a hybrid cloud model which will combine the power of both so that you can keep whatever you want in the public cloud and very Machine critical and sensitive data and information can be kept in the on-premises data center and many
companies also use this particular cloud computing model which is really essential okay so these are the three different types of models guys now let's move on to the next topic which is the Cloud Computing Services the different types of Cloud Computing Services so software as a service platform as a service and infrastructure as a service So software as a service I already give you an example at the beginning which is Google Drive so Gmail Google Drive all of these are software as a service you may ask why because they are providing you a software over
the Internet you're not doing anything right you're not going to code that application you have provided the software over the Internet you're able to use the software over the internet using any device on that application code can be running on any Remote server that applications data can be stored on any remote server the software is running on a remote server and you are getting that software it's not running on your local desktop so Gmail if you open mail.google.com it opens up the Gmail website uh the Gmail application so you do not know where that particular
thing is running but you are given that application you're given that software as a service so that you can use it over the internet so that's Basically software as a service next comes platform as a service in this case application development and deployment so basically platform as a service they'll give you a platform in which you can let's say there is a platform called elastic beam stock in AWS where you can upload your code and it will automatically host the website for you for example let's say you have a python application and you want to
host that python application so in this case if it Is a regular one then you'll have to launch a server and then in the server you'll have to install all the softwares and upload all the dependencies and then deploy your application in that particular server to make it run but if you do not want to do that if you just want to concentrate on the code and you want to make your application better and secure enough and you do not want to worry about the server and the infrastructure part in that case you can Go
with the platform as a service in which case basically you just select the platform for example Python and then upload your code and it will automatically host your website and deploy your complete application for you and you don't have to do anything else you just have to concentrate on the code and make sure it is compatible with the platform you are uploading or deploying it to okay next comes infrastructure as a service So in this case server storage operating systems database engines any kind of infrastructure you're getting over the Internet is in processor as a
service for example you can launch a server and you can start uh like uh basically upgrading your server you can start installing whatever software you want in that particular server you can basically use it like your own computer and then you can basically terminate it whenever you want to it's not like once you start A server it should be running for certain period of time you cannot terminate or deleted it's not that case let's say you want to use a server just for three minutes you can do that over the cloud provider so the main
difference between a platform as a service and the infrastructure as a service is the control you get over what you're going to do in platform as a service you only get the control over the application which you are building You're just deploying the code and the cloud provider will make sure to launch a server and host your application inside of it you're not going to be given access to the operating system level but when it comes to infrastructure as a service you will be given software and operating system level control so that you can install
and upgrade your server according to your needs it's more of you can configure it more if you just want to Host your application in that case go with a platform as a service if you want to configure your server in order to make sure that every single part of your application is working and it's properly deployed then you can go within infrastructure as a service method but it's not just service even storage for example there is something called S3 and AWS there is blob storage in Azure so all of these are infrastructure Asset Services where
your given storage over The internet where you are given servers over the internet where you are given database engines over the Internet okay so these three are the main Services these three are the main Cloud Computing Services and so at the beginning learning these three are more than enough all right okay so to give you a more understanding about these uh Services I'll just brief about these on this particular image so on premises is completely managed by you so every Single part every single aspect of the on-premises data center is managed by the company itself
so the applications which are deploying on it the runtime the middleware the operating system the virtualization of the servers the storage networking everything is managed by the on purposes the company okay and then there is infrastructure as a service so in this case if you see over here the applications the data the runtime the middleware and the operating System is managed by you okay so because you are creating the application and you are uploading the application and the data which the application generates and the runtime for example the runtime is basically let's say you want
to you create a server and you are installing python inside of it and so that you can deploy your python application so it's a python runtime so that is maintained by you you can upgrade it or downgrade it according to your need the middleware is What makes the application run the middleware the logic and the softwares we are using for it and the operating system it could be Windows it could be Linux it could be any Linux distribution or it could be Mac so all of this would be managed by you and the virtualization the
deployment and provisioning of servers the provisioning of storage the management of networks everything will be managed by the cloud vendor aws0 or gcp for your user coming to platform as A service so everything except the application and the data is managed by the vendor as I told you while explaining in the previous slide it basically makes sure that it creates the servers it creates the runtime everything for you and it's already set up and your application will be directly deployed into the existing setup which it created for you so everything else is managed by the
vendor except the application you've created and the data Generated by the application and finally software asset Service as I told you let's say Gmail you don't own anything everything is managed by the vendor you don't have to manage anything you just use the application so that is software as a service all right so now moving on to the next uh topic which is benefits and use cases so first let's just understand the benefits of cloud computing so we've seen the cloud computing models we'll See in the Cloud Computing Services from that you could understand what
kinds of benefits cloud computing provides so to just summarize and brief that I've created this slide so first of all reduced ID costs so the first thing any company wants to do is basically try to reduce their operations and ID costs right so that's exactly why they are trying to shift from an on-premises data center to cloud computing so that they could cut costs and make it even more Profitable so in this case they could easily reduce ID cost because their on-premises data center they have to pay for the ID and the networking and the
Security Professionals they have to pay for the hardware let's say if some Hardware is broken they have to maintain and repair it they have to upgrade it and they have to pay for that so there are so many hidden costs as well in running a data center if there is a downtime for 1R in the data center that Will again cost them so all of this will eventually lead to very high operation costs but when it comes to cloud computing you're not doing any of that you're only paying the subscription fee and everything else is
managed by the cloud provider for you which will significantly reduce the ID costs you'll only have to pay for these services and the resources you are using on the cloud provider all right next comes scalability so this is really Important when it's an on-premises data center let's say you have thousand uses and your application could handle thousand uses at a time and let's say your application has 10 servers in your on-premises data center so now let's say speed server can handle 100 users so in this case your application could handle thousand users and let's say
your application has become viral overnight and there are 10 000 users using your application right now so in that case if You have only 10 servers running it cannot accommodate all the 10 000 users it could accommodate only the Thousand users which will be a significant loss for you so in this case if it is an on-premise Data Center and if you only have 10 servers running or 10 servers available at the moment you cannot do anything else you can basically buy more servers and configure it and upgrade it and set it up but again
that will take a lot of time and that will also have to Put in you'll have to put in a lot of capital to do that but when it comes to cloud computing let's say 10 servers are running you can set up a policy which will check the traffic which will check the CPU utilization of the service if they are utilized completely it will automatically launch more servers in order to accommodate the incoming users so let's say there are 10 000 users and so thousand users can be handled using 10 servers so now there would
be 19 more Service created so that it could handle the incoming 10 000 users at that particular point of time so let's say after some time uh it's basically after midnight and people are logging out of your application so now there are 5000 users there are not 10 000 users when it again in cloud computing so it will automatically notice the reduction in the CPU utilization in the servers and it will automatically reduce 100 servers into 50 servers which could handle 5000 Users okay I think I'm pretty clear in the scalability part you can scale
the number of servers up or down according to the needs you don't have to basically uh have to keep running certain number of servers all the time which will cost you more you can cost optimize your servers using basically scaling options and in global infrastructure let's say you have your application in India and you want to globally make it available Let's say you have a customer base in us as well if it is not in on-premise then you'll have to get a space in uh us and you will have to set up the complete data
center all over again but if it's Cloud they have an established Global Network all around the world and you just have to deploy your application you'll just have to duplicate your application into the US data centers and that is more than enough for you to make sure the application is going to be Available for your Us customer base and then up to date uh so up to date is basically again uh they make sure it's updated the hardware the software everything is updated and one more point and up to date is that so whenever there
is a new groundbreaking application or an MR application is available on the uh so basically when it's coming out so the first people who are going to adapt it are the cloud service providers because they want to provide the latest Innovations uh to the customers basically either to retain them and to show them that they are constantly improving because that will help their business model so whenever there is a new technological advancement coming in the cloud providers are going to adapt it I'm going to provide it to you so you don't have to do any
other work they'll all already create a service for you and provide it to you you'll just have to use it and then finally reliable data Backup and disaster recovery and they already have failovers set up in cloud service providers you will just have to use those data backup Services you'll just just have to use this data Disaster Recovery Services in order to make sure your application is running all the time without any crash so that is let's say your application is running in one Data Center and let's say there is a power outage in that
complete area so if you've not duplicated it into another Data center in that case your application will be down until the data center comes back up but if you have a disaster recovery failover setup and you have a standby application running in another data center so whenever one data center fails and your application is not running in that the the standby application will automatically start running and the incoming customers will be redirected to the application which is running on that particular data Center which is a different one all right so this can be done very
easily using cloud computing so these are some of the benefits that are even more benefits in cloud computing and then some use cases big data analytics video streaming platforms for example YouTube so YouTube is one big example of cloud computing and then also Netflix so Netflix uh enter architecture so Netflix went all in AWS that basically means everything they uh use that is the Storage but the that's the servers uh the database engines uh the data warehousing tools the analytical tools everything is running on AWS Netflix completely went on AWS and you can you can
know uh how fast Netflix is if you have used it uh Netflix is also pretty lightweight and also it is the biggest video streaming platform in the world the premium video streaming platform YouTube is the biggest video streaming platform but with a premium there is a Paid streaming platform Netflix is the biggest one and in this case they went all in in AWS and you can basically that basically shows how big cloud computing is and how major impacts is going to make in the upcoming future and the disaster recovery we already discussed it serverless Computing
so you don't have to worry about the servers you can just upload your code and employer applications without even having to provision servers by yourself I can we Discussed it in platform as a service and then Ai and ml as a service so this is one important thing which right now it is making strides in the IT industry so Cloud providers already have those ml Ops setup so mlops is basically a machine learning and operations where you can create a complete machine learning pipeline using the cloud itself you don't have to set up anything specifically
you can use the inbuilt services in Cloud for example if we talk About Azure there's a service called as your mission learning which will help you set up a complete mission learning operations pipeline in uh and again when it comes to AWS even they have EMR they have code pipeline they have their own operations and devops setup which you can use directly in order to deploy your machine learning or artificial intelligence models onto the cloud computing providers okay so again these are some of the use cases The cloud computing is used in so many different
Industries and these are some of the examples which I'm giving you because these are some major industries and this is some of the major use cases which clear Computing is used for right now and finally we are going to look into the future of cloud computing okay first of all I just wanted to give you a brief about Edge Computing which is going to be the future of cloud computing so it's Not Cloud Edge Computing is not Cloud but Edge Computing is uh like a local computer network so over here in this image you can
see you can see Cloud we have already explained over here so this is the cloud part so let's say this is AWS this is the cloud computing provider and then there comes Edge so Edge nodes so let me put it very uh very simple here for example let's say you have a supermarket and the supermarket every day it's generating one terabyte Of data and you want to analyze that data so let's say you want to analyze it uh every single day you want the analysis to be done every single day in that case when the
data is generated you're going to upload it into cloud and then it's going to be analyzed in the cloud and that analyze data is going to be sent back to the local data center the small data center which will be having in the store itself in the supermarket and then you'll be using it To further analysis right but what if you can analyze the generated data right there in your location itself so that basically is Edge Computing you can set up a smaller analyzing system uh so basically a smaller node in your local supermarket itself
which will basically speed up the process of analyzing so as soon as your data is generated you can basically analyze it in your own uh Edge node and that analyze data would be right there in Your own Supermarket so you don't have to upload or download or wait for it uploading or downloading because obviously terabytes of data will take some time to upload right and yeah so that could be done using Edge Computing so Service delivery Computing offload iot management storage and caching so it will be much much faster than cloud computing so its Computing
is already being implemented in various places even the major Cloud providers like AWS Azure They're setting up local Edge locations and they are trying to make sure the data retrieval and the transfer of data uh and the services basically it's much much faster than it being on cloud okay so they're already investing into it so Edge Computing would be the next big thing I after Cloud okay so the final thing is that the size of the cloud computing market so this is according to statista and according to them 146 billion dollars is the size of
the cloud Computing market right now and it is always in the increase so it would be around 320 billion dollars by 2025. so the size of the cloud computing Market will never stop it's going to be increasing until and unless every single company has moved to cloud and uh companies are willing to move to cloud and according to Gartner 75 of the companies they surveyed have told that they have a cloud first approach that is they want to shift completely into Cloud As soon as possible so this is according to Gartner reports okay and then
10.6 zettabytes cloud data center traffic so again so this shows that how much data has been uploaded to Cloud how much data is being analyzed in Cloud so the the volume of data is going to show how big of an industry is and if 10.6 terabytes of data is in the global cloud data center traffic that basically shows how massive cloud computing has grown since the first major cloud provider AWS has Launched in 2006. and then 17 percent increased demand for public cloud services so again as I told you every single company is using Cloud
right now and the increase is not anything new it is increasing every single quarter uh in every single year so that is uh every single year if you compare the previous quarter there is a significant price about 30 percent every single time in the spending in public cloud services so this is nothing new so basically this is The future of your Computing guys so if you are looking to learn cloud computing this will be the right time to go for it so you can choose any cloud provider but AWS is you're in gcp or the
top three Cloud providers after that there is IBM Cloud there is Ali Cloud there are so many other Cloud providers which are available which you can choose from and start learning from and yeah so these three are the major ones so I hope I've provided you all the basic fundamentals And all the basic information about cloud computing where it is being used the future of cloud computing will what are the different types of cloud computing models and services so that's it for this particular video so that's it for this particular video guys I hope you
all like this video and make sure to subscribe like and also share the video If you really liked it and also leave a comment down below if you have any queries and we would be Addressing them all so thank you so let's start with what is Amazon ec2 so Amazon elastic compute Cloud provides scalable Computing capacity in the Amazon web services Cloud so using easy to eliminate your need to invest in Hardware upfront so you can develop and deploy applications faster so to put it very simply ec2 is a service which provides your servers so
you can basically create or any kind of server you want on the AWS cloud and start Using it whenever you want to so basically you don't have to wait for someone to buy Hardware so basically provide an upfront cost or put in a lot of capital buy a lot of physical Hardware set up your service configure it and then deploy your application inside of them instead if you're going with AWS cloud in this case they provide you the service called ec2 so ec2 is the service which can provide you the means to basically deploy your
applications Faster than how you used to do normally in an on-premise setup so when it comes to ec2 you can basically create a Linux machine a Windows machine a MAC Mission so any operating system you want to you can choose the ram you can choose the storage you want for that particular server if you want 10 servers of the same configuration you can get the same thing if you need 100 servers if you need 10 000 servers AWS Cloud can scale up and down according to your needs That's why it is called the elastic compute
Cloud so basically you can increase the compute power decrease the compute power you can increase the number of servers and decrease the number of servers according to your needs and you can basically do it whenever you want and wherever you want you don't need any High configuration missions so you can use any laptop with just an internet connection because everything every process is happening in The UW us infrastructure in the AWS data center you just need a proper system with internet that's more than enough to access ec2 or any AWS service for that matter so
why we are going with ec2 first is because ec2 is most integral service in AWS and without ec2 a lot of other services would not work for example if you take elastic Beanstalk bean stock is a platform as a service where you can upload your code by choosing the runtime let's say I have a PHP application I can choose PHP upload my PHP application applications code and it will automatically provision servers in the back end for me and it will automatically host my application so but in this case the thing is to host the application
you would need a server in the back end so elastic Beanstalk automatically Provisions the server but that server is basically an easy to server you're not provisioning it but yet it is launched in ec2 so elastic Bean stock will not work if there is no ac2 so like that there are many other services which needs ec2 to function in AWS also in Amazon ec2 provide scalable Computing cloud in the Amazon web services Cloud so this is what I'm saying right now using Amazon ec2 eliminates your need to invest in Hardware upfront so Amazon is to
enable you to scale up or down to handle changes in requirements or spikes in popularity reducing your need to Forecast traffic so basically when you're using ec2 you can create a scaling policy which will automatically look into the traffic DCP utilization of the servers so let's say you have 10 servers and right now there are thousand users using your application so now to handle each 100 servers you need one server so basically there are sorry there are thousand users you have 10 servers handling thousand users so that basically means let's say by average one Server
can handle 100 users at a time so let's say your application becomes an overnight hit and now there are around 10 000 users so in this case obviously you need more servers to accommodate 10 000 users right for example to handle 1000 users you needed 10 servers so to handle 10 000 users you would need 100 servers so now Amazon ec2 if you set up a scaling policy according to the CPU utilization if all these servers have already been utilized the 10 servers Then it will automatically create more servers to accommodate the incoming traffic so
same thing let's say then it reduces to 5000 users so now if there are 100 servers on running for just for 5000 users that would be a waste of compute power and also would be a waste of your cost you are basically buying these servers right you are basically paying for uh whenever the servers are running so you would be paying extra so if there are 5000 users easy to Automatically will figure out and reduce the number of servers accordingly so instead of hundred service it would make it 50 servers so now you only pay
for 50 servers for that particular period of usage let's say for one hour 100 servers have run so for that 1R you would be paying the cost for the 100 servers and let's say the next star the uh user traffic has reduced now 5000 users for the next star there are only 50 servers so the next time you are only going to Pay for the 50 service which has been used then let's say it's after one or two am the customer uh the user base is seduced because most people would be asleep so let's say
it was back to like 50 users and in this case let's say you need only five uh servers so in that case if there are only five servers running in that particular period of time let's say for three hours only five servers were running so that three hours cost would be the total of those five Servers cost only there won't be anything else or extra cost added to it so this is how you can cost optimize and this is how you can scale using ec2 all right so this is basically ec2 it's an infrastructure as
a service so now in in ec2 the virtual Computing servers so the servers are called instances so I'm going to use the word instance Hereafter whenever I want to mention a server a virtual Computing server in ec2 so if I say instance that basically means a Virtual Computing server which is running on ec2 okay and okay so now instances let's keep them aside next coming to the next important Concept in ec2 which is an Amazon Mission image so it's called an Ami so it is the template that contains software configuration for example the operating system
an application server the application education so whatever it is so basically it contains the entire software configuration for your instance from an Ami you launch an instance which is a copy of the Ami you're running as a virtual server in the cloud so to put it very simply let's say you are creating a virtual machine in your local system uh using let's say uh Oracle virtualbox or VMware a workstation so in that case you will be using a ISO file so the ISO file will have all the necessary configuration uh the necessary data in order
to create that particular server right in your local system to create That particular virtual machine in your local system if it's in Ubuntu system it would have the Ubuntu configuration it will have the Ubuntu complete setup inside of it so that you can create the virtual machine in your local system so same way the Ami consists of the configuration which is required to create that particular server or that particular instance which has that operating system that server or the applications which are meant to be that Particular instance okay so now again you will understand this
concept even better when I show you the demo right now I'm just trying to give you a simple understanding of what exactly we're going to do so if you look at the image it'll give you an even better understanding so now coming to the next point the root device for your instance contains the image used to boot the instance the root device is either an Amazon elastic Block store uh volume or An instance store volume so this is basically the root storage for instance uh so it could be Amazon ABS which is a volume or
it could be an instant store volume so instance store volume is created with the instance itself Amazon ABS is a separate storage tool okay in AWS so now looking at the image you can see Ami over here to the right so this is the Ami so now using the Ami you can create one instance or you can create multiple Instances with the same configuration so let's say uh you have a web server and the web server has a website running inside of it so now you can launch one instance and it doesn't have to be
that you'll have to launch exam uh individually so let's say this particular Ami consists of a new window operating system which has a simple application running inside of it let's say it's a static website and let's say it's just a hello hello World website Okay so now we want this Hello World website to be running in 10 instances so using this Ami you can launch 10 instances at one single go you don't have to basically create each and every instance and basically then log into it then set up the entire configuration then upload the file
and do all of that you don't have to do that you'll just have to launch instances and you'll have to set up the entire thing completely you can do that with just a single Ami All right okay so when you launch an instance uh so this is complete now coming to the next point so when you're launching an instance you should choose something called the instant type so the instance type that you specify determines the hardware of the host computer so each instance type offers a different compute memory and storage capabilities and is grouped in
an instance family based on these capabilities Amazon ec2 provides Each instance with a consistent and predictable amount of CPU capacity regardless of its underlying Hardware so what they are trying to say here is so there are so many different instance types and you can choose any one of them and if you need a high performance instance you would need to choose an instance according to that if you need a simple general purpose for instance you can choose according to that but one more point which Amazon is selling that Amazon ec2 provides each instance with consistent
and predictable amount of CPU capacity so whatever you choose that will exactly be given to you it will be provided consistently and predictably so that whatever your underlying Hardware is the uh capacity you choose will always be provided to you so this particular thing is this site over here you can see there are the different types of instances so uh these are the instance types so General purpose so these are the instances are various kinds of instance types general purpose instances compute optimized memory optimized storage optimized okay so now this is the available instance types
the complete list is provided here you can just have a go through if you want to know what kinds of instances these are and then previous generations so these are the naming convex conventions guys for example uh there is c3.large if you want To know what that is everything would be provided in this particular section okay so I just wanted to show one thing to you guys before moving on to the next slide so all of this information would be provided while you are creating an instance as well yeah so if you want to know
more about the general purpose instances you can go over here and then there is compute optimized so the compute optimize Instances are ideal for compute bound applications that benefit from high performance processors so if you have an application which requires an high performance processor then go with a computer optimized instance uh if you are just doing it for a regular application go with general purpose or if you are doing it for practice Google generally purpose memory optimized instances are designed to deliver fast performance for workloads that process Large data sets in memory so if you
have a machine learning model which needs to process a large data set in memory not by storing it in the disk but in memory in that case you should take up the memory optimize which will give you a much bigger memory compared to the storage okay and then finally there is Storage optimized storage optimized instances are designed for workloads that require High sequential read and write access to very large data sets on Local storage so the previous one memory optimized they are basically running it on memory itself they are running they are analyzing the data
set in memory itself but if you have the data stored in a local storage and if you want High read and write output so if you want high speed read and write access in that case you should go with the storage optimized instance okay so if again if you want to know more about these instance type you can go ahead and look Into this particular documentation so now I'm just going to go ahead with the PPD so that we could move on from the theory and then I'll show you the demo because theoretical yes it
would teach you something but then if you see the same thing practically that would give you an even better understanding of what is going on all right and then okay so now uh let's say we've learned the basics about Amazon ec2 we learned what is an instance what is an Ami what are The instance types so and uh one more thing we'll be learning which is the storage that would be the next slide so now uh these three are required so let's see now like we are launching an instance um let's say this is a
uh Ubuntu Ami I'm launching Ubuntu instance and an Amazon ec2 instance transitions through different states from the moment you launch it through its termination uh so what they are telling us that once you Launch it'll start from a pending State then it'll have so many different states and and finally it will come to one particular State and then once you are trying to do certain actions the states will keep on varying okay so now let's look into it some launching instance so the first date will be pending so it would be in pending and it
would basically be launching these uh instance in the Amazon data center so once it's launched it will give us the uh required Details like the public IP address the private IP address the DNS name so all of that will be provided so once that is done it will do a status check whether the instance is running or not once it is done it will give us this particular state it will be a inner running state so when it's in the running state that basically means we can start working on the instance we can login into
the instance and we can start working on it and then if I reboot the instance then It will be in rebooting State and again it will start running and then if I stop the instance so there are two major things stop and terminate if you stop the instance that basically means you're just topping the instance you can restart it it's like are you putting your system on sleep or shutting down your instance and you can basically restart your instance and start using it it's just stop okay so if you stop it you can start it
again and it will go Back to the pending State and running State again so that's basically stop but if you terminate the instance what happens is it basically shuts down this instance once it shuts down it deletes the instance from the Amazon data center it basically deletes the data or it deletes the virtual machine altogether from the Amazon data center stop will basically keep your server right there it will keep your instance in Amazon Data Center and you can basically Restart it again but termination is completely terminating the instance so these are the various states
which in easy to instance goes through okay so the final slide we are going to look into is about the storage because we already know about the instance what is an instance what is an instance type what is an Ami so and one more thing we need to know before starting off with this demo is basically the storage because when you are Launching a server that the server would need a storage in where the configuration files is stored uh for the operating system right let's say I'm launching an Ubuntu instance obviously the Ubuntu instance uh
should be stored somewhere so the data of the Ubuntu instance would be stored somewhere right so for that we need storage so there are different kinds of storage in which you can do that which you can store in Amazon web services so these are some of Them and that's what we're going to see so Amazon ec2 provides you with a flexible cost effective and easy to use data storage options for your instances so each option has a unique combination of performance durability these storage options can be used independently or in combination to suit your requirements
so basically what they are saying is they provide you flexible cost effective options in terms of storage for your easy to instances so over here from the Image you can see this is one instance this is another instance so let me just explain give you a brief about the uh different types of storage so the first one is Amazon EFS so Amazon EFS is elastic file uh storage Okay so basically EFS provides you shared storage so you can have one storage and you can attach it to multiple instances for example let's say there is a
very large data set and you want to share it with hundreds of Servers but that basically uh if you upload it to each server that will obviously take a big chunk of the storage in each server so instead of doing that you can have a shared storage where you can create an Amazon EFS and that shared storage could be connected to all of those instances so every instance can see this exact same data set and basically import it or start using it okay so that is the EFS so now then comes uh in the host
computer Section you can see there is something called the ampharel storage so inference storage is basically like Ram so it only exists in the time of the instances surrounding so let's say I launch an instance and the instance is running for 10 minutes so in that particular period of time let's say I'm doing some operations in the memory but there will be data stored in the storage okay so now if data is stored in the Enfield storage so in that case let's say I'm Stopping the instance if I stop the instance that data won't be
available because I've stopped the instance and the data in the memory would be erased so that basically is Android storage and uh yeah so this is the instance store so this would be stored within the instance itself and then finally comes Amazon EBS so it's it's called the elastic block storage okay so elastic block storage is basically the main storage type used in ec2 instances to basically connect for Example when we launch an ec2 instance you can choose to take an EBS volume so when you choose to take an ABS volume that basically will create
an ABS volume which is an another AWS service and that could be attached to an ec2 instance and let's say you are launching a Ubuntu instance the configuration files the setup files all the data files everything will be stored in that ABS volume okay and that ABS volume is exclusive to that particular ec2 and So there is a new feature multi-attach ABS you can create an ABS volume which can attach to multiple instances case create a it's a different type of EBS volume and also it will not attach to all types of easy to instances
you will have to create an uh something called a Nitro based instance which is a much bigger and a much expensive instance so normally uh to to practice I would not Suggest to go with multi-attach AC EBS volumes the normal ones are more than enough that is normally attaching an EBS volume to instant instead so one more thing is that you can attach multiple ABS volumes to one instance so let's say I have a laptop and the laptop storage is 1tb so I'm almost done with my 1tb I need more storage so I can either
buy a new laptop which has 1 TB more storage or I can basically buy an external storage okay and attach it to my laptop And use that to store my data so like that in ec2 you can create another EBS volume and attach it to the same instance and also mount it and use it like normally so you can use the EBS volume normally so uh yeah so this is another storage and finally there is one more which is Amazon S3 so we are going to learn about S3 in another tutorial but right now I'm
just going to give you a very brief so uh let's say you want to basically terminate the instance but you Want to basically keep the configuration of the instance available in ec2 in AWS so that next time we want to launch the instance with the same configuration same files in the same applications which you have already installed in it so you can directly use the setup the file and directly launch an instance so for that there is something called a backup in AWS so that backup is called a snapshot so you can create a backup
of the EBS volume which again is called a Snapshot and which will be stored in S3 so now using the snapshot you can create an ec2 instance which resembles the one you currently have so this is where am I comes in so let's say you have created an instance you have launched a server inside of it there is a web server running there are 10 different web files stored inside it okay so now let's say you want an instance just like this you want the same files you want the same web server running in it
but you don't Want to configure it again so in that case you can create a copy of the same instance and once you create a copy of the instance you can use that copy to create multiple instances with the same configuration so this is the end of the theory part so guys in the demo what I'm going to show is I'm going to show you how to create an H2 instance first and how to connect to an ec2 instance and once we connect it I'll be showing you how to launch a web server inside the
Instance and how to basically make sure it runs okay and the final thing I will be showing you is how to create an Ami and create a copy of the same instance so that you can increase the number of servers or decrease the number of servers according to your need so this is the three things which I'll be showing you so uh this is the theory part now let me open the console and let's start off with it so guys this is the next part so we've Covered the theoretical part so now what we're going
to see is we're going to understand the AWS Management console so the first thing you will have to do is obviously login into AWS and before doing that make sure you have created an AWS account so to do that I'll just show you because I want to start from scratch I don't want to give you guys uh information from right in the beginning so basically you will have to come to aws.amazon.com so for now it's showing Sign into the console right I've already signed in so let me just sign out all right so now uh
it's asking me to sign in to the console so I can directly sign in like this okay so if you've not created an account you can click on create a new AWS account so then it's pretty simple just provide your email address password and your AWS account name it'll be like your username So this is basically a setup like how you set up for a Facebook account or an Instagram account it's pretty simple so once you do this just provide continue so after that they would be asking some more information like billing information but uh
either debit or credit card details so the thing is you will have to provide a debit or credit card detail without that you cannot proceed so if you're from India they would detect two rupees from your Accountant which will be returned back to your account after three days because they just want to verify if your card is an authentic uh or a legit card or not so that's it so once that is done your AWS account will be set up and you can wait for an hour or two and then everything would be set up
in your account and it will be ready for use all right so once that is done you can basically sign into your account Just signing in okay so now uh you can access all AWS Services here there are sections for recently visited and you can save your favorite Services too so first of all if you click on Services you can see every single service over here and recently I just opened ec2 okay so this is a new account and again analytics application integration so these are the various service domains which you can select and look
into Various other services for example if you only look into a migration service then you can just click on migration and transfer and it will show all the different tools which are available for migration so database migration AWS migration simplify and accelerate the migration of your data centers to AWS server migration if you have servers in your on-premises system and if you want to migrate it to AWS without any uh further tension without setting up Anything you can use server migration service so like this you can view services for every single domain so in that
case ec2 is a compute service it provides you compute power so it gives you virtual servers in the cloud which are called as instances all right so this is what we're going to cover in this particular session so why ec2 at first because ec2 is the most integral service so we'll be looking into many other AWS services in the future in our YouTube channel so we'll be looking into VPC S3 we would be looking into a simplified project using uh these Services we'll be looking into rdsm there are so many services to learn so this
session we're going to look into easy all right so once logged in a few things you'll have to look into is this is services this is the search bar like you can search for the services over here and this is the shell So it opens up the cloud shell if you already have services so you can basically uh access those Services via the shell so to basically start working with the shell you will have to know the commands AWS CLI commands so you can check out jwcla documentation in order to start with that so again
this is a little complex I'm not going to go into this this we'll see later in another session and this is a notification one uh so if there are any issues with Certain Services they'll be showing it over here and then over here so this is the help section so basically if you want to raise support ticket then you can go to support center and do that okay and this is an important part so this is where you will be provided all the regions from all the regions which you can choose from so these are
the data centers different data centers available in different various uh locations so this is North Virginia Which I'm currently using so uh if I'm in India I could go with uh Asia Pacific Mumbai as well uh so right now the only data center available in India is in Mumbai so rest every Asia Pacific regions or you can see Hong Kong the soccer Singapore Sydney and Tokyo all right and in U.S West there are four Euro there are six Yeah so basically you'll choose whichever routine you want I'm just gonna go with North Virginia so This
is uh one of the most reliable regions in AWS because as you can see This Is Us East one and uh so basically the U.S data centers get the new features first before they implement it in other data centers so if there is a beta version of a new service that would be implemented in the U.S data centers so if you are using AWS then go with the US data centers to start off with that is to practice with because if you want to check out the new Features it would be available in the U.S
data centers all right okay and then this is your account detail so your account ID will be provided here if you click on this more Account Details will be provided this is organization this is separate tool ews organizations so if you're working for a company and let's say you can create an organization under that you can have multiple AWS member accounts so for example let's say you are managing a team of 50 people who all Are working on the cloud Who all have separate accounts or who all have member accounts so you can maintain that
access from this one particular tool organization so if you want to remove certain access if you give people access you can do that from this particular console okay service quotas uh so initially there would be certain service quotas for example you can only launch 100 servers in one particular region so if you want more you can basically click On service quotas and check what are your current service quotas and then ask for a increase in your in your AWS and they would even you as soon as your ticket is solved okay and then billing dashboard
so this is where you get all your billing details once you let's say you're using a service for three hours if it's not under the free tier limit that will basically give you a charge and that charge will be reflected in the billing Dashboard which you can view over there security credentials so these are important but uh again you need to know more about AWS in order to understand these Concepts okay so I'm going to skip this all right so this is the account and you can sign out directly from here okay so this is
basically the console case and then over here you can see build a solution these are for beginners you can start off with this as well you can learn the fundamentals from the Documentation you can pick a learning path uh okay so now I'm gonna just open the easy to console all right this is how the ec2 console looks over here you can see the instances the elastic IP addresses the key pair so I'll be explaining what is the key pair so you don't have to worry about what are these I'll be explaining about them so
I won't be explaining about load balancers or security groups um what else yeah so the load balances I Won't be explaining because it's a separately different concept load balances again it's a major topic which we can see and then there is a new feature available right now ec2 global view so if you have servers in let's say 10 regions and if you want to view them in one single place so you can click on easy to global view it'll give you a view of all the servers running in all the regions so this has been
provided recently this was not available Two instances all right okay and one more thing I wanted to show you guys is yeah so instance is running if there are any instances running it will be shown over here okay all right so this is basically the introduction so next what we'll be doing is we'll be launching a server in ac2 that's when we'll be understanding more about ec2 and how to configure easy to how can we choose an Ami and all of that so I'll be explaining every single step I'll be Explaining the components and the
things we I'm entering so you don't have to worry about anything else so just follow me through if you already have created an AWS account then you can just follow this tutorial to you can basically walk through with me if not create an AWS account and then start off with a video from this particular part because we'll be looking into a demo from here on all right okay so we'll start with the demo so starting off with the demo so first Of all we'll be looking into instances so we'll be launching an instance using ecd
so as I already explained instance is the server so I'm going to show you how to launch a Ubuntu instance and once you launched an Ubuntu instance I'm going to show you how to connect to the Ubuntu instance using this terminal so this is a Mac so the connection where I'm going to use a terminal to connect it if you're using a Windows system then you can download something called button So pretty is a tool which I'm going to show you so this is the party link so you can basically go over here and download
the windows installer so over here you can just download it and uh you can start using the party tool instead of using the terminal so this is for Windows if you're using a Linux machine so let's say you're using Ubuntu or a Centos machine so in that case again you can directly use the terminal itself you Don't have to use anything else okay so now let's start I'll be explaining uh each and every step while we go through this all right so instance running so currently there are no instances running so it's not going to
be it's not going to show anything else and uh so before moving on I just wanted to show one more thing which is the free tier in AWS okay over here you can see You can go to aws.amazon.com free if you are watching video currently you will be provided with all the services which you get a free tier for so basically you would get a amount or number of services number of features for free for a period of time for example for easy do they're giving you 750 hours of runtime for a server like it's
not one server let's say if there are 10 servers running and each server can run for 75 hours the total would become 750 hours so with That 750 as you would not get build anything if your R scope Beyond 750 then you will start getting build for the first 12 months once you create your AWS account so like that all the integral Services have certain free tier limits so you can basically be within the free tour limits while practicing and you won't get any uh bill you would not get build anything so you can just
check what is free for 12 months uh what are the services which will be always free So like dynamod between GB of storage and dynamodium is always free 1 million Publishers and SMS is always free so like that all of this will be provided all right so I just wanted to show that because uh why we go through this particular process of launching an instance here we'll be given options of something called a free tier instance type so I don't want to take you again over the website to show you this is what a free
Tier is so I just wanted to show you right now so that we can move on all right okay so now let's launch an instance so to start off with it you can just click on launching options over here or you can just go to the ec2 dashboard and click on launch analysis over here all right so the next step is basically to choose an Amazon Mission image so over here you can see the first one is Amazon Linux 2 Ami so Amazon Linux 2 is A operating system which Amazon themselves provide and you can
see there is something called free tier eligible so whichever Amis have the name free tier eligible over there are the Amis which are given for free of costs you won't get charged anything for using these Amis if you're using the other Amis for example the Deep learning Ami or the Deep learning Ami GPU pytots so or let's say Microsoft server 2019 with SQL Server 2019 standards so these kinds of Amis will cost you you will get paid so to start off with it to practice you can just start off with the free tier eligible Amis
so I've already explained what is an Ami and uh so again they also recently added the Mac OS you can be also create a Mac server all right okay so what I'm going to do is I'm going to launch an Ubuntu server and I'm going to show you and I'm going to connect to the instance and show it to you all right Okay so Ubuntu instance it's retail eligible and yeah so I'm going to choose the 20.041 that is the 18.04 as well this is the older version the new latest stable version is 24 20.04
so I'm going to select this so the next thing it will ask is what type of an instance type do you need so the instance type which is going to be free for you if you create a new new AWS account would be t2.micro so every other instance type will get you a built so The only instance type which is free SQL dot micro so go with it so uh what you want to know here is so TV DOT micro probability of one virtual CPU so that basically means it provides you one virtual CPU of
compute power and 1GB of RAM and it only allows EBS storage that is you can only connect an EVS volume to it you cannot connect anything else you can connect other storages but the root volume would be EBS so if you come down so here you can see uh SSD is allowed Here EBS only so wherever ebh only is provided you can only connect EVS wherever SSD is provided you can connect other services like instance store you can connect with all of that can be connected so you can also connect EFS to here but EFS
would not be the root word the EVS volume which will be created with the instance would be the root volume so that would be added in the fourth step which is add storage so first we'll Choose the Ami second you choose the instance type we need one virtual CPU and one GB of RAM next we are going to configure the instance details so over the instance reveals the first one is number of instances if you need one instance or 10 instances or 100 000 how many instances do you need you will have to provide the
number over here okay so it will create that many instances for you the next one is a Purchasing option so we are not going to purchase any instance right now so this basically I'll explain it to you purchasing option is basically uh you can reserve the instance for a year or three years so it will basically provide you a dedicated instance in a dedicated physical server which will always be available for you at any time so if right now we are creating an on-demand instance an on-demand instance is basically an instance which you create Whenever
you want terminate whenever you want but if you want let's say 100 instances dedicated for you in a dedicated physical server even though it's AWS it's someone else's data center but you want dedicated number of instances so in that case you can use the purchasing option you would also get a discount in the purchasing option because you're going to purchase it for a complete year so you will be locked in for a year and you'll be paying for that All right okay and next comes the network subnet and auto assign IP so this I'll be
covering in the VPC tutorial but again uh these are very vast Concepts which you have to understand more but to be very simple so every single system simply network with other network you cannot have a system so to connect with the system to the main capability system there should be a network so that's what VPC will do for you you get you get Harbor isolated Network with an AWS which will be isolated from other vpcs other networks which other customers have or but again you can create a clearing Network is a communication Network where a
server from another VPC can talk to or communicate with another server in another frequency so again so these Concepts we learned in another tutorial and so I'm just going to move ahead Okay so for now you just have to know this number of instances is one so we're going to create one instance that's it next we have to add storage so while you install a server where you install this particular instance the data the files should be stored somewhere right in the root volume so for that we need to create a root volume instead uh
volume instance okay it's basically and it's volume as I told you only EBS is allowed in this Particular instance type and the free tail eligible customers can get up to 30 GB of EVS volume per month okay so you can see I can go to the free tail thing and check it out so I'm just gonna use 8GB so because Ubuntu Server doesn't need more than 8 GB of storage just uh takes 2GB uh the server itself is 2GB then there will be lots of space for storage because I'm not going to upload any huge
file to the server so it doesn't matter for now I'm going to go With the initial size which is 8GB okay and delete on termination so if you switch this on what happens is when you delete these server that is the instance the EBS volume which is attached to it will also automatically delete if not you if you disable this when you deleted the EBS volume will still be available you will have to delete it manually all right so I'm just going to keep it enabled and encryption you can use a key which is available
already or You can leave it just like that and shared file system so this is EFS so you can add a file system directly over here or after creating an instance you can create a shared file system and then later attach to it okay so again this would be a storage tutorial I'm not going to get into the storage pathway just covering the ec2 part okay so we need a storage root volume so we'll create that so that is automatically provided it's 8GB And volume type what's going to be general purpose and next tax so
tags are not integral they are they are clearly an optional step so why tags is basically let's say you have 10 instances let's say you have 100 instances and you have created 10 instances in that particular region there are other people using the account but you want to differentiate your instances so in that case you can give all the time instances in unique tag Which you can search for and it will provide those particular instances for example let's say name I'm gonna put it down together so in this case the EC region trading will have
the target scalar and if I have 10 instances named scalar and if I search for scalar in the Easter instance dashboard it will give me all the instances names killer so that I don't have to navigate through the entire list all right okay okay so this is basically tagged And then Security Group so Security Group is really important for an Institute instance the security group is what decides uh which basically what traffic should come inside the instance what traffic should go outside this is basically like a firewall uh not exactly a Firefall but a list
of rules which lets something happen for example right now only SSH is allowed hsh basically means secure shell the secure shell is the type of a TCP protocol which lets You connect to the Easter instance via port number 22 okay so for now custom basically this particular installation instance will be allowed to all the IP addresses so if I want I can change it to my IEP for example if I provide my IEP it will only allow by IP that is my particular personal computer to access this particular these two instance but if it isn't
custom or if it is in anywhere so this basically will allow any system Across the world to connect to my history instance but not everybody can connect you can only connect to the instance if you have the private key to decrypt the public key between the available enter instance so now you would be confused by the key pair so that's what we are going to cover next so I'm going to just provide just this one SSH so I'm going to review and launch okay so everything else is provided I Hope you guys understood these steps
so just follow through and you can create an instance within a couple of minutes so now click when you click on launch your phone launch the instances ask for a key pair okay so now I'm going to create a new keyboard and so I'm gonna name it as I'm just going to name it as tutorial okay all right I'm going to download so the keypad is downloaded okay so now now you can launch the instance So why did I download a keyboard you might ask what exactly is the purpose of a keypad so now I've
downloaded this keyboard called tutorial key so now this particular keeper will have two keys one will be the public key and one will be the private key the instance we are going to launch will have the public key inside of it and the private key is the one which we have downloaded all right so now when you're logging into the instance not if you provide public Access to anyone anyone could log into the instance if they have the public IP address but that should not happen so we do not want that happening so in that
case what you are doing is only I would be having the private key which I just downloaded only I have the private key nobody else has it even though they know the public IP address of my instance even though my instance is open to the world anybody could try to log in but if they don't have the right private key Nobody else could log in apart from me all right so that's why we need a key products first security purposes and it's to log into the instance okay so now let's launch the instance so now
first it basically create all the dependencies once the dependencies are created the instance will be launcher so now we can view the instance as I told you first it would be in a pending state so in a pending State uh then it will come to a running state so then you Would be seeing if your status checked so the status checks will become 2 2 so that basically means the instance is successfully running so now the instance over here you can see the public IP address has been provided the private IP address has been provided
so the public IP is what you will be uh using to connect with the private IP address is the IP address which is particular for digital instance if there is another service within my AWS account trying to connect to my ec2 instance in that case it can use the private IP address instead of the public IP address okay all right so now we can see the instance is running and statistic is initializing so uh let's just wait until this completes sometimes it will uh yeah so you can see the statistics are running system statistics and
instance status check so it will just check if the instance is running properly if There is any issues if there are no issues that it will just show two of top two that's it okay so then there is a security so this is where you see all the yes this is where you see all the security rules uh the security group you just created networking again so networking provides you more information about every single networking details the public IP the private IP public DNS so public IP address and the public DNS Is the same so
it's basically this DNS name uh will search for this particular IP address that's it it just redirects to this IP address uh so you can see it's the same thing and uh yeah so it's an internal DNS name and then the what VPC has been attached to it which subnet has been attached to it and what is the availability zone so in North Korean alone there are six availability results that is a one a one B one C two one F all right yeah so basically this is launched in the 1B availability Zone okay so
next storage again storage even created it's been attached uh statistics first is okay then monitoring so this basically will provide you uh a little bit of insight to the instance so it will show what is the CPU utilization so the instance is yet to start running right so that's why it's not showing any data So once it starts running it will show the CPU utilization it'll show whether the status checks have been succeeded Network in network out what is the packets how many packets came in how many packets meant out of the particular server that's
the internet usage and if there is any data which was read there was any data which was written so all of that will be major project got it so now you can see two out of two status checks have been Passed okay so now I just want to show one thing so first let me open this particular IP address so I just wanted to show that there is no website running or web page running in this particular instance because I just launched it and I'm just opening that particular IP address so that you wouldn't know
there is no the web page running in this okay so there is nothing running in this that's why it's still loading it won't show any Web page okay so I'll be launching a web page that's why I'm saying when I launched a web page when I run this exact same IP address it will show a web page okay okay um okay so now let's connect the instance the instance is successfully running okay and then over here you can see there are three options you can reboot the instance uh you can stop the instance and terminate
the instance I Told you what each of these things does and if you stop the instance then also you can terminate the instance or you can start the instance back and start using it and there are other actions you can connect to it so again the connect option so these are the same things which are provided over here all right okay so now let's connect to the instance so there are multiple options to connect to analysis one is the EC instance connect so when I click on it It will open another uh tab in the
browser and we can uh what is that we can basically access the instance directly from the browser itself and there is another option session manager so we are not going to use this okay we're not able to connect to your instance common reasons for this so basically I have not installed uh these agents so I'm not using this so we're not gonna go ahead with this connect your instance without SSH keys or Bashing a host uh okay so we are not going to use the SSH manager and then we have the assist client so SSH
client which which is what I told you but T is in SSH client there are other SSH clients as well so if you have those SSH clients you can start using them okay and then there is one more which is easy to serial uh console again I do not have uh this particular setup so either we can go over these two instance connect or we can go with a switch client so I'm Going to show you both of these how to connect with both of these because I have a SSH client in my local PC
which is automatically enabled in my terminal so as a mark so I can just search for the terminal and connect directly to it okay and so first I'm just going to connect it over here so you don't have to do anything else you can just click on connect it will automatically open a new tab and it will Automatically establish select connection to the instance you don't even have to provide the private keyword over here so whenever you launch an instance the first thing I would suggest you to do is update it so as this is
an Ubuntu instance it would be APD that it will not be young so it's another Linux instance if it's Amazon Linux then it will be yum and also the uh yeah so I'll tell you that When I'm connecting with the ssh what would be the default login name so the default login name for a Ubuntu system would be Ubuntu itself this one if it's any other Linux system the default login name would be ec2 user so this would be the default login name for any other if you're launching Amazon Linux then you'll have to use
this linear connecting with via as such so one more thing I would suggest is do not connect It via browser and start working with it because it's a little buggy I would suggest you to connect with the SSH client itself all right so one thing I want to do is so for example let's say there are no files in this drive I'm just going to create a 1.85 so that's when I connected via the SSH client you would know it is the same instance that's it otherwise all right okay this is going to close this
so now let me open the terminal And let's connect to it all right so I'm just gonna make any bigger and increase the size all right okay so now we have opened this so now to connect to this we'll have to use the SSH client so SSH client this is the example basically we can use this directly and connect to it so I'm gonna just use this so one small correction would be that this could be the IP Address or this could be the DNS name for example let's say I'm pasting this all right or
this could be the IP address so one thing is that the tutorial key.pm file is not located in this particular location all right this key is not known by other names yeah so I'm just going to click click no for now okay so the thing is this particular key which I downloaded it's in the downloads folder it's not in this particular Folder uh so we'll have to go to that folder in order to access it so now before doing that I just wanted to show you so SSH minus high or I hyphen I and this
would be tutorial Yeah so basically what I was saying about is so we have to figure out where the key is so then we can basically connect to it so we can again as I told you so this is the DNS name if you go to the instance all right so this is the IP address we Can use the IP address or we can use a DNS name so what that basically means is so instead of this you can provide me IP address that's what I mean but you can still go with the name as
name so I'm not going to change it I'm just going to copy it and one thing is that SSH hyphen I so tutorial key.pem uh so this is a hyphen I basically denotes the key and we are providing the name of the key and then Ubuntu is the username at what is The IP address so that's what you're providing so it will basically search for the server and it will use this particular key to connect to it okay pretty simple uh so uh now I downloaded it so it could be in the downloads folder so
I'm just gonna see and uh yeah so it's in this folder I'm just gonna paste okay so now this particular key is in this folder I know that so I'm just Going to go with it so hit enter and now you can see the authenticity of host the IP address has been provided can't be established and the key fingerprint is provided the key is not known by other names okay so yes okay so now you can see the this has been added to the list of known hosts uh unprotected private key file so that is
fine we can just change the permissions of the tutorial group yeah so the keys Permission has been denied so nothing else we just have to change the permission of the key okay so over here you can see right chmart 400 we can just run this command uh and we can make sure it's available so that's it I'm just going to paste this and done so now let's run this again so now it has been successfully connected so the instance has been connected you can see Ubuntu at the IP Address has been provided over here okay
so now if I do an LS it should show the one dot txt file which I created in that browser right so it's the same instance we just connected it with the browser now we are connecting it to the terminal okay so if I do an LS you can see the one dot txt file is available so simple so we have created an instance and connected to the instance via the local terminal so this is basically one of the biggest things in AWS and one of The most easiest things to start with so you have
successfully created your own server and you have connected to the server in your local system okay so now the next step you're going to do is we're gonna so we're gonna create and uh we're gonna configure a web server inside of this particular server and we're gonna run it publicly so over here right now as I told you there is no web server running so we're going to launch a web server inside this right okay so Now uh so there is a web server we can either use Apache 2 or we can use uh engines
so I'm just going to go with Apache 2 I'm going to install apache2 and so it would be a pseudo APD yet install Apache 2 and hyphen 1 if there is any question which is asking yes or no in between it will automatically provide the answer as yes okay so we are installing apache2 so this is a web server which will be uh Configuring and creating a complete web server for us which in which we can put our HTML Pages or we can put in our what is that yeah so we can put in our
PHP pages and that will work fine with this all right so that's what we are trying to do over here and once done we'll have to do one more thing that is we'll have to allow this particular web page in the AWS console so we've provided only access to SSH right so the instance could only allow SSH but in this case we Need to allow another access so we need to allow another protocol which would be listening to this particular web server all right so okay so the web server has been successfully installed all right
so the location of this particular web server in this particular server would be in a location called slash par slash www slash HTML all right so there is an index.html file Available over here this is the index.html file which will reflect when I'm going to refresh this page but it won't reflect now because we have not allowed the port number 80 and the protocol HTTP so once we allow that this particular web page will be shown over here okay I'm going to go to instance value print and go to security so we'll have to allow
the port number over here in inbound rules so to allow Again in boundaries we have to open the security group which is attached to the instance someone open the security group and edit in downwards so I'm going to click on bond rows and add a rule so here it could be custom TCT and you can just provide the port number as 80 or you can basically select the HTTP and you can provide anywhere ipv4 or you can provide my IP so you can connect it from your IP so I'm connecting to the instance from my
IP address right so Then it will only show that particular instance a particular web page from my my IP address so I'm going to use anywhere so okay so I'm allowing anywhere over here and I'm going to save the rules so done so now HTTP protocol has been allowed so now if I refresh this particular web page this particular IP address which is the IP address of my server this web page index.html should be shown over here so I'm gonna just Refresh this so it's just taking some time to load so I'll just close this
and open let's open it again I'll go to the instance we go to networking yeah so now we can see the Apache to default page has been loaded over here okay it's pretty simple so this particular page index.html is shown here so we have successfully launched a web server unforested a simple web page over Here so now what I'm going to do is I'm going to do one more thing I'm gonna basically create yeah so this this is a web page so what I'm going to do is I'm going to basically create another file uh
let's say one dot HTML over here and we are going to use that so I think this particular page is kind of uh still loading so what I'm going to do is I'm gonna [Music] launch another terminal Okay and I'm gonna make it bigger and then open downloads okay so I'm going to connect to the instance once again Okay so we've connected to the instance so now let me open [Music] the same drive so we'll have to add a slash here because we are in a different directory and we are taking this from Brew so
that's why we'll have to add That all right so okay so now in lecture HTML is available over here so now let's do one thing let's uh add sudo uh one dot HTML okay so uh I'm gonna just provide a something like Hello World distance one dot HTML5 all right and I'm going to save this file so I'm going to save this as in the HTML it's been saved now I'm going to exit so now you can see one dot HTML5 has been created let me just check So hello world this is one dot HTML
file so HTML file has been successfully create so now let me go over here again so now so this basically searches for the index.html file in the slash web wire slash www slash HTML uh directory so in the HTML director it's searching for the index.html page so now if we write one dot HTML then it should fetch the one dot HTML page over here you can see Hello World this is one dot HTML file so this is very simple web page Hosting so that's what we have done here so if you want your website to
be uh running as the default page in that case you just have to remove this particular index.html page and replace it with a new index.html page and that's more than enough so when you put the IP address it will automatically run so okay so this is basically the very simplest part all right so now uh you know uh this part so I'm going to show you one more demo which is going to be Ami that is we're Going to copy the Ami and we're gonna launch the instance so that it has the same web page
Apache to Ubuntu default page and this one dot HTML page already available inside of it so we are not going to configure anything we are just going to launch it and we're going to see if that instance has this Pages available okay so to start off with that we have to first create an image of this instance that is you have to create a copy of This instance we have created over here so instance States this is the instant State now if you go to actions there will be an option called yeah images and templates
okay so here you get an option called create image so you have to click on create image and you have to provide an image name I'm just going to provide it as copy of scales all right and then if you don't want any reboot while you are creating this image you can provide this but it's fine let the instance Reboot no problem if you want to add another volume you can add Intel or it will automatically create a default volume and it will use the snapshot of the instance which we already have which is the
scaling space it will use a snapshot of that and basically copy the entire configuration into this so that all the configurations you've made all the software to installed all the files you have created all of those will be available in the new instance which will Be creating using to be Ami which you are creating right now okay God okay so now uh done so we provided the name of the uh image that's more than enough and we're going to create the image okay so image has been created so to see the image you have to
go under images Amis so now you can see it's pending all right so this is the instance which we have with so I'm creating Ami and I'm Going to use this Ami to launch another instance on that instance I'm not going to login into the instance that instance is already going to have all the files which you already configured in this particular server this particular instance so let's say if you want to create an instance and want to scale up and down accordingly so this is how you do it you create a copy of the
server which you have configured which is all the software which is all the code file Which is all the data which is required for your application to run and you create a copy of that and you use the copy to create multiple servers so that there could be more service created of the same configuration again and again so now again the thing is if you want to change the configuration a little bit in that case you can just change the configuration in one Server create a copy of it and use the copy to again create
similar servers so this is how it Works you don't have to login into every single server and configure every single time you just have to create the server once configure it once create an Ami use the copy to create a similar server got it so it's that simple so it will take some time to basically back uh basically come as available and it's a private Ami because I'm creating the Ami both in my AWS account or for my personal use so it would be private if you want later you can make it into a public
Ami which Others can use okay if not uh it's fine so for now let's let it be a private PMI okay and uh so this is the Ami ID and this is the source which is my account the owner account and yeah so pretty much that's it so only thing we'll have to wait is for it to become available okay guys so now the Ami has been it's been available okay so the status has been changed from pending to mobile Level so now we can use this Ami to create a similar instance of the instance
which we created and configured so it's pretty simple just select the Ami click on launch then it's the same steps okay just choose the instance type I'm going to choose the same instance type twitter.micro configure instance DJs I'm going to leave it to the same add tags so this is the storage again I'm going to leave it to blank I'm going to just leave it like this I just need the same thing Tags I'm going to name it as far copy of Taylor next so here I'm going to use the same security group that we
just created launch wizard uh 52 I guess yeah which has HTTP and SSH both so I'm going to use the same thing because uh we are not going to login Into the instance and launch a web server and then configure it it's already been configured we'll just have to allow HTTP and once the instance is running the web page will be already running in this server in the instance right okay so now let's launch so now second thing is that you don't have to create a keypad every single time you launch an instance if you
have a private key in your system you can just use the same keypad Over here I've created us tutorial key right we can just use the same keeper in order to connect to any instance you want so the public key will be available in various instances so make sure only you have the private key because it's pretty important if anybody else has a private key they could connect to the United States so keep your private key with yourself and that's it so then you can just launch the instance and once the instance is running then
it will Already have the web page running inside of it so this is the uh the page which we have over here right okay so this particular server should have the same web pages running because it's the copy of this particular server okay so I'm just going to copy the public IP so it's in pending state but yet I'm just going to paste it and keep it over here so once the server is up and running it should show the Apache to default page over here the Ubuntu Default page over here okay so uh it's
running so statistics are not done yet but sometimes even though it's showing initializing it will be already done so I'm just going to refresh it and check once okay so the instance is running guys as you can see it's a completely different IP address and this is a different IP address and it already had the Ubuntu default page available inside of it because it's a copy of them since we created so this is how an Ami Work the Ami will have the complete configuration the software the applications the files everything which is inside of an
instance and we create an Ami of that instance it is create a complete copy which can be used to create more instances basically replicating the same instance all right so now this instance should also have the one dot HTML file so it also has the one dot HTML file inside of it guys so this is basically it for this particular Table for the ec2 tutorial so I showed you how to create an instance how to create an Ami and how to launch an instance with the Ami which we just created so this is basically it
it's pretty simple right and you can also go through you can also follow through with this particular tutorial and you can also start with PWS so it's pretty simple to start with if anybody could start with it and if you want to launch or deploy your own Website you can just use the server it's really cheap you can just use this server in order to host your webpage of your website okay so that's it for this session guys thank you so guys let's start off by understanding what is Amazon VPC so Amazon virtual private Cloud
enables you to launch AWS resources into a virtual Network that you've defined so in the AWS Cloud you basically have to define a virtual Network which is basically a isolated Network in your own AWS account so now this virtual Network closely resembles its traditional Network that you would operate in your own data center with the benefits of using the scalable infrastructure of AWS so basically when you're using AWS there are millions of people millions of companies using AWS right so in this case what happens is you would have to isolate your resources from the others
resources or you would have to isolate your resources in your Own account from other resources in your own account so for that case you can have a VPC a virtual private Cloud which creates an isolated Network inside the AWS Cloud so even though it is it it basically resembles the traditional network setup you can still use awss architecture in order to scale up or scale down your infrastructure and also one of the main common use for Amazon vpcs it's a networking layer of Amazon ec2 so if you do not know what Ec2 is go ahead
to our previous tutorial on Amazon ec2 and learn about that and then come back to this tutorial so that you could get a better understanding of what ec2 is because when we are looking into the Demos in that case we'll be using ec2 to demonstrate certain aspects of VPC so in that case you would have to know what is cc2 and how to create an ec2 instance so for that you can go ahead and look into it okay so now this is what VPC is okay so now let's just Look at the key Concepts in
VPC before we move on so first of all vbc virtual private Cloud a virtual Network dedicated to your AWS account so again it's dedicated to a AWS account and also it will be dedicated to a particular region so there are many regions in AWS which you can choose from so under each region there would be a default VPC available and then you can create more vpcs about that we'll see later in the session so now uh yeah so it is Basically dedicated to your AWS account it is not shared with anybody else and then a
subnet so under a VPC you can have multiple subnets so a subnet is basically a range of IP addresses in VPC so let's say your virtual private Cloud VPC allows around 64 000 IP addresses so now you can create a subnet which allows around 4000 IP addresses and so that subnet allows 4000 IP addresses and you create another subnet which allows 10 000 IB addresses but they cannot overlap Because they are individual subnets and the subnet one which has 4000 IP addresses uh the range of 4000 IP addresses will have a set of IP addresses
which we can assign so if you launch a instance ec2 instance within subnet one it will have an IP address within that IP address range which has been provided and then same thing if you go with subnet 2 which has 10 000 IP addresses which has a different range of Ip in that case if we launch an instance Within that it would have a different IP address which would be within that particular range of IP addresses got it okay so next is root table uh so it's a set of rules called roots that are used
to determine where Network traffic is directed so again so this will also learn later in the session internet gateway a Gateway that you attach to your VPC to enable communication between your resources and your VPC and the internet so as I told you the VPC makes Sure that it isolates your uh resources in your VPC from the outside holder from any other vpcs in the AWS Network itself so how would a communication happen how let's say you are opening your instance and you want to download something from the internet if the VPC doesn't allow that
in that case you would not be able to download any applications okay so for that you can use internet gateway so an internet gateway is attached to that VPC so once it's Attached to the VPC any resource within the VPC will be able to access the internet so that basically is an internet gateway and then a VPC endpoint so it enables you to privately connect your VPC support database services and VPC endpoint Services powered by private link without requiring an internet gateway not device VPN connection or AWS direct connection so a VPC endpoint is another
concept another tool in APC so in this case let's say you have another Service another AWS service and you want to connect to your service within the VPC but let's say in this case if you want to connect within your own AWS account in that case it would be much better to connect privately rather than connecting publicly over the Internet because that would be unsafe right so if you want to connect privately for that case you can use a bpc endpoint you can create a VPC endpoint point for your resource which can be used to
connect to The resource so let's say you want to access S3 from your ec2 instance S3 is a storage service so let's say you want to access the storage service from your ec2 instance one way you can do is from the AWS CLI directly via the Internet so if the internet gateway is attached and if you have given permission if you have configured your AWS command line interface you can access S3 from your Instagrams but if you've not done that in that case let's say you create a VPC Endpoint for that S3 bucket okay so
now using the VPC endpoint without going through the internet you can connect to the S3 bucket directly via your uh just the VPC input nothing else is required all right okay and then there is cider blocks so cider blocks are called a classless into mine routing so this is the Internet Protocol Hardware's allocation and route application methodology so when I was talking about subnets I said there would be a range of IP addresses right so to provide that range of IP addresses you would have to use a side of block a cider block decides from
what IP address to what IP address would be the range of that particular subnet so it has its own methodologies uh which is again completely separate uh major topic so we'll be learning about cider blocks as well I'll be given giving you the basics of all of these Concepts so that's what we'll be learning all right Okay and then default and non-default vpcs so if your account was created after 2013 1204 so it comes with a default VPC so if it was created before 2013 so in that case uh you would have already created a
default BBC by now it's been so many years but if you have create most probably most of you would be creating your account after 2013. so in that case your account will already come with a default VPC under default subnet so once you create your own AWS Account AWS themselves create a default VPC on the default subnet within the default VPC for you so that's what they do so if you have our default VPC you don't have to specify any subnet when you launch an instance so in the previous AWS tutorial AWS ec2 tutorial you
can see that when I'm launching an instance I'm not going to specify any VPC or subnet if you just launch it in the default VPC it will launch it in a random subnet whichever it chooses you Don't even have to provide your preference on which subnet you want to launch it through so you can do that without even understanding what VPC is you can get started with ec2 elastic compute Cloud without even understanding what VPC is or what default vpcs so later we can get a better understanding of what VPC is so that's what we
are doing right now so again if you've not watched the ec2 tutorial please go watch it do the demos over there and then come Over to this particular tutorial all right okay so you can also create your own VPC and configure it as you need so this is known as a non-default VPC uh subnets that you create in your uh non-default VPC and additional subnets that you create in your default VPC are called non-default subnets so basically any VPC which we are creating is called a non-default PVC and in the non-default vbc we'll be creating
certain subnets okay so those subnets are non-default Subnets that's the only difference between default and non-default default is created by AWS and it will be already available when you create an AWS account later if you are going to create and configure your own VPC that would be a non-default VPC right okay so now vpcs and subnets so I already give you a brief about what a VPC is so uh virtual private cloud is a virtual Network dedicated to your AWS account I already told this so now it is logically Isolated from other virtual networks in
the AWS scale there are going to be a lot our virtual networks right in the AWS Cloud so maybe ingest your account you might have four to five vpcs so let's consider all the customer base in AWS so in one particular region that can be let's say 100 thousands of vbcs so now your VPC will be completely isolated from all the other VPC unless you have made a connection with another VPC okay but until then everything will be Isolated your comp your VPC the resources within the VPC would be isolated from all the other virtual
networks in the AWS Cloud so you can launch your AWS resources such as easy to instances inside your VPC and VPC will make sure your ec2 instance that is your resource is isolated from all the other instances and all the other resources and all the other three pieces so when you create a VPC you must specify a range of ipv for addresses for The VPC in form of a classless into domain drafting block cider block for example 10.0.0.0 16 so this is the primary side of block for your VPC and also a VP easily spans
all of the availability zones in the region okay all right okay so now let's come to the first Point again so here you can see that they're asking us to specify an ipv4 address range so when you provide this ipv for address range that would be the Complete IP address of this particular VPC so the range of IP addresses so the range would last from what is this 10.0.0.16 so it would go to sorry uh so it is 16 right so 16 in this is 10.0 would remain started it would be the same only the
last eight bits will change so this total 10.0.0.0.0 so let me just make it clear so these right so the total is 32 bits and they've provided the subnet mask as 16. so when it's 16 that basically means The first 16 bits will remain unchanged okay so now that basically again means only these uh bits these 16 bits can be changed all right so in that case uh so what happens is so the range of this particular IP address would be 10.0.0.1 so okay and so that would be the starting IP and the ending IP
would be 10.0.255.255 so there are so many possibilities within that particular IP address range okay so this is what You'll have to okay so yeah so this is how you provide an ipv4 address and uh so also when you create one it will automatically show you uh how many IP addresses are possible within that particular IP address range okay and then there is VPC availability Zone A B and C okay so uh in a region there are let's say you've created a vbc in a region so let's say I have created a VPC in the
North Virginia region and if the North Virginia region Has three availability zones the VPC will span across all the availability zones if that particular region has six availability zones the VPC would span across all the six availability zones that is if I launch a ec2 instance in availability Zone a or availability Zone C it doesn't matter I can still launch them within the same VPC even though they are in different availability zones so availability zone is a logical divide in an AWS region okay so that's Basically what availability zone is there will be multiple data
centers so that let's say you can have your application running in multiple availability zones if one availability zone is down or has some issues you can basically redirect the incoming traffic to your application to the other application which is running in another availability Zone all right okay so this is basically uh what VPC is and then coming to the next point so this Particular following diagram shows some VPC that has been configured with subnets in multiple level results so one a two a and three a are instant senses in your VPC so over here you
can see 1A 2A and 3A are instances in the VPC okay and one more thing you want to you have to notice so as I told you here so let's consider this is the same VPC so 10.0.0.0 16 all right so we are creating three subnets within the VPC subnet 1 subnet2 and submit three and over here You can see subnet once IP address range that is the side of block has been provided as 10.0.0.0 24. this is 10.0.1.0 24 again same thing it's 10.0.2.0 24 so the thing is the IP address range we are
providing for your subnet cannot so it will be within the IP address range of the VPC but it cannot be the same as the IP address range of abpc so if your IP address Range of the vpci has been provided as 16 so you cannot use the same subnet mask as 16 it should be more than that it should be 20 or 24 or 30 or something like that okay so in this case uh 10.0.0.0 24 so this basically means that the first 24 bits will remain unchanged only the last eight bits will be changed
okay because total 32 bits it's 24 bits so the first 24 bits will remain unchanged the last 8 Bits can be changed all right okay so same thing goes here So one of the address let's say 10.0.0 point one it would be 10.0.0 Point let's say 10 so that can be an IP address so here again so the first three that is the first 24 bits will remain unchanged so all of the IP addresses will start with 10.0.1 yes that will basically be the distinguish between subnet 2 and subnet one so subnet 3 again it
will all of the IP addresses within the subnet will have will start with 10.0.2 And the rest will follow okay so this is basically subnets and about route tables we're not yet there we'll talk about later in this particular session and uh yeah so these are basically the subnets and over here you can see there are three instances launched right two way and 3A so now you can see the IP address of the 1A instance okay so it's 10.0.0.5 so as I told you it would be within this IP address range so now let's see
the IP address of 2A so this Is a private IP address not the Public public IP address would be totally different because it should be globally accessible the I public IP address and globally unique it cannot be uh repeating IP address so this is within the subnet that's why it can't repeat all right uh then the private IP address of 2A this 10.0.2 1.5 you can see the first 24 bits are unchanged same thing coming to subnet 3 10.0.2.5 so again first three uh that is The first 24 bits are unchanged all right okay so
these are subnets basically it's a segregation or it's a range of IP addresses within the VPC which you have created all right that's it okay next is default vbc components so default VPC components so basically I would just wanted to share with you guys what are the components in the default VPC which AWS will create for us so as I told you once you create an AWS account default VPC will already be available in Your account when you start working with it you can start with ec2 you can start launching instances uh directly because the
VPC would be already available and you don't have to create any so in the default VPC what are the different components available so the first one is obviously the VPC itself so it will be provided by this particular address 172.3 1.0.0 16 so this particular IP address range it allows 65 536 private IP addresses all right so these many IP Addresses are possible in this particular IP address range so now create a size slash 20 default Subnet in each availability zone so then they create uh so in let's say let's consider North Virginia itself the
north originate region so there are six availability zones in the North Virginia region all right so in the north original region they are creating in each and every availability Zone they are creating a subnet which has the size As slash 20 that is the subnet masking has provided AS Slash 20. okay and when it's provided AS Slash 20 it allows 4096 addresses per subnet so out of 65 000 so uh let's say there are six subnets so it would be four thousand uh ninety six into six so there would be these many IP addresses available
in those subnets in those individual subnets so there would be an individual subnet for every single availability Zone Third they would be creating you an internet gateway so that If you create an instance in any of the subnets that instance should be able to access the internet or from the internet you should be able to download uh something over the uh instance okay and then add a route to the main root table that points all traffic to the internet gateway so what this basically means is in the route table in the main route table which
has been created they are adding a root which targeting all traffic so what it basically means is All kinds of traffic from the instance can go through this particular route and reach the internet using the internet gateway so it's routed to the internet gateway so that particular resources that is these instances which are launched within the VPC see get access to the internet via the internet gateway so over here you can see here in the main route table so this is the internet gateway connection Okay coming to the next one uh yeah create a default
Security Group and Associate it with your default VPC now once uh the BBC let's say you are creating one you'll also have to create a security group eventually but here they already have created a default Security Group and associate with your default VPC so Security Group is created and attached with your default PPC automatically and when you're launching an instance you can still use the Default Security Group and then there is uh create a default network access control list ACL and Associate it with your default VPC so network access control list is more of rule
it's a rule set like a firewall where you can basically control the axis whether it's coming from a different IP address or whether it's coming from one particular range of IP addresses let's say you want to take off access to this particular VPC for a range of 5p Addresses you can do that with network access control list or if you want to only allow access to a certain number of IP addresses let's say it's an internal application you only want to allow the IP of the company's Network the IP addresses of the company's Network to
be able to access your uh particular application so in that case you can use a network access control list even for that and finally associate the default bhcp options set for read AWS account With your default VPC so the DHCP options are basically the domain name the domain names uh complete hostname so all of that details would be in the DH CPU option settings and that the domain name for the VPC everything will be Associated to your default VPC once it's done so these are the default VPC components guys so the thing is when we
create a VPC we can manually create all of this as we want so if we want our internet gateway we can create an Internet gateway and attached to it if you want to change the route to in the route table we can do that if you want to create another Security Group and attach it to your VPC you can do that if you want to create an axle you can create that you can if you want to create an ad Gateway you can create that so we can do a lot of things with VPC so
that's what we'll be doing in the demo and before that helps us figure out and finish up all the concepts so that we Would know what exactly we are doing in the demos okay next comes the internet gateways so the internet gateway is a pretty simple concept and internet gateway is a horizontally scaled redundant and highly available VPC component that allows communication between your VPC and the internet so now the VPC as I told you it's an isolated Network so now the isolated Network what if it needs let's say hard to communicate with the internet
so let's Say a resource within the VPC wants to communicate with the Internet or some entity or some third party application from the internet wants to integrate with an AWS resource within the VPC so in that case you would need an external entity right to allow this communication to happen so that communication is basically internet cable so internet gateway lets this happen so internet gateway make sure that the resources within the VPC are able to access the Internet and vice versa so another Gateway serves two purposes uh to provide a Target in your vbc route
tables for internet routable traffic so it will create a target for your resources so when a resource is trying to access the internet it can use that route and that route would be the IP address IP address of the internet gateway which can be used to route and like communicate with the internet and the second one is to perform Network Address translation for instances that have been assigned public ipv for addresses so for the instances with Charles Public addresses public IP addresses for those uh particular instances internet gateway can do not that is Network address
translation in order to make sure it communicates with the internet all right okay coming to the next one which is not gateways and not Gateway again from the name itself it's a network address translation Gateway okay so you can use an art Gateway so that the instances in the private subnet can connect to services outside your VPC but external Services cannot initiate a connection with those instances for example in internet gateway it is both ways that is the resource in the public subnet can access the internet and a third party tool or a user from
the internet can access the AWS resource within the subnet so that's based actually internet gateway now Coming to a Nat Gateway let's say you want to configure your resource so what if you just wanted the connection to be one way that is only the resources in your uh Subnet in your VPC needs to access the internet but the entities of a third party entity from the internet should not be able to initiate a connection with those instances in the private subnet so that's where not Gateway comes in so not Gateway so uh from this diagram
you can see so this is The internet gateway right and this is the NAT Gateway which has the elastic IP address and uh okay so let's say so this is these two are subnets okay and these are instances okay so you can see elastic IP addresses are provided for these instances and there is no elastic IP address provided for these instances because these are private instances private instances only have the private IP address because they Are not publicly accessible only if they are publicly accessible they would have a public IP address so elastic IPS in
this case are public IP addresses okay so now uh there is uh so this is basically the NAT Gateway right and now let's say this 10.0.1.5 instance this particular ec2 instance wants to access the internet so now it only has the private IP address it cannot use the internet gateway because uh internet gateway only does Network address Translation for public ipv4 addresses it does not do it for private ipv for addresses so that's where Nat comes in not Gateway comes in so now this instance while trying to access it will be routed to the NAT
Gateway and the NAT Gateway would understand that okay this is a private instance and it will basically translate the private instances IP address in order to access the internet and then it goes through the internet gateway and access the Internet so with the nard Gateway the private instances can access the internet but the third party entity can only access the public instances which has public ipv for addresses they cannot access the private instances which do not have public IP addresses which only have the private addresses okay so I think it's pretty clear here what is
the distinguish between uh internet gateways and AD gateways right okay so any provision or not Gateway you are charged For each are that you're not Gateway is available so once you create it so if you leave it like that for each hour it will get charged even though if you're not using it because it's not a service you can stop or start it's just an entity which is created and it's available in the subnet so if you're not going to use it after some time after practice delete it because you'll get charged and each gigabyte
of data that it processes so when the private AP Addresses are trying to access something from the internet let's say if they are downloading uh two gigabytes of data into the instance so you would also have to pay for that particular Network packets which are coming in so that's what they are saying here and finally the not Gateway replaces The Source IP address of the instances with the IP address of the not Gateway okay I think this particular sentence makes it pretty clear for example let's check this Instance 10.0.1.5 the iPad private IP address so
this instance wants to access the internet so now as I told you it will be taken to the Gateway and the NAT Gateway will do Network address translation translates the private IP address of the instance and it attaches the IP address of the NAT Gateway itself which will be able to access the internet via the internet gateway all right so this is basically how internet gateways and that gateways work so now Moving on to the next topic which is network interfaces and elastic IP addresses so network interfaces is a separate thing classic IP addresses are
a separate thing so now let's see what is an network interface so an elastic network interface is a logical networking component in a VPC that represents a virtual network card so usually in uh regular Hardware system so every particular Network would have or in every particular server would have a Network interface a network interface or a network card so in this case it's a virtual network card so what does this network card have so that's what they're listening here the attributes of this particular network interface so again every ec2 instance would have a network interface
attached to it so that would be a primary private IP address there would be one or more private IP addresses if we want there would be one elastic IP address Associated to it a Private address so then there would be one public IP address one public ipv for address so if we enabled this there's an option called Auto assigned IP address public IP so that is enabled it will automatically launch an instance and provide it a public IP address if it is not given then it will only we have the first three that is the
private IP addresses then later if you want we can attach another plastic IP address so that doesn't come with the network Interface by default and then one or more IPv6 addresses again if enabled you would get IPv6 addresses Security Group most probably at the beginning you would have one Security Group then if you attach multiple security groups then obviously there will be more and then a MAC address and then the destination check flag Source or destination check flag and finally the description of what that particular resource is so these are the attributes which will be
available In an elastic network interface in AWS so in bpc so this will be attached to ec2 and these are the IP addresses which will be available these are the description uh these are the different types of attributes which will be available okay and then the next one is elastic IP address so elastic IP address is a static public ipv4 address designed for dynamic cloud computing so you can associate an elastic IP address with any instance or network interface in any VPC In your account so with an elastic IP address you can mask the failure
of an instance by rapidly remapping the address to another instance in a VPC to put it very simply let's say you have two instances ec2 instances running both of the Eco instances have the same application running inside of them okay so now let's consider uh so we have not attached any elastic IP address to this so now this particular instance will have a different public ipv for address On the second instance we'll have a different public ipv for address so if let's say the first instance is the primary instance and the second instance is the
secondary one so the primary instance will be running all the time if the primary instance is down or there's any maintenance going on then the secondary instance would be running in behalf of it so now if there's a failure in the first instance the IP address of the second instance is completely Different so there would be a minor downtime for that particular IP address change to be made okay but what if you can use an elastic IP address which is static it won't change even when your instance restarts let's say you dominate an instance elastic
hybrid will still be available you can attach it to another instance it will still be the same IP address okay so what I'm meaning here is if you attach that elastic IP address to that particular subnet or that Particular instances so if this particular instance fails there would be another instance running but the IP address of that instance also would be the same because you have touched an elastic IP addresses and that would basically rapidly remap the address to another instance in your VPC without any delay so that's why we have to use an elastic
IP address but the thing is if you create an elastic IP address and attach it to an instance there is no Cost to it when it is attached to an instance there is no cost to it but if you do not attach it to any instance there would be a cost so you would get built for it so if you create an elastic IP address either use it or delete it again this is if you are practicing it later you can use it on if you want but obviously if you're not using an IP elastic
IP address delete it if it's not integral to any of your services okay all right and the next topic is about Tables so a route table contains a set of rules called rows and that are used to determine whether Network traffic from your subnet or Gateway is directed so already we discussed about this right when we talked about internet gateway so in route tables there are various components so the first one is main route table when you create a route table there would already be one so the route table that actually automatically comes attached to
your VPC when you Create it would be the main route table so if you see the default VPC there would already be a router table available you can create another one later if you want to but that default route table which gets created when you create your VPC is your main draw table so it controls the routing for all the subnets that are explicitly associated with any other route table so that is it basically means if there is a subnet which is not associated with any other Route table it will control the entire routing for
those subnets then there is a custom route table which you can create for your VPC it's in your hand then destination the range of IP addresses where you want traffic to go for example external corporate network with cider 172.16.0.0 12 so if you want the IP address range within this so this would be your IP address range so it's an external corporate Network and one you Want only the systems that is the computers with these IP addresses to access your particular resources in your AWS VPC okay so in that case you can set it up
like this by providing the destination with the appropriate side block and then the target the Gateway network interface facial connection so whatever is the target so for example this would be the target and this would be the IP address which we'll have to provide okay in this case The target is ethernet Gateway IP address is all traffic okay and then comes route table Association so the association between the route table and a subnet internet gateway or virtual Gateway virtual private Gateway again so this is the route table so it has been associated with uh the
internet gateway so that's basically is the subnet route table Association and then subnet route table a route table that's associated with This subnet so when you associate a route table especially to a subnet that basically means that is associated with the subnet so that would be called a subnet Road Table and there is something called a local root a default route for communication within the VPC within the VPC you can provide the IP address of the VPC and connect it to the VPC that would be for all communication Hub which is happening within the VPC
okay all right guys so now uh to understand Even better what is the route uh each route in a table specifies the destination and a Target so the destination is the range of IP addresses and the target is the target component in VPC so in this case the target components internet gateway and you want to allow all traffic through the internet gateway so that's why you are providing this particular destination okay for example to enable your subnet to access the internet through an Internet gateway at the following route to your subnet through table so this
is basically what they are telling us to do you can also do this uh so that's again I'll be showing that in the demo the destination for the root is 0.0.0.0 so which represents all ipv4 addresses the target is the internet gateway that's attached to your VPC okay so basically the internet gateway is attached to your VPC and that would be the Target and the destination would be the IP address Range which is 0.0.0.0 which represents all public ipv for addresses is so that basically means it provides access to all internet okay so the next
topic is VPC peering so VPC peering is one of the main Concepts in VPC again it's a really easy concept to understand uh so a VPC peering connection is basically a networking connection between two or multiple vpcs mostly two uh that enables you to Route traffic between them privately so if you Do not want to use the internet let's say you have two vpcs and there is an instance in vpca and there is an instance into a PCB so now the instance we in vpca has a private IP address the instance in VPC we will
also have private API address and the public IP address okay so now let's say you want to basically make sure this instance communicate with this instance you want to uh like establish connection or you want to login into this instance from This instance or login into this login into this instance from this instance so now if there is no vbc pairing Connection in that case both of these instances should be public only then they can access each other only then they can communicate with each other but in this case with the VBS peering connection they
can communicate with each other with just their private IP address without even having to go to the Internet so instances in either VPC can Communicate with each other assets they are within the same network so to establish that you will have to do a VPC pairing connection it's pretty simple you just choose a VPC as your requester and another VPC would be the acceptor so we will say would request vpcb to get into a peering connection and then once vpcp accepts it the peering connection is established and then all the resources in bpca can communicate
get with the resources in vpcp Via a private Connection between them okay so the same thing you can connect multiple vpcs so over here to the right side you can see vpca has a pair in connection with vpcb as well as pairing connection with EPCC so you can have multiple VPC connections as well so in this case you can also create a pairing connection between vbc B and VPC if you want to there is also multi-region pairing that is a VPC in one particular region let's say North to Virginia can connect or can create a
Pairing connection with another VPC which is in let's say Ohio region you can also create a peering connection between vpcs in two different AWS accounts so a VPC I have a VPC and I have an instance and let's say there is a friend of mine who has a VPC uh in his AWS account and there is a database and I want to access that database from my AWS account and I don't want to do it publicly I want to do it privately with the AWS Network itself so in that case You could create a pairing
connection with that particular account and then you can use your instance to access that database resource within their VPC so that can be done using VPC peering so this is one of the most important Concepts and also a really easy concept to understand and also really easy concept to start working on okay so these different components and these are the different topics in VPC guys so now uh let's just move on and let's get Started with the demo we'll be starting off by creating a VPC I'll be uh showing you what are the different components
once you create a VPC then I'll be showing you how to create a subnet that is a private subnet and a public subnet and I'll be showing you how to create an internet gateway and attach it to the VPC how to create a not Gateway and attach it to the VPC and then also how to create a VPC pairing connection and uh yeah so these are the things we'll be Covering in this particular tutorial session guys so now let's move on to the demo so guys now we're going to start off with the demo so
first open the console I hope you already have created your AWS account and already have done the ec2 demos so uh right now we're going to straight up start off with the Demos in vbc the first thing you'll have to do is again open the uh so basically in ec2 I just wanted to show you guys so as I told you while you are creating The ec2 uh the second option is basically to select the VPC you want and over here you can see there are security groups elastic IP addresses network interfaces so these are
Concepts which we learned in the theory part so these also combine with the VPC module okay so now I'm gonna search for VPC so isolated Cloud resources this is basically the VPC service so once you open VPC again there would be a dashboard which will show how many vpcs are available uh how Many subnets are available how many Road tables are available internet gateways uh there are no not gateways no peering connections um there are three Network ACLS there are 92 security groups elastic IP addresses so every single thing is provided in this particular dashboard
and also it will show that whether Amazon ec2 is working properly or not because VPC is the networking side of ec2 okay without the networking Side of ec2 you cannot launch an ec2 instance because you need a network to launcher instance right so here you can see you can either launch an ac2 instance or you can open the VPC wizard so let's create a VPC so that's the first thing we want to do in the so launch VPC so here you get an option to launch uh using the configurations which they already have so this
will basically create a VPC and a public subnet inside of it already for you so It's a ready-made setup so you can do that VPC with this sync subnet VPC with public and a private subnet with the NAT Gateway can also be created without anything you don't have to put any uh you don't have to put any effort you can just select this and it will create this exact same thing for you and then VPC with public and private subnet and also Hardware VPN access so when do you need this let's say you are an
on-premises setup so now if you want to access your On-premises servers as well so to access that you need a certain connection and obviously your on-premise is set up uh it's not VPC VPC is only available in NATO address so in this case you would need a VPN connection a virtual private network connection which creates a secure connection between the on-premises network and the AWS Cloud which allows you to basically transition and connect to your corporate data center so that you can basically Communicate with the servers in the corporate data center from AWS and vice
versa and finally VPC with a private subnet only so this is just for uh communication between the corporate data center and the AWS resources there is no public activity that is there is no internet activity in this case so you can use the VPC wizard okay if not you can open your vpcs and click on create VPC and you can see I already Have like tried uh long back if you see this yeah so again you can see this is not the default request because I created it so this is the default VPC you can
see default VPC yes this is again another VPC and again this is not the default VPC so uh to delete a vpcs again it's the same thing you can just select it and delete VPC so if you delete a VPC it will show what Are the other resources which are associated to it which will get deleted so in this case one subnet and one Security Group will get deleted so if I give delete and click on delete so it will delete the VPC the security group and the subnet Associated to that particular VPC so yeah
so it's that simple so now let's start off with creating a VPC click on create PPC provide a VPC name so let's say VPC and then you can provide aside a block so I'm just going to provide a simple uh 10.0.0.0 16 so that it will allow lots of possibilities for me so only these two would be uh closed and then basically if I uh so I can change this as well if I want to I should change this like this okay so it doesn't matter okay so we'll create another VPC with a different side
of block for now I'm Using this and I don't want any IPv6 side of block and I'm going to keep the tendency as default so what tenancy means is if you use a dedicated one it will give you a dedicated uh VPC in one particular physical Hardware so you can run instances in your PPC on single tenant dedicated Hardware so that's the only difference but if you choose dedicated that will cost you even more than the default one so the default one is basically common for everyone your VPC will be created in a hardware in
which there are other people who also have created vpcs even though they are logically separated even though they are logically isolated even in that case they are all in the same physical Hardware right so that's the only difference and also it will cost you more dedicated will cost you more and then if you want you can provide the tags so I've already provided the name for it and automatically took it as the Tag so I'm going to use that and I'm going to create the VPC so that's it a VPC has been created okay so
now let's just look into the configuration which is here so the cider block which we have provided right and then DNS host names are disabled dnsf solution is enabled so a main network access control list is created a main route table is created the hcp option set is created and uh yeah so pretty much whatever we Need is created so let's look at the DH uh CPU uh option set over here as I told you it will have all the information like the domain name the domain name servers and all that uh so the ec2.
internal to my name Amazon provided DNS uh this is the domain name servers all right okay so this is DHCP and then also the main route table so as I told you a main route table will be created later if you want you can create another route table And Associate it with the VPC again I'll also show you that later in the demo so now this is the main route table yes you can see which VPC it is associated with the scale VPC which we just created okay so we can see the routes and there
is only one route which is the local route so we also looked into it so the local route will allow communication between the VPC itself and if you want to edit you can just click on edit routes and you can add route yeah so you Can basically change it over here so you can say instance network interface Gateway load balancer endpoint local uh yeah so you can add a route and you get more options so the thing is you cannot remove the local Target you cannot remove the uh main route the the thing is if
you remove the main route that will basically uh remove the communication between the VPC so basically Amazon or AWS themselves do not allow that so you can see thing Right there is no option to remove this particular group remove this particular route okay later if you want you can add routes it's not it's fine okay so this is the main route okay and then there is a main Network ACL so again as I told you if this is more like a rule set so there are inbound rules so all traffic is allowed and outbound rules
all traffic is allowed so there are certain things Which you'll have to know in a network access control lists so the rule number will basically tell you the what is the first rule which has to be executed so if it's 100 then it will be executed first then it's 50 it'll be execute its second and if it's star it is executed at the last so basically you'll have to know what is the what is that hierarchy or which has more power so that will be provided in the AWS documentation so we can just Enter a
KC s and yeah so optional layer of security for your VPC the tax has a firewall for controlling traffic in and out of more or one submits okay yeah so here is the rule uh so this is a default Network ACL and coming to the next part so the network ACLS outbound rules 100 and 110 over here uh HTTP and https are allowed out of the subnet There's a corresponding inbound rule that enables responses to that outbound role in Bound to 140. so you can see right so according to the order you provided according to
the number you that will basically determine the uh hierarchy or the it will basically determine when should what be executed so for more info again you can check out the documentation you can go through this entire thing So you can see here right they've also provided comments you can allow a certain uh port number from a certain IP address you can deny a certain port number from a certain IP address yeah so uh this is basically Network ACL again you can learn about the basics and all of it and the documentation itself all right so
now going back Okay so we've created a VPC right now but this particular VPC does not have Any subnet and let me just go to your vpcs and now you can see uh so we've created a VPC right yeah so this is the VPC we've created this is a VPC ID the VPC of VPC is available and over here ciders we can see uh the associated slider is this we don't not have any IPv6 surface and uh yeah so pretty much we've created it okay so the next step is creating a subnet so again to
start off with you Can also use the VPC wizard where you can create a complete like a private subnet with a public subnet with a not Gateway automatically but it would be better if you learn by doing it manually so that if you understand and do it manually and if you know the concept and how it works then you can use the wizard and create it whenever you want so there's no issues with that okay the next thing we have to create a subnet if we click on subnets okay so now you can See there
are already around six subnets so all of these subnets are default VPC subnets so why are there six subnets because in North Virginia in this particular region there are six availability zones so if I click on this subnet we can see this is for one F right this is for 1B for one day but one e one C and one a so these are basically For the default subnet and over here you can see the I ipv4 cider is provided as 172.3 1.48.0 20. okay so this basically means there are 491 IP uh before addresses
available so also it should be actually 4096 total addresses but the thing is for five IP addresses would be blocked by um AWS themselves so like the first point zero zero three uh zero point two point one so few of the IP addresses will be blocked and some of which will Be already taken so that will not be covered so it would be minus five uh and yeah so that's basically it enter okay yeah so this is the subnet so now let's start creating a subnet so there is no separate way of creating a public
and a private subnet the only difference is when you create a uh so a public subnet will have internet access it will be connected to the internet gateway there would be a route to the internet gateway a private subnet would not have a route To the internet the only difference between a private and a public segment this is in public subnet would have access to Internet Resources and private subnet would not have access to Internet only if not Gateway is connected they will have access to Internet but again internet there won't be communication or there
won't be a two-way communication there will be just one way okay now let's create one so the first step is to Select the subnet and I'm going to select the subnet we've created all right and I'm going to name it as uh scalar subnet1 availability Zone we can choose one or if we want to if not we can just leave it I'm going to choose us 1A and the side of block I'm going to provide as 10.0 point so let's say we can make it one slash 20 so this is one subnet which I'm creating
So if let's say if this particular subnets IP address uh overlaps or goes outside of the range of the cider block of the VPC it will throw an error for example if I do this yeah so it does so now you can see the cider address is not within the side or address of the VPC why because the side characters of the VPC is 10.0.0.0 16 that basically means the First 16 bits will remain unchanged for any IP address which is within the B so in that case we can only change the last 16 bits
so that's why if we do one over here so this won't be any problem now we can create a subnet okay so but before that I want to create another subnet because I want to have a public and a private submit okay so to create another subnet you can just add a new submit over here and I'm going to name it Subnet or let me do one thing I want to name it I'll click submit one private submit one and that was 1A uh this one v1b and this is going to be 10.0.2 0 and
24. so I'm going to give a different side of block so you can see cider address overlaps with existing subnet Cider so basically this particular side block cannot overlap the subnet cannot open overlap the IP addresses of the other side of the block so for example let's say if you're making 20 so again it's still overlaps so we'll basically have to change a few things so the problem here is uh the first so if it's 20 right so this basically means the first I would say that yeah so 20 bits so in this 8 Bits
are there right so in the eight bits four bits remain Unchanged and the other four bits can be changed so now in this again if I give two this basically means then uh the four bits can be will remain unchanged and four bits will change but it will still overlap with the IP addresses in this so what I'm going to do is I'm going to make to zero we want to make it 1. I'm going to make it 0 I'm going to make it 2. let's make it 24. Yeah so I'm going to make this
also one so now basically this first three characters that is the first 24 bits will remain unchanged and over here again the first 24 bits will remain unchanged so that basically means they cannot practically overlap the IP addresses will not overlap so that was the only problem and now it's resolved so you'll basically have to select the cider blocks accordingly so that they do not overlap each other okay so now I'm Creating the subnet yeah so done sir two subnets are created uh yeah so you can see right uh the other subnets without the name
are the default subnets one and the other two are this so I want to do one thing [Music] give the VPC ID and just gonna keep my subnets available to show them okay it will be much easier to navigate right uh all right so public subnet uh private submit we've created Two submit space but the thing is still it doesn't matter both are not uh it's not a public subnet it's not a private subnet yet uh because over here you can see so if I go to root tables again even here I'm going to do
one thing I'm gonna select the VPC I think this is a VPC right okay so this is the one one zero one seven come on this here zero eight five so this is the VPC yeah Okay so this is a route table so if you go to roads so only the local connection has been established so in this case you will have to establish a connection to the internet gateway which will be attached to the public subnet right okay so now uh subnets are created guys so later we'll be making them public and private submits
so to do that first we would need a internet so let me create an internet so there's already internet gateway but This is the internet gateway of the default PPC so first we have to create an internet gateway to create an internet gateway just click on that and I'm gonna just put scalar internet gateway create internet gateway and attach to a VPC so internet gateway has been created now we'll have to attach it to our VPC so I'm going to click on it I'm going to select the VPC which we've created and attach internet Gateway
so we've attached it to the VPC okay done so this is the internet data which we created it's been attached to the VPC offered choice so now we'll have to go to the row tables and in this case scale every PC so this is about table we can go to Route so subnet associations again we'll have to associate a subnet right so to make I'm gonna so we create the internet gateway Now we are set to make the public subnet an actual public subnet because a public subnet should have access to the internet private subnets
should not have so to provide access to the internet first thing we'll have to do is create a road which will allow all traffic via the internet gateway so to do that click on edit routes in the route table in the main route table only click on edit root add root and I'm going to make it all IP addresses 0.0.0.0 0 means all IP Addresses Target would be an internet gateway and it will basically search for the internet gateways available and the only internet reader which is attached to the VPC of this particular route table
is scale igw scalar internet gateway so I'm just going to select it and save changes that's it so we've attached the internet gateway to the VPC so now the VPC has internet access now how to make the subnet a public subnet so to do that We'll have to associate this subnet to this particular route table so we should not so for example so yeah yeah so public subnet should be the only subnet which should be associated with that route table private subnet should not be associated with it if it is associated with it then that
would basically mean it will also have internet access okay so now going to Route table And selecting the router table going to subnetic associations and edit submit associations so explicit subnet associations subnets without explicit associations so these are the only subnets which do not have any associations so edit subnet associations select the subnet which you want to associate and save Association That's it so now we've attached uh we basically Associated uh this particular subnet and uh to this particular route table which is connected to the internet gateway okay so now what I'm going to do
is I'm gonna let's create a ec2 instance inside the VPC we've created okay so we have a public submit so one thing we'll have to change is go to the subnet so uh One thing you will see is if I click on this you would see auto assign public ipv for addresses is disabled so we'll have to basically edit this into allowing that because when we create an ec2 instance within the subnet it should basically create a public IP address for it okay so to do that we'll have to change it uh We've selected the
subnet let's see if there is an edit option here Details action edit supplement settings and we're going to enable or to assign public V4 public ipv for addresses so any instance which is launched within the subnet will automatically have a public IP address okay okay so that is enabled now going back to the ec2 Management console so I'm going to launch an instance so I I'm pretty sure you guys know how to do this If not please check out the previous tutorial because uh I'll be just rushing through this okay so it's the same step
so I'm just gonna go ahead and create so the only step you'll have to know is this particular step step three so you'll have to change the network so Network first scale up and the public subnet okay as you can see there are 251 IP addresses available for the Body and then so use sub subnet setting in so in the subnet the setting was enabled so that's why it is using the subnet setting that is the public IP address is enabled so when you create an instance it will automatically create the public IP address for
you okay so these are the only things which we'll have to do these are the only changes which you'll have to make in creating an easy to instance in your VPC Created okay so one more thing which you'll have to know is the network interface so it will automatically create a network interface you don't have to do anything if you have a network interface already you can create it if not you can leave it it will automatically create one and also you can associate a elastic IP address to it so I'm not going to do
it right now is going to create an instance because I just wanted to show you guys We've created a VPC we've created a public subnet we've created an internet gateway and provided the root so now once we connect to it it should let us download something from the internet so basically the instance right which you're creating the instance should be able to download from the internet if it's not able to download from the internet then we've not created a public subnet it is not able to access the internet So now next add storage I'm just
going to leave everything so I just need SSH I don't need http thing else so I'm going to review and launch and lock and launch so I already have a key pair which is yeah it's tutorial key and I acknowledge and launch instances yeah so the instance is being launched guys so I'm just gonna Yeah so this is the IP address so it will take some time to create it so let it create then we'll open the terminal and connect it and check is working or not or not okay so now coming back so we've
created the VPC we've created some how to change routes and they will learn how to associate table we've seen how to create an internet gateway okay so now I'll also show you how to create an elastic IP Address and how to allocate the elastic IP address once the instance is created and so we'll I'll also show you how to create a Nat Gateway so okay so now let us create it won't take much time yeah so it is running right now let's first finish this part of this session and move on to the next part
okay so I'm going to click on connect I'm going to click on SSH client I'm going to copy this And I'm gonna search for terminal I'm increasing the size all right so now the the file the keypad file is available in the downloads folder so that's why I'm going to the downloads folder and then I'm hitting enter so if it's successfully is working then it will basically login into my login into the instance which we created within the VPC which we've created and within the subnet which we've created so It's taking some time so that
I think it's still creating the instance so it's still initializing so maybe that's why it's delay so let's wait until it initializes guys so that we could just connect it uh instantly okay okay guys so now you can see this status checks have been passed uh so now we can start off with connecting the install so I'm just gonna click on this click on connect SSH client copy the command and paste it over here uh let me just check oh sorry uh I'm not in the downloads folder my mistake yeah so it's what's the problem
here yeah so it's connected guys so it's successfully connected it's gonna clear on the screen so now we are in the instance so now this instance should allow internet Access right so that's what we've done we've created an uh instance in the public subnet and also internet gateway has been attached to the VPC and we've also Associated the subnet so this particular subnet should allow internet access so that's what we want to figure out so we'll see if it's able to update so it's able to update it's able to fetch data from the internet so
that basically means we've successfully created the VPC and a public subnet and We've attached an internet gateway and provided an internet access to the server so you've successfully done that okay so one part of the demo is done so I'm just going to exit this instance okay so let's just go back okay so let this instance be and let's go to the next part so the next part would be uh basically Nat gateways where we'll be creating a private server so to create a private subnet what are things we need is we'll have to basically
Associate the NAT gateway to the public subnet and the private subnet within the same VPC will access the not Gateway in the public subnet and that will do the network Capital address translation of the private IP into the elastic IP which is attached to the NAT Gateway and then it will allow us to connect to the okay so that's what exactly will happen so that's what we're going to do so the first thing we'll have to do right now is create a Nat Gateway and Let's do that go to that Gateway create an art Gateway
uh scalar not Gateway selecting the subnet so the subnet should be the private submit okay remember that you will have to select the private subnet selecting the private submit connectivity type select the connectivity type for the NAT Gateway the NAT Gateway should be public but you're attaching it to the private subnet Okay and then elastic IP allocation you can associate an elastic IP or allocate one or uh yeah so basically you'll have to create one right so I don't have an elastic IP so that's why I was not able to select one so for that
you'll just have to click on allocate elastic IP it'll automatically create an elastic IP and associate with because without the elastic IP it would not be able to network address translate the private IP addresses into the IP Address which just has been allocated to it okay so now create an adjective so Nat Gateway has been created guys it has been connected to the private subnet all right so uh network has been created we've connected it to the private subnet but there is one problem because it's not associated directly with the VPC so it's associated with
the VPC but it does not associate directly with the VPC that's what we'll have to do right now uh okay so I just realized so one small Mistake we've committed is that we've Associated uh the private uh subnet so that's not the case we'll have to associate the public subnet uh because the NAT Gateway should be created in the public subnet right so it's available right now so I'm just gonna delete it uh Delete so we'll create another one in the public subnet okay because it should be available in the public subnet then we'll have
to create a root which Will let the private resources to access the internet via the NAT Gateway so that's what we're gonna do so I'm just going to create the same name and change the name a little bit scale and art uh Gateway One and select the subnet submit to The Click subnet so we already have an IP address which already got allocated so I'm just gonna reuse it and create a nav Gateway so again first then add Gateway would show status as pending uh all Right so then it will become available okay so let
it get created so the next thing we'll have to do is we'll have to create a custom route table so we cannot associate the private subnet to the the main route table because that will make the private subnet a public subnet because the main route table has an internet giveaway attached to it so for that we'll have to create a custom route table so I'm going to Route tables create drop table Um scalar Route One VPC scale of your PC and hit create short table so it created a profitable guys okay so next we'll have
to do is we'll have to associate a subnet so in this case the only non-associated subnet is going to select that and uh yeah associated with custom route table so subnet Association has been successfully done Okay so now I'm going back to drafts so if the NAT Gateway is created we can create a route let's see so it's still in pending state let's go to Route tables and also uh so we allocated uh elastic IP address right so which got created so that will be visible here you can see that here you can collect your
IP address you can release the elastic IP address you can associate the elastic IP address to a certain instance right now this Particular elastic IP address has been associated with the NAT Gateway so if you want to associate it with an instance we can just click on associate once you've created the elastic IP then select the instance which you want Associated to and that's it that particular instance will have the elastic IP Associated to it so let's check if it's been created again yeah so the NAT Gateway is created guys so the next step is
to go to the route Table and create a route and so one more thing I want you to do is so this one I just want to rename Taylor I'm just going to delete space okay so this is a scale model main log table this is the custom route table so now subnet has been Associated so only thing we'll have to do is change the block uh in scalar.1 so edit routes add wrote All IPS and we'll have to select the not Gateway so this is an ad keyword we deleted this so I'm going to
select this and save changes so we've created a route for the private IP address so now the let me just I'll do one thing I'll just give this particular cider foreign so anyway we're going to allow only the IP addresses from the private subnet to Access the nav Gateway right so I'm just providing the same side of block as the private subnet to avoid confusion so that's provided and save changes Okay so we've created the NAT Gateway as well and uh yeah so it's successfully created and you can see this Association also has been made
okay so I think it's already was created notice them okay so done Nat Gateway has been created So now the only thing we'll have to do is we'll have to create a private instance and try to access the private instance from the public instance and then once we do that then the next step would be to try to access internet from the private instance so now the private instance should not allow internet let's say basically it should not allow internet if there was no not Gateway available so if there is an ad gate a bad
gateway available it should allow so What I'm going to do is to show that I'm just going to remove this so first let's create a private instance and connect to it and let's see if internet works in that or not and that will associate in ad Gateway and then we will see whether the internet works or not so that basically will prove that will be a that will be more of a proof of concept right okay so now I'm going back to the Management console I'm going to create an instance Which should be again Ubuntu
uh the free tier one since derails again scalar VPC but in this case it would be the private subnet done so in this case you can see it's in disabled state okay next next okay I'm just going to leave it like this next W1 launch Existing key pair tutorial key and launch instances Okay so we've launched the instance so this instance will not have a public IP address if you only have the private IP address okay so uh the first thing we'll have to do is we'll have to login into our public instance so only
we have the public instance we can connect to the private instance because they are within the same VPC and they can communicate so Even though they are in different subnets doesn't matter they are within the same VPC they can communicate without any issues because you don't need internet because they are within the same logical Network so in that case they could communicate and they could these resources to could connect with each other without internet access so I'm just gonna connect to my Instance again and go back so the thing is it will take some time
because it's a new VPC and a new or is a new subnet so usually when it's a new subnet then the status checks will take some time because that is the first status check happening inside that VPC inside that subnet so that's why it takes a little bit time okay okay so why is this not connecting now So I think it's the terminal issue I'm just going to open another yeah so it's connected so it was a terminal issue I think it uh got stagnant okay and uh yeah so we'll just click on this so
now if we click on connect again it does not have a public iPad here so we cannot connect to it but we can connect to the instance via the private IP but only we can connect to the instance via The private IP via a resource within the same VPC so we've already logged in to a resource within the same VPC so we can connect to the private instance only from the resources available within the VP so that we can do I'm just going to paste this okay so one small thing we'll have to do is
that we'll have to upload the tutorial key to this so I'm just gonna do one thing so as I told you the first thing we have To do is connect it to the private IP address so uh connect to the private instance but the thing is we do not have the pem file so the thing is I copied the pem file using a copy command and it has successfully worked so I've already have the file so the copy command would go like this so I'll just show you guys so it would be SCP hyphen I
and here you will have to put in your pem file name of the public instance Which you want to copy then here you will have to put in the file path so this is the file path and the file name it's actually tutorial key right now tutorial my tutorial yeah so tutorial key okay so then you will have to basically provide Ubuntu add the IP address two three nine point two two six point two three six so what basically uh what this basically does is it accesses The uh instance and it does not login into
the instance it just accessed as the instance so I'm just going to put a pseudo also uh and uh so once it access uh the instance it basically will copy the file into the default folder so you can also mention the default folder like for example where do you want to copy a colon home and so this is where I want to copy the file okay so then I can just put this This would be the command guys to copy the file so you can just hit enter and as I put sudo assessment for the
password I'm putting in the password so uh so it's showing permission denied so only thing you'll have to do is you'll have to change the directory and then copy it that's it it'll work and this will be the command so if this doesn't work for you guys what you can do is you can basically uh I'll show you Something filezilla so in file seller you can basically download the Mac OS client so this is the Mac OS client so you can download this and you can connect uh the uh thing via this okay so you
can basically just download this install it and uh yeah you can connect the instance to this and just upload the file via files this is one option but I'm not going to show filezilla in this uh because that's Again a bigger topic okay all right so we already have the tutorial key.pm file in our public instance so the only thing you'll have to do is connect to our private instance you want to copy this foreign so now we are in the private instance you can see that right so now we are inside the private instance
where we connected it from the public instance we cannot directly connect to the private instance because it doesn't have a Public IP address but we can connect it via the resource which is already within the VPC so that thing we've done so now there is no not Gateway attached so let's do one thing let's try to do this so you can see right it's at zero percent it's not able to connect to the internet I'm just gonna stop it okay so let this just be here let's just go over here again And uh let this
be now let's do one thing let's now create this route to the NAT Gateway add wrote and Gateway choose the right one changes so the route has been added guys okay it has been added so now let's try to run the same command could not get locked okay so let's try again Okay let's do one thing let's just log out okay so now we are in the public instance again so let's try to so yeah so we are in the public instance again guys so now let's try to connect back to our private instance okay
so now the NAT Gateway is attached the route has been created to the PPC to the private subnet it is associated with the route table so now we can basically Try it right and now internet is working in the private subnet so we can just try we can install uh so that we get installed Apache two it's downloading guys so basically now we have established internet connectivity in the private instance and as well so we've established internet connectivity in the private instance because you can See it's the private instances IP address right so that's what
we've done we've successfully uh created an architecture so what architecture we have created this is the architecture we've created let's just open this so this is the architecture which we manual so there is a public Subnet in which we have our instance there is a private submit in which we have an instant in the public subnet we have in that Gateway which is associated with The private subnet via her route data public subnet is associated with a associated with the internet via the internet gateway again via a route table so this is the thing which
we've created manually so now if you select this you can automatically create the entire architecture just using uh multiple steps so you can basically provide the cider block over here you can provide the VPC name public subnets name private submits name more than enough it will Automatically create everything for you so we but the thing is if you don't do it by yourself you don't practice by by yourself you would not get the point all right so these things we've done guys I think I think you understood right how to do the public subnet the
private subnet how to connect from one instance to the other instance how to make sure if the internet is working or not so everything we've done so now what I'm going to do is I'm just going to Terminate this because I don't need these anymore and I'm going to close this so the last part of this particular tutorial the last demo would be the UPC clearing demo so for that we need to create a VPC uh so let's just create a VPC using the VPC uh wizard so I'm just going to select uh Let It
Be The Same I want to make this this And uh I'm gonna give preference as this and that's it so I'm going to create the VPC so I created the VPC it created the internet gateway it created the public subnet it created everything which we required for us okay done so now if I go to VPC a BBC has been created I'm going to name it as uh Taylor PTC two so why why did I create this I Just created this so that I can show you the pairing demo so going to pairing connections so
we're going to create a peering connection between between this we're going to create a pairing connection between these two vpcs I'm going to go back to clearing connection create pairing connection and so name we can provide us peering this so the local VPC to pair with would be Scalar VPC so it's my account another account as I told you you can also associate or connect two vpcs in another account in another regress account but this is going to be my account it's in the same region you can also connect to a VPC in another region
altogether but it's in the same region the acceptor would be scalar APC to okay and then create pairing connections that's it So this is more than enough to create and then what you have to do is you'll have to accept the request done so to send and receive traffic across this VPC pairing connection you must add a route to the period VPC in one or more of your route tables okay so let's modify the route table this is the main talk table you will have to go to roads edit route add root Same thing so
here it would be appearing connection bearing practice save changes so this could be basically the IP address of that particular bearing connection as well go back and I'm going to copy this and go back to Route tables scalar main route table Roots edit routes add root at the IP Select bearing connection select the bearing name and save changes that's it so now one more thing you'll have to do is so this established one-way connectivity now one more thing you'll have to do is we'll have to basically do the connection for the other VPC so this
is what scale of epc2 so this is the this check scalar No so this is the main route table of the scalar vpc2 I'm going to name it scalar [Music] done so in this again I'm going to make a rule change edit routes we're in connection we're in practice save changes so done guys so that's it so now if there are any resources in either of the VPC so let's say there is an instance in this VPC and there is a Database server in the CPC so this instance could access the database server and there
is an instance in this VPC and there is also another instance in this VPC they can also connect so basically like how we uh connected to one private instance from the same way we can connect to the instance inside vpc2 from VPC or we can connect to the instance in VPC from vpc2 so vice versa we can do anything we want so these are the things guys so we've Learned about vpcs we've learned about subnets we've learned about drop tables we've learned about internet gateways we learned the power elastic IP addresses we learned about uh
Nat gateways hearing connections and uh security groups you've already learned in the ec2 tutorial and one more thing what was the one more thing yeah so the network interfaces so we've learned a lot of things I hope you guys understood what exactly was going on over here so now What you can do is so let's say I can just delete this but it has a peering connection so the first thing you'll have to do is delete the pairing connection so if I delete the pairing connection I think it'll ask me to remove the roots uh
Delete delete related Road table and places so now we are deleting the pairing connections and also deleting the roots so it has been deleted successfully So now let's try to delete it yeah so now we can delete it and it will basically delete all resources associated with it so you don't have to worry about it done it's all deleted okay so now scalar VPC is there again we can also delete this as well I'm just going to click on it delete it so again there is one issue because there is an elastic IP address attached
to it there is an ad Gateway attached to it the First thing you'll have to do is go to elastic eyepiece and uh so yeah it's attached to the net Gateway right so first we'll have to delete that Gateway delete and then go back to elastic eyepiece I refresh this so it's allocated uh I don't think we'll be able to uh dissociate it right now so it has to be completely deleted only then we can Disassociate yeah it's connected to this Gateway so is it deleted so Nat Gateway is deleted okay so it takes some
time so let it be so now let's just go to vpcs and try to delete it yeah so it's still saying there's a network interface uh so as there is a network interface it's not letting us to delete it so I'm just going to open this And let's delete the network interface okay so again then quick interface is attached to the ec2 instance so in that case we can delete the ec2 instance all together so done we have terminated the ec2 instances okay so now going to network interfaces so I'm just showing you how to
clean up so the network interface has been deleted so why it was not allowing us to take The vpcs because there is a resource within the bpc so if we delete the VPC that basically means we will not be able to use the resource so it cannot be done so once you don't have any resources within the VC only then you can delete it now let's try it again the PPC so it still thinks it's in use that's the problem yeah so now we can delete it guys and so it will delete the public subnet
the security groups uh private submit the Internet gateway and the route table delete and done Okay so we've we've created VPC subnets and we've also deleted them and elastic IP as I told you if you create an elastic IP and do not associate it with anything then it will charge you so now the not keep ID has been removed from here that basically means it's ready to be deleted or released so I'm just going to click on release Done so basically we've created everything and also cleaned up everything so this is one of the important
steps when you are practicing because as I told you if you just leave it like that you might get billed So to avoid getting built to just practice in the free tier limit always clean up the resources once you have done with it so guys let's start by first understanding what is elastic bean stock so first of all AWS elastic paint stock Has a platform as a service so that's what you'll have to know first it's a pass and why it's a pass that's why we're going to see so it's an easy to use service
for deploy and scaling web applications and services deployed with java.net PHP and other programming languages and other ways of deploying your code like Docker and you can use various servers like Apache engines passenger and IIs okay so you can do this with elastic bean stock without Having to worrying about the provisioning part that is the infrastructure part so you can simply upload your code to elastic Beanstalk and it'll automatically handle the deployment of your code for you so it will basically so capacity provisioning that is launching servers for you load balancing making sure that the
incoming traffic is balanced the load is balanced and sent to the servers accordingly or Auto scaling the number of servers are Increasing Whenever there is a increase in your traffic and the number of servers will automatically decrease when there is a decrease near traffic okay so these are all done by elastic band software itself and then application monitoring so after that you can also monitor so you can deploy your application then it will automatically handle all the ID stuff for you that is it will provision your servers it will install everything for you it'll balance
Your load and also it will order scale for you and also once that is done the cloud watch will also be connected to it so that you can monitor your running application and the ID infrastructure connected to it so there is no additional chart for using the elastic bin stock tool because you are using the elastic bean stock tool but the beam stock tool is launching other AWS services like ec2 instances or an RDS database or Cloud watch metric or Auto Scaling load balancing so you pay for these resources you do not pay for elastic
beans shock itself elastic bean stock is just a tool which lets you do this but in the background you will get these Services right your servers and everything so you're gonna pay for that so you'll have to know about that so uh know about Talent instance you can basically select whatever an instance you want it's not like a entire controls with AWS you still have control to Choose that so you can select that and you can reduce the cost accordingly as well okay and looking at the features first of all fast and simple to begin
with so the Management console so the console itself is very simple we can just start off by working with it so we will upload your code or you can connect your git repository directly to it or you can upload directly from an IDE like eclipse or Visual Studio yeah you can connect your database one and upload it Directly from there so it doesn't matter how you upload it you can upload it with Asus zip file you can connect it to your git repository or you can upload it from your IDE and it's also very simple
to begin that basically is you just need the code file you just need to know how to package the code file and then upload it that's it so you don't have to do anything else develop productivity elastic green stock provisions and operates the infrastructure and manages The application stack for you so you don't have to spend the time or develop the expertise so basically you don't have to learn how to create servers you don't have to learn how to create databases you don't have to learn how to load balance or Auto scaling so you can
have a theoretical idea of how exactly this is going to happen but you do not need to learn all of these because Beanstalk is handling for you you can concentrate more on your applications Code on how to make it better how to make it more secure and also how to make sure your application's data is always viable so these are things you can concentrate on that's basically developer productivity impossible to outgrow so elastic brainstorm automatically scales your application it doesn't need anything else you'll just have to enable auto scaling and it'll do everything for you
and so basically for example you can use the metrics CPU Utilization Matrix which is already available in Cloud watch which is connected to your elastic green stock environment which you just created so you can use that to trigger Auto scaling actions that is if the CPU utilization of all your instances go above 90 percent you would need another instance to handle it so that's what you can do so basically it's impossible to outgrow the basically means you will always have a server running and your application Will be always available it won't go down complete resource
control you have the freedom to select the AWS resources such as Amazon ec2 instance type processor type to run the workload on that are optimal for your application it's not that they completely select whatever server they want to whatever instance type they want you still have the freedom to select the type of instance type the RDS database type of the load balancer how exactly you want Auto scaling to work the scaling policy everything you can decide but the thing is only thing which AWS controls it creating them provisioning them and deleting them and scaling them
up and down other than that nothing else you can select what type of servers or what type of instances you need but elastic band stuff takes care of provisioning and management okay so these are the elastic build Stock features guys moving on let's look at the workflow of Beanstalk this is exactly how you do it it's very very simple in brain stuff so first of all you create the application so that's done by you so when you create an application that would be let's say version one okay so now you're uploading the version one to
build stock okay we are creating a build stock application and uploading the application you created to that particular application which you have created okay so you've done uploaded the version so once you've Uploaded it and you provided all the details like name of the application what type of an instance you need if you need Auto scaling uh how to trigger it if you need load balancing whatever load balance you need after providing all the details you would be launching the environment so once you launch the environment the environment will be up and running your website
will be a hosted automatically by provisioning a server in which your application is Running on okay so now once it's running then you will be given a console where you can manage your application manage your complete environments every single detail you can manage every single parameter of your environment and also you can connect to cloudwatch and monitor your application monitor your entire bin stock application to gain better insights on how your application is performing okay so now let's say you are making another addition to your Application another feature or you are solving a bug or
you're creating another small upgrade into your tool so in that case what you can do you can upload it as another version of the tool so version two so let's just name it version two so now once you upload your version 2 version 2 would be launched into the environment and that would be the current running application so whenever you upload a new version the older version would be saved and the Newer version would be deployed so if you want to roll back to your older version you can still do that that's why the versioning
is existing so that's exactly why we need Beanstalk for example let's say you are uploading like the 10th version of your application but there is an issue the application is not working properly so now what can you do if you just leave it then people would start losing interest in your application so you can roll back to the Previous version so that you have the last table version up and running and it's working properly and you're now working on what exactly is the issue going on in your 10th version and making sure you Rectify it
before re-uploading the version so this is exactly what you can do with green stock so this is the simplest process of being stuck how you can start with Beanstalk okay so now the concepts the concepts and bean stuff are pretty basic mostly theoretical and Logical for example an application an application is what you create in elastic bean stock the application consists of all the other components it's just on major here it's like a folder with all the other components inside of it so for example the environments the versions the environment configuration so everything comes under
the application application version refers to the labeled iteration of Deployable code so as I told you Every new upload of an application would be considered as a newer version so every single upload would consider as a new version as we told you and that particular application version points to a Amazon S3 object that contains a Deployable code so you can store that code in Amazon S3 or you can just upload it from your local system and it will be stored in S3 for you okay so that's what application version is it's pretty simple next coming
to the environment so Even though application is the complete logical collection of everything environment is where your application is actually going to run you create an environment which is compatible for your application to run for example so it's a collection of various AWS resources so it could have easy instances load balance there's Auto scaling policies RDS instances S3 storage redshift data warehouse so all kinds of AWS resources and each environment runs only one Application version at a time so even though your application might have 10 versions every single environment will have only one particular version
running at any point of time however you can run the same application version or different application versions in many environments simultaneously so this is where blue green deployment comes in so let's say you have an application you can create two different environments so let's say now you are launching the Second version of your application so the first person can still be running in another environment and the second version can be run in another environment and that could be basically sent for testing in public so if the public feedback is fine then you can basically keep
the second version for running and then you can basically upload a third version in the first environment to put it simply so let's say when you're launching your version One it will be running the blue deployment version 2 will run in the green deployment if version 2 in green deployment is successfully running and working and everything and you are successfully transitioned all your customer base into green that's the green deploying this is version two then you can Implement your version 3 into the blue deployment so that now there would be another version running so two
versions would be running at the same Time and you can basically change you can make version 3 your beta testing you can just give access to certain users and then once it's actually running then you can shift complete access to version three and then you can start working on the version 4 and upload the version 4 to the green part so this is basically green blue green deployment and that you can do with multiple environments in a single application next comes a platform so a platform is basically what is Within an environment So within the
environment you can create this particular structure all the AWS resources so inside the AWS resources so environment is a collection of AWS it's not one AWS resource but the platform is basically the resource itself the platform is the operating system of the server inside which a programming language runtime is running a web server is running an application server is running and the other elastic wind stock Components so it could be load balancing it could be Auto scaling it could be S3 buckets it could be RDS database so all of these combine together to form the
platform in which your application is going to run okay so there are more Concepts to Beanstalk actually so uh it's a big list you can just check out the Beanstalk documentation which AWS has provided to learn every single terminology so I'm not going to cover every single terminology here but Obviously I'm going to show you the demo in which I'll be explaining every single step of the process so that you can understand it even better and then you design and Target your web application to a platform so in this case to put it very simple
so you basically design your application completely and Target the web application to a platform so that basically means you have the application already available so you run it on a platform so for example if it's a PHP Application the programming language runtime you would select would be PHP if you built it on a Linux machine and you want to run it on your next mission you choose your operating system as the next mission if you're running it on Apache web server or if you're running it on engines web server you can select it accordingly so
the platform is up for you so you can select whatever you want to use and address everything else being stuck will take care of so the you just Select everything and then once you upload your code and launch the environment everything will get set up by Bing stock so these are the very basic concepts in being stock guys so moving on the Beanstalk environments so essentially there are two different environments web server environment and the worker environment okay so once we've done with the environments we'll be moving on to the console and we'll be looking
into how to navigate through the Beanstalk console and also how to create a big stock application so first we'll start off with a very simple application in Beanstalk and later in the end of the session we'll also be be looking into a simple project where we'll be covering all of these tools okay so web server environment is the heart of the application in the diagram the environment is shown within the top level solid line when you create an environment elastic bean stock Provisions the resources are required to run your application AWS resources created for an
environment includes one elastic load balancer an auto scaling group and one or more elastic compute Cloud instances so this is basically pretty simple so if you look at the diagram provided over here so this is the elastic bean stock environment which is created the elastic Beanstalk environments URL is my app.elastic beanstalk.com so it's a simple URL will Be completely different according to your application name okay so then you have your various ec2 instances so in this case there are four ec2 instances in which a web server is running web application server is running your application
is successfully running Within These servers so those servers will already obviously have a security group which will act like a simple firewall which has a set of rules which allows certain traffic inside and Certain traffic outside so you can have a security group we already if you want to know more about security do you can check out the easy tutorial or you can check out the VPC tutorial which is already available in our Channel now coming to the next part which is the auto scaling group so now these instances will be created within an auto
scaling group why because if they are individual instances in that case you cannot scale them up you will have to Create it manually you'll have to increase the number of instances by yourself and decrease the number of instances by yourself but you do not want to do that you want to automate that whenever your CPU utilization of your current instances are increasing above a certain level you want to increase the number of servers okay so for that you can use an auto scaling group and these instances are created within the auto scaling group okay and
Then the auto scaling group is connected to elastic load balancer so why do you need an elastic load balancer so let's say inside your auto scaling group there are 10 different Eco instances running what if all of the incoming connections go to just one single server other nine servers are still running and but they are idle and nobody is using them so it's a waste of money for you and also once a particular server will be getting loaded with your incoming connection Requests and your application might crash okay so because of that you need an
elastic load balancer which provides you various options again again we'll be looking into elastic load balancers separately in this particular course so don't worry about that so load balancer has multiple options and you can choose from them so the basic task of a load balancer is to balance the load within the auto scaling group okay so it basically whenever the new connection Comes in so let's say there are four instance is here and let's say 100 requests are coming in a traditional load balancer will basically work like this the first incoming request would go to
the first instance second would go to the second instance so in this case if there are 100 incoming requests each server would have received 25 requests so that is basically a traditional load balancing but this doesn't work in really high traffic environments like For example amazon.com so there this particular traditional environment wouldn't work so what if somebody's somebody refreshes the page it goes to the next server so if there are more people on one single server that's not a good idea so for this you can have a different kind of approach in elastic load balancer
there is application load balancer and there is Gateway load balancer which is recently introduced there is Network load balancer so Application load balancer simply does gives you a different approach in which you can create multiple Auto scaling groups so each Auto scaling group will have multiple servers so each Auto scaling group can be concentrated for one feature of your application so inside the first Auto scaling group let's say the blog site of your website is available in the second Auto scaling group the video uh the streaming service is available so let's say example.com Blog will
be an auto sharing group one example.com videos would be in Auto scaling group two so now whenever somebody is searching for example.com blog they should be taken to the auto scaling group number one whenever someone is searching for example.com videos they should be taken to the auto scaling group number two so in this case you successfully balance the load of incoming users for particular features of the application this way you would Know how much of your how many users are using a particular feature and also you would basically load balance it even better because they
are already in an auto scaling group if the incoming requests are increasing the number of servers will also increase but also as yourself segregating with them as teachers in that case your application would be completely balanced and it will be completely working fine if once one particular feature is not working Properly then the other one would be working the other users would working with that particular feature without any troubles okay so this is basically a simple web server environment so this is basically the environment which is the heart of the application which is told without
a web server environment you cannot have a beanstalk environment but without a worker environment you can still have a green stock environment but again worker environments are basically Used for backend processes this is completely the applications fronting so you create an application so this is to access the application your application is running within the ec2 server and everything else is happening so an incoming connection is coming it goes through the Route 53 domain name it does DNS resolving since the request to elastic load balancer load balancer figures out where it should send the request it
sends to that but doing Auto Scaling group and within the outer scaling row it chooses the ec2 instance to send the request to so once that is done the application would be shown to the user who has searched for it okay but when it comes to the worker environment in this case what happens is it's the background process which happens in the application so let's say this application is a image conversion application you are uploading an image and you want the image to be converted Into a black and white image so now once the person
uploads the image and clicks on make some changes to this particular thing so there is a button to change so here's clicking on the change button and then you can have background process that is the worker environment which is running to make sure this particular file runs for example include an auto scaling group one or more easy to instances and an IAM role for the worker environment elastic green stock also Creates and Provisions and Amazon sqs Q if you don't already have one I'll tell you what exactly it is used for don't worry when you
launch your work in environment elastic Beanstalk installs and necess Siri support files for your programming language of choice and a demon has a Daemon service on each East to instance how to scaling group so basically what exactly happens here is it creates you an Amazon sqsq so why do you need an sqsq sqsq will basically Align your incoming requests so for example let's say there are 100 users currently trying to change basically uh requesting for an image conversion in your particular website so now all of those requests would be added to the queue as individual
messages in a particular sequence so now that particular sequence then the queue would be pushing one by one into the worker environment okay so this is the web server environment so once the Application is running inside of this and when they upload their image and click on it it creates an excuse message with stored in the sqs queue which is sent into the worker environment one by one and here whatever process you have mentioned will automatically run and then it will send back the sqs message that this particular task has been done and then the
application would be it would be shown in the website all the other processes can be done in the AC to Application itself in the web server environment that is your background processes also can be done in the same server but again that will cause more load on the server right so it's running the front end on the back end on the same servers will cost more uh problems so in that case it's better having a worker environment or just configuring another server just for the purpose of backend okay so this is basically a worker environment
which is used for the Daemon and background processes so this is basically the worker environment it's not connected to the internet so if you see the classic green stock application the web server environment should be accessible from the internet because people are going to view your website but the background one which is the worker environment is not connected to your internet okay so it's connected to the cloud watch and our scaling groups and yeah so basically it's internal Within the AWS environment and it does not go so this is basically the environments guys uh so
that's it for the theory if you want to learn more theoretical concepts of elastic websock there is a lot to learn actually you can basically learn all the concepts directly from the Amazon documentation as of time constraints we will not be covering every single topic so I just wanted to give you the brief of all the important topics in Beanstalk and so one Of the most important topics the environments because without the environments nothing else could work in Beanstalk and then I gave you the basics basic concepts about bead stock and then we also looked
into the basic architecture right on the basic workflow of being stocked so now this is what we're going to do we're going to open the Management console and what I'm going to do is I'm going to show you how to navigate to the Brainstock console once that is done we would be creating a bin stock application so inside the Beanstalk application we would be creating an environment which would run a sample application which is already provided by Beanstalk so this is this first thing we'll be doing this is to show you how to create an
application how to run a create an environment and how to basically monitor how to manage how to configure your application your Beanstalk application so after that we can see a manual creation that is uploading your own code into beam stock so we'll be uploading a simple hello world or a simple PHP file into build store and checking how it works okay let me open the Management console now so guys I've opened the Management console now let's start with the demo so the first thing you'll have to do is search for elastic beam stock or just
go to all services and over here under compute Services you will find elastic being stock because green stock is a pass service but again it comes under compute because using Beanstalk you're uploading your code and it will create you uh servers and other AWS resources and that basically comes under the compute part right so compute so you can just select elastic bead stock okay so this is the page which you'll arrive at to the left you can see there are environments there are applications and change history so Applications are the one which you'll have to
create first so environments are within the application because application is The Logical entity which holds the entire application and multiple environments can be within an application so applications should be created first and inside the application we will create environments and there is change history so this is basically about what exactly was changed in the binstruct application in which Environment what exactly was changed by which I am user if you have multiple IM users I'm directly using it from the root account right now I'm not using it from any IA user so that is the change
history okay so also you can see right now AWS grab it on it's a instance type which is a very powerful instance type and it can offer up to 40 Better Price performance over the comparable x86 processor so if you are going to host an application a really powerful one if you Want to go if you are going to do it for a project so in that case you can go with AWS graviton but please check the prices these are pretty expensive uh instances if it's just for a practice you can just go with the
basic one t2.micro or TD dot medium or something similar if not if it's for a project then you can check out the prices very carefully and then choose the type of instance you need okay so then uh you guys know about the regions so I'm just Gonna select create application so this is the first thing you can do so you can see getting started launch a web application you can learn how exactly to do that over here so that's what I want to take you through okay so first click on create application so the first
thing you'll have to do is provide an application name so I'm just going to provide it as Clear app one so this is the application name I'm providing so up to 100 Unicode Characters not including forward slash so forward slash will automatically be included in the application so you should not include that in your application name just create a provide a normal name so why slash because your application will be hosted in a Linux server if it's hosted in Linux server it will have the path slash in your application's name right so so that it
will automatically have a forward slash so do not provide slash in your Application same so that's the first thing second is the application tags so this is more of an optional thing you can provide one or if not it's not required I'm just going to provide one name an app so let me provide something like HP app okay so it's just a simple one all right okay so this is basically the application tag guys okay next option is the platform so this is the important part so you'll have to choose the right Platform which you
need to host your application so let's say your application is going to be run in Docker so then you'll have to select docker so if your application is going to run the runtime is Java then select Java if it's node.js select node.js if it's PHP select PHP so according to your runtime requirement select the platform so there are so many different platforms available so these are the available platforms Tomcat Ruby python PHP node.js Java go glassfish Docker and Dot net on Linux and Dot net out in Windows so I'm going to go with PHP and
then you can select the Performing type so which version of PHP so let's say your application supports a holder version so you can still select the older version It's deprecated but it still will work for some time until it's completely close and then there is 7.4 as well and then PHP is the same thing you can Select the version which you require okay so I'm just going to go with the latest version and then platform version so this is the platform version there is only one version available so there is no other type of versions
in the platform so why do you have a platform version is because let's say they might make an addition or they might install another package or they might update the platform and then they might have another version of the same platform of PHP 8.0 and in that case it would be 3.3.9 which would be the recommended version and 3.3.8 will still be available so accordingly you can choose the version which you need but right now there is only one version so if there is no need to choose anything you can just go with the one
version available under the sample application so I'm just going to select the sample application because I don't want to create my own applications right now I'm just going to Show you how to do the entire process then later if you want you can upload your own application right so sample application and then that's it this is the information required much more than enough and then create application so there are more options actually so I want to show it to you so let this be creating so let me go back and let me click on create
application so scalar app to Sample application so let this everything be the same I just want to introduce you to more configuration options so it's not that you can only select these configuration options while you're doing it at the beginning you can also select it once the application is created so you you we created scale and app one right so later once the application is created you will still have a configuration option you can go to the configuration and you can modify The configuration settings once your environment is created as well so no problem with
that so let me just do one thing so an environment is being created right so this is the application we've created and the application has created an environment within itself so you can see there's the configuration option so this is the option where we can go and change up the settings to modify these settings so uh it's launching the environment so that's why we are able to See so these are the things so it has checked the health so the environment is creating uh S3 storage bucket has been created so why do we need this
because all the logs will be stored over there and a Target group has been created so why Target group because bin stock will be having a load balancer so as we know about the architecture there will be a load balancer which is connected to an order scaling Group which has all the Ec2 instances within it it can have one or more easy to instances but the point of contact for anybody would be the elastic load balancer so that's what is getting created first right now there are no instances new instances will be created okay okay
so now let's go back scalar app to this was not created so I'm just gonna Let's uh once again I'm just gonna delete it and create a new one Scalar uh two sorry wrap three now let's come from starter here you can create an application then you can open the application and create an environment so that also can be done okay so scalar three eight create one new okay so which web server we need so we do we need the web server environment or do we need the worker environment so I'm going to go with
the Web server environment so you can see the difference also provided web server is a standard applications that listen for and then process HTTP requests typically over port number 80. workers are specialized applications that have a background processing task that listens for messages on an Amazon sqsq so worker applications post those messages to your application by using HTTP so you can select whichever environment we want we Already discussed about these two so I'm going to go with web server okay so now you have the other option so this is the options we got right first
you can provide your own domain name over here if not you can just leave it then select the runtime so I'm just leaving it at sample application for now and then configure more options so this is what I wanted to show you okay so the first option is presets so usually when you create an application At the beginning the application will be launched in a single instance format that is the free tier eligible format so the load balancer the auto scaling group the Eco instance everything will come under the feed tier eligible category so you
won't be Builder you won't be charged anything for creating a elastic beadstock application right so that's basically it and then you have single instance using small instance so spot instance is basically buying an instance Or having a dedicated spot instance which you can purchase on P2 plus so we don't have that so we don't we you don't have to use that if you do have a small instance then go with that or you can just select it and it'll automatically create one or get one for you and then High availability so these are again presets
guys so high availability in the sense there will be multiple instances High availability using spot and on-demand instances so it will be a Combination of spot instances and also on-demand instances which will get created whenever you need it and then there's a custom configuration so custom configuration is what you're going to select you can basically edit whatever you want over here you can select the type of instance you can select the capacity you can select whatever you need so for example let's say if I select single instance create eligible so the available experiences types are
T2 dot micro integral that's all so I'm gonna go with high availability one to four instances so let me select this yeah so capacity right now there is uh no so because there is only one instance single instance using spot instance again there is nothing but the fleet composition is what to go with higher availability so again a load balancing Auto scaling will be Created and on-demand instances with the fleet composition and there would be one to four instances minimum and the entire ability it would be compile combined purchase options and instances and then finally
custom configuration you can go ahead and edit everything you need okay so you can select the type is it going to be a single instance or you want it load balanced so once your application launches what should be The minimum number of instances running so let's say you want at least two instances running all the time behind your elastic bootstroke application you can provide the minimum as to and according to the increase in traffic you want the maximum to be 10 you don't want more instances than 10. if you have Peak traffic the number of
instances can maximum go up to 10 instances and then here you can select the fleet composition you can go with on-demand Instances or you can go with a combined option of purchasing a spot instance and also having on-demand instances so let's say I want fire on demand instances on demand above base so again I don't want T2 dot small I just want tinder.micro because Theory dot micro is the only instance which is under the free tier eligible category so if you're practicing do not select any other instance type just go with T2 dot micro for
practice Okay so default the on-demand price for each instance type so it will automatically figure out what instance uh what cost is already set for that particular instance so or you just select on demand instances it will automatically choose everything over here so the maximum number of foreign demand instances that your auto scaling group Provisions before considering spot instances so what basically means is so let's say according to the increase in Traffic so for now the minimum has been provided as two instances at the beginning once you launch the application there would be two instances
running so let's say the traffic is keeping adding up so in that case right now there are five instances created on-demand instances so the sixth instance in this case would be a spot instance it would not be an on-demand instance okay so that's basically it okay so now capacity rebalancing so Specifies whether to enable capacity data balancing feature for spot instances this option is only relevant when enable spot is true and the AWS easy to instances namespace and there is at least one small distance so if you all want to enable this it only makes
sense if there are spot instances in your auto scaling group if not it doesn't make sense you don't need it because it doesn't rebalance the capacity okay all right so I'm just Going to click on letter B because we're not going to create it I'm just showing you and then there are two types of processes available now usually there was only the x86 processor available but right now the arm 64 is also available the graviton processor so now you can select what type of a gravity on Resistance you need okay but again remember that this
is much more expensive than the x86 processor but it provides you a better Performance but again if you are going full only practice just go with the td.micro instances okay so then the Ami you can select the Ami over here you can provide the Ami ID so the Ami ID decides what instance what operating system is going to be launched so you can provide the Ubuntu instance you can provide the Amazon Linux you can provide the sentos you can provide the seo0 index so whatever am I you need you can provide it over here you
can just Copy the Ami ID from the documentation and paste it here according to the Ami you need and then availability zones so let's say you can travel this any or any three so in Norco engineer there are six availability results so if you want to use any three of them then you can provide us any three but I'm just going to provide as any and then you can select the types so placement specify availability zones to use okay so you can select whichever availability Zone You want you can select all six or you can
select three of them or you can select just one of them it's totally in your hat okay so you can select any three and then you can select the all the available results and it will only use three from this four which you have selected okay so that's basically what any three is then if you're selling any two it will only take two from these okay so I'm just going to provide any And I'm going to select like these four okay so now metric scaling triggers so this is one important part so how will elastic
being stock know when to increase the number of servers and when to decrease the number of servers so that's where scaling triggers comes into place so you'll have to select a metric which will for monitored constantly by cloudwatch and accordingly it will increase the number of instances or decrease the number of instances so I Would suggest you to go with CPU utilization you can select the other ones you can select latency you can select Network and network out so whatever you want so I'm going to select CPU utilization over here and the statistic is going
to be average so if the average of all the instances so you can also select the maximum or the sum the total CPU utilization of all the ec2 instances available in the auto scaling group or The average of all the instances available in the outer scaling group I'm just going to go with average we can also select maximum so maximum will basically be if one particular instance has 90 above 90 percent of CPU utilization it will automatically create another instance so you can go with maximum or you can go with the minimum value as well
so I'm just going to provide average and the unit is going to be Percentage okay because why it should be percentage is because its CPU utilization is measured in percentage and let's say whenever the average CPU utilization goes about 85 percentage I want a new instance to be created but whenever the safety utilization goes below 25 percentage I want an instance to be reduced so and again you will select the period so it will monitor it for a five minute period if the value Stays above 85 percent for five minutes only then it will create
another instance so that way it is cost optimized you can decrease the number of minutes it takes to evaluate that you can increase the number of minutes as well if you know how your application works if you think it will be the the high kit traffic would last for five minutes and then go away and then there won't be any not much traffic for another hour in that case you don't need To create another instance you just need to survive that particular five minutes so for that five minutes you can basically increase the period and
it won't create one Bridge duration the amount of time a metric can exceed a threshold before triggering a scaling operation so again so this is the period mid green metric evaluations so let's say if it's five minutes so the first time it records the evaluation it will be right now and after five minutes There will be another evaluation and then after five minutes there will be another valuation so you can reduce it up to one minute so it cannot go below one minute so the minimum is one minute and the breach intervals so this is
the time which decides if the CPU utilization stays above 85 percent for five minutes only then the new instance will be created if it stays above 85 a percentage for four minutes a new instance won't be created Because the breach duration has not been achieved so these are the configurations which you can modify okay so then I'm just going to save this I want to show you other configuration options so database will create a database right from here if you have a snapshot to create the database you can select it if you do not have
a snapshot then you can create a new database instance directly from here which will be attached to your ec2 instances which are getting created In the elastic beanstack application okay it's pretty simple you don't have to create an external RDS instance and then connect it so let's say if it is in a different VPC you'll have to do VPC peering so it's it's you don't have to do that you can just create an RDS instance within the elastic green stock application itself so if you want to know how to create an RDS instance check out
the RDS tutorial from our channels and then so this is The instance type and then you can select the software so here you can provide the environment properties for your application okay so I came back so it's fine uh and then we'll view more configuration options sorry you just want to go with Java and then there is a load balancer right now it's not required okay security you can basically provide a key pair right you can provide a key pair so if you Provide a keeper that will let you log in into your easy resistances
which are launched beyond the classic Beanstalk which are provisioned for your elastic real start application you can select it accordingly okay and then there is change platform version so this is we've already seen and monitoring it's enabled enhanced monitoring is enabled over here managed updates notifications so you can provide an email over here whenever there is an Important event happening let's say a new instance got created an instance got deleted the RDS database is down or something like that all those notifications will be sent to that particular email address Network so this environment is not
part of a VPC yet so you can select the VPC and you can select the subnets for the instances and the databases accordingly okay so these are basically the settings guys so now let's go back to the environment which You have created okay so this is the environment name you let's open the environment so the environment is successfully running okay so you can see here right okay so if the health is okay that basically means the environment has launched successfully and it's surrounding successfully so this is the URL which you get so this is the
name dot us east1 which is the region it is running in and Dot elasticqueenstock.com so the name is Scalar app one and the environment and this is just a particular version ID for your particular application which you uploaded so then you can just select it and then you can see a PHP application is running in your elastic beam stock application so your AWS elastic bean stock PHP application is now running on your own dedicated environment in the AWS Cloud you are running PHP version 8.0.8 the environment is launched with elastic Beanstalk PHP platform so if
you Want to learn more about it you can just click on these things here you will get so this will basically take you to the documentation right okay so here then if you want to modify this you can modify everything right from here itself if you want to start let's say you made a minor change in your modifications and it's not reflecting on your servers you can restart the application service right from here if you want to rebuild the Environment from scratch you can do it right from here let's say if there's a problem while
creating the Amazon went down or something and then if you want to create an environment which is very similar to this then you just click on clone and environment provide the name and you can clone it it will create a very similar instance uh similar application okay so this is basically it and also you can save the configuration which you have created with all the Applications and stuff okay so now let's do one thing let's just get a very simple uh BHP code which just says hello world and then let's upload it and see how
it works right okay okay so now I have this simple code which is just a simple HTML file with a H1 tag which is a PHP code so okay so our file could just be this or it would be this HTML file I just saved it as index.php so I'm just going to upload that file But before uploading that file what you'll have to do is you'll have to zip this file and then upload it only then it will work okay so that's what I'm going to do right now so let me just open so
the file is here so what we'll have to do is we'll have to compress it so index.php dot zip so you'll have to directly compress it you should not basically put it in a folder and then compress it So uh it has been zipped right yes so now what we'll have to do is I'm just going to upload this file so upload and deploy so choose file so I'll have to go here and select the zip file okay selected you can change the name if you want I'm just going to provide hello world one and
deploy and now the application will take some Time to deploy and over here you can see all the recent activities which are happening or you can just click on view events and again environment update is starting right so the thing is if this goes red and if there is a caution or a problem then the application isn't working so that's basically what it means if not the application is working so if it comes back to a tick and okay then that basically means it's working so right Now it's in the info stage info stage is
when there is an application update which is in progress okay state is when everything is fine and then there would be a third state which would show a red which would be the question state so deploying new version to the ec2 instances which are available so in this particular application there is only one ec2 instance so that we can check out in the configuration as well so you can see over here Let me go over here so max is four okay so it has created a load balancer it has used a multi-load balancing so T2
dot micro and t2. small load balancing comma Auto scaling so that's what you'll have to make sure before you start make sure that you provide the right type of configuration you need if it's a single instance board it has a single instance if you just want to go with an easy way you just want to create it and see if it works or Not then go with the way I did okay so now the application uh it's showing Health it's okay so if it's okay that basically means it's successfully running so we just click on
this and the new application would be short so now you can see hello world is being shown so that basically means we have successfully created our application and hosted it so now this particular application could be any application right so I just hosted a simple static Hello World website so it could be any Dynamic application yeah so that's basically it guys so it's very simple so you can also do the same thing you can practice and go through with this particular demo you can also do it it's pretty simple as I've already shown you guys
so that's it for the elastic Beanstalk particular session so we've covered all the theoretical paths and also we've covered the Practical Parts I hope you understood all of this and few Things I wanted to show before I end this particular session is that the logs and the monitoring okay so these are the things which I wanted to show to you guys and also the application version so let me click on application versions so here you would see every single application of the version which has been uploaded so if you want to go back to the
sample application so let's say you upload a hello world one and let's say you're uploaded hello world 2 now And then hello world 2 is not working so you can just select hello world one and click on upload and it will do a roll back to this particular once you can deploy it or you can upload a new one so you can just select it and deploy and it will automatically deploy the older version of your application right so you can save the configuration as well so right now there are no saved configurations if you
want you can save this particular configuration So just click here and save configuration so what happens is so let's say you can delete the elastic bean stock environment and later you can just open the configuration and select the configuration and launch the instance so you can just launch the environment over here without even having to run your elastic bead stock application and then application environment so you can just click on the environment to check out the website This is the first option second one is the configuration which we've already gone through third one is the
logs so right now there are no logs you can request logs directly from here the last 100 lines and it will provide the log file directly over here and I can just download the log file and check out the logs to understand what exactly when if there is a bug if there is a issue if the application is not running in that Case you can download the log file and see what exactly is the problem in your code or what exactly is the problem the server and then health so this is basically okay or so
what particular state it is right so it could be in okay it could be in info or it could be in the red one which is the question so that basically means it's not working and then monitoring so over here it provides you a very detailed metrics are provided right so detailed explanation Is power row here so this comes under enhanced monitoring if you have not enabled enhanced monitoring this won't show so I'm just going to use one hour time range and it's in one minute okay so healthy host count so there are uh there
was only one so Target response time so whenever we launch the website the target response time took 740 microseconds so it was pretty quick right because it's a simple website it doesn't take long time to read some Requests the total was five right now the CPU utilization is only 0.7 percent because the application is not CPU intensive it is not memory intensive and how much Network came in how much Network went out and over here environment health so over here you can see that it's currently it wasn't okay and then it was an info and
then it went back to okay once again It was not in any other any other health code okay uh response time is shown here what is the response time so the sample application took this much and then this one was the first time which we selected so it took a little more time but the second time was much quicker because the application has been already loaded for us CPU utilization is shown here uh some requests has been shown here when was the request being made so this will give you a better idea of how many
requests Are coming into your elastic Beanstalk application Max networks and Max networks out everything is provided here and you can edit it and add another resource over here so okay so you want to check how the the auto scaling group is working and you want to check say the disk read bytes so you just select that and add that and so that particular thing would be added over here so there were zero bytes red so that's what it is showing over here So you can add more and you can also delete them if you don't
need it you can just click on the X and it'll get deleted and yeah so this is basically the yeah so this is basically the monitoring part and then you can set up alarms right now I'm not going to go into it we'll check out that in the cloud watch tutorial and then you have managed updates and you have events okay so events are basically which I showed you right events will show you what Exactly is going on in the environment you have these are the different types of events so debug there is info so
most of it was in info and there is okay which already our application is in info and it's not a particular event and then there is one so one basically means there is some error but your application is still working but error or fatal basically means so error basically means your application is not working hard out fatal means your application is Completely not running so these two uh has are the severity okay done so tags we already know what tags are so I've provided certain tags uh over here this is the environment value so you
cannot change that you cannot change the environment name you cannot change the application name you can add other tags to it okay so this is basically it guys I think I've covered everything under elastic Beanstalk how to upload the Health monitoring platforms versions yeah so I've basically covered everything in elastic Beanstalk that's it for this particular topic elastic Beanstalk we'll be covering more topics in this particular tutorial so guys the next tool we're going to look into is cloud watch so cloudwatch is basically a monitoring tool so we'll be learning this and then we will
learn about Auto scaling and elastic load balancing so we just completed Beanstalk so why we were Learning Beanstalk and other tools like ec2 RDS we saw the monitoring tab which had some metrics right so you get the metrics from cloud watch so that's the tool we're going to look into so cloudwatch basically monitors here ews resources and the applications you run on AWS in real time so you don't have to set up your own monitoring tool AWS already has an inbuilt one which is cloud watch and it monitors all the AWS resources in your AWS
account in real Time and you can gain basically get those metrics and attract those metrics from the cloudwatch dashboard so the home page automatically so once you open cloudwatch the home page will automatically have all the metrics for every AWS service you use so you can select the AWS service and then go to one particular let's say you want to check metrics for all the AWS Services used all together you can check that if not you can select a particular resource And then check that particular resources metrics also you can additionally create custom dashboards to
display metrics about your customer applications and display custom collections of metrics that you choose then you can create a dashboard which will have various metrics which you just want to be there in those particular dashboards for example let's say you created an application which has which is using around four different AWS Reserve Sources so you just want to see around two to three critical metrics in the dashboard of every single service so you can create a custom dashboard in which all of these metrics are shown and are available okay so that's what you can do
so this is basically cloudwatch there are certain Concepts within Cloud watch that we will discuss so so this particular diagram pretty much summarizes the entire operation of cloud watch right so Amazon Cloud watch there Is uh collect monitor active analyze so Amazon Cloud watch complete visibility into your Cloud resources and applications it's the tool which gives access to the readable sources okay and then collect the first thing cloudwatch does is it automatically collects the metrics for you and the logs for you and it stores in so basically it keeps showing that in real time um
then so by using cloudwatch from the collected metrics you can monitor and Track the services so while you're tracking the services if you want to create a trigger or create which is provided here as an act an automated response to a certain task you can do that for example cloudwatch events or Auto scaling so Auto scaling in this case what will happen is let's say whenever the threshold goes above let's say 80 percent the CPU utilization you want one more server if the CP utilization goes lesser than 20 to 30 Percent then you don't need
that one more servers okay so you basically want to terminate it so that's what act is and then comes analyze so use one second metrics extended data retention and real-time analysis and Cloud watch metric math so you can also enable analyze uh so basically what happens is it will charge you a little more there is something called enhanced monitoring which will provide you even more metrics and better analysis of the tool and so With this particular data you can send this data to an external source and use it there you gain application monitoring through Cloud
watch which is running in AWS you gain system wide visibility there is that is the entire AWS account can be monitored using a cloud watch tool doesn't matter which region it works for every region or resource optimization so according to the Matrix and the tracking you can understand how a resource is performing and accordingly You can set up your results us like that you can optimize your resource for that particular task and then unified operational health so this particular thing is once you get in all this so unified operational health is the entire operation the
entire architecture is working properly without any fault and it's not going to crash out it's going to be highly available so this is the basic of cloud watch so now how does cloud watch work so Amazon cloudwatch is basically a matrix repository so it basically is that a repository which has various metrics of all the AWS Services which you are using so it automatically collects and has the metrics you can just go to cloudwatch and view those metrics for example over here let's start from the left side no I just wanted to say this okay
enable the server such as ec2 puts metrics into the repository and that particular Matrix can be retrieved using statistics okay From the Management console or the consumer statistics or you can use these metrics in order to set up an alarm which could send a email or which could basically create auto scaling okay so now looking at the diagram it starts off with the resources or your custom data so let's say you are connecting your own on-premises data on-premises server cloudwatch can still be used to monitor it so those metrics will be available at cloudwatch so
what's the metrics are Present you have various things to do you can generate logs you can create an alarm you can use the available statistics and put them all together and create a different statistic and download it and uh yeah so you can do all of this so this is the basic architecture the metrics comes in from the resources which is stored in Cloud watch using the Matrix you can create certain triggers and alarms or you can download them as statistics where you Are putting multiple metrics together so this is basically how cloudwatch Works cloudwatch
components some of the important comments are namespaces matrix dimensions and alarms so coming at namespace namespace is a container for Third Watch Matrix for example Source right for ec2 uh there would be a namespace so it would be like AWS ec2 or there would be a namespace under which you can find all the metrics for the easy to Resource so that's basically Namespaces metrics in different namespaces are isolated from each other so the metrics from different applications are not mistakenly aggregated into the same statistics okay so even though it's AWS ec2 inside that you will
have segregations of let's say you have 10 servers for all those 10 servers you'll have different set of metrics so that you don't get it jumbled okay and then metrics are the fundamental Concept in cloudwatch so Metric represents a Time ordered set of data points that are published to cloudwatch so the time will be provided here and the data points will be provided here so accordingly it will give you a graph and think of a metric as a variable to Monitor and the data points are representing the values of variable over time so whatever variable
it is in the y-axis the x-axis is always going to be time so everything is going to be compared with the time right and Uh yeah so you're basically monitoring a particular value which is against time that's it and then coming to Dimensions Dimensions is a name or value pair that is part of the identity of your metric you can assign up to 10 Dimensions to a metric so inside a metric you can assign multiple Dimensions from various different resources so let's say there are 10 easy to instances you want to compare CPU utilization of
all of those instances you can now put all the all of Them together so there will be 10 Dimensions within one particular menu so that's basically it's a dimension and finally coming to alarm so from the name itself it's waking up something or triggering something or initiating your action normally an alarm is used so that you wake up get up so that's basically it initiating something so you can use an alarm to automatically initiate these actions on your behalf an alarm watches a single metric over a specified period Of time so let's say you want
to watch CPU utilization for five minutes of time time and whenever the CPU utilization goes above 80 percent and stays there for five minutes then you want to create one more instance so this particular statement could be converted into an alarm an alarm could be created for this exact same purpose and it performs one or more specific actions based on the value of the metric related to the threshold over time so these are the Very basic components we learn about more components when we are basically doing the demo we will understand it even better cloudwatch
home page so this is how it's going to look but they have used a lot of services so that's how you are gaining all these Lambda aggregation duration error report there is a custom metric which is in the default dashboard custom metric 2 custom metric Phi and then RDS postgres right a throughput CPU on Application what is the CP utilization in the application so basically we change the name over here also so we give any name you want to the alarm and yeah so this is the basic dashboard which will be presented with and then
you can create your own dashboard separately which will be an option in the left side once if we open the dashboard so yeah so that's what we'll be covering in the demo guys so yeah so the next we'll be looking into the demo So before that I hope all of this is clear and so now which is the tool which you'll be using for logs in AWS basically for APA tracking APA management and login which tool do you think would be be used okay I'll give you a few options so it's a cloud watch can
we use cloud watch for API logging or is it cloud trail or is it Athena or reset redshift cloudwatch cloudtrail Athena or Richard so that's it guys so we'll look at the demo now so guys let's Start with the cloud watch demo let me first open the cloud watch console it's a cloud watch monitor resources and applications okay so now I'm in the north originate region obviously it will show all the metrics for the north originate region but I do not have any services or any resources running currently so because of that you cannot see
if any recent services are available there and one more thing is that so this is a new Interface let's see what's different okay it's pretty much minimalistic version of it so yeah so if you have any recent alarms that and all will be shown here if you have any metrics which you wanted to be shown here which can be shown directly right here and then the other things which you'll have to discuss the first one we already know about dashboard so over here you can see that I have some dashboards which are available uh monitoring
dashboard Succeeded bills fail bills and YouTube libraries and yeah so basically these are old Dash boots very old dashboards let me just show you uh so I'm just gonna delete it okay so dashboards where you can create a dashboard and add multiple metrics in one single dashboard you can increase or decrease the size you can add relevant metrics you can add metrics for a particular ec2 instance and you can do all of that okay so I'll Do one thing before we move on I'm just gonna create an easy to uh instance so that I could
show you how it is reflecting in Cloud watch right so I just wanted to do that so I'm mostly going to leave everything to default I'm not going to change anything it'll be on launch launch I already have a key pair tutorial key in my laptop so I'm just Going to use the same if you want to know about Keepers how to create them how to use them then check out the first part of the video If watch the first part which is the ec2 part and then you can come back over here some launching
the instance let me okay now let's go back to cloudwatch all right so now then there are alarms let me explain them one by one we I already gave you a simple explanation about alarms but let me give you a Better one okay so now alarm has three different states alarm State insufficient State and OKC so alarm state is when the threshold which you have provided has increased or decreased so according to the condition if the condition you have provided in the alarm is true then that basically means it's in an alarm State and then
coming to insufficient insufficient let's say the resource is stopped if the resources stopped then metrics won't be getting Generated because there is no way of monitoring a stopped resource right so if there is no data to evaluate then in that case but still the services or the resources available then that is insufficient date or when you start or create any alarm it will automatically be insufficient State because once you create an alarm it won't have the right data points to start with so first it will take a minute or five minutes to gather all the
inputs and only after it Gathers all the data it will change to a okay or an alarm State according to the condition so if it is within the threshold limit in that case it will be in an okay state so alarm state is when the trigger happens okay so these are the three different states and alarms and you can check out if any alarm which you have created is in a alarm state it will be in the in alarm State then you can check out alarms which are in OK State and which are in insufficient
State so yeah any state is basically you can see all alarms and what type of alarm is it is it a composite alarm or a metric alarm and there is one more type of alarm which is a building alarm so let's say your company has decided that 1000 dollars per month is the budget for AWS after certain considerations so now let's say you want to exactly know when you're nearing thousand dollars so you can set up a billing alarm which will notify you when it's at 800 or notify You at 850 dollars and yeah so
basically whenever you want to get notified you will get notified in email notification so you can provide the email where you want to get that particular mail so now we'll be I'll be also showing you how to create a normal alarm and also building alarm Okay and then next coming to logs so logs are basically groups of logs generated for every single aspect of a resource so over here I was running a Lambda function and let's see so these are basically basically the logs whatever is provided in the code will be run so these are
older events so that's what it's showing here so as they are older events it's not able to process it because it's very old it's 2019 so let's see if there is something which happened let's see this one month ago even this looks pretty old okay retention period is one month there is Never expires let's see this okay so this is a log stream so it was in a stream there will be multiple events Yeah so basically if you give the time all the logs will be shown so uh it's according to the date when you
run it right so if you run it from the number of 2020 to January of 2020 all the metrics will be available only within that period so that's why it's not being shown here and log insights from the Derived logs we can basically run queries in order to find certain let's say if there is an error and you want to check what are the different types of Errors you can create a query for that and you can run a query and when you're running a query you can select on which log group you want to
run so there will be a log group inside log group there will be multiple log streams inside each log stream there will be various log events which are individual tasks and You can basically query an entire log group or you can query multiple log groups so that's what you can do using login sites I think it's a really useful tool when you have lots of logs getting feeded into Cloud watch and you want to basically uh query them before the case was that you can download them and then query them using another tool but now
as AWS themselves have brought in the logs inside so it's pretty simple for you to just create a simple query you can just Check out how to create a query and then just use it over here okay so let's say right now there is nothing so I don't think there will be any result let's see yeah no data found so as there is no so the last one hour there would be obviously no data found let me do one thing so let's provide it as uh 2019 0 6 0 1 I will provide the same
over here but it Will be 20 20 and 0 6 again zero Sun okay so let it be the same let's apply and run the query once again let's see if there is any data at that particular point of time yeah so there was Data at that point of time now you can see all the logs are getting run and uh so fields at time stamp and message sort the timestamps according to so they're sort they are taking all the timestamps they're checking out all the Descriptions and uh basically sorting them uh from the description
and this is the size so this is the size of the files uh over here we can basically quickly zoom in and check let's look at the visualization so that those are the logs that you can add this particular command let's see yeah so you can create a visualization with that particular uh simple thing and you can also change it accordingly so You can provide a line graph a stack area graph so I don't think pie chart would work with this oh it works okay but the thing is it would be individual query so it's
not useful a python won't be useful in this case Okay so this is basically it guys in this case now moving on from logs uh you have metrics so in this case you can check all the metrics so I'm running the ec2 instance right let's go inside and check so so if we click on ec2 it will give you two Options it could be the easier instance could be within an auto scaling group or the ec2 instance could be within an individual instance per instance Matrix so right now we have individual instances we do not
have Auto scaling group so now let's check out the instance ID of the instance we created it is 2B 4 6 at the end so let's see if there are okay so 2B 4 6 over here so you can see this one right so you can basically add that to search The instance ID of your instance which you just want to see the metrics for and it will only show the Matrix of that particular instance okay so that's what we are seeing right now and for example if you want to see if I click on
CPU utilization let's see the CP utilization when it was created was 0.169 percent now it is at 0.067 percent okay and then networking so you can select multiple metrics it will anyway as it is According to the time it doesn't matter so the network input goes from 391 to 781 bytes let's compare it with the network output so the network and it goes to 781 and the network output from 160 went to 523 bytes within this particular time so it was created at like around uh 448 and within 5 it went to this so the
thing one more thing you'll have to understand this understand is this particular timing is UTC not the local time zone so according To your time zone you'll have to increase it so I should basically do a plus 5 30 from this particular time current time which will show here basically you can use the gmv and then Explorers so again so this is basically exploring every single aspect and you can create yeah so over here you can create a metric so basically choosing an aggregate choosing a resource and over here you can see it will create
a graph Over here according to the incoming data so you can basically create charts right in the cloud watch Explorer itself and you can add these charts to the dashboard so before the option was to only add the metrics directly to the dashboard you could not add these kinds of charts or graphs or anything so in this case you can start doing that you can create a graph over here and you can add that graph to the dashboard which you have okay so and then there are Streams yeah you can create a metric screen as
well like how you create a log string and you can store all that data in one single entity and then there is events so events has been renamed to uh event Bridge so it's basically like creating an event and when this particular event occurs another event will be triggered so that basically is cloud watch events so I'm not going to cover events in this particular session because we'll have to Look more into important topics because uh that's what this particular tutorial is about I wanted to give you guys a short and crisp course or a
video which will make it easier for you to learn and follow through the entity review scores okay so application monitoring over here you can see again uh they are checking for traces if there is any application running within the account so it will basically check and show over here and address status response time HTTP method so this is basically taken in from x-ray it's a new service provided by AWS which is AWS x-ray so what they basically do is you can connect them or you can attach them to a particular application they'll monitor your application
this particular tool and it will give you all these details back so you can understand how your application is performing and accordingly you can make changes if you want to make okay so so this is Basically it in Cloud watch and resource Health you can see over here so you can see all the Eco instances over here and if there are any easy to instances which are in alarm so if there are list view So currently there is only one easy to instance with a very less CPU utilization so this is that particular ec2 instance
so if let's say there are hundreds of residual instances you can see the entirety of visual instances over here And you can see the CPU utilization each of these instances right here okay so you can apply the filter you can apply multiple filters like you can only you just want to see the instance State that's a running instances or spending instances and then you can sort according to the CPU that is it will show the lowest CPU utilization to the highest or the highest to the lowest so accordingly you can check out over here and
yeah so you can basically check out HTTP resource Health completely over here I think this is a really useful tool if you have multiple servers running and if you want to constantly have monitor on them so if you're an administrator this would be a really helpful tool for you okay so now I'm going to show you how to create a dashboard and then once we do that then I'll show you how to create an alarm so once you've done that we'll move on to the next topic Auto scaling so we'll Learn that and then I'll
show you how to create an auto scaling Group which in turn will be connected to an alarm which will help in creating more or lesser instances okay so create dashboard I'm going to name this dashboard as selectors number one create dashboard so dashboard creation is pretty simple guys do not worry about it so just provide the name and click on create dashboard it create one then you will be Provided with multiple widgets so there is line stack area number bar Pi so if it's a resource and if you just want to check out the latest
number for that particular metric go with number otherwise number is just a single number which will get displayed over here and if you want to compare two resources or if you want to compare a similar metric of the same resource Google the bar chart again same thing if you want to compare two different or three different Resources on one metric aspect let's say you want to compare the CPU utilization of three different instances something similar so you can go with the pie chart and then a custom widget you can code widgets using Lambda you can
create your own widgets and connect over here and then there is text free text with markdown formatting so this is just the text logs table you can see the entire logs table over here it will keep on updating and if you have multiple alarms You can also have the alarm status over here it will show if it is in an alarm state or obesity or insufficient state so let's say I'm clicking on line let me go to next so what do I want to choose where do I want the data to come in from do
I want it from the metrics do I want it from the logs so I want to trim the Matrix so I'm going to configure okay so first one I'm going to provide that easy to okay so I'm going to the ec2 instance For instance Matrix I want it for the instance which is currently running so this is the instance which is currently running I'm adding it to search and what I'm going to do is I'm going to add into account Network out over here so you can see right Network end went up and came down
was in the last so you can basically reduce the time custom let's say let's make it 15 minutes we can make it 30 minutes just So you can see metric over here once you've added the right metrics let's say you want to compare it with another ec2 instance if that particular Regional instance is available so right now there is no other easy to instance available there is one which is a really old one so let's say I'm adding this to search and I'm adding this particular data in so you can see this right so it
will be in this color but again there is this particular data is not available S number and then again stacked area bar chart so bar chart won't be helpful in this case because it's not against time pie chart so how much Network input and network output so the percentage could be seen here so this is pretty helpful if it's a instance which is having a lot of network input and output so you can add more widgets that's by clicking on add widget and once you've added all the Widgets you can basically save the dashboard and
over here live data do not override or honor yes so you can basically make sure that you also only use live data or if you don't want to use live data if you just if it's fine for you if there is a slight delay but the more accuracy in that case you can just go with just do not override it it'll be fine you can make it the favorite dashboard you can share the dashboard with another user via So if you want to share it publicly it will basically create let's say a URL which can
be viewed by everyone so you can just do that and share it with people who want to view it okay so yeah so then you can just click on Save dashboard it'll be saved and under dashboards you will always see uh this one available so you can share it as I told you so this is this is basically dashboard it's pretty simple just for You okay so now let's create an alarm so to start creating an alarm so before moving on with that I just want to show you how to create a billing alarm um
okay so to create a billing alarm just come to the billing part and click on create alarm let's say I want to see the I don't want to see the estimated charges I want to use a different metric or you can just provide a different metric over here let's say the actual Cost if you know a message you can just check out and put it over here yeah so what I'm going to do is I'm going to go back and go to metrics all there will be billing metrics here I'm just going to close this
there will be billing metrics uh where is that yeah by linked account and service yes I want it by the linked account uh not you can also check out the cost for Individual Services over here you can see you can check out the Password Individual Services as well you can check out the total estimated charge as well for your account how much it's going to be so you can see right it was at 0.17 now the estimated charge has went up to 0.29 according to the usage which I'm doing yeah so then here it's according
to the link service then there is linked account you can check out the estimated charges connected to the link linked account so yeah so this basically the Actual charge which you see here the orange one and the blue one is the estimated charge so it's pretty similar I guess even though uh there's a small uh there are small gaps here and there but they are pretty similar but again yeah so this is basically it so now let me go back to the billing alarms create alarm estimated charges USD I wanted to constantly monitor it for
let's say let's say 1R Not even one hour so as soon as the point hits a certain limit I want it to be the threshold to be working so I'm just going to select five minutes so then you can select so you can here you can select the type of statistic whether it should be average or maximum or minimum so it's just going to be maximum for me so whenever it reaches that particular end category it will basically is it will basically send a notification So you want it to be a static value or an
anomaly detection so let's say if it's going like uh one dollar on the next day it is two dollars the third date is three dollars so that's a constant increase if you're using the uh the same similar services but if there is suddenly a rise to fifty dollars then that basically is an abnormally right yeah so that's what you will have to check in a normal description accordingly you can provide the anomaly Over here so let's say there is a sudden increase in like 15 dollars of from the estimated charges chart then it will automatically
use the greater or less than threshold or if it just to be greater than or just to be less Advanced so you can use an anomaly detection if you're not sure about it but if you're not sure about the maximum uh let's say thousand dollars is the highest for me I don't want my budget to cross thousand dollars so I'm going to provide 800 here So whenever it goes equal to or greater than 800 I'll immediately get notified so data points yeah it's one out of one okay next so now I can as I told
you right you can provide an email notification so you can send a email to a particular uh user so whenever it's an alarm state that is the thing goes above the estimated count then that will basically uh trigger an alarm so now to show that what I want to do is I want to remove this So the estimated charges provided here maximum is 0.29 right I'm going to make this point two so that will basically automatically trigger my alarm so I just I want to show you right if it's working or not so yeah so
that will automatically trigger my alarm and I can show you the outcome if I got the mail or not okay so yeah so you can see right it's over here and the maximum is over here and I want to make it One minute so the data point will be checked for a minute and if it's greater than or equal to 0.2 USD then it will automatically trigger the alarm so next you will have to select an SNS topic so right now I I don't think let me check if there is an SNS topic connected to
my email ID older email ID let me check no so let's just go back here let's just create one create a new topic I'm going to name it as scalar topic and I'm gonna provide the email ID over here I'm just going to provide here and I'm going to create a topic so the topic uh is the main topic and under the topic you can have multiple subscribers so subscribers are basically the email IDs so I'm creating this topic on this topic so this is the mail ID where I'll be getting the email sent to
so now one More thing you'll have to do is so if I come here you can see the pending confirmation right I'll have to open the mail and a confirm subscription okay so you would have received a mail and you should just click on confirm subscription and that is basically uh it so now if I refresh this it should show it has been confirmed yeah so once it's Confirmed you are good to go so you can see here right add Auto scaling option so this is what we'll be doing using autism will be adding that
order scaling action so coming to next alarm name I'm going to give it as building next yeah so we've provided pretty much everything so if it is beyond uh for a minute then I'll be send a mail to that Particular topic which we have created I'm creating this alarm okay as I told you immediately after an alarm is Creator it will be in the insufficient data state so the estimated charges are being checked for an entire minute and if it's created on a greater than or equal to 0.2 in that case I will be getting
a notification arrived here okay so let's see so we have created it we'll see if there is a new mail coming in so I'll start With the next alarm the regular alarm okay so I'm going to click on create alarm select metric so then you can select the appropriate metric unit you can also directly create a billing alarm from here that is easy to for instance metrics so I want to create an alarm for the CPU utilization of the instance which is running so Select metric so right you can say points one six two then
point zero eight right yeah so we were here uh so now let's see it's been time let's see if there's a new notification received so it's still an insufficient data estimated charges so the estimated charges are is higher than the current limit so there should be a mail being sent once it's once it Goes to alarm okay so now let's concentrate on the inner alarm let's do that and then let's basically uh monitor the next part okay so now just create alarm sorry I closed that ec2 for instance Matrix CB utilization not this instance CPU
utilization select metric so CP utilization suddenly increased in The server like from point uh it went to 0.22 percent now on the period to be one minute so if it goes above let's say in our case in this case let's make it point one if it goes above 0.1 then in that case I want it to be if it can continually stays about 0.1 for one minute then I want it to do something some type of an action but in this case I'm not going to add an auto Scaling action because I do not have
an auto scaling group so I'm going to use a Easy rule action and whenever it does that I want to terminate the instance automatically okay so that's what I want to do and also at the same time I want to send the email to the topic which I created uh regarding this particular action so if it's terminated then I need that okay I'm just going to name it as terminate instance Next and create a log okay so this alarm also has been created so this is the billing alarm is still in or insufficient State because
there is not enough data for it to conclude that these are going to be the charges because I don't think there is much charges in my account so that's that's the exact problem but again let's say you can create an alarm you can increase the data points as well so accordingly It will basically yeah so let's say if your maximum budget is thousand dollars if it goes above 800 you wanted to send you a mail so now accordingly if it goes above 800 it will send you a mix so this is how you can create
a billing alarm you can create a billing alarm with various what is that you can create another one also you can create multiple alarms so it doesn't affect you uh in any other way so then you can just click on actions And delete it if it's not required then even this is an insufficient data right now so it will take around five minutes in order to show that uh so if there is a increase over here so if you have an auto scaling alarm if you want to hide it you can hide it if it
has an auto scaling ring so this is basically a metric alarm we do not have any composite alarms so you can also Create a composite alarm if you need so any type okay so we created an alarm guys so basically if it goes to alarm State then it will send me a mail and it will terminate the instance which is running so it's still running that basically means it has not yet done so now there's an alarm here which we created and attached it to the instance right so now that would be shown in the
Monitoring part so say utilization is given here and we have attached an alarm so one alarms has been successfully running but let's see I think it will be in okay State yeah so why is it in OKC because so this is the limit here right point one but the alarm went below that so it is under the threshold value so that's why uh it's not getting terminated so Let's do one thing let me go to edit let's make it even lesser than 0.066 let's make it point zero two and update alarm so it's much lesser
than this and it won't go below that so now once it keeps checking and once the data stays Above This threshold value for a minute so in that case then it will start let me close this then in that case it will terminate the Instance and also will send me a mail over here okay yeah so let's wait until that happens because it'll take a minute so I'm just going to pause my recording and then we'll meet once it is an alarm State and if you see here and it's showing again the alarm status has
been changed so let's see what is happening so it's an insufficient data it's trying to collect the data so this is you can see what is happening so this is the Part right now there is insufficient data it's still waiting on data to be given to it so once data is available then there would be a change in the alarm State okay yeah so whenever there is going to be a change it will start terminating okay so now you can see the data point is available so it will most probably go to an alarm State
soon so now you can see this shutting down Right because the alarm is an alarm State let's refresh this yeah so it's an alarm set why because the limit we provided was 0.02 and this is above 0.02 so that basically means it understands that the CPU utilization for the instance is above this so according to that it will do the action which we've told it to do the action we told was to shut down the incident that is terminate the instance so that's what is happening over here so this is basically The benefit benefit of
an alarm guys so I hope you understood let's see if we got a mail as well I don't know if it is in the spam no the males are not sent here I think it will take some time to get sent but uh but we know the alarm is working in this case and you can basically check the alarm for a certain time period you can keep watching okay so this is basically it so again it went to an insufficient data State Because for another five minutes you won't be able to see uh new data
and yeah so it automatically terminates in instance so I don't have to terminate it okay so now let's move on to the next tool or the next service in this section which would be the autoscale easy to order scaling service so guys now let's start with Amazon easy to Auto scaling so we discussed about Cloud watch we saw our alarms right so the next possible topic which we should learn and that's What I think about is auto scale because using alarms you can create certain scaling options right I told you that according to the alarms
if the threshold is over this new instances will be created if the threshold is below this new instances will be deleted the oldest resistances will get deleted so these are the things which we'll be doing in Auto scaling so now using cloudwatch alarms and combining it with auto scaling we can achieve that okay so now Amazon ec2 Auto scaling has helps you ensure that you have the correct number of Amazon Easter instances available to handle the load for your application you create collections of ec2 instances called Auto scaling groups so One auto scaling group is
a collection of easy driven senses it could be two or more research instances but sometimes it can be even one as well but it would be inside an auto scaling group so that whenever more instances are getting Created everything will be all the instances all the easy resources will be in the same Auto scaling group so why Auto scaling Group is because if let's say in the Raw scaling group there are four instances and each instance can handle 100 users so there are 400 users using the let's say the website and it's working fine now
there is another 100 users trying to access the website so now there are 500 consecutive visitors in your site so now four servers cannot Handle 500 users so Auto scaling group according to the CPU utilization which is being held it will automatically create another instance to accommodate the incoming extra traffic okay so now so this is within the group that's why you are able to do this and now let's say now it's only 300 users then it will monitor it for like five or ten minutes according to the time you provided and if it's lesser
than if 300 uses 200 users have reduced in The case the CPU utilization will come way a little down right so accordingly it will terminate those instances so this is exactly what will happen in Amazon ec2 Auto scaling okay yeah so basically this is auto skill guys and now Auto scaling uh explore your applications discover what you can scale choose what to optimize and track scaling as it happens so basically according to the application you can use various methodologies like the you can Implement your own architecture and making sure that it's highly available and even
looking even better and discover what you can scale so if you can scale your ec2 servers if you can scale so in easy to Auto scaling you can only do that but there are scaling for every single AWS tool which is a compute tool like let's say RDS you can increase the you can scale the storage you can same thing goes to S3 you can scale the storage and being stock it'll Automatically scale the number of physical instances and Storage or whatever services or resources you need it will automatically scale it choose what to optimize
you can optimize the cost by electrically maintaining your rules if it's more of a internal based application then you can strictly maintain cost because it's an internal application and there are not going to be many users using it only the company members would be using it so that it Could be let's say you can cost optimize it so in this case if you want to provide the best experience to your customers then you have to Performance optimize it so that your application is working really well and finally tracking track scaling as it happens so scaling
you can see that a new instance is getting created you can see in the older instance is getting terminated so you can see all of that live in front of your eyes and the AWS console that's What they mean so coming to the second one you can specify the minimum number of instances in each Auto scaling group and Amazon easy to order scaling ensures that your group never goes below below the size if you specify scale healing policies then Amazon ec2 Auto scaling can launch or terminate instances as Demand on your application increases or decreases
so this is a pretty simple in this case what they mean is so you can provide the minimum number of instances So let's say in the auto scaling group you at least need two instances running at all time you can provide the minimum numbers two so even though nobody is using your website there would still be two servers running at anything anytime because the minimum number your private entire two instances and if you specify scaling policies then ec2 according to the scaling policies they will launch or terminate instances on demand according to your applications need
so if there is Demand for the application if it increases then it will automatically require more servers it will launch more instances if the demand decreases in that case they will terminate the older instances okay so this is basically the introduction to Auto skill head into the next point so let's take a an example let's say as a minimum size of one instance okay and a desired capacity of two instances so desired capacity is different from minimum size why because This side capacity is the optimal number of servers so at any time you would want
optimal number of servers to be running but if the CPU utilization or any other metric is at the very lowest the minimum size could be one instance there could be one instance running at that particular time and maximum of four instances so four instances so basically there will always be for a maximum of four there won't be any more instances getting added even though your Applications if utilization is going higher or your uh demand for your application increases if you provided maximum Mass four the number of Maximum servers which will get created is four so
now the scaling policies that you define are just the number of instances within your minimum maximum number of instances based on the criteria that you've specified so the minimum size would remain still desired capacity if if it's running well everything is fine There will always be two instances running so now you can scale out as needed so let's say at any point there would be two instances running let's keep it like that so now there are more users incoming so you're increasing one more server so it automatically will get increased due to the scaling policy
which you have provided then after some time more users are getting added then again using the scaling policy it'll again create one more server so now There are four servers again let's say if there are more people coming in even then there would be only four servers it would not increase the number of servers because the maximum size which is provided is four okay so this is basically how one part of Auto scaling which you will have to provide in the details for while you are creating an auto scaling group okay so coming to the
components so first of all group we already saw so elastic green stock is a Fast and simplest way to deploy your applications on AWS you Sim so now coming to Auto scaling components so the first topic is groups sizes explain to you about all the scaling groups that's exactly it so your ec2 instances are organized into groups so that they can be targeted as a logical units so it'll even though they are separate resources they'll be considered a single unit so that it would be scaled and downscaled according to the history demand okay so Then
you can specify the minimum maximum and desired number of easy to instances then configuration templates your group uses a launch template or a launch configuration so not recommended offer fewer features so launch template can be used or launch configuration can be used as a configuration templates for us easy to instances so before you launch an easy to uh Auto scaling group first of all you'll have to provide a0 launch template or a launch configuration so What it basically means is it will provide an outline of the type of an instance which the auto scaling groups
should create okay so that's basically a configuration template is using the configuration template the auto scaling group will create the newer instances so all the instances will be the same configuration that's why you have to provide a configuration template and you can specify information such as Ami ID instance type key pair security groups And block device mapping for your instances so in the configuration template you can provide the Ami ID why the Ami ID so that specifies what operating system or what type of an instance do you need do you need a remote to send
the Mac instance or a Windows instance so that you'll have to provide the Ami ID for instance type what type of instance what should be the ram what should be the storage everything can be provided keypad should Be provided so that there is something going wrong you can still open the server one of the server within the order scaling group and check it security groups will automatically you will have to provide for every single instance and block device mapping for your instances so if you want to block certain IP addresses you can also do that
and then finally scaling options so this is where Auto scaling comes into play even though you create the auto Scaling group so without providing a scaling policy there is no scaling in Auto scaling right because without the scaling policy the number of instances will not increase or decrease you can manually do it but that defeats the purpose right because it's Auto scaling not manual scaling so for auto scaling you would need scaling options so now Amazon ec2 Auto scaling provides several ways for you to scale your auto scaling groups for example you can configure a
Group to Scale based on the occurrence of specified conditions or on a schedule so there are two options either you can increase number of servers or decrease the number of servers according to a particular metric which you create an alarm for so if the alarm exceeds and if it goes to an alarm state it will basically launch a new instance if it's not in an alarm State and if it's working fine then it'll basically descale or it'll keep in the same for Example there are three instances it will increase an instance so for instance if
there is no problem it will stay at four if there is it will decrease the number of instances okay once that is done there is a second option in which you can do this via schedule so let's say you have used your application for a long time so you know the peak traffic for your application is from 7 pm to 10 pm So within that time you need 10 servers so 7 PM you will Basically according to a schedule there will be automatically new service let's say automatically more servers will get created let's say there
are only five servers before 7 PM then after 7 PM there would be 10 servers they would automatically create five servers for you and then let's say after 10 pm again so your traffic reduces a bit so you are providing you just need four instances so it will be four and then again let's say in the morning from 8 AM to 9 am you Suddenly have a surge in traffic so in that particular time you can provide again it doesn't have to be from 10 to 11 or something it can be like 10 5 to
10 12. so it could be smaller intervals as well doesn't matter but these are the two different types of scaling you can do so Dynamic scaling happens according to a specified condition when it's the special with condition is true it will increase the number of server if it's false it will decrease you can also make This vice versa according to the condition you provide and on a schedule on a schedule is not Dynamic it's static because you know when the number of servers will increase and decrease right okay so these are the auto scaling components
coming to the next topic which is the order scaling benefits first of all better fault tolerance so easy to Auto scaling can detect when an instance is unhealthy so that basically means Auto scaling group will always Keep a track of all the servers if a server is not able to so if Auto scaling group is it's not able to reach a particular server it will automatically mark it unhealthy and then terminate it while creating a newer instance so that's what they do it so generally terminated and launching instance to replace it why reference is unreachable
then there is no need for it to be running right you are still getting built for it if it's unreachable the You're just paying uh AWS for a server which is not doing anything for you okay so that's exactly what happens in Auto scaling it will automatically figure out if a server is unhealthy by it will basically keep on sending health checks if a health check doesn't come back multiple health checks doesn't come back it will mark it unhealthy terminated and launch a new instance to replace and handle the traffic which it was handling before
you can also configure Amazon Easy to Auto scale to use multiple availability zones multiple availability zones in the sense you can create an auto scaling Group which basically goes beyond one availability zone so you can have the same Auto scaling group instances can be available in zone a in B and in C so you can have multiple availability zones and multiple servers in various available results which all come under a single Auto scaling group that also can be done so now better Availability so Amazon easy to order scaling helps ensure that your application always has
the right amount of capacity to handle the current traffic demand if you provided the proper skill in policy and according to that it always make sure there is an optimal number of instances to handle the incoming traffic for your application so better availability so fault tolerance is basically making sure that your application is always Available also Whenever there is a fault in your architecture in that case it will automatically replace it with a another instance so that the unhealthy or useless instances will get terminated and so that your so your architecture is also customized second
is better availability your application will always be available because of the current traffic demand and accordingly it will increase your decreasing decrease the number of Servers and make sure that your application is always working and running and finally better cost management so easy to Auto scaling can dynamically increase and decrease the number of servers you need so this basically itself makes it cost effective right because you only pay for these two instance you are using at one particular point of time if you're not using an instance you are not going to pay money for it
launching instances when they are Needed in terminating when they are not needed so this is basically you want to do but if you want to do it manually it's not even possible because you do not know when a server is not needed right but a computer which is constantly monitoring the metrics each and every metric for each and every second knows when to terminate an instance and when to launch an instance so better cost management also is brought into place so these three are the bigger benefits Given by order scaling and then so let's see
some examples to understand Auto scaling even better so first of all covering variable demand so let's consider a basic web application to demonstrate how Auto scaling will help Okay so this application allows employees to search for conference rooms that they might want to use for meetings so this is a simple application just consider it's an application it enables employees to search for conference rooms Okay so that you might want to use for later so now during the beginning of the week and end of the week the application usage is minimal because it's it would be
a half day for most of the employees let's consider that so during the middle of the week more employees are scheduling meetings so the demand for the application increases significantly especially on Tuesdays and Wednesdays you have the maximum demand so the following graph shows that so so Monday There is high demand but Tuesday there is even more Demand on Wednesday there is even more demand so Tuesday and Wednesday are the big traffic times okay so this is the graph graph which shows that coming to the next slide so there are two ways traditionally to solve
this particular problem the first option would be to add enough servers so that is let's say on Sunday you have only this much so you don't add the service and on Monday you have capacity has been Increased so according to the increase in the requirement you automatically add servers so this is what Auto scaling will do but right now what you are doing is you are fixing up the capacity to the top that basically means according to the highest traffic or the highest usage you get highest capacity you get is Wednesday so that is the
requirement right for that particular day but if you keep the same servers running for all days it'll still work but the problem is There is this much unavailability so capacity is available but there is no usage so you are basically paying money for all these unused capacity so this is completely waste right because you are basically as a company you want to reduce the operational costs and if you are stuck with operational costs for these small things then that would be a major problem this is the first way that is adding steady capacity which without
any Changes will always be available so that all your demands are met okay so now coming to the second option so the second option would be that is to have enough capacity to handle the average demand so according to the calculations you can take the peak of every thing and calculate the average for the entire week and according to the average capacity you can basically get the servers so let's say this is the average capacity over here but on Monday Tuesdays and Wednesdays there is over capacity so that basically means the application will either get
slow or you would create a really poor customer experience so it will basically become much slower on these three peak days so when most people are trying to use the application it won't be working properly so I think that would be a big problem right this is the traditional way these two are very very traditional ways because manually and nothing else is Possible right you can either have enough instances or enough capacity to cover all the days or the average capacity to cover most of the days and also try to cover some capacity on the
major working days but without Auto scaling you get a new Option you get a third option so you can add instances new instances to the application won't leave when necessary and terminate them when they are no longer needed right so because Amazon is to scaling uses easier Instances and you have to only pay for the instances when they are running and we are using them so you now have a cost effective architecture that provides the best customer experience while minimum expenses so to be very simple what exactly happens is auto scaling or scaling easy to
order scaling will automatically maintain the number of servers according to the capacity you have so on Sunday if there is this if you need a capacity of around 2.8 Servers then there would be three servers running to handle it so Monday again there will be always a little bit of a server capacity which is more than which is required so that's exactly what our hearing will do for you so it will maintain the demand it will maintain the number of physical instances according to the incoming traffic and demand which make sure that the application is
performing really well okay so okay so now coming to the next topic web Application architecture so why the publication architecture to show you how exactly all the scaling group can be implemented in a web applications architecture which makes it even better right so let's say in a common scenario you run multiple copies of your application simultaneously there is a web server Fleet and there is an application Fleet and a database Fleet okay so these multiple copies of your application are hosted on identical Easier instances each handling customer requests so the web server Fleet will basically
have the the front end so the basically the application so there will be multiple copies of the same application and let's say in web server free there are 100 servers every single server will have the same application running inside of it but if you type in the website it will take you to one of those servers it won't take you to all of the servers so it will take you to One of the servers and you will see just one so you'll basically see the application here and the app server Fleet will have the application
itself the features the code the backend code everything will be available in the app server Fleet okay so that will also be multiple copies but it could it doesn't have to be that every single app server fleet has all files of code it can be that multiple uh certain fleets are just for certain feature so you can create Multiple fields for that as well and then finally there is a database so so let's say a user is requesting to retrieve some data back from the database so that will go to the app server Fleet and
so whenever they click the button there will be some code which is connected to it and that particular script file will run and that particular script file will trigger basically read the data from the database and give it back to the user which will be visible At the website so this is a simple basic architecture but using Auto scaling group what you can do is you can basically manage the launch and termination of these easy to instances on your behalf so that is you define the criteria so you define the number of instances which will
be available at any point in time and you decide decide how many instances can be the maximum how many can be the minimum so that determines when the order scaling group Launches or terminates ec2 instances so okay so current capacity and current added only when needed so in this case there will always be those number of servers so let's say there would be 10 servers here the 10 servers will be always be available it won't reduce or increase the number of servers but in this case so current capacity is this there are let's say 10
servers and whenever there is more users coming in traffic increases will automatically Will increase the number of servers over here so that's basically the web server and app server Fleet okay and yeah so this is this is a simple web architecture where you can Implement our scaling and yeah so we'll come to the final part of the auto scaling theoretical part so I just wanted to show an architecture in which order scaling has been successfully used which benefits the application so users are getting into the application so their First point of contact is elastic load
balancer so we'll be learning about load balancer once you complete our scaling so don't worry about it so just imagine load balancers like a point of contact for you which will take you to the appropriate instance you have to be taken to it balances the incoming load okay that's that's just know that much about load balancers and now coming to instances so let's say this particular VPC spans across two availability zones So that basically means that it has subnets in availabilities on one and I will build zone two and it has instances in both of
these availability zones so now as I told you Auto scaling group could span across multiple availability zones so the auto scaling group of the web tier is spanning across the availability Zone 1 and availability Zone 2 and has instances in both of these availability zones so this makes it even better and even highly available Why because let's say Auto scaling group is already a good thing it'll automatically increase the number of servers and decrease the number of servers according to a demand so that your application is highly available but let's say one of these availability
zones goes down that is it's it has downtime for some time so in that case the users will not gain access to it because there would be only one Fleet of servers and if that particular Availability Zone goes down all of the servers will go down but if you have servers if you haven't instances in two different availability zones for the same purpose that will basically mean once if this particular availability zone is down it will automatically take the requests to the availability Zone 2 because it won't take the requests to an unhealthy instance okay
and then they have an internal load balancer so whatever requests come in goes to the Internal load balancer which will take them to the application tier which is basically business tier and so business logic tier where all the business Logics are available whatever tasks which are asked to be performed goes through the app to your instances goes through the update instances and if there needs to be any information retrieved or any information is getting written any data is getting written into the database that will go through the App tier and even in app tier this
same if you can see right so this is the average zone so uh on our Zone at 2 or scaling group and so it's the same architecture even within this okay so this is basically a simple instance distribution so because of the instance distribution uh it will make it even better so what makes it better that I told you that it's highly available right if even if one availability Zone goes down that will make sure that the Application is still running because multiple instances are distributed between various availability zones so that's basically instance distribution that's
what I mentioned at the top yeah so this is a simple architecture which I wanted to show you guys to make you clear of what exactly is going on in Auto scaling group so also one more thing we saw was so we'll see more about load balancing in the next once we've completed the auto scaling demos we will Look into the load balancing Theory and the load balancing practicals so don't worry about it and once that is done we'll also combine all of these services and do a project a simple project or a simple architectural
project which will get your understanding even better right so so this is basically the instance distribution part so this is done so now let's go on with the demo okay guys now let's start off with the auto scaling groups demo so uh first Thing we'll have to start with is by understanding where you have to go so just open the ec2 dashboard and go to the auto scaling groups you should not open the I'll show you once again yeah so this is basically the tool you can just open it and you can see uh right
here how it works everything which we've seen in the theory part so this is what we learned in the theoretical part right okay so the first thing we'll have to start off with is creating model scaling Group so but to start with an auto scaling group obviously you would need a launch template so we'll have to create a launch template right here from launch configurations so to create a launch template you would need a Ami so in the ec2 tutorial we would have created an Ami right so that's exactly what we need here because we
don't need a default server I want a server which already has all the softwares and everything installed in it so first thing what I'm Going to do is I'm going to quickly launch PC2 instance so that I would create an Ami so also let me provide the yeah I want it to be in 1A name web servers and launch I have the key pair I'm providing the same and launching it okay so once the instance launches I'll Be installing a web server inside it and so that and I'll be deleting off the index.html page which
is the default page and I'll be adding a simple hello world page so that we can create an auto scaling group and I can show you what exactly is the launch configuration so if I open the lunch so if you have to create or a scaling group so without the large configuration you cannot proceed ahead so that you'll have To switch to learn configuration so you can use the launch configuration which is already available I have few but I do not have those Amis and over here where is it so let's say this web server
this is the Ami ID let's see if I have those Amis no I do not yeah so I have various launch configurations which are pretty old actually so I'm not going to use them I'm going to create my own or you can basically create a launch configuration and select it and you can copy it to a launch template you can see over here or you can basically create a launch template over here so you can either go with the launch configuration or a launch template according to your need so over here it will automatically show
the Ami if there's a specific custom value which you want to provide which would be the Ami which I'm going to Create with this instance for the instance which is running right yep so I'm gonna connect to it I'm just gonna connect it to the browser okay so I'll provide that Ami over here type of easy to instance I need which would be I would want tt.micro keypair I could provide the key pair I could provide the network groups I could provide the storage uh and all the advanced details so this is basically a Launch
template so that is not a much difference between a launch template and launch configuration the launch configuration so let me create one so you can see the name Ami instance type the IM role so basically it's the same thing launch configuration is under Auto scaling that is only be it will be valuable only for that but launch templates you can also use it for AWS you can use this particular launch Template to do much more than just Auto scaling groups okay so close this let me first connect to the instance okay so we are connected
to the instance clear okay I'm gonna first update my instance and then I'm gonna install so this is a web server so I'm installing it Okay so now one more thing we'll have to do is we'll have to allow HTTP access so right now only SSH is allowed so I'm going to add a rule for http unsaved rules so done okay so now if we open the public IP address of the instance So it should have the default web page running inside of it the Apache 2 default web page because we allowed HTTP and also
we've created the web server so it should be running inside of it or I'll just copy this just copy this and yeah so the Apache two default Pages running inside of it so now I don't want the default page I want my own uh index.html page so the path would be VAR www HTML so inside this you can see the Index.html file right so I'm gonna remove the index.html file so the Next Generation file is removed so I'm gonna add over here I'm going to add an index.html file so I'm going to put it as
hello world or let's say I'm going to name it as hello world this is server one this is server Fleet number one I am saving it It has been saved so now if I refresh this yeah so hello world this is seven Fleet number one so it it's not in that format because I did not use HTML I just put in plain text yeah so hello world this is server Fleet number one so this is the uh one which is provided over here okay so now now let's create a launch template so the server is
available we'll create a launch template I'm going to provide it As server one template so why I'm providing it server one because I want we'll be learning load balancing so I would need to order scaling groups to show you how exactly it works okay so that would be the project once we've learned the load balancing tools once we understand it theoretically then I'll be showing you how to create a load balancer how to balance a load between uh two different Auto scaling groups right so that's why I'm providing test Server one template because later we
would also create a server 2 template which will be helpful for it okay template version description okay so there is no version description you can provide anything you want I'm going to provide uh for uh practice those scaling session okay so everything else can be the same the Ami has to be a specific Ami right so now we are going to create an Ami of This particular web server so this instance which we launched has a web server running inside of it which has the web page hello world this is server Fleet number one so
for this to work first you have to create an Ami of this so create image so I'm going to provide the name as server one okay and then I'm gonna leave everything the same and create image so it will be creating so the thing is guys Amis will take a few minutes to Create and to be available so we'll have to wait until it gets created so once it gets created I will be using that particular Ami as the Ami email launch template why whenever a new server is getting launched in my auto scaling group
I want that particular server should already have the web page which I want to be running inside the instance I think you get the point right all the servers which will get launched will already Have the software and the web pages already available inside of it so because of this particular Ami and accordingly it will create the same types of server again and again if the threshold value and the metric value goes above the given threshold value okay so that's what will happen so now once it creates I'll be providing the Ami and let's wait
until it creates so basically I'll just pause my recording and then we'll continue once it's Available um so yeah so basically it's still not available let me check it's still pending so what I'm going to do is I'm just going to copy the Ami ID because this is what we'll need so we'll not launch the auto scaling group immediately right we are going to create the launch template first so let it be in pending no problem I'm just going to use the Ami let's see if it is getting visible it's visible here yeah so it's
Visible here so I'm selecting the Ami which I need so whenever a new server will be launched in my auto scale group it'll have server one okay instance type I want it to be T dot micro keeper I want it to be tutorial key if I want to log into any of the instance to just check how it's going on or to make some changes inside of it then I'll go to or then I can use my key pair uh security groups I'm just going to use this group I don't want any network interface so
the thing is are the group should basically allow us to connect to http right so let me check so launch wizard 53 we can connect to launch music 5353 yep so it allows SSH and HTTP so that's what we need and then storage volumes it's I just want the same volume I don't want anything complex I want the same thing 8GB a delete on termination I don't want it to be encrypted I want it To be the gp2 type okay so yeah so pretty much it Advanced details they're asking more information about hostname the IM
instance what should uh the shutdown Behavior be so whenever uh instance is getting shut down in this particular launch template should it stop or should it terminate automatically so you can provide all these if you want to but it's not required because we want to create an auto scaling group for this particular Template right so create a template so template has been successfully created guys that's it so now if the Ami is available then we can basically create yeah so am I is available now so we can create a auto scaling so let me close
this now let me go to auto scaling groups create auto scaling group provide Auto scaling group name so let me provide the name as server one Auto Group launch template I already have one so I'm selecting that and clicking on next then I wanted to be in the same vbc I I want my instances to be in 1a1b and 1C okay so I want my instance to be running in 1A 1B and 1C next so I don't want to load balancer right now because we get to learn load balancing in this particular tutorial so let's
keep that aside let's just concentrate on auto scaling for now and Then you can amount of time easy to Auto scaling performs the first cell check uh if you want you can reduce the time over here I'm going to make it 100 seconds you can enable group metrics usually you will get metrics for individual instances within the group but if you want group metrics that is for the entire group if you want Matrix then you can go with enable group metrics I'm going to enable it next so desired capacity I want it to be to
minimum I Want it to be one maximum I want it to be let's say five instances I don't want more than five instances and then you can create a scaling policy so if the average CPU utilization goes above let's say 70 percent and I want the instances so this is Target tracking policy choose a decide outcome and leave it to the scaling policy to add or remove capacity so Target value is added instances need this many seconds to warm up before Including in meters I just want like 10 seconds so it can be included immediately
I don't that's not a problem so you can also disable scale in that basically means it won't increase the number of instances it will only decrease the number of instances accordingly so you can use a Target tracking policy or you can just use none so I'm not going to use a Target tracking policy I'll be using an alarm in order to set that up Okay so none and next so notification if you want you can add a notification I'm not going to an interview yeah so everything has been added so this is how you create
an auto scaling group so now to connect the auto scaling group to an alarm so that you'll have to create an alarm first and then attach that particular group to so attach that particular alarm to the Servers so in order to create more servers or decrease number of service okay so we already saw how it decreases the number of servers right so I'm not going to show that in the auto scaling group part because I'm not gonna feed in basically fake data or fake processing in order to increase this utilization to simulate that there is
CPU utilization and in order to uh the current capacity it will automatically increase or decrease the number of servers so I'm Not going to show you that I'm just going to show you how to create this order scaling group so now inside this order scaling group we've provided the desired capacity as 2 right so now it's launching two instances because the desired capacity we've provided was two so it launched two instances if you want you can view the instances over here as well so over here you can see there are two instances running this is
the one which we have so one thing which I Wanted to show you in Auto scaling groups is basically so now you can see two instances running race capacity is two minimum there can be one instance so if there is need if one instance goes unhealthy then one instance can still run and yeah over here you can see the activity automatic scaling you can create a dynamic scaling policy once you've Created it as well so it's there is no problem with that you can also create a predictive scaling policy it will be based on a
time limit so basically let's say you can provide CP utilization or you can do it based upon the timings let's say custom metric so the total CPU utilization or you can add another utilization and you can check it over here and over here pre-launch instances so control the time when new instances are launched to ensure that they are Ready to handle traffic uh the scaling action will start earlier than the time in the hourly load forecast by this amount of time so five minutes so basically it will automatically pre-launch an instance before that particular period
so that when that particular period comes it will automatically launch the instance because the instance will already be available so this is predictive scaling so you can basically create one and use Historical data and use forecasted load according to the data which you already have and create a scaling policy over here or you can create is scheduled action so scheduled action is more of let's say the reset capacity you want to be two minimum is one maximum is 5 right and you can make it An Occurrence for every let's say every day I want this
to run so tomorrow one I want to be the start date I wanted to run but sorry five okay So this is UTC right so it would be like 10 am in yeah so it would be like 10 10 30 a.m in India so where I am so this is start time you can also set an end time let's say you want it to be you want it to run every day but you want to end it after 10 days so you can set that over here so at one particular point of time have at
this point of time to that point of time it will automatically have that specific number of servers so let's say Like we can make it three or something so in this particular time let's say I wanted to run 21 till again until five let's say I wanted to run every R within this particular day okay and end time I want to set it as 21 and five So within 24 hours I wanted to run it 23 times and I wanted to keep this at a constant okay so this would be a predictive one right so
a simple I'm just providing a name so that you can just click on Create and it will create A scheduled action so at this time on this date it'll automatically make sure that the disabled capacity of instances are three and if there is a high CPU utilization it can take it to a maximum of five or a minimum of one according to the requirement and the next yeah so the next day on 22 I'd find it'll automatically end it so 24 hours it'll start at zero so it will basically run for 23 times okay so
you can create this particular one or you can create a Dynamic scaling policy so that's what we'll be doing okay so this is what we'll be doing we'll be connecting metric type and we will be connecting the alarm to it so over here step scaling is there simple scaling is there we can use this simple scaling policy or a step scaling policy so step scale policy is even better because here we can create uh action to add instances and create an action to remove instances so you see this right Our instance remote instance so we
can provide a policy name we can provide the alarm which we've created in Cloud watch and then according to the alarms metric according to the threshold provided there this particular policy would work and accordingly it would increase and decrease the number of servers in this particular Auto scaling group okay so this is basically Auto scaling guys yeah so the this particular part the scaling policy will be seeing once we learn About elastic load balancing right now so please continue with this session I just wanted to show you how to create an auto scaling group so
that we can move ahead and learn elastic load balancing so that I could show you the entire demo where what we'll be doing is we'll be having two different Auto scaling groups so Auto scaling group one which is server One auto yeah so we'll have server on auto group and server two Auto Group server One Auto Group will have The website called This is server one server 2 will have this server too so we'll be creating elastic load balancer which will redistribute the traffic so whenever one particular web page is searched whenever the URL is
pasted it will take you to server one whenever they are searching for a tutorial website it will take them to the server too so that's what we'll be establishing so this is why we learn tvc2 or the scaling Cloud watch in order to create The auto scaling group and we'll also have elastic load balancer so these are the things which we are building up to so that's why I was we were going through all of these services in an order in order to do a complete demo at the very end so make sure you follow
through guys so that's it for the scaling part so now let's move on to the load balancing so guys next let's look into elastic load balancing so you understood what is Auto scaling groups now uh let's say you made out of scaling group and the auto scaling group is working fine and so it's increasing number of servers when our more traffic is coming in and whenever this traffic is coming it's automatically decreasing the number of servers so now what makes sure that the traffic which is incoming is balanced across all these servers so that's one
of the important Concepts right because let's say if there are 10 servers in Order scaling group and only five servers are given the maximum connection requests and the rest fire only given less so that's not a proper optimal solution right because if more requests have given to those five servers the performance for the customers would become even better become even faster lesser number of requests or lesser number of operations running in one particular server will obviously make the server or the requests to be given Back it will work much faster right because that's exactly why
we need load balancing so the are various types of load balancing but in the essential sense this is the reason why we need your balancing so elb automatically distributes your incoming traffic across multiple targets so the multiple targets can be individual instances or odd scaling groups such as easy to instances containers IP addresses and it could be in multiple availability zones so no Problem with that it monitors the health of its registered targets and routes traffic only to the healthy targets so it's pretty simple it keeps on monitoring so let's say you've connected since two
elastic load balancing directly a registering the target so that it will basically check for that particular Target and it will see if the instance or the instances healthy or not if they're not healthy it will not redirect the users to that particular Target so only when it becomes healthy or when the auto scaling group has deleted it and provided another server only then it will request those incoming requests to those particular instances okay so now elastic load balancing scales your load balancer as your incoming traffic changes over time so it can automatically scale to the
vast majority of workload so it's pretty simple load balancing scales your load balancer which is getting created According to the incoming traffic changes so you don't have to specify anything you just have to create the load balancer and you will have to basically set up the targets and set up the entire architecture then elastic load balancing will automatically take care of the incoming traffic so however how many ever requests come in even 10 000 or 1 million or 10 million so however uh increasing the number goes elastic load balancing will be able to Manage it
because it can automatically scale for the majority of workloads so that's exactly what elastic load balancing has been announced for okay now coming to the next one which is elastic load balancing in this case what we are going to look into is the types of load balancers and also what exactly makes the load balancer working okay so how a load balancer Works see configure or load balancer to accept incoming traffic by specifying one or more Listeners so a listener is a process that checks for connection requests so and also that particular listener will be configured
with a particular protocol and a port number for connections from client to a load balancer to make it very simply let's say I'm trying to access a website I am putting in the website address so let's say www.example.com so once I hit enter so it'll there would be a DNS process which checks for the IP address of the given Domain name and accordingly it will uh basically like do the DNS resolving and take you to that particular IP address the servers in those particular IP address so then it will hit a load balancer so when
you type in the first point of contact for you with the application would be the load balancer right so that particular load balancer what it does is it will have multiple listeners so let's say the website is running on a web server which uses the Port protocol HTTP and the port number 80. so now in that case it will be listening for connection requests which are coming to the port number 80 right it'll listen to that particular thing if there is a connection request that is I'm typing in the website a name and there is
a connection request which I am just creating to that particular port number in this particular classic load balancer because this is what it is configured for so when it hits there Then according to the listener this is a valid request and so when it's a valid request then the elastic load balancer will allow that particular connection request inside the architecture to go and like access the servers or the auto scaling groups so this is basically a simple way of explaining what a load balancer does and how it works in AWS an elastic load balancer okay
so likewise it is configured with the protocol and a port number for connections from the Load balancer to the targets so now inside the load balancer to the targets every load balancer and the targets will have this connections that is it will have the listeners the protocol and the port numbers and accordingly it will work so now when we do the demo when I show you how exactly a Target works and how exactly we make the connection between our scaling and load balancing and how exactly we are making the difference in load balancing it will
Give you more insights to how exactly classic load balancer works so it will be much better than learning it theoretically but again understanding how it works before actually doing the Practical would be much better so that's why we are looking at this so an elastic load balancing supports the following types of load balances so the top three application Network and Gateway load balances are the current generation load balances which are available classic Load balancer is deprecated and it will be taken completely off Amazon or completely of AWS in 2022 so I don't know which month
so if you just check out the website when we are doing the demo we'll get to know what is the date on which the classic load balancer is going to be deleted but it's a traditional load balancer let me explain the classic load balancer right here because in the next three slides we'll be learning learning about the Application the network and the Gateway load balancers okay so classic load balancer is pretty simple uh the load balancer you can register multiple instances to the load balancer so the first request which is coming in will be sent
to the server one second instance will go to server two third instance will go to server 3. so let's say there are three servers and there are 10 requests coming in so the first request we go to the first instance second third Fourth fifth sixth seventh eighth ninth and the tenth will go back into the first server so if that particular person themselves refresh they will be taken to the second server if they refresh again they will be taken to the third server so it's basically a traditional route so this is not optimal in most
solutions but if it's a simple application let's say it's a simple blog which you wanna just upload in that case you can just go for a classic layout Balancer it would still work so classic load balancers you can also hard code it into your application so that allows you to work if not you can use the AWS loadback classic table balancer but the problem is it will be deleted or it will be completely taken off AWS in 2022. so 2022 is just in a month uh not even a month just a few days so from
the date where I'm recording this and uh yeah so in a few months it'll be taken off okay so now before moving on with the Application Network and the Gateway load balancers let's just understand about cross Zone load balancing and how cross-on load balancing works okay so first of all the nodes for your load balancer distribute requests from clients to register targets so nodes in essence these are the notes so let's say this is there are three availability zones then there would be three nodes so each node is connected to a load balancer over here
so incoming client so In this particular availability Zone there is a load balancer in this availability Zone there is a load balancer so now this is basically cross Zone loading enabled cross Zone load balancing is enabled in this vertical your diagram so let me explain why it is enabled or how it works so now when problem load balancing is enabled each load balancer node distributes traffic across multiple availability zones and across all the registered targets okay So when cross Zone load balancing is disabled each load balancer node distributes traffic only across the registered targets so
let's say there are two load balancers and there is one more load balancer which will either choose this or this let's say that and a new request is coming in so let's say the first request is sent here and the second request is sent here okay so if cross Zone load balancing is enabled there is a 10 chance of the request Going to each of these servers or let's say there are 10 requests coming in there is a really good chance that each one of the server would get a single request so it's not sure
that every single server will get a request but there is a really good chance that is each server will get 10 percent of the traffic because it is cross Zone load balancing all the registered targets across multiple availability zones will be will be considered as one single Entity even though they are not but they will be considered as a single entity and that incoming traffic will be shared equally among them so basically in this case there are 10 servers each server has a probability of 10 percent of receiving one the incoming request okay so this
is basically when cross Zone load balancing is enabled let's say it is disabled okay in that case what happens is each of the two Targets in the availability Zone a receives 25 of The traffic and each of the eight Targets in availability Zone B this is 6.2 percent of the traffic so why because this particular load balancer is in a different algorithm this load balancer is in a different level design so the incoming traffic will be 100 for this load balancer and hundred percent before it divides so in this case even though it is hundred
and hundred percent they are considered as a single entity so the overall requests which are Falling into these two availability zones and two load balancers will consider it as one single form and it will be divided equally among servers but when cross Zone load Banks is not enabled if there is a request going into availability Zone a the chance is that it can only distribute within the availability Zone same thing goes to the second load balancer and availability Zone B so if a request is coming into available Zone B there is only chances Or there
is only options for the load balancer to send the request within the availability Zone it cannot send the request to the other availability zone so because of that there is a chance so the two Targets in our little Zone a basically receive 25-25 of the incoming traffic to availability Zone a and in availability Zone B these Target will be receiving 6.25 percent of the track traffic which is coming into that particular available so this is Basically it because uh both are different load balances and the incoming client traffic is divided 50 50 among these two
and uh yeah so this is basically it so total is hundred percent fifty percent fifty percent so fifty percent is divided into these two instances so 25 25 percent here fifty percent is divided into the eight instances so 6.25 so that's basically the idea ideology for cross Zone load balancing so if you're going to have Instances across multiple zones then it is better to go with Crossroad load balancing because uh if you think there would be equal number of servers in both in both the availability zones if you have an auto scaling Group which does
similar actions and if you think always there will be similar number of servers then go with cross Zone load balancing disabled but it's it's always better to make it enabled okay so this is basically crossover Road balancing okay So now let's start with the application load balancer to be very simple application load balancer is used when you have multiple features within the same website so let's say example.com blogs and there is another website example.com streaming so the first site is for blogging example.com blogs and this second site which is for streaming streaming videos let's consider
streaming videos on the apart artists example.com streaming so now let's say If somebody is searching for example.com they'll be taken to the home page so if they are searching for example.com blog so or blogs they'll be taken to the blog website if they are searching for example.com streaming they'll be taken to the streaming website okay so now if they're all in the same case if develop them all in a single load balancer I don't think that would be fast enough so if you go with Application load balancer you basically get an advantage of searching through
the headers and according to the incoming port numbers so what you will be doing is according to the incoming header the HTTP header or the path or the other query so according to the incoming request from the user you can basically make sure that the traffic is redirected to different server groups okay so let's say there are two Auto scaling groups uh the first order Scaling group has the example.com blogs website the second Auto scaling group has example.com streaming website so now whenever somebody searches for slash blogs they should be taken to order scaling group
one which has that website whenever someone searches slash streaming they should be taken to the second order scaling group so because it has a website for that particular purpose okay an application load balancer you can Create a rule so for example whenever a request comes in it will first have to go through the rule so the rule is basically you can create a path based rule so whenever somebody searches for example.com blog or example.com blogs they should be taken to the order scaling group one so you can create a rule for this and then there
will be another rule so if obviously if they do not search for that there you can add a second rule which says that if you are Searching for slash uh what is the streaming so in that case you should be taken to Auto scaling group two okay so this is the second rule so let's say even the second rule is not they did not search for streaming they are searching for example.com contact us so example.com contact is the website name so now if somebody is searching for slash contact then they should be taken to another
instance which has to contact us web page running inside of it so These rules you can provide and save it so now the incoming first we go through all of them if it is someone searching for blog's website they will be taken to the order scaling Group which has the instances for the blog website if they are somebody who are having the uh who are searching for the streaming website they'll be taken to the servers within the streaming website okay so yeah so this is basically the basic purpose of applications or balancing but within That
there are so many different topics to discuss about so this is the source the request can come in from any anywhere doesn't matter and a Amazon Cognito uh certificate manager and WF so Waf can be used for a firewall so application load balancer runs on the layer 7 so you would have a layer 7 firewall so that you could have security for unauthorized access in that particular level a TLS offloading you would get a certificate you can you Won't be provided with the certificate but you can basically get a certificate so that it is much
more secure for you it would be https so that it's much secure and Amazon Cognito commercial identity provides so this is basically let's say you want them to identify via commercial identity that is if you want them to login into their Amazon site or if you want the login to be the Facebook one or the Google one you can do that using Amazon Cognito or you can just Create a another application custom admin folder okay and then there is uh targets so targets are basically the sites and the places where you will be connecting uh
so sorry the application load balancer will be taking the requests too right so you can have easy to Auto scaling group Lambda far gate eks ECS or directly to an IP address so directly to an IP address that basically means it could be an easy to server it could be an Azure server it could be a Gcp server it could be an on-premises server it doesn't matter so yeah so these are the different targets which you can connect to the education load balancer yeah so this is basically application load balance so you can do path
based routing and uh yeah so basically various kinds of content based routing it has multiple load balancing algorithms which you can use and accordingly you can figure out the entire architecture okay so now coming To the second one which is the Gateway load balancer so over here you can see this is the source the internet or internal workloads destination again internet or internal workloads so this is mostly for could be used for an internal application uh so to be very simple Gateway load balancers are basically used for the virtual resources within the account that is
a gateway load balancer is a balancer between multiple load balancers within the Internal architecture so let's say you have the ec2 auto scaling group over here okay so custom firewall so everything is basically set up over here it could be anything it could be let's say you are running inspector inside of it or you are running a firewall inside of it or you can create an intrusion uh detection on a prevention system you can run that inside of the auto scaling group easily instances so again on all of that and then you have the Gateway
Load balancer to redirect traffic to this particular application okay and then you use the AWS private link to establish connection between two different vpcs or two different let's say the on-premises and the network level the on-premises and the AWS level so you can connect them using AWS private link so source and destination are unaware of where the traffic is coming from so basically uh let's say the source is uh me trying to access Something from my local PC but I let's say I'm a private user who has access to the application so I'm trying to
access it I'm doing something trying to send something to the destination so now before going to the destination uh first the in-grounds routing and Route tables will check if I'm allowed if I have access to it and once they know that I have access to it I will use basically the private link will enable connection between the destination but now the Private link is also connected to the load balancer so I'll be taken to the load balancer okay I'll be taken to the load balancer once whatever task which I'm sending is done it'll basically again
redirect the traffic to the destination so now the source and the destination do not know exactly where the traffic is coming from so that's exactly why we need this particular setup the Gateway load balancer this will especially work for uh two if there Are two private entities trying to contact and in that case using a Gateway load balancer to making sure that you are establishing connection between them without risking any access and authorized access then go for a Gateway load balancer okay so this is done and finally a network load balancer a network load balancer
again uh it's a layer four you can see application load balancer layer 7 according to the Osa model Network load balancer uh layer 4 And Gateway load balancer is basically layer three layer 3 plus layer four so it works on both the layers because it does both load balancing and also making sure there is a security level right so that's exactly what okay so now coming over here yeah so a source could be from the Internet or Internet workloads or AWS private link doesn't matter so where it can come from any of these uh so
AWS Private link in the sense it could come from a non-premises network or it could come from another AWS account through the AWS private link so on network load balancer does load balancing in the layer 4 using the protocol so the TCP or the UDP connection base so it could be a TCP connection or a UDP connection and it also is very low latency so the layer for load balancing is much faster than the application load balancing and also much safer uh okay so again AWS Certificate manager is connected to the load balancer in order
to provide extra basically Security in this case okay so now it goes to the network load balancer so what it checks for is you can set up a particular networking balances so if you go for the application one so in this case you can only set up for HDTV and https or web websocket so all these basic stuff so I showed AP https and grpc and websocket that's it these are where the requests can come in from These are the only places which uh application load balancer can get in requests from but when it comes
to a network Cloud browser it come from anywhere and it would come from an AWS private link also because it's going to listen to the layer for it it would basically look for a connection based via a TCP or a UDP protocol it could be any TCP protocol or any UDP protocol but in these cases they have mentioned the TCP protocol which it can read so you Can only read the HTTP and https and https versions okay these are the protocols which it can read in this case it can read all TCP and UDP protocols
okay so this is basically Network load balancer and again the targets could be the same targets as these and also in this case an infographer could also have a application load balancer as a Target because so I will show you guys this right so there is another load balancer inside so this is the app let's say this Is the application load balancer let's consider that and then there's a network load balancer I'm the network load balancer could have a Target as an application load balancer which is splitting the connections as well so the network load
balancer could be used for a different purpose and in this case a network load balancer could be used for the purpose of diverting the traffic in the internal traffic according to protocol which is a requesting firm okay So this is basically anbook load balancer and finally let's just discuss the differences between these load balancers and then we'll start off with the demo for the load balancer and yeah so once that is done I think you would be covered with everything you will understand all the concepts because whatever Services we've done we've already covered the demos
for it we will just do a demo which involves Auto scaling which involves ec2 And few other AWS resources and then so that would give you a better idea right what exactly we're doing so that's what we'll do after Network load balancer so once this is done we'll be I'll be showing you a quick uh demo involving Auto scaling groups application load balancer ec2 instances and few more services like Cloud watch and uh like we can also say IEM because everything will be involved together but we have not learned IAM yet so Remember that we
have not learned I am yet I have not covered IAM so I'm not going to cover it extensively it might come in because it's one of the important Services okay so now load balancer type application load balances layer 7 Network load balancer is layer four give you load balancer the Gateway is layer 3 and the load balancing part is layer four classic load balancer could be either four or seven Target type we already saw uh application or Balancer only allows IP addresses instances and uh Lambda and also it allows ECS but again ECS also will
only provide IP address so this one's easy as eks of far gate all of them will also provide an IP address so that doesn't matter uh instances would be easy to Lambda would be the Lambda function the same thing but instead of Lambda it allows application load balancer Gateway load balancer only works with IP Addresses and easy to instances and uh can it terminates flow or proxy Behavior so application load balancer Network load balance and classic load balancer looks for and terminates proxy Behavior but Gateway load balancer cannot do that because it's internal the traffic
is coming in from a source which cannot know so it cannot do that but the other three will do that and protocol listeners as I told you it only listens for HTTP https and grpc okay so these Are three protocols which it listens to which is very limited because it's the application load balancer application Level and but Network load balancer listens to all protocols which come under TCP and all protocols which come into UDP and also the TLs one that is the certificate related okay and then Gateway load balancer it only listens to the IP
address and classical dancer listens to again TCP SSL and TLS and https And finally how it is reachable the application uh load pencil is reachable VIP VIP a route table entry so VIP in the send sector it can be reached just by providing the domain name of the load balancer but Gateway load balancer you cannot do that you will have to provide it in the route table only then it will work so uh that's it about load balancers guys so we've seen everything about elastic load balancing so now let's go ahead for the final demo
which We'll be doing uh so once that is done we'll be done with the tutorial I hope you are a good time so now let's start with the demo so guys let's start with the demo so this will be the final demo where we'll be clubbing together multiple services so we will be using ec2 we would be using order scaling we will be using elastic load balancer and also we would be interpreting Cloud watch alarms into it so we are using four different Tools In order to create this one particular project so what we're going
to do is we're going to create an architecture which uh will resemble the instance distribution part which we did right in the PPT so basically there would be an elastic load balancer at the top there would be two Auto scaling groups and the load balancer will take the user to the particular websites according to the input they've done okay so that's exactly what is gonna happen it will be Even better when we do it because that's what you're going to see right you're going to see the live output of how what we're going to do
so if you want to do this project please follow through so first thing we've already created in Ami which says hello world this is server one page right so now we need another Ami which would be for the second page okay it will be for the second server so first thing we'll have to do is we'll have to create a server so I'm just Going to do it quick because I'm pretty sure you guys already know how to do it so I'm just gonna follow through the same steps without wasting any uh time and I
need to allow rule http because it's going to be a web server right guys you can select an existing Security Group also no problem launch I already have a key pair and launch instance okay so now what can I what I can do is I can now I can login into this and I can basically launch a web server inside Of it and once I launch the web server inside of it I'll be creating another folder within the web web servers folder and inside that folder I'll be putting another file okay so basically it will
be searching for that particular directory so that's what we're going to do okay so let this get created let's just wait until this is available once it's available we'll connect it okay so why so while it's getting created let me just explain so first we'll have two Amis right so two Amis we already saw how to create a launch template so we already have a launch template for Server one so for one order scaling group we already have the launch template so now we'll have to create a launch template for the second Emi which you
are going to create right now so once two launch templates are ready now we can create two different Auto scaling groups which will have two different features of the same website inside of Them okay so now then when we have two different Auto scaling groups now it has one feature one uh so the second order scaling group has featured two so now we should make sure that the elastic load balancer takes the user to feature one if they are searching for future one and it has to take the user to feature two if they are
searching for feature two okay so that's what and one more small addition I have to make is that this particular I'm going to create another Ami because I'm going to I might delete this because I want to include one more thing so we can create two a minus from the same server we can do that okay it doesn't matter if you are using the same instance to create two Amis but the only thing is you should change what is inside the instance before creating the server okay so actions connect I'm just going to connect right
here I'm not going to connect it with you with SSH because I just want to install and yeah So I'm not going to extensively use it if you're going to extensively use it connect it via SSH because that's the much better option okay so here first I'm going to update it sudo apt updates so then sudo APD to get install apache2 from installing the web server in this as well so the web server is installed let's see if this is visible first of all Yeah so the apache2 web server is visible uh okay so now
what I want to do is I want to go to the location where it is sorry www.html so here I want to create a directory called tutorial right okay so there is a directory called tutorial now inside the tutorial directory I want to create a index.html file okay so now sudo Nano Index.html okay so here I'm just going to type hello world this is server 2 tutorial page so this is just to identify the difference Okay so yeah so this is basically to identify the difference so now let's do the same thing let me open
this let's see if this particular website is visible if I search for the tutorials okay now you can see right if We search for that particular path it takes us to that particular paths web page so that's the difference between This Server and the previous server so now what exactly will happen here is so whenever people search for this just the direct elb elastic load balancers URL they would get the default page so not this particular default page This Server which you've created right this is server one page so that would be the default page
so that will be visible but Whenever people search for tutorials they have to be taken to this particular server okay so that's what we are trying to achieve so in this case in the demo it won't be two servers it should be two different Auto scaling groups Auto scaling group number one will have that this is the server one web page how to scaling group two will have this server 2 web page so whenever they search for the URL it will take them to Auto scaling group one whenever They search for tutorial it'll take them
to Auto scaling group server two in this way it is balanced it is basically balanced using the application way so we are going to use application load balancer because it is basically balancing the load according to the application which you're searching for right and also it is searching for the header that is it's doing a part based routing so that's what we're trying to achieve over here okay so we've created This so now I don't need this instance but I just need the Ami of this instance so let me create an Ami and then once
I've created the Ami I'm just going to delete it so I'm going to name it as server to Ami and create it okay so server one server two we both have we have both the Ami so server 2 is getting created okay so now am I is getting created now let's create a launch template for this particular Ami So you guys know why we need the launch template right to create a auto scaling group so because we've already covered that in this particular tutorial if you are new to this stream please go back check out
the order scaling part or just come from the start learn all the services so that you would get a better understanding of what you are doing here because without knowing ec2 there is no purpose of learning Auto scaling or elastic load balancing okay So I'm just going to name it as server okay let me just see what is the launch template name here server one template so I'm going to name it as a to template uh this is for server to tutorial page come down Ami specify custom value I have to let me open this
in a new tab this is the Ami ID Copying it down specify custom value or I think if you just search here it'll also show that let me do that yeah server to Ami I've selected it uh next coming to instance type I just wanted Tweety to do t2.micro because again it's for practice I don't need an expensive instance keypad name I already have a key pair in my PC it's Tutorial key if you already have a keypad just use the same one if you do not have one create a new one and attach it
Security Group I'm gonna use 53 or 54 because launch was at 53 or 54 both have both are allowed for SSH and also HTTP so I'm allowing that um so everything else I just want to be the same so I'm just going to create this template so two templates are done guys so now we can create two different Auto scaling groups with two different web pages running inside of it okay so that's why we need two different templates okay so now before we move on to elb Let's create the auto scaling groups quickly we know
how to create auto scaling groups again if you do not know how to do it please go ahead to the auto scaling group part of the session and learn it and then come back over here so I'm going to provide the name this is server one So one group launch template.71 template next let it be the same BBC I want the instances to be in 1A 1B and 1C uh the server 2 1 valve put it in yeah I want it to be across one a one b and one C so when we are launching
right you would see that the two instances are in two different availability zones so that if one availability zone is down the other one would be running and that would make sure that there is certain High Availability for the server okay High availability for that particular web page okay so now I'll just make the health check grace period 100 enable metrics let me see yeah so I need Matrix for the group so I'm just gonna provide group metrics collection within Cloud watch next desired capacity I want two instances minimum one maximum of four instances right
now I don't need any Scaling policy and next I don't need a notification for now next next yeah so pretty much that's it I'm getting an auto scaling group for Server one okay so one is done so next the PC uses Ami is available now if the Ami is available we can create the launch template for number two as well so the AMA is available so let's go ahead and create the auto scaling group server two group Lunch template is going to be server to template and then everything else would be the same here again
you can select different availability zones next no load balancer for now I'm just going to make this again 100 seconds I need the metrics next so why do we need the Matrix is that you can analyze the auto scaling groups even better to get a better understanding of your tools okay So you can understand how your auto scaling group is performing and you can do it just using Cloud watch you'll be given all the metrics in the cloud watch tool you can just go ahead and create a dashboard for a lot of scaling groups and
within just the One dashboard you can view every single thing okay again desired capacity I just want to maximum four okay next I don't need it so I'm just gonna skip this review And then create the second Auto scaling group okay so two order scaling groups are created so server one already has created two instances let's check the instances okay so it has been created so you can see the first instance was created in 1A second instance was created in one B okay now let's see uh one more thing what exactly is within this instance
right so this is server Fleet number one And this particular server does not have in the tutorial directory so that's the difference right that's the difference we are trying to achieve so this has this feature which is server Fleet One let's just assume this is one feature server Fleet uh number one okay and once our scaling group 2 is done so both the instances are launched both are healthy so now if we View there are five instances running I'll delete one instance which we created This was that instance let me just delete it this was
an instance we created basically for uh creating an Ami so I'm just deleting it because again it'll be getting built when it's running so I don't want that to happen okay so now just go over here it's 240. give this instance copy and paste so this will have the Apache web server or default page but I don't Want this to be visible I want slash tutorial page to be visible okay done okay so now we have both the auto scaling groups available so now let's move on to load balancers so that's what we need okay
so before moving on to load balances I just want to show one more thing automatic scaling where we can include a dynamic scaling policy so here I want to show you guys how we can implement the cloudwatch alarm into this so before we Move on with this let's say you have to go to step scaling okay so now first let's create a cloud watch alarm which will let us do this okay first selecting the metric going to billing so I'm going to select the auto scaling group group metrics I want the auto scaling group number
one I don't want any auto scaling for my group number two server two so I'm just gonna use server one group okay so this is not required let me go Back go to ec2 by Auto scaling group okay so I'm going to select CPU utilization I'm gonna come down yeah over here I want it for Server one group right yeah so I want to check the CPU utilization of server one group over here you can see this is the easy to save utilization this one orange one and green is the service capacity okay so what
happens here is if it has four Instances it will combine and uh basically check the average CPU utilization for all the instances So within the server one group how many other instances are there it will use the same metric Okay so and go with this let me do one thing let me I think I've selected one more in the auto scaling group I'm going to remove that metric first yes I've selected the metric CPU utilization Server one group for a minute average okay so now we already know so it was at 36 percent now it's
at like 0.19 percent because there is no usage so now let's say whenever the CPU utilization goes about 80 percent I want another instance to be added so that's what I'm providing over here that's the condition whenever the CPU utilization goes above 80 I want one more instance to be added but right now I'm not mentioning that one more instance to be added that we'll mention Here okay okay so if it's greater than or equal to 80 then we would need what we would basically add more instances so right now the alarm is that whenever
the CPU utilization goes above 80 percent and stays there for one minute that basically means this particular Cloud watch along will go into the alarm State okay yeah so it will it will be an alarm whenever it's in an alarm state it will Trigger so I don't want any notifications I'm going to remove this and right now I'm not going to include an auto scaling action right here because we'll be including that here we can also do that here but I don't want to do it right now but again it's the same thing you can
include it here or you can include it in Auto scaling group I'm going to name it as one CPU alarm next So you can see here right so this is the percentage so if it goes beyond this for a minute completely then it'll basically go into an alarm state but right now it won't go into an alarm state it will be in the OK State only so first it will be an insufficient data and after a minute of collecting data it will go to the okay State Okay so we've created the alarm now let's search
for let's refresh and right now you can see there is an alarm right so done okay so now a Scaling policy name is going to be capacity planning server one okay so now add one instance whenever the CPU utilization goes above 80 but not here so whenever CPU utilization is lesser Okay so we've added this let me just do one thing so okay so capacity planning Cloud watch alarm So the action is ADD one instance when the CPU utilization is greater than or equal to 80 and and minus one instance so I can't go minus
over here because I can only go in plus but I don't need this because we would have to create another in policies so I'm just going to provide 100 okay so this is basically for adding more instances okay this step scaling policy so if it's above 80 then I want one instance to be added we can Add another step so it can be two and this could be like let's say 40. or this could be lesser than that this could be 40 and this could be 20 okay so it's totally your wish so if it's
40 in that case I want one more instance we added so that's basically what this is for so I'm not gonna add it so let it be if it's above 80 percent I just want one instance to be added whenever it is available okay So I'm creating this scaling policy so now whenever whenever it goes above 80 percent for 60 seconds it'll automatically create one more instance so now we can create another one it doesn't matter like it's not like there can be only one instance so one scaling policy there can be multiple so if
you go to scaling policy over here I can create another one or let's say capacity planning 2 I can choose another scale alarm which I'm going to create so let me select the same alarm remove instances so again so this is basically if it goes above 80 it will remove one instance but it will contradict with the previous scaling policy but the thing is this particular alarm I would have created it as if CPU utilization is less than or equal to let's say 30 percent for one period of 60 seconds then remove one instance so
that basically means I create another Alarm and attach it so I'm not going to create another alarm and attach it because so I think you understood the purpose of this right yeah so this is basically uh how you can create scaling policies you can create two different simple scaling policies or you can have one step scaling policy or you can have a scheduled action at 5 PM you can create 10 instances or delete multiple instances so that's totally your wish this basically scaling okay so now going Back okay so guys we've done the first part
we've used Cloud watch we've used ec2 and we've used auto scaling groups finally we'll have to use elastic load balancers okay so now going to load balancers so again we're going to use a application load balancer we are not going to use the other ones so I think I've already explained them but I'm just going to give a very brief so why we are using application load balancer because our applications which are running in The auto scaling group instances are using the web server which uses the HTTP protocol so if you are not using any
other protocol if you're using the HTTP or the https protocol you can directly go for the application load balancer so that you can load balance it according to the path if you need layer 4 load balancing then in that case you can go with networkable balances so you can balance it using the TCP or the TLs or the udb protocols most commonly TCP and TLS is used and Gateway load balancer again it's basically for internal purposes so it it is to redirect traffic from one source to destination so that the destination wouldn't know where this
traffic is coming from so we're going to use the application load balancer for this particular demo so uh let me click on create okay so now just follow me through if you want to know how exactly it works you can just read this so your client makes a request to your Application so your application's first point of contact would be the application load balancer right the application load balancer is where the client's requests first comes in so in your application load balancer there would be listeners so listeners are basically the port number on the protocol
okay so it could be HTTP port number 80 or https port number 443 so you can configure that according to what port number and what protocol you are Using for your application okay so the next thing is that receive receiving listener is evaluates the incoming request against the rules you specify and if applicable routes the request to the appropriate Target group so a Target group is what we will be creating so there will be two target groups each one for each outer scaling group so a Target group is the one which the application load balancer
will take you to according to the rules you specified so the rules Is what you're going to specify the rules basically would be if someone searches for URL they would be taken to server 1 order scaling group to the server one Fleet of servers if someone is searching for the URL slash tutorial which is a path based they would be taken to the second set of servers so that is the auto scaling group two okay so and our listener would be using HTTP port number 80 because we are using Apache 2 and Apache 2 listens
basically Runs on port number 80 and uses a protocol HTTP okay so this is done healthy Targets in one or more Target groups receive traffic based on the load balancing algorithm you choose and according to the routing rules you have specified in The Listener okay so now we've already did this part that is the auto scaling group is going to be the receiving end so now we'll have to configure the load balancer part where we'll have to create the load balancer And basically create a listener which will listen to port number 80 uh HTTP and
then we'll have to create rules in order for a user to be taken to the right server group okay so that's what we're going to do so to start with we are going to provide name so I'm just going to provide as let's say scalar AWS load balancer it's going to be internet facing so the difference between internet phasing and internal is Internal you could only so the clients will be taken to the targets using the private IP addresses but internal is used for load balances you are creating an application for within your let's say
a company but in a closed environment in that case go with internal internet facing is when you are getting requests from the internet like I'm giving a request to this particular application from the internet that is I'm typing in the domain name or typing in the URL Okay so then that would be internet facing and then address type I'm just going to use ipv4 you can also go for dual stack because if you have enabled IPv6 addresses for your instances then there would be no problem it will still work okay so Network mapping okay so
this is really important so let's say if your auto scaling group has servers only on USC one a and one b and let's say you've not selected one a if you only selected one B one C and One D the instance which is running in US is 1A but not get any traffic in it so it is better to select all the availability zones if you are not sure of in which particular availability zones you have instances running on if you are sure let's say your auto scaling groups only have instances in one a one
b and 1C then you can just select these three and your load balancer will only get mapped to these particular Availability zones so availability zones that are not supported by the load balancer or the VPC are not available in the selection but all these six availability zones in region northwest Virginia is available so once the load balancer get created all these subnets will get added to it okay done so then you can select the security group of wiringly it's just using the default Security Group so I'm just going to leave it because I want all
traffic I Want anybody to basically type in the domain name and get access to it okay so now so the first thing is port number 80 protocol okay so it should be forwarded to server one target server two Targets so there are two Targets over here so I'm not going to provide anything over here right now because I have not created any Target groups so before providing that let's create two target groups for our two Auto scaling groups okay so I hope you guys understood till Here right till this part security groups so now let's
create Target groups and then let's come back and let's resume the load balancer creation okay so first it's going to be instances it's not IP addresses or Lambda function or application load balancer okay so Target group name is going to be so server one uh let me just provide Target to one server one okay uh it's going to be HTTP port number 80 protocol version it can Be HTTP HTTP 2 or grpc I'm just going to keep it as http 1. so health checkpath is going to be this so it'll basically send health checks to
the root and uh yeah so it will check if the application is working or if the servers are healthy or not the servers are healthy only then the load balancer will redirect the traffic over there so over here you can select the instances but I'm not going to select the instance because we have to attach a auto scaling Group to this so if don't select individual instances here so don't register any Targets while creating the target group just create the target group once we create the target group then we can do it so over here
you can just go here and uh edit attributes you can also select the load balancing algorithm so you can choose round robin or you can choose a least outstanding requests so yeah so I'm just going to go with round robin Round robin will basically select a random server and basically send the request over there okay so we've select created one target group let's create another one so it's the same thing only only difference would be the target group name here server two everything else will be the same again I'm not selecting anything create Target group
so right now we have only created the target groups guys so now The application load balancer we are creating we have not created yet so we've created two target groups and we've created two Auto scaling groups so now how exactly you will establish the connection between the load balancer and the auto scaling groups so that's why we need Targets in the middle so load balancers or scaling groups so the load balancer will take you to the right Auto scaling group according to the Target in between so now there are two Auto Scaling groups with two
Targets so if the load balancer is taking you to Target one then you will be taken to Auto scaling group one if you're taking two target two you will be taken to Target hot scale in group two okay so now we'll have to connect it to Target one and server Target two right so for that we'll have to go to auto scaling groups so I'm going to select this edit over here load balancing right you have To select your balancers click on application Network or app Gateway load balancer Target groups so select the target groups
and the target group I want it to be connected is Target one so one okay done and that's it update so now we have attached server one the auto scaling Group which has the server one to the Target group one okay so now we have to do the same thing over here edit Select here and we're going to connect it to Target Two okay so now provided that just update it done so we have now attached the auto scaling groups to Target so now we only have to do the thing we'll have to do right
now is basically to combine or connect the load balancers with the target groups which is already connected to the order scaling groups so if there is already a connection established so the only thing we'll have to do is Change here so now whenever people are just typing in the URL of the load balancer they should be taken to the Target one so server one right okay so now this is basically the first listener I just want this listener to be available right now okay regarding the target two we can create one more here but I
don't want that I just wanted to listen to port number 80 because both the servers are running in port number 80. The default action is going to be default action in the sense whatever happens if you are searching for the load balancers uh URL you will be taken to server one okay you won't be taken to the auto scaling group two you'll be taken to the auto scaling group one so for now let me just create this so once we create this then we can change the roots okay so create load balancer and view load
balancer okay so load balancer is getting created guys over Here if you see so this is the DNS name so DNS name in the sense this is the URL so right now if I type in it won't be visible uh so it has to be running so right now it's provisioning so once it's available only then it will be showing you so right now let me go to listen uh the first thought is yes so this is the listener the one listener we've created right so by default it will take us to server one that
is auto scaling group one so we can edit the rules for for it To do something else as well so to edit the rules just click on plus and click on insert rule add condition I want it to be done according to the path number sorry the path value so if somebody searches for slash tutorial slash tutorial slash okay I want them to be taken to Target to server 2. if this is the target which is connected to the auto scaling group number two right so that's what I want okay so Traffic distribution also can
be made so for example let's say there are two target groups let's assume there are two target groups uh which has the same website running inside of it so you can basically change so let's say you can provide this as 70 uh or you can just provide it as seven and you can provide it as three so the traffic will be distributed 70 and 30 accordingly so 70 of the incoming requests will go to this target group 30 Will go to this target group but right now if people are searching for slash tutorial or slash
tutorial slash I want them to be taken to Target too okay so Auto scaling group server two but by default I want them to be taken to the Target one which is the auto scaling group number one so this is the Only Rule I wanted to add so now let's save it and yeah so that's it we've saved it so now going back yeah so let's just view if The rule has been updated so yeah so that has been updated let me go back okay so the load balancer is still provisioning and okay so now
I've refreshed it so it seems it's active so here you can basically see right you can see the connection requests and all so right now there are zero requests zero requests have been made so this is the this was the uh URL so I'm just gonna go back foreign Go back to monitoring go back to requests so let me provide us the last 15 minutes okay there were no requests okay so now when I type in the URL of the load balancer I am taken to the auto scaling group number one right so what should
happen when I type tutorials what do you think it should happen should it take me to the same server or it should take me to the server too so it has taken me to the Server too it has taken me to the auto scaling group number two so we have two Auto scaling groups whenever we search for the default page it will take us to the default page if we search for tutorial page it will take me to the server too okay so let's say if I search for something else it will say not found
because there is no website or there is no web page in this particular directory and we've not covered it in any of the rules okay so I Hope you guys understood how exactly this is working right when we are searching for the domain name it will take you to Auto scaling group number one by default but when you are searching for a particular pathway we've provided in the rules in the load balancer it is taking me to the auto scaling group number two so let me go to requests and now you can see there was
you can put over here okay so let me just refresh this once again okay So now let me click on this so you can see there were five different uh requests so this will keep increasing if we keep refreshing it if I search again just for okay so now I have searched it twice again so let me just refresh this or Let me refresh over here so it will take again some time to show here then Target response time this is showing how long it took for the website to be loaded so it took 0.8
milliseconds over here you can see it took 0.8 Milliseconds we can see so it's http role evaluation so how many times the rule was evaluated the rule got evaluated five times active connection count there are eight active connections so this is a basically HTTP 400 counts Target connection errors if there were any errors when connecting with the target if it did not work that will show here let me check last 15 minutes if There was any error it will show here but there were no errors that's why it's not showing okay so now again there
were five connections at this particular point of time and there was one connection after this so there was one zero connections here okay so the total connections can be monitored right from here guys uh it could be the maximum yeah so five one one it could be the average Or it could be the sum yeah you can provide it accordingly there were five requests one request zero requests yeah so it basically changes and Target response time the first time it took 0.85 seconds second time it took some 2.24 milliseconds it'll again reduce after some time
let's see the last five minutes so I showing the average uh let's see the maximum maximum it took 2.24 I want to see the sum of Whole so sum it took 6.52 milliseconds so the total response time was 6.52 milliseconds so there was rule evaluated it got evaluated five times and it got evaluated one time okay so the active connection count got reduced HTTP 200s so this is basically successful connections if there were successful connections it will show here uh process by its new connections which happened so everything could be monitored right from here now
so that Basically is auto scaling so Auto scaling and load balancing guys I hope you guys understood so let me go to auto scaling groups I just want to show you one more thing that is the monitoring so here you can view the auto scaling groups monitoring okay so over here we can see pending instances total instances there were two instances and there are still two instances instances were not Increased total capacity terminating capacity Yeah so basically you can check out everything right from here you can check out individual Matrix of the ECU instances from
here as well so CPU utilization can be viewed here so let's see the last 15 minutes so you can see CP utilization of the ecd instances this is the average you can see the maximum we can see the minimum so everything can be viewed right here so this is basically it so we've combined Ec2 but scaling uh load balancing and also we've combined Cloud watch in order to create this particular demo so I hope you guys understood and also please try to do this by yourself please try to understand each and every step of doing
it so you can learn ec2 or scaling you can learn load balancing you can learn Cloud how to use cloud watch and create Cloud watch alarms how to set up a scaling policy right from this particular tutorial so I hope you guys Have understood so that is the last part guys so if you want to know how to delete the load balancer so the first thing you'll have to basically do is delete the auto scaling groups and once you've deleted the auto scaling groups delete the so let me try to delete this okay so the
load balancer got deleted and then you can delete so cleanup is also important because if you just let them run that will not be a good idea because you'll get build after a certain Point of time so I'm deleting the all scaling groups and then delete the target groups if you don't need them Target one and Target two so when I delete them let me see if they're deleting yeah so they got deleted and one more thing is that if you delete the auto scaling group The instances attached to the auto scaling groups will also
automatically get deleted so you can see Every instance is getting shut down so you don't have to go back to the ec2 console and delete them and so Amis also will get charged so if you don't need the Amis you can also delete the Amis so just deregistered and done so this is basically a cleanup I wanted to show so I've deleted the auto scaling Loop the load balancer I've deleted the Amis I've deleted the target group so everything has been deleted successfully so if you want you can just go back to Uh Cloud watch
and go to alarms and also delete it so under free tier you are allowed to have 10 alarms at any given point of time so you can have 10 alarms but if you go more than that you'll have to pay for each alarm also so one more thing I wanted to just give you guys so you can view the bill in the billing dashboard so if you're using all the services within this retail limit you won't get Built if not you will get the bill over here and if you want to see the bill for
each and every service you've used you can view it over here so how much you use for load balancing over here you can see right so this was for the load balancer which I created right now so you will get charged because mine is not a free tier account so I'm getting charged if you are under free tier you won't get charged for this because you would have a free tier capacity an ec2 Same thing so according to that make sure you use your free tier try to utilize your free tier to a maximum try
to understand all the AWS services to the maximum so that's basically it guys so thank you so much for attending this particular AWS tutorial so what exactly is an IAM full form no it says that identity and access management right so is that a simple random name that they took from the dictionary or does it mean something Right so I believe if you wanted to learn something you need to ask questions right so the first question that we're going to ask is what does it do right so that's a good place to start to understand
anything right so it does two things right so it does authentication and authorization it doesn't say that no we are going to do that explicitly but behind the scenes these are the two broad things that it does right if you want me to explain About authentication it's a pretty basic uh thing but in the context of AWS IIM right so when I say authentication so we have identities right so identities are basically for example you're logging into your AWS console right so you will be creating a username for yourself right that would be an identity
and in the similar way there are multiple identities uh that are that can be used in AWS right so in order to access something so authentication is basically You know taking your identity and verifying its authenticity if I have to give an example uh basically the ID card she used to enter into a campus Building and all things like verifying the password and all these comes under authentication and under authorization uh basically once you figured out key uh identity is authenticated but AC authorized to view the service it's that's the question right so this is
with authorization comes into Picture and these two are pretty pretty basic uh terms in general context but uh since we are trying to understand what im is we need to you know nail this down right so we need to make sure that we are understanding it perfectly because Small Things add up and they get complicated right so if you are not 100 sure about the Small Things uh then you need to take care of that so basically authentication takes my identity Verifies it authorization uh it checks whether it can access or not is he authorized
to view or not right so I these are two things authentication and authorization what is IM again if I have to Define it in a sentence AWS IM it's a web service that helps you to securely control access to AWS resources right so you basically use im as we discussed previously to authenticate and authorize user to use resources right so if I have to take a definition From AWS website so aw is used to centrally manage a couple security permissions for any identity requiring access to your AWS account and so if I have to give
an example right so if your familiar with AWS services in any context or any scale uh having the ability to access a particular S3 bucket to access some personal files or companies uh secret PDFs Etc so this is where you know you Have to be uh the IM user to that account and you should also have view permission on that bucket right so this is where I am comes in how is it done this is achieved with the help of multiple features that IM has right so if I have to name them users groups roles
policies and many more right so these are few different features that we use in IIM now to be able to do the identity and access right so I am pressing on the word identity because Identity is anything that is used to get into a resource right so identities can be users groups roles Etc right we'll get into get more uh into what exactly identities are later part of the video so let's understand a couple of a few interesting facts about AWS right so again aware about AWS right so AWS has uh my services database are
uh not Global in nature because they are tied to some uh zone right but uh AWS I am it's a one of the fewer Global Services right so when I say that so it doesn't matter if you create your IM user in any region right so it could be Frankfurt Mumbai uh us any US1 a1b Etc so it's a global Service you can only create one user and that would be enough for all the regions and where do you find I am it it is found on the security and compliance service list most probably the
AWS IM would be the first service that you use uh when you are trying to access some of AWS Services you're trying to leverage AWS Services rate so ideally IM should be your first service that you use right so even your account setup and all right so and also one practice that AWS advises is that never use your root account right so this is where IM comes in so whenever you create a new account use your root account to create an initial user give him all the admin purposes and never use your root access keep
ropes safely in a Shelf and use the initial users that you created and that user can create groups rules Etc so now let's understand uh what exactly are IM users right so I've been using this term multiple times I am user right so remember the identity aspect that we are talking about that is what I am user is so if I ask the question right who is that user right that often refers back to I am user instead of uh basically sharing the root credentials with everyone we create IM Users for individual users in our
account and such that everybody in the organization can use AWS right so this thing I need to focus on right so AWS account is uh generally expected to be used by a organization right so it is at least I feel right so I feel it in that way right AWS is not a user first it is always organization first your organization uses AWS or your company uses AWS you are uh College uses AWS Account something like that right but yeah each individual users can use it uh it's not a big deal the initial philosophy I
believe was an organization can have an AWS account and all the users can use it right so it is pretty uh impractical for that for each user to have a new account right so generally create a root account and we let everybody access it so that's how organization aspect comes into the picture basically we never share the Root generations with everyone or anyone and we create individual users for them that is what im user is so as I said I am users are not separate account they are basically users in your account right so you
have account and these user identities right and each user will have its own password depending upon how you create it right so each IM user can have either programmatic access or console access so when I say console access he can log Into console or if you are giving even programmatic access so he can use that access keys and all uh to be able to hit some API through code or awcla Etc right so this is about IM users and things you need to take away are you can create any multiple users under the same account
they are not different users and you can create a login URL for each of them and you have to make sure uh the passwords are given uh such that the Users create a strong passwords and all you can create a individual access keys so that if somebody wants to need a programmatic access to that so you can have instead of giving him a console access you can only give him a programmatic access so let's understand it with a simple example so you have your account uh this is going to be or your parent account and
you can add multiple identities so in our case it would be users and if This is the official uh description I took from AWS website and if you look at it right so there these are users Dev users and these are some real people but if you look at last two identities there are test app and test app one and two right so that should give you idea that uh users are not always a real user it could be a app that would be using that I am using how do I create these users right
so this can be created in multiple Ways the most basic one is uh by getting into AWS console or using AWS CLI or uh directly using IM API right and as I previously discussed we can have two access programmatic and console accesses now that we've understood the theory part of it let's get into a demonstration so now let's look at the demonstration for the IM users right so I'm I logged into my console uh this is my AWS console I logged in through my uh IAM user if I want to access IEM right So current
generally you will find it under you can search for services uh if you look into it it will be generally under security and compliance and this would be IA you can basically search for it uh but just to get an idea this is where it is and you can see that basically AWS no prompts you know to follow the equity practices I haven't added a multi-factor authentication for this uh particular IM user that I'm using it I'll add it uh in A moment and make sure I'll all these are green right so now if I
want to create a new uh user you can find under access management there is a user and click on it and you can create a new user I already have a user called Explorer which I usually use I have created this using my root account now I'll create a new demo user so I'll say add user it will be redirecting me to the user Journey screen and I want to create a new user called as A scalar demo let me do this okay so this will be my new user and as we talked in the
introduction as well we can provide two different types of access to the user that we're creating right access uh key and programmatic access or basically password through which you can sign in using the link right so this is used for programmatic Access so if I am trying to Quality from apis or anything and for now a demonstration Purposes I'll create with password right so it will automatically generate a password or also can give a custom password I'll do automatic generation let's do custom password and I'll give it a H let's do automatic generation and so
there is this button which you can click keep it on so what happens is uh it prompts the user no next time it signs in he has to automatically change the password right so with the password Reset is required so looks good and you can see that um it is asking for us to set permissions we will be learning about these permissions as we move along in the lecture for now I don't create any permissions and I'll give it as a key key is just basically for the identification and I'll give it as use case
let's demo just from identification Purposes right so these are this is my user so he's a user and you can see what are the permission that he have he generally only has a one permission that is a user change we'll learn about user as we move along in the lecture right so let me create a user and that is how you create user right so this I've created this user scalar uh remove and I can basically send email to that Person uh you know whoever is going to use this account or I can basically download
the CSV file right so this will download the credentials that I can directly mail him mail it to him so this is a short demo about IM user let's move along with the lecture and we'll see more about the different topics okay uh so moving on from that demo let's understand what are IM groups it should sound pretty intuitive right so an IM group is basically a group of Collection of IM users right so if I have three to four users doing the same task I can group them into a single IM group but what
okay I did a group right so what is advantage that I'm getting right so basically if I uh create a group and specify permissions for the multiple users right so instead of giving permission to each user I can give permissions to the group itself group has the capability of attaching Permissions to it and when I add a user into that group each user will automatically assume all the permissions the the user group is associated with right so which which makes it way easier to manage the permissions for the users right so let's uh talk about
a use case simple use case right so let's say you are the admin of your company and you you know take care of AWS Administration and permissions right so uh you have your admins group who has all the admin Permissions right and new user joins to your group right so you instead of creating a single user and adding all the permissions to him you can basically uh add uh him at the user that is into the group and the same way if somebody has to leave the organization position into another group right so so let's
say he was previously in the admin group and now he's in the uh it's a support group or on-call group then you can you know remove him from your group and edit him To the group that is associated with that so it basically basically makes it very easy and makes much sense uh to do it in this way right so that is what I I am groups are again this is the example that we talked about it it makes it easier for us uh when we're dealing with the bigger organizations right take Amazon scalar Etc
right I'm pretty sure uh there are thousands of devs you are using who are using this AWS X and each of them need some level of uh I am Permission some level of services that they need to use right so in that case we can create groups for them and add them into groups but one thing there are a few things to take care of is there is a limit in how many groups you can create by default again can be extended we'll talk about it and you can attach policies to a group that Define
what access is user in the group gradient so what are policies policies are basically uh statements uh Which as which no specify what permissions that the group gets in right so we'll discuss about policies as we move along and this is a official uh description from AWS website so the uh specify this scenario where we have admins devs and QA group testers and obviously each required different set of accesses rates admin needs to access everything and devs need to have only Dev access uh tools resources and test also requires Some set of features and tests
people maybe can only view some services and not make changes to that things like that and it gets uh much more deeper into that so let's have we segregate users identities into groups and let's talk about some few key facts that I was speaking about earlier so by default there is a limitation of 100 groups in each AWS account but again almost all the limitations uh can be increased by directly contacting To AWS right so many organizations have corporate accounts and corporate linkups with them and they can uh request for uh uh increasing limits and
all on demand and also each user can be added to at most 10 groups so make sure know your uh creating your groups in a optimized ways such that you're not keep on adding them to multiple users so let's talk about your advantages right so as you said it's uh less stress Uh adding and remove user uh to groups and it is very less Pro to human error right this is a very important point right so every time somebody is making some changes it is prone to error right so I if there is a human
input it is prone to error right so in this way we are at least cutting that error right so we only need to create a group once and make sure we did it correctly and you basically add users as you go along so it makes it less prone to human error in Such a way that you are not giving someone uh permission to delete the entire database by mistake right so that shouldn't happen so IM groups helps you achieve that now let's look into the demo of IM groups now we are going to see a
demo on IM groups right so again it is pretty easy uh as we seen in the previous demo I just logged into my console and I'm in my uh I am service area and I can find groups Uh in the very beginning and I can create a new group there's already a group present in my uh I am which I have previously created now let me create a new group and I'll give it as a scalar demo group and so once I create a group right so I can while creating the group itself I Can
initialize if I want to add any user to this group right so as we see in the previous demo I have this user demo user called scalar demo so I want to add this uh scalar demo user into my scalar demo group like so I can do that here and are there any permissions that I want to attach uh to the group itself so that cannot can also be done straight from here right so you will be learning about policies has been More than the lecture right so I want to uh attach something like uh
easy to full access right so I want this user uh users in this group to have a full access to ec2 uh right so that's why I select this this is an AWS managed policy you will have an about it in as we move along so I'll create a group right so in this if I look into this group I have this user right so He's part of this group and uh yeah as you have previously observed in the previous demo so we did not attach any permissions uh to him explicitly the only purpose that
he has is I am user change password that is because we wanted him to change password but you can see that from the group that is uh is associated with the uh AWS ec2 full access is attached to this person right so I basically created a blank user and by adding him into the group he will be Assuming all the roles and policies that group has right so that's it for this demo of AWS user and let's continue along with our learning now let's talk about IM rules so I am rules I it sounds pretty
similar to what I I am user is but trust me it is there is a a small difference between them right so it is a basically and I have identity that you use uh that you can create in your account and it also has specific for permissions similar to user while uh the IM role sorry I am user is is uniquely identified to one person a rule is not like that so role is intended to be assumed by anyone who needs it right so a person a needs uh to do some certain kind of a
task so he can assume a role that is associated with that right so user has some set of permissions and that particular user will have that user uh access and permissions but I am rule this is transferable right so uh it's like a Template and it can anybody else can assume that role I am rule in order to access the resource that t here is looking for and it does not have like credentials like uh password and uh access keys or anything it's just a rule and it has some policies right so uh it's uh
no session that you create right or each uh API request that you create so in that case there is a simple temporary security credentials right so you don't Even uh see as a naked user what happens behind the scenes but I am really basically to create a role I have some policies and that can be assumed uh whenever it is required and let's talk about use cases right so there has to be a good use case of why we use uh I am Services right so let's let's look at this so you can use rules
to allegate access to user's applications or services that don't normally have access to AWS resources right so As I said previously uh if I want a user to have permission to let's say a specific bucket S3 read instead of creating a user for him I'll can uh ask him to assume their role which has the access uh to do that right so let's say you might need to Grant users in your readable account to that usually don't have or Grant users in one account access or or let's say you have an uh mobile app that
you're creating and it is using a Database like uh AWS dynamodb right so in that case uh you use uh AWS IM rules such that uh that particular app can use that role to make uh queries to your dynamodb right so what's the use cases right so again sometimes you want to give access to users who already have identities right and they are outside your organization right so our you might also want to give access to some third parties uh that cap that needs to perform audit on your social resources Right so in that case
uh IM rules are the go to uh right so I if you start using AWS now uh you will see IM roles being created left and right by default also and you can also do the Custom Creation also there are few different types of AWS IM roles and you need to understand uh these uh to know what we're talking about right so so there are multiple types like say AWS service I am rules right so these are used uh not to able to access certain Services Right so let's say if I want to uh create
a service role which gives me access to ec2 instances right so that that would be AWS service M role right so this IM rule is giving me access to certain Services right and in the same way we have service linked IM Rule and it is little different from what service iron is uh uh to state some facts right so service linked roles are uh predefined and you cannot you can't change them right so they are maintained By AWS right so the service link rules again uh but certain services like uh Amazon Lex these kind of
services have some service linked roles and we'll get into all this once we in the in the videos or in the playlist that we are trying to build and you also create roles for cross account access uh this is an important one and I believe we need to talk about it so cross second access is sometimes uh you need to provide access to uh someone uh Alternative organization so when is the organization outside of your account right say and in that case uh you have a trusting account and you have a trusted account right so
you're trusting this user to access your uh this thing right so in that case you create IM rules such that you are a trusting account can access your trusted account going to next one is role for identity provider again so when is identity provider you might have Observed some of the organizations use oauth or Microsoft active directory or Google or Facebook identity uh to provide access right so you don't go through console to log into your AWS but use let's say Microsoft identity provider or Google identity provider or another third party uh provider to able
to access the AWS that is where uh identity rules for identity provider comes into picture Using this you can provide you can have user users access your AWS using the third party identity provider so these are four kinds of rules and I'll try to link all the uh resources that I've taken from hand so that you can do more in depth read so AWS documentation is full of stuff right you can literally uh read it and it it will take like 10 to 12 hours also uh that amount of information AWS documentation provides and it's
a pretty good resource let's Talk about who can use your uh IM rules right so all the users in my account can use a im role that's true right so I want to assume some role I'll do I'll do it and I am using the different database account can use as I said cross account and any web series that you are providing let's say ADC to Lambda they can use their IM rules or any external user authenticated way with identity provider actually so as I said right so there is this uh saml 2.0 or open
ID Connect standards that helps enables third party entity providers to authenticate users so these also can use my IM roles so now let's look a small demonstration on AWS IM roles right so again I'm in my IM console and I can find roles under the access management if I hit on the road volts I can see all the roles that I have already been created and some of these are all uh all these roles are AWS generated service link rules and this is some role that I Created for a basic app that I was doing
right so let's go ahead and create a new role as we discussed in our demo right so these row there are multiple kinds of roles right so first you can all create rules for providing third-party access to to you know create a cross account uh abilities of accessibilities and all so I'll be creating a basic AWS role and let's say I just I'll you I'll need this uh not to be no able to allow ec2 Instance or to call all the other uh AWS services on its behalf right so uh I can again uh cherry
pick some services like uh let's say Dynamo DB right so I want to see this right so let's say this is the use case that I'm looking for right I can choose that right so if not I can go basically go for the uh more basic ones like gc2 and Lambda most Probably ec2 and Lambda are most used use cases but any other AWS service that you might have right so you can basically search for it and you see the use cases and create your role for that so I'll create a basic ec2 uh use
case role and I can basically attach some permissions I'll say dynamodb full access right so I'm giving a role such that Easy to add an ec2 service can have an access to dynamodb full access right so when I said hit that you can see that no we are welcome with the policy generated so this is a positive policy that is uh uh being generated upon the instructions that we given through our GUI right so I will say I'll give it the role as a scalar I'll say easy to um dynamodp Killer demo and if I
want I can go ahead and do some tinkering with this I can add permission Channel but this looks good for me and it's an AWS managed policy I can also add user manager policies right so let me create the rule and that role is created right so this is one way to create a role and also uh when you are performing uh creating resources through console right so you might require to create roles so AWS automatically does creation for for offer you uh with the basic permissions as well so there's not an explicit need all
the time for you to come here and create rules but rules can be created while they are actually required so most of the services that you are trying to create uh AWS prompts you to create a basic role with attached with that right so this is how you create a role so again you can go ahead and you know play Around with these so I want if I want to create a role for a cross Open Access I can create another account I can put their account ID here and go ahead with the flow again
next next so that's how we can do that and yeah this is all about uh AWS I am rules let's continue learning and we'll see you in the next step uh moving on let's also understand what exactly are I am policies right so I've been talking about policies uh so for a while while We're discussing I am what exactly are policies right so policies are basically you have your identities right so when I say identity users groups roles Etc and these need some accesses to be attached to them right so how do you attach accesses
Rhythm using your IM policies so what exact your policies and it's a basically an object in AWS so when associated with identity uh it is used to define the permissions and if I have to split plainly it's a text File more of a Json to be precise and it's a formatted file it is it has a specific format and by using that format you can add and do some granulated uh way of giving permissions to your identities right so when it's identities that could be anything and one thing to remember is I when when I
use iom policies right it doesn't change uh that whatever uh method that I am using uh to do the permission so when I say this method of method that I use right so Whether I'm using it through console or through AWS CLI or using some apis IM policies uh their permissions and their actions doesn't change right so if an AWS policy gives me a grant me access to some AWS bucket and I can perform read write delete on it right so I it doesn't matter if I'm using it through console or programmatically I can and
I will be given all these permissions right so that's uh one important thing to understand here let's look at look at This policy document so as I said it's a formatted uh document and if you look uh this is a sample structure right so it's a Json document and the first key value would be a version and 2012 10 17 is the latest version so when I say version it doesn't mean that uh the day it was created but uh the format itself the uh version of the format itself right so followed by you'll have
a bunch of statements right so you have your top level element and you have statement Statement is basically an array uh array of statements so if I uh zoom into that so each statement will have an SID uh its effect uh principle action resource conditional block right so these are uh the general uh element that statement has and there are cases where all of them are necessary and also the cases when all of them are not necessary right so you'll see at least a couple of them uh required all the way right so let's see
what they are as I said so Version uh is the version of the policy language so the way that we write the policy uh the format uh it's it's the version of that and statement is the main policy element and as I said so it has a CID Sid is a it's an optional uh basically for having multiple statements uh each of them can have ID right so effect would be um what is the effect that we are trying to uh imply there right so it could be allow or deny and alive is Straightforter allows
uh something based on the action and resource and delete denies do that does the deny right so and also uh next thing is uh principle rates again principle can be optional and but it is required in some of uh the policies that that we write right so so this is where you indicate whether you're mentioning user role or know what identity that you are using uh to allow or deny access right so that is the principle right so principle basically Implies uh to know who is this intended for right and action again uh this can
be uh differ from uh service to service so if I am trying uh to give a policy on s3d Source uh the actions can be view bucket rename bucket uh bunch of stuff I think there's a there are close to some 20 or 30 actions that are associated with that so you can give a list of actions and you can also give a star right so that that includes uh Everything right so it's uh cards right so and the last thing is uh condition so again this is optional but there are certain certain circumstances where
there are conditions that need to be given right so this is the policy document and honestly uh there is no need for us to uh you know remember this or anything right so in most of the cases you would be either copying paste copy and pasting uh a Policy document uh from the requirement itself or you can use policy generators uh you have policy generators that will to make sure that your uh not making mistakes right so okay um let's move on to AWS IM policy types that we have we have two types of policies
uh managed and inline policies so coming to managed policies uh these are two types right so AWS management and customer manage let's understand it uh by one by one so when I say AWS Managed policies these are policies that are already created by AWS right so it comes with your account by default and they get added uh based on the requirements or not and these are created by AWS managed by them and they are a standalone uh policies uh that have certain access it's something like a aw dynamodb full access right so this is a
policy that is uh created by AWS itself right so do you also have a customer managed policies again these Are also a similar uh policies they are Standalone these are created by customer right so the only difference between manage policy and inline policies is that uh managed policies are can be a standalone and can be assigned to anyone whereas inline policies are a special kind of policies so inline policies or policies that are created and attached with a certain identity right so not everyone can assume a policy right so if you don't want certain person
to have a Assume a policy you create an inline policy and you attach it with your identity while creating it while creating the identity itself right so that's the difference between AWS and managed policy managed policies are assumable inline policies are not assumable so with this many types of policies there's always a scope for conflicts right so how does AWS handle them so when I say conflict when I say conflict let's say you have a user has a Couple of different polls attached with them and one policy grants him you access uh Ransom access to
a certain resource and another policy uh desert uh deny on that right so how does it take care of that so does it does it have some hierarchy or does it look into a alphabetical order and to you know figure out how to solve this conflicts right so the conflicts in AWS are handled pretty simply and they are straightforward right so see There are possibilities of if you have a single deny then you are denied of everything right it doesn't matter how many allows you have right so you will be denied access right so and
by default you are denied of all the access right so accesses have to be given explicitly until unless you have an explicit allow for a resource and there are no policies that are denying that you won't be able to access a resource itself complex or resolved uh let's look at a demo of how We can create uh policies all right so let's look at a demo for trading AWS policies again I can find it under access management I can hit on policy and first thing you try to you know go through all the policies that
are already created by you and most of them are AWS managed and there are some uh which are customer panels which I had to create for some of the uses that I did again these are not explicitly created these are basically created on the Runtime with some basic permissions right so I can go ahead and click on create policy this is where I will be treated with a create policy editor and there are two types of ways now with which you can create uh Json you can uh no uh write your Json statement as we
previously learned in our slides or do a better way of using a visual editor right so I prefer using a visual editor there we go so it's I feel it's a less prone to human error right so Let's write a policy based upon S3 right so I say S3 and all the actions that it can perform is uh I I won't only read to be performed Okay so that is that and uh I can I can basically give red access to all the resources or I can limit some resources to say only any bucket right
so give it to any bucket or I can you know go ahead and Say give it give to any object right so that's how granular you can go so I'll select a specific and buckets I'll give any so and if are there any request conditions that I want right so I can say MFA has to be enabled so if the user that is accessing is I am usual so his MFA should be required or I can have a IPA range or I can give a cider block right so this is uh very useful let's say
if you want to give access to a Certain S3 bucket to people in your organization right so people uh in your corporate Wi-Fi or in your corporate VPN right so you can give their IPR IP range or cider block range here so only people in that IP range can access right so these are some nitty gritties for me uh basic thing does the job so I can I want read actions all the redactions like get object and again I can find gray in this instead of giving all the get access I if I want to
give only a S3 bucket login I I can do that right so but for me uh redoxes and everything looks good so I'll give go tags tags are basically used to know basically associate the resources but that's not required to hear I'll give it a name uh so S3 read any resource not any resource rate so any uh I think any bucket right can read any uh okay in looks good to me and I can create this policy right and you can see that you know it is uh given under here so it's a customer
managed policy right so that's how you can create a AWS policies so we can look at some Sample here easy to access policy to understand more about it right so if I look here I can look under a policy summary and it has access to Cloud watch ec2 easy to Auto scaling elb version to elb IM right so and if you wanted to understand what what all these are right so cloudwatch is basically used to write logs or get alerts all these kind of stuff right so we need that so generally know when we are
working with Dj2 we might be you know looking for events or pushing some uh metrics to Cloud watch all that kind of stuff so that's why we might require full access to that again obviously easy to uh full access is needed Auto scaling right so if I want my uh no project or the deployment that I read so has to Auto scale so Auto scaling full access again load balancing full access and I am full access so these are highly Apple resources so when when people are trying To access EC3 they tend to be needing
these all in a bunch so that's how AWS thought about it and put all the closely need Services into AWS easy to full access right so if I look at the Json it it will be more clear right so we have a bunch of statements allowing uh all the actions on easy to allowing all the actions on load balancing allowing all allowing all so that's how we do it right so it's an uh service linked role right so You can you can go ahead and look at all the different services and how uh the resources
and actions are set up there are so many of them I think there are some close to 400 something uh yeah I think close to 500 we have policies that we have oops sorry it's 950 953 right so yeah purchase about uh AWS policy that's a small demo and we'll see you in my uh next demos now we are into final part of our session that is Understanding security best practices in IA these are secretary packs that are uh suggested by AWS itself and these are very very important right so I see uh on Twitter
and Linkedin people posting that uh their accounts got lead or somebody took the credentials and they are having a bigger bigger bill that they need to pay and they write to AWS support you know to get it reimbursed and so on uh so it's better safe than sorry so one thing that you need to do is always lock Your root access right so never use your root account no the root account is only to create your initial account right so that's it so you never have to uh you know take care of your root account
for anything needs until something like a billion something happens never use your root account second thing always use roles to lilliate permissions so create rules for uh each of them so never give them uh more than what they ask for Grant at least privilege right so always Do just enough so that uh the certain use case can be completed not only here uh this will be uh uh this you will hear about this about this multiple places so always do just enough so that uh you know the particular requirement is satisfied right so it at
least in terms of uh permissions and all never assume that no he might require something in the future right so let them come back uh if they need a newer access but always Grant least privileges right so When I say that so if somebody wants uh to access S3 bucket and all they do is but download a bunch of images from your bucket give them only a view access right so there is no reason for the for you to give S3 full access for them right so that's what uh Bradley least privilege means right so
give them just enough such that they can satisfy their uh use case and always uh you know start using AWS managed policies right so create your policies as you go you will Find that the certain kinds of work that you do you require certain policies that you observe you are using multiple times right so create managed policies for that right always use customer managed policies instead of inline policies inline policies are special kind of policies and they are required uh if you are sure that no this is a one of a kind and it shouldn't
be assumed by any other role right so that is when you use inline policies but always try to go to Customer manage policies over inline policies right so customer managed policies first first and only when there is a certain use case for which inline use created go for inline policies again customer policies manage policies greater than inline policies and use access level to review IM permissions right so in IM you have the dashboard to see uh you know who used what right so periodically go and redo that and if somebody is not using a Certain
resource for over a period ask them if they actually need it and try to remove that so always review your permutations and again I can't uh stress this out but always use a strong password policy for your users make sure they are doing a strong password and always enable M multi-factor authentication uh so you can have uh your third party apps uh integrated into your IM accounts and also root account so it's a must to uh Enable a multifactor authentication right so it is pretty important because the uh in a way your AWS account is
much more important than your Twitter for example right because you might be having your entire business run through a AWS account right so it's okay if Twitter get compromised but it's not the same with uh AWS right by the way I'm not saying that no your Twitter has to be leaked but so if there's a case where no if I have to lose my AWS access or Twitter access I would choose Twitter access because you could be doing much more important uh things on your AWS account right so that's why always use multi-factor authentication and
always use roles as applications that are non ec2 instances this is a very important role and I I believe I need to elaborate this right so what do I mean by use rules for applications right so let's say uh you have a ec2 instance running and easy to if anybody doesn't know is Basically a server right so it's a you can spin up different kinds of images on using it if you basically servers that you run on demand and they pay for what you use let's assume that these are some Linux instances that you are
running and you are running your website on AWS ec2 right so and let's say you have a use case or API that runs on ec2 which needs access to it's a dynamodb or S3 right so there are two ways you can do it right So you can take your access keys and access uh keys and passwords and put it on your ec2 and make your easy to access them for using that keys right that that's one approach or the better approach or the approach that you should follow is use roles right so it is always
recommended uh not to hard code your access keys or any sort of credentials onto your ec2 instances just because your ec2 instance need to access that so for that cases You use rules right so we talked about service linked roles and service roles right so you basically give your easy to instance uh make it assume your role where it has access to os3 or dynamodb right so that is where this practice comes in use roles for applications that run on easy to instances and again this is pretty straightforward if you haven't figured it out never
share your access Keys property tool credential regularly and the rim ones is A credentials use policy conditions for extra safety monitoring activity Innovative account these are all pretty straightforward and these are something that you should do it even if somebody is not having no you should you shouldn't be told by someone not to share your access keys right so these are some of the security practices that are specified specific to AWS IAM that AWS recommends so this is what uh have been planned for this video so I hope This video was helpful uh we tried
to cover uh all the important uh basis of I am and now it's your responsibility to go ahead and open your AWS accounts be careful with your bills and try out these things and you can explore much more deeper into it so there's always so much to learn right so we can't always put entire information into a single video things like policies you can read more about policies resources policies so the first thing that I always do is Uh try to Define uh thing that we are trying to understand right so if I ask a
question like no what exactly is AWS Lambda so the basic definition that Google spits out is it's a event driven serverless Computing platform that AWS provides right so here there are two important things that you need to understand that is event driven and serverless Computing right so we'll try to Define these two important topics because uh it is pretty important that You know what these terms are if you are trying to learn the AWS Lambda right so first thing that let's try to understand what serverless Computing is when we will also dig into event driven
as we move along so what exactly is serverless right so if you try to understand the word itself it says serverless right so does it mean that there are no servers that's not the exact definition but when somebody says that their application or their service That they are providing is serverless application they are servers but uh the headache of managing the servers and deploying it patching them managing them all the you know management side of things that comes by you know provisioning a server these all things are abstracted away from us right so we don't
have to bother about managing the servers and we can basically uh use the application or run application without bothering much about A servers or how things are being spin up in behind right that is what serverless means right so and also when I say cloud native development it is basically uh an approach of building apps such that uh these are you know intended for cloud computing right so if I am writing an application that is targeted to run on cloud computing so that would be basically a cloud native application right so a cloud rental application
basically runs on cloud Right so that's what cloud is right so when I say server less right so we are trying to you know build a cloud native application such that uh we are upsetting away the headache of managing the servers from the user that is what a serverless service means right so now trying to tight all these uh into a simpler definition file travel to you know understand AWS Lambda again right so it's basically a compute service that lets you run your code without managing Your servers or provisioning your servers right so and what
does that mean uh you can basically upload your code and it will be run on Demand right so you don't need to worry about servers you don't need to wait for the servers to be not deployed or uh no they are spin up and they are active all this stuff is abstracted from you and also Lambda will run your code and it is highly available right so and you will only be built for the duration at which Your code runs right so this is the uh mode of AWS Lambda right so basically take whatever code
that you have give it to Lambda it will run it for you on Demand right so that is what AWS Lambda is and it what it does right and when I say uh Supply your code uh there are a long list of languages that it supports uh it does not technically support every language that uh that there is right so it has a vast of language that it supports like Uh node.js Python golang and I think JavaScript uh there are multiple uh there's a long list of language it supports so it will take any of
these code and it will run it for you right so that is what AWS Lambda is right so I also wanted to you know show you uh this uh interesting comparison I I think I have taken it from a website called couchbase shout out to couch base so the the thing that I wanted to highlight here is the difference between Serverless and all the other conventional modes of computing right so when I say virtual machines where basically uh having a hardware and you are providing your machines right so the scale would be uh no number
of machines that you have added right so did I take two machines three machines that would be a root of scale right so when you are talking about Computing model where you are using virtual machines you'll be talking In terms of number of machines that you are providing the same thing uh if you look in serverless you don't need to know care about what what machine it runs all you need is functions right so what are the number of functions that you are running right so each piece of code that you run is basically a
function right I mean that's what function is Right function is a piece of code that you run right so the abstraction is done on Hardware so Whatever GPU CPU that you have it is being abstracted and you are being provided with a machine that can run anything right so and uh when you are using virtual machines uh it is being packaged uh using your Ami so when I say Ami is basically uh your ISO files so am I stands for Amazon machine image that could be you your Unix or your Ubuntu Linux Windows whatever Ami
that you're using whatever OS that you are using right so that is what you use to package In Virtual machines whereas in serverless your only packaging your code right so you basically uh you know deal with code right so that's the important difference that you need to understand with serverless right so you you talk in terms of functions and you talk in terms of code and what is the language runtime that you're using right so is it python is it node.js Etc compared to another if you're using virtual machines or containers right so for example
example Of they would be Amazon ec2 right so you know talk about what am I that I'm using and what is its uh OS and how much time that I will be running it all these kind of stuff right so you you probably if you're using AWS ec2 rights you probably are going to run it for a longer time right so hours to months even years right so if it's running some sort of production application if we generally try to keep it running 24 7 right so uh that's what virtual Machines are and AWS Lambda
is a one of the uh the head of all the serverless applications that services that AWS provides right also uh before we move along into another topics I wanted to make sure we all are on same page uh with different types of computing models right so basically in cloud computing there are different kind of models uh right so namely IAS Cas FAS we also have SAS SAS SAS is a big Buzzword these days right so each of them are basically types of computing model and these are each of them differ from one another based on
how much abstraction does vendor does for us right so uh how much this customer has to manage and how much does a vendor abstracted from us it's basically a kind of a mutual understanding between vendor and customer no they decide uh what does come under a Vendor's responsibility what comes under customer's responsibility if I talk about IIs so IIs stands for infrastructure as a service right so basically we are providing infrastructure as a service for for our customer right so in IIs our customer is provided with the operating system right so the customer has to
manage the operating system whatever underlying uh Hardware that there is whatever virtualization or hypervisor that we're Doing it is all uh abstracted by the vendor vendor does that behind the scenes uh the customer is provided with with the operating system ec2 is a good example for instance as a service right so we also have containers as a service where uh basically the customers are provided with containers uh on which you can run Ace applications right so uh this is what customer is managing and everything above right so uh the these graphs are given in such
a way that uh Things that you see in blue are abstracted by the vendor and everything above uh is a customer managed right so coming to pass plus as in a platform as a service so you will be uh you know provided with entire platform right so you'll have your operating system containers runtime everything is there customer only has to manage his application right so that's what a pass is the important topic that we need to Understand here is files right so fast stands for function as service and the reason for me to bring this
up is uh AWS Lambda is a fast right so it basically provides you a function function as a service right so the vendor abstracts away everything right so the runtime container everything as a customer we only need to manage our functions right so everything else is taken care by uh the vendor itself that is where again serverless the idea of serverless comes In right so this is what passes and AWS Lambda is a pure example of function as a service so we will be provided a function and you can manage your functions as you need
right so that would be your unit of scale right you will be running functions in your fast applications you'll be running you know your operating systems on your is right and so on right so this is a some understanding I wanted to uh you know bring along And let's talk about AWS Lambda right so you remember we previously uh defined that it's an event driven serverless compute service right so what exactly is the event driven right so event driven uh not only in this context but there are um many architectures or as we call as
event driven architectures right so where everything is uh no tied around the event right so event is generated and event moves through different stages and entire architecture revolves around The event right that is what event driven is and as you have guessed AWS Lambda is also event driven service so in AWS uh there are multiple number of services which can trigger events right events can be listened by AWS Lambda such that it can perform its action and there is a interconnectivity between multiple Services right so AWS Lambda is highly uh decoupled it can you know
be used in conjunction with a plethora of services that AWS provides Now it can be easily linked with your S3 your API Gateway your Cloud watch locks your dynamodb right almost any service that can fire an event AWS Lambda can listen to those events right so it's a event driven uh service right so it listens to events perform action right so we have Services which can generate events and we have a our AWS Lambda which can listen to those events and it can perform or it can run Some sort of code right so that is
associated with that event right so this is where the idea of event driven uh comes into the picture right so now that we understood the basics of what AWS Lambda is I wanted to take this moment and move into our demo right so let's let's go into demo I'll open my browser and we'll log into our AWS console and we'll see uh step by step what exactly is AWS lamb you want my Guest window I'll log into my AWS console so this is a special link that I used uh this is a link that I
use to login as I am user so if you are not sure what exactly is IIM right so I have made an entire video on I am prior to this I suggest you to watch the IM video so that no you have a better understanding and you are starting from the basics right I'll log in as an IM user and once you log into your console right So you will find AWS IM under your compute services if I go into compute I can see that I have AWS Lambda right so the the tag that AWS
gives to Lambda is run code without worrying about your services right so now as a moment you enter into your Lambda right so you will be uh given this sort of UI and you see right so we are talking about in terms of a function right the scale that you are using is function so you either Create your function and or delete your function whatever that you do everything is in in terms of function right that is where fast uh feature comes in right so it's a function as a service so I'll go ahead and
create a new function and uh the moment you try to create a new function uh no AWS uh gives you through this form where it will ask you no if you are trying to create a function from scratch or you also already have some sort of Presets that you already have uh you want to run some sort of container image all this stuff right so for your demonstration purposes uh we'll go with the crash we'll build uh of AWS function from scratch and I'll call it as scalar demo function and the runtime that I'll be
using is python 3. python 3.8 this looks good so we this basically defines uh what language that you are trying to use here right so I'll be using I will write it As a python code uh you can write a node python Ruby or any other language that you uh your team uses right so also coming to uh looking into this permissions right so by default AWS will create a role for us so again we have talked about uh this thing no aw I am in the previous video you can watch that video uh if
you are unsure of what awam is so it will basically create a new role for us with the basic permissions but if there's already a role that you Already have created uh in order to use your AWS I am for your Lambda functions you can use that so I don't have any uh AWS roles already created so I'll go with the new role with the basic permissions sorry for now so that if I need uh to add some permissions I'll I'll let you know and I will add it on on on the demo itself right
so so what are the basic permissions that are given uh in order to run a AWS Lambda function right so uh one thing and the least the Function or permission that Lambda requires is a permission uh to write logs to it Amazon Cloud watch right again uh we will try to make a video on cloudwatch as well so cloudwatch is like a platform or a service where everything is being logged right so you are all the services that are doing some sort of work right so they to generate some sort of logs and all so
these are all collected in Amazon Cloud watch right so this is a some sort of a monitoring tool That AWS provides so we'll try to make a video on this as well right so if I go into advanced setting I can do core signing function URL this is a new feature that was introduced here again we can go into uh advanced settings once we are good with our basics so let's create a function so this will create your function with this name that we are given and this runtime that uh that we have chosen for
right so right So let's also talk about what happens behind the scene when you run your Lambda function right so AWS uh it takes your request that okay uh this person's hypercast she wants to run this a particular Lambda function so it takes that request and it will see it will look for the servers that are already up and it will take your code it will uh you know deploy your code on to that uh compute and it will run it and whatever result that it is given it will speed Back the results for you
right so hey in the background there is a lot of stuff happening like no load balancing all this stuff but Amazon basically abstracts us away all these managing things for us you basically you know write your code and it will be run for You On Demand right so right of the uh bat so you see that uh you know we have a sample code for us so it's basically a hello world code and I'll want to talk about some things right so you see that We have a function called as Lambda Handler right so we
did not Define it so it was created by default uh for us and basically when I run these functional tests function so this is the function that is invoked right and it takes two uh two arguments that is event and context right so these are uh useful when uh as we please will talk right here the event driven service so if you are trying to fire events from another service like S3 and all so this is where These two uh parameters that we are collecting uh you know useful right so let's say if I'm I
have written an event on uh S3 bucket such that on every item I added to the bucket I want to fire some sort of a Lambda function right so let's say I'm uploading the I'm uploading a 1080p file uh 1080p video to my S3 bucket and I want a service or I want an application where it is it has it takes my input file and I want to do some processing on it right so maybe Let's say I want to use some AI model uh to upscale it to 4K so I have some backend API
which does that so that I want to automate things like uh on each upload that I make to my S3 I want my videos to be taken and wrapped around on my back end and upscaled them and put my results back into S3 right so that is where I can I can set an event on my S3 bucket that is triggered on each addition to that so we will accept those event here and using that context we'll Do some sort of our logic there and we write it write results back to S3 service right so
this is where uh event and context uh comes into picture right so for now let's try to run these uh code without doing any changes right so we are basically returning our status score of 200 and the body that our API returns is Hello from Lambda right so in order to run it I can do a test and it will ask for your event right so right now we are doing nothing with the event Right so I'll say I'll I'll create an empty event and I'll save this and I'll test this with my empty event
right so the result is this right so it gives me a response of 200 and hello from Lambda right so if I change it to something like hello from Lambda and I'll call it as I'll give my name so this is my name and I'll Define my name as Let's say I'll call it scalar audience and if I test it uh multiple changes I'll test it probably I should put it in the other way I should test and then deploy so you see that the response is changed right follow from Lambda to scalar audience right
so basically you can write your python logic here and it will be ran in the same way that you ran your any other python code right so This is how AWS Lambda works but let's also try to understand uh all these things right so if I go back to the functions right so I can see all the functions that I have created here and if I want to perform any action on this right so there are a couple of actions that I can perform one is I can test that test basically runs the function for
us and I can delete the function and I can also view its details right so when I go into details this is what we Are given right so there is this uh a code editor that Lambda provides for us this is where you can write your code but uh if you think that you know you're working with a bigger project let's say you have some 30 or 40 files that you are running and this is not a easier way to you know deal with this right so you can basically upload your zip file right so
you can you know build your code on locally uh test it on local and basically package it into a zip file and Upload it into your upload your zip file here right so I can upload my zip file here and this will basically overwrite all the previous code that is there here and it will run that code right and apart from that I can also take a code from a S3 location right so I can basically uh save all my uh project into an SD location and I can basically read it from the S3 directly
right so that whenever if I want to make it changes Right I can make it directly make changes into minus 3 and it will automatically uh you know can be uploaded from there right and if you are going to some settings right nothing uh that is important okay let's go into a configuration uh there are things that uh we need to understand right so by default a function that you create it comes with a memory of 128 megabytes so this is basically the Ram uh that is it is being Allocated and the storage would be
512 megabytes right so this is the uh default allocation again uh it it automatically scales uh with your usage right so if you want if you're running let's say a bigger project which requires let's say two gigabytes of RAM so you can basically configure it here let's say if I want to configure it I think it it supports still uh 10 gigabytes of RAM Which is more than enough for a function right so if you think about it we are basically running a function so let's say if I want to you know let's say 2048
right so that would be two gigabytes of RAM right two bits of memory I can provide that and uh this is how uh you can configure your Lambda right so the amount of storage and uh thing is to remember is that no if you change these values automatically the price also changes right and the storage as well uh You can have up to 10 gigabit of storage you can view the pricing here and this is also a timeout right so what is a Time orders uh timeout is the amount of time uh Lambda waits for
the function to execute right so let's say for some reason your Lambda function uh got stuck in some doing some work rates so it will automatically gets time out in three seconds so so this is the default time amount so we can automatically change it so if you know that you are running some Sort of a transcription jobs or some sort of a scraping job and you know that it it will run for let's say uh two to three minutes you can basically put a higher timeout but again uh the higher the timeout that you
are allowing right so that's the longer time that AWS Lambda allows the function to run and you will be billed for uh the same right talking about a billing the best feature of Lambda and is you will be only Built for the amount of duration that your Code runs right so apart from the traditional uh ec2 Etc right so you will be build uh basically for all the infrastructure right so irrespective of your running something or not so you will be billed for all the time you have your so uh no resources uh spinned up
right so but coming to your Lambda function let's say you want to run your code every day for 20 seconds right so you have a script that your company uses to backup some files to cloud and this Should run uh for 20 seconds every day right so this is where AWS Lambda uh really shines right so instead of provisioning your servers or provisional hardware and keeping it ready right so uh you basically create a function and run it for that 20 seconds and you will be built for the 20 seconds right and the billing happens
in steps of I think 100 milliseconds let's say if your code runs for let's say 2 milliseconds you 've been for a hundred milliseconds Right so that that is the base and if your code is running for let's say 540 milliseconds right so it will be built for 600 milliseconds right so 100 millisecond is the base and you will be built on steps of 100 milliseconds right so that's the uh core feature and core uh killer feature for Lambda and that is where why people uh like to use Lambda right so it is cheap uh
for certain use cases right and if You observe right so there is this Functional overview that we have and there is a trigger right so trigger is basically all the services that can you know create an event or that can trigger a event such that our Lambda function can be invoked right so as I've already mentioned right there are multiple number of uh third party and first party uh Services the database has that can trigger your Lambda function right so things like dynamodb uh your Cloud watch event Bridge or let's say some sort of Streaming
services that you have like Kinesis or your API Gateway right so you can build some rest API and users can hit that API such that uh a Lambda function runs as a backend and spits out the results for them right so you can listen to all these events that they provide and S3 S3 is one of the useful use cases where a fuser wants to perform some sort of action on uploading files Etc this is where uh you can use this uh we'll probably do a demo On that and well basically you have SNS your
notification service and your queue Services all these can trigger your Lambda functions right so apart from that uh there are some Partners which can also provide event atlassian right so you can have your devops team or you can have some jira tickets uh that can directly trigger these you can have identity providers and there are multiple uh services that can trigger your uh AWS Lambda so this is where you Can trigger them right you can also have ADD destinations uh things like to go back if I want to add destination right so I can spit
out the results of Lambda function to an SNS topic or I can write it to some sort of a queue or I can have a chain of Lambda functions right so I can have a Lambda function a which does the transcription job and I can have a Lambda function B which takes the result Of the transcription job and uploads it to some sort of a service right so you can Bridge you can connect your Lambda functions or you can also write to some sort of event Bridge right so these are some of the targets uh
that you can set these are some of the destinations right uh so basically these two uh things right so these two adding trigger and adding a destination these are some killer features uh that lets uh Lambda to be a highly decoupled service right So AWS Lambda as we have seen in the list right it can talk to almost all the services uh in AWS that can uh not take advantage of events right so if there's a service that has some sort of event or some sort of a queue and you are sure that no AWS
Lambda can work with that right so coming to the monitoring so we have talked about a cloud over cloudwatch right so cloudwatch is uh some sort of a matrix uh aggregator so you can this is used to monitor your Usage and everything that that's happening with your service right so if I look into some of the metrics that I have I can see that over the time uh whatever requests that are happening and how much duration uh uh we are running the server and invocations uh these are near real time I won't say it is
real time they are these are near real time so if I reload for some time we might see some invocation right so yeah so you can see that in this region there is one Invocation happened right so and it ran for like one millisecond right so there are no error rates uh error rate is zero and I think delivery types throttling concurrent executions if you are running multiple uh concurrently so all these stuff these are basically a matrix dashboard and we already talked about uh configurations you can pass environment available right so if you are
having some sort of API key uh they can be you Know created as environmental variables just like you do with any other GitHub or any other project you can have your VPC configuration all these kind of stuff right so you can now go into each of them and explore you on your own right so you can have alias's uh basically no function you can have a Alias to a function so that instead of calling a functionality you can call you the Alias as well right so Again uh we can have multiple versions of it right
so you can give some updates to that function right so these are uh everything that you need to know about uh AWS Lambda right so let's also do a small right let's write a small function uh such that uh no it returns us uh it calls to some API and it answers some results right so just to see uh what is possible with AWS Lambda so I was thinking uh there is this API called uh that returns us jokes Right so if I go into here uh I should see some Endo point uh I'll let's
say let's let's look into some programming Uh custom I'll go to customer and let's say I want to look into some uh programming jokes right so uh this would be my API endpoint and if I hit this endpoint I'll get a joke each time right so a programmer put two classes uh on his bedside we will sleep a full one in case it gets just an empty one in case it Doesn't that's a programming joke so this API each time that you hit you'll get a programming joke right so this is set up I was
JavaScript developer sad because it did not it didn't know how to express himself okay that's funny uh let's do that let's create a function uh that can hit this API and provide us the results right again it's not a it doesn't make a complete sense right so we can directly Call our API why do we need a function right but just uh thinking to a bigger perspective right so we might be having multiple services and our team wants us uh to interact with our services so just to show the power of AWS uh Lambda let's
create a new function right so I'll call it as a joke uh generator the joke generator function and I am comfortable with python so I'll use Python and everything is by default Right so in ideal scenario you might be having some sort of database uh with your company from where you'll be retrieving the results right in order to simulate that I'll be hitting this API to get those results okay so I think I need to use the import requests to hit this API and let's say I'll call it as response is equal to request Dot
let me Google it uh make API request Click on let us copy this request this and put it here so let me give my API here so my API would be so this would be our API which returns us uh right so again as I said this ideally you would have some sort of a database service that you might be no story so Think a bit of as uh some sort of a service that you are running right so this could be returning uh directly from dynamodp or postgres Etc so we are basically simulating that
with our API and let's say I'm doing some stuff here so I'll call that API and whatever result that I may have I'll do it here so I'll send the response in the body so I'll basically test it once uh again I don't I don't need any event uh for me so I can do my empty event I think I need to use underscore here right so let me test it and it says hello from Lambda why is that I need to deploy it and now if I test uh object of type is not serializable
okay thing I need to do response dot body deploy it again And test response has no attribute 40. let's go back I think there should be something called as dot text or something let's do this let's go to the extra gigs and do a get and r dot Json okay if I do Json again don't mind me I just Google it cool stuff until they work Okay now we got a response so ideally let's do one thing right so this is our response let's only uh send setup and delivery here right so I'll from the
response I'll let's say I'll take setup setup would be response response Dot response yeah this is a response right and in Response I have this setup so I'll say response of setup punchline I'll say a response of what what is a punch line delivery and I would say set up this setup punchline so this would be easier to understand uh we can directly see the joke deployment is still in progress Key error setup I think there is set up right um I'll just forward this part and I'll just debug this and we'll see the response
here so this thank you okay so I understood the error what the error was right so some of the jokes that you have right so doesn't they don't have setup some of them directly Have a joke so instead of uh we can do a basically check whether there is a set or not but let's do this thing right so let's basically return a response and let's say that the downstream team model who is using that no they will take care of this right so uh basically if I deploy this and if I do hit the
test right so every time I run it so I'll get a body with a joke on it right so a byte walks into a bar looking miserable the bartender will say What's wrong buddy parity error right so that's a joke uh might not be funny but it's a joke so this is how uh we can Implement uh AWS Lambda right so this is uh I think everything that you need to know to get it started right so I see this as a good starting place so that you can explore more and again functional as well
as something which is uh recently uh got launched so basically what this does is you can directly invoke a function with the URL right so Previously what we uh used to be done was you need to add a trigger let's say add a triggered with API Gateway and you can create an uh let's say a rest API and let's say if I want to keep it open open to everyone so if I add this so what happens is there's a trigger that is generated rights and so the trigger would be uh this URL right so
if I hit this URL so it will automatically uh give me result uh that the API is giving right so in Order to hit that URL so I'll be hitting with this API right so this one right so so this thing I can uh let's say I can give it to my team uh who uses this so let's say I'm hitting this uh API a bunch of times right so I'll reload it uh okay so I have I have hit this API a bunch of times so this basically is what it it basically what it
does is uh so we are going to API Gateway again API Gateway I Think I'll make a video on it uh next right so we're using an API edit point from the API Gateway and that is basically sending an event uh into our Joker generator function and whatever result that we are generating this is again uh given it back to the user right so this is our uh so that we are generating right so again this could be anything so you could write it could run any uh any different kind of a code here right
so this could be maybe you know Who knows entire back end of your startup can be run on a Lambda function again that's not something uh unusual people do that they run their entire packet services on uh aw Lambda which is quite sufficient if you're if you think about uh a smaller startup right so ideally you want uh you have your own infrastructure that you are maintained but Lambda functions also have a ability to do that right so again if I go into my Monitoring and see whether all the requests that I have done through
this API are they really coming here or not right so generally takes uh some time uh to load uh especially this monitoring logs here okay uh anyway uh the final uh see go into my monitoring right so I can see all the requests that are uh made right so I can see uh what What's the number of time time of code uh each run and I Will have a clear log of each request that I have received right so this is all uh you need to know about uh AWS Lambda so guys we've understood what
exactly is going to be covered in this session so now let's start with the basic interview questions so again uh in the basic interview questions some questions would be uh the explanation would be less some Earth explanation would be more even though it's basic so the explanations Can differ so you don't have to basically explain every single thing about a question which is asked to you for example let's say the first question is what is ec2 ec2 is the most common service so it's the first service anybody would learn when they're getting into AWS you
might have learned a different service but ec2 is the first thing most people would understand and learn when they are getting into AWS or any Cloud platform virtual missions on Cloud would be the first thing they'll be learning so now when somebody is asking what is easy to it's not necessary you'll have to explain every single thing from scratch you don't have to tell them what exactly is a virtual Mission first then you can tell so that's exactly what we have replicated in Cloud then you don't have to explain what is in hypervisor in order
to tell them how I can exactly a virtual machine is created you don't have to tell all That you just have to tell them what is that particular answer for that particular question so in this case for the first question which is what is easy to the answer is ec2 virtual machine in the cloud on which you have OS level control so I think this particular line sums up everything so it's a virtual machine which is running on the AWS Cloud for which you get OS level control so you will be able to control the
processes you'll be able to install Software you'll be able to de-install uninstall software you'll be able to manage everything around that particular virtual machine right so these are the things which you will be able to do so you can run this Cloud Server wherever you want and can be used when you need to deploy your own servers in the cloud similar to your on-premises service and when you want to have full control over the choice of hardware and the updates on the mission so for example let's say If it's an on-premises uh service right so
you would have complete control over them even the network would be yours but when it's come when it comes to AWS the network would be awss but you would give you would be basically given OS level control that basically means uh sometimes you can also select uh there's something called reserved instances and on spot instances where you can also have authority over the choice of Hardware right even On-demand instances that is normal virtual machine gives you to choose choice of Hardware that is you can select how much storage you want how much memory you want
how much virtual CPUs that is course you want you can choose all of those Hardware components but it wouldn't give you complete control over how exactly that is because they wouldn't let you choose a 3gb or uh like 7gb there would be certain numbers there would be one GB 2 GB 4GB 8GB 16 GB Like that so you couldn't you wouldn't be able to choose uh an odd number or something so you wouldn't be able to modify it but you will be able to choose what exactly you need so to be a chance to be
very simple the answer you will have to give in an interview would be it's a virtual machine which is running on the cloud and you have OS level control to it so that you can install software you can use it as a web server if you want to you can use it as a Database server if you want to you can use it as any server you want to you can also use it as a PC you can use it as your own computer normally how you use your own computer right so you can use
like that because it's simply a virtual machine you can literally do anything on it so that's exactly what ec2 is and ec2 the full form is elastic compute Cloud so most probably you would know and the person would know it's not necessary That first of all elastic computer ec2 basically means elastic compute Cloud you don't have to say that it's not necessary because I'm pretty sure most of you would have done this in an interview before but moving further you don't have to abbreviate something to someone when they're asking you something you just have to
explain what it is then they will understand you know it you don't have to tell the full form right okay so Now he from this is the first question that's why I wanted to give you some insights about how exactly you can answer and frame your question from here on out I'll be just giving you the answers for the respective questions so now what is snowball so snowball is not a feature or it's not a inbuilt service like ec2 or SC or RDS snowball is basically a small application that enables you to transfer terabytes of
data inside and outside of the AWS Environment so it's a small application which runs on Snowball which is a hardware device so snowball is a hardware device for example let's say you want to transfer terabytes or petabytes of data what they do basically you can request uh to Amazon that is request to AWS you need to transfer this much data you would need snowball so they would be transferring snowball to you to your company's data center you would be able to create a job that is The first thing you would be able to create a
job right you'd be able to create a job and once you create a job that transfer Will Go On by connecting to the snowball and the data would be copied to the device so now once the data is copied to the device the device would be given to AWS and AWS would basically upload it to S3 where your data would be successfully uploaded and stored so that's basically it it's pretty simple this is what you Can tell when somebody asks you what is snowball okay next comes Cloud watch so what is cloud watch cloudwatch helps
you monitor AWS environments like dc2 RDS instances CPU utilization it also triggers alarms depending on various metrics so to be very very simple Cloud watch is a monitoring tool which essentially and especially monitors AWS resources that's ec2 RDS all of those resources would be monitored by cloudwatch even if you haven't enabled Because cloudwatch is a free default service which is already running there and it will basically give you all the details and metrics you need for example if you take ec2 you would be able to see how much Network that is network in network out
how many packets have come in how many packets are went out the CPU utilization would be there are so many other metrics which you can go through for every single uh AWS service you want to look into there is also a paid part Of it for example in certain uh resources there would be something called enhanced monitoring which you can select enhanced monitoring will give you even more in-depth monitoring ability but that would be a paid one even within Cloud watch but usually you can just go with the free service if you're just practicing cloudwatch
right and one more thing which is called alarms here alarms is basically a service a feature built-in Cloud watch for example let's Say you have one ec2 instance and whenever the CPU utilization of that money Acro instance goes above 90 percent you want another Eco instance to be created so in that case you set up an alarm that will trigger itself when the CPU utilization of that particular instance goes above 90 percent and when it goes about 90 percent that obviously cloudwatch is monitoring and it will get that data and once it sees that it's
crossed ninety percent it will Automatically uh basically it will send a request to ec2 and ec2 will launch another server right so this is how it works so that's a basic example of what alarm is next is what is elastic transcoder so elastic transcoders AWS service tool that helps you in changing a video's format and resolution to support various devices like tablets smartphones and laptops of different resolutions for example let's say you're creating an Application and you want to have that application in that application you want a video streaming platform okay so in that case
if you are uploading a video usually let's say you're creating a web page you are creating it for the desktop and you upload a video and if you try to open that website in your mobile right all of your basically the resolution wouldn't sometimes it wouldn't match the it would be kind of jumbled it wouldn't be working properly so you would be able To do or you would be able to basically uh solve that using elastic transcoder so that's basically this this particular tool next comes VPC what you understand by virtual private Cloud so it
allows you to customize your networking configuration so again without networking you can't do anything in AWS so without networking you can't do anything in AWS to be very simple uh if you are in a company let's say even if you have an on-premises data center Without networks you can't do anything right because every single server is connected together because of network without so a network is basically that it's multiple servers connected together or multiple computers or multiple clients connected together so without a network there can't be any communication between other computers for example without networking
there is no internet right so internet is basically a connection between other computers right So there are multiple routers which the internet goes through there are various types of Internet let's not discuss that part again without networking you can't do anything in AWS so the first and foremost important thing which you'll have to create or it's already available in AWS which is a VPC so by default there is something called a default VPC when you start practicing AWS you can use the default VPC but if you are not using the default VPC in that case
you Can create another VPC and create subnets within it so let's not cover subnets right now when that question comes I'll cover that so VPC is a network that is logically isolated from other networks in the cloud so even in your AWS account if you have two vpcs and let's say you create a server ec2 instance in vpc1 and ec2 instance in vpc2 so these two ec2 instances will not be able to communicate with each other because they are isolated from each Other because they are in two different networks right the only way they'll be
able to communicate with each other if the instances are public they'll be able to communicate through the internet right if otherwise there is something called a peering Connection in VPC you can create a connection between two vpcs and these two instances will be able to communicate through that okay so now it allows you to have your own private IP address internet gateways Subnet security groups so these are whole other Concepts so for now when somebody asks you what exactly is VPC you can tell that it's basically it basically lets you configure and customize your networking
settings in AWS and the foremost concept is basically it is logically isolated from other networks in AWS even within your account it still isolates one VPC from another VPC right so when you create a VPC you will be giving certain things Like you would be giving a side or notation So within that side of notation so your VPC will have a range of IP addresses so whenever you create a resource within the VPC the resource will have an IP address within that particular range right so these are the things there are more things to VPC
VPC is a really huge concept but when somebody asks you these three points is more than enough just say it's the tool which is required to Customize your networking configuration it logically isolates uh this particular that particular network from other networks in the cloud third one it lets you basically create resources within it and it will assign private IP addresses within the AIP address range given to the VPC okay so these are the things which you can take uh okay next DNS and load balancer Services Commander which type of cloud service this is a pretty
straightforward question it will be a One sentence answer so they are part of infrastructure as a service storage cloud service okay so basically DNS it's a domain name server next is load balancer so what type of cloud service they are so they are saying that their infrastructure as a service so infrastructure as a service in the sense they are providing you infrastructure over the Internet for example ec2 is an infrastructure as a service they are providing you a server over the Internet Which you will be able to use so that basically is an infrastructure as
a service in this case they are giving you a domain name server over the internet and a load balancer over the Internet so that they are also infrastructure as a service because their infrastructural component there are other services there's platform as a service and software as a service so we'll talk about that later for now whenever something relates to Infrastructure that basically means what does load balancer do it balances the load and since the uh what is that the incoming requests across all the servers according to the rules you have provided for example if you're
just going with a classic load balancer a traditional one so let's say there are 100 requests coming in and there are two servers so first request will go to the first server second request will go to the second server for example let's say This is the cloud and users are trying to access the website which is running inside these servers so when a first request comes in it goes to server one second request goes to server two third request goes to server three so this is a traditional load balancer so now load balancer does this
and that's why it basically is an infrastructural component which helps you do this that's why it is an infrastructure as a service it's not platform as a service because It doesn't provide you a platform to do some operations over it it's not a software asset service because it's not a software at all software as a service Gmail is a software asset service because it's a software given to you over the internet right so I think it's pretty clear their infrastructure as a services next what are the different storage classes available in S3 so right now
there are around six storage classes S3 Standard S3 intelligent hearing S3 standard infrequent access S3 one zone and frequent access S3 Glacier and S3 Glacier deep archive so you can check out this all of the storage are provided 119 SLA and over here availability SLA is also provided so SLA basically is a service legal agreement which basically means that Amazon is uh promising you that this particular resource will be available 99.9 percent of the time so that's what they are giving you so they Are saying it wouldn't go down at all even if it goes
down it would be just for point zero one percent of the time and so our let's not discuss more into it let me just briefly explain this so that's all you have to say so the storage classes are standard which is the default storage class which will be given to you when you create a S3 bucket right and then there is intelligent tearing there is standard infrequent access so intelligent tearing basically Is you can see minimum storage duration is 30 days and in this case the only difference between standard and intelligent theory is it's a
little uh more expensive and it has a minimum duration period over here but other than that they're pretty much the same but standard infrequent access is different from standard because standard is considered as hot storage that is when you store something in standard it you Are basically saying that it that particular objects are frequently accessed by someone but if you store in standard iea which is standard in frequent access so you are stating that it's not frequently accessed okay so that's what you are stating uh yeah so basically that's it and then coming to one
zone so in these cases the data will be available in three or more availability zones but when it comes to S31 Zone it will be stored in just one Zone so that's basically the storage class name this is not a good practice but sometimes if it's not important data or old history data you just want to have it there on AWS then you can have it on this for example in that case if that availability Zone was down you wouldn't you wouldn't be able to retrieve that data in that particular period of time until AWS
comes back up in that region but that's a risk you would have to take because it's not Designed for availability you can say it's 99.5 percent of the time it's available all the other services have 99.99 intelligent tiring has 99.9 uh Glacier and deeper if I have 99 1.99 so you can see the difference over availability because it's only available in one zone right okay next comes Glacier and Glacier deep archive the only difference between Glacier and glaciality part 5 you can see the time The minimum duration and one more would be the so this
Glacier departure would be much cheaper than Glacier why because you will be able to download stuff of Glacier within minutes or hours but in Glacier departing it will take several hours because uh Glacier is a backup service backup storage service will be able to backup your data that's why the minimum storage duration for any data you store on Glacier is 90 days you cannot delete them before 90 days that's The minimum login when it comes to S3 glacial Department it's 180 days because these are data which are archiving which you don't want for now you
just want to Archive them uh like something company history data or project history data whatever it is you can just store over there right so these are different types of storage classes what I uh explain what are uh what T2 instances are okay so T2 T2 instances are one particular type of instance in Ec2 instance types there are so many different types for now let me just explain this so T2 instances are designed to provide moderate Baseline performance and the capability to burst to higher performance as required by the workload so each types of instances
will have a separate uh like what is a separate need to uh satisfy so T2 instances are created to provide the Baseline performance that is regular performance and also whenever whenever The workload is increasing they are equipped to give you a burst in performance which will increase the utilization of the CPU in order to provide you a better in order to provide a better handling of the workload right so that's exactly what it is so these are the different types of instances within T2 dot Nano dot micro small medium large x large and 2x large
so so you can see so this is virtual CPU that basically means how many cores that Particular instance has so the Nano micro and small have one core each medium and large have two core reach and large x large and 2x large I have 4 and 8 core each right so the difference between uh micro small and keyword small comes within the memory range and the CPU credits so let's not go into CPU credits that's a whole other concept uh so memory so let's just understand storage and memory and the virtual CPU so we already
understood virtual CPU so Memory you can see Nano has only 0.5 gigabytes of RAM micro is one small is two medium is 4 8 16 32 right and performance low low to moderate low to moderate low to moderate low to moderate Modric moderate so nothing gives you high net for performance all our nominal performances so if it's for a practice project or or a demo project go with T2 instances so also detail dot micro is the free uh tier instance which is provided to you this is the free tier Instance which you will be able
to use when you want your instance for free all right so these these These are basically two instances coming to the next question what are key pairs in AWS so when you create a virtual mission in AWS you would have to create something called a key pair if you already have a keypad you don't have to create it can create use the previous one which you already have but if you do not have you will have to create a key pair uh Without that you will not be able to create a virtual machine so it
is secure login information for your virtual missions so how exactly it works you will be given a public key and a private key the public key will be stored in the virtual machine the private key would be given to you that you will be downloading and storing in your local PC so when you are trying to login into this server right you will have to upload the private key so it should be The same private key which is given to you because only that particular private key will be able to decrypt the public key only
if it's able to decrypt the public key you will be given access to the instance right so that's exactly how it works it's pretty simple private key public key with this private key you will be able to decrypt the public key once it is decrypted then you will be given access to the server then you can start using it that's basically keypads It's a it's pretty simple okay now how many subnets can you have per VPC so in a VPC you can create subnets so you can have about 200 subnets in a VPC and also
uh it's a matter of IP address ranges available you can still have more but again if you want more subnets than this you will have to consult you will have to basically mail AWS support but usually by default you will be given access to create 200 subnets per VPC so Supplements are basically sub networks within the VPC again it's a logical concept right even VPC itself is a Logitech concept it logically isolates your resources same way within a vbc you can create something called subnets which are subnetworks within the VPC where you can even isolate
the resources within the VPC from themselves so let's say you can create you can have 10 instances and there can be two or two subnets and five instances can be in one Subnet and another five can be another subnet and they can be also isolated from each other if they don't have any connection between them so they can privately they can only privately communicate with each other if there is a communication portal between them if not they wouldn't be able to do it so that's basically it okay so you can have up to so for
this question the answer would be you can have 200 subnets per VPC I just wanted to give you a brief About subnets okay next is list different types of cloud services uh this is a pretty straightforward question and mostly it won't be asked in a uh again it's a basic but these are basic questions that's why this question has come up uh so software asset service platform as service infrastructure asset service these are the three essential ones data asset service could be added if you want to because if you add data asset service There are
other types of cloud services which could be added like function as a service uh like big data service AI as a service you can add so many things right asset service is just a term so mainly there are three types software platform and infrastructure when you talk about software software on remote service for example let's consider Gmail the Gmail is running on a remote server on Google's data center somewhere you don't know where that application is running You don't know where the application's code is residing you do not know where your emails are getting stored
it could be stored in any data center of gmails so you wouldn't know all that but you will be still able to access the software itself right so that's basically software as a service you will be given access to the software but you will not be given access to anything else apart from that you will only be able to use the software next comes Platform as a service so in this case application development didn't deploy deployment so to be very simple they'll in this case you'll be given a platform which will give you a little
more access so you'll be able to build something using this platform for example in AWS there is a platform called elastic Beanstalk if you guys want just type it in Google and see what exactly it is so I'll just give you a brief so it lets you upload your code and it'll Automatically provision instances that is easy to instances and upload your code and install all the software necessary and your website will be up in no time you don't have to do anything else you just have to upload your code properly but your code has
to be optimized for elastic bean stock accordingly but you all you have to do is create the application and upload it being stock will take care all of it that's the infrastructural part would be Taken care of by bean stock so the only thing you'll have to worry about is the platform handling the platform all right so that's basically a platform as a service now coming to infrastructure as a service as I already explained you what is ec2 to servers storage operating systems so S3 ec2 so these two are basically infrastructure Asset Services so S3
basically provides you storage you will Be able to upload and download and delete and do every operation which you you can basically do in your own personal computer so it lets you do all that they're providing infrastructure via storage ec2 gives you infrastructure via servers so in this case what they are basically doing is they are giving you like let's say you're there giving you operating system level access to servers so that's exactly what infrastructure as a service is in this Case we will be given the access to the server itself for example in this
case you only get access to the software the only the platform here you get access to the infrastructure itself you can install any software on it as you want okay so now we've seen the basic questions I hope the basic questions were helpful now let's move on to the advanced questions uh right so also at the end of this particular session guys I'd be asking you a question so if you Know the question uh please put down in the comment section I'd be asking in YouTube so for now let's just try to understand everything about
AWS interview questions now moving on we'll be looking into advanced questions so make sure you understand the basic questions make sure you just go ahead and check the documentation just cross reference everything uh so I've given you the answers right you just cross reference everything make sure Everything is clear for you because some of these questions are pretty small if you want to know more about keypads go to the documentation and learn more about keypads but we are just trying to give you answers for the questions asked right all right so now Advanced jws interview
questions okay explain what S3 is so S3 it's called a simple storage service so S3 is basically a storage service where you can store retrieve delete uh any amount of data basically Virtually unlimited data can be uploaded and downloaded uh like at any time using the internet so basically the payment is pay as you go for most of AWS services so especially in S3 so basically let's say you upload two gigabytes of data you only have to pay for the two gigabytes of data which is uploaded and if you deleted that you don't have to
pay anything because there is nothing stored on AWS at that point of time so basically only pay for what you use on S3 so in this case why I say virtually unlimited is you do not know how much storage space that AWS have you can literally keep uploading how much other data you want AWS wouldn't stop you because obviously you're going to pay them for the data which you're storing right so they obviously are a for-profit business who are profiting from this so they will provide you unlimited virtually unlimited because there will obviously be a
limit to the data which You can store which would be really really high you wouldn't have that much data to store obviously but again that's basically what S3 is it's a storage service which lets you store petabytes or even exabytes of data all right and you just have to pay for what you use okay next question how long does Amazon product 53 provide High availability and low latency Okay so the question basically is how does it provide High availability and loading Low latency why should I not go with code ID or any other DNS uh
service right why should I choose Amazon Route 53 so now they're explaining that so first of all it provides you globally distributed Service uh AWS again is the biggest uh Cloud Network right now uh and obviously they have data centers all around the globe in most of the countries and they literally have in every single continent right they have data centers in every single continent So that basically helps them uh serve your website to every single person around the world you'll be able to serve your website let's say you are in India you are creating
a website and you want your product to be Go Global and you want your application to be available for every single person around the globe so you can use route 50q Route 53 to do that next comes dependency and finally optimal locations now let's come from the top so Amazon is a global Service and consequently has DNS service globally as I told you they have data centers all around the globe any customer creating a query from any part of the world gets to reach a DNS server local to them that provides low latency so low
latency in this sense they're asking how exactly Amazon route Route 53 helps you in order to make sure your application really really fast for any user around the globe so if the application is if The headquarters is in India the main customer base in India so then it's it makes sense to provide low latency to customers in India but how exactly Rock 53 provides lower latency to every single person in the world if you are using this application in a global level so that's how it is doing by providing them a local server which is
nearby them so they'll be taken to the local server from there they will be routed to the actual place where the website is hosted Or they could just if the web if the website is available globally then the local server itself would be able to uh give them the access to the website so that's basically how loaded latency is maintained dependency Route 53 provides a high level of dependability required by critical applications so again you are paying AWS for something they are the cloud leader right now so obviously the dependency is there they give you
a high level of dependability required by Critical applications even though it's a critical application you could run on Route 53 and it will make sure it is running really really well that provides the website High availability and finally optimal locations so Route 53 serves the request from the nearest data center to the client sending your request whenever a client sends a request let's say my main customer business in India is and there's a customer from let's say Ethiopia trying To basically send a request and they are sending a request and they'll be taken to the
niggerest bigger Center to them so that it's much faster for them to get the website shown in their browser right so AWS data centers are across the world the data can be cached on different Data Centers located in different regions of the world depending on the requirements and the configuration chosen prop 53 enables any server in any data center which has the required data to respond This way it enables the nearest server to serve the client request that reducing the time taken to serve it's basically caching so the website will be cached in the nearest
local server and asset is already cached it doesn't have to travel all the way to the original server to get the data back it can just use the cache information and just return it to the user that would be quick and the user would be happy about it right so This is how Route 53 does it so there is obviously more to it that's what we're going to look at right now for example let's consider please cut that small part which I didn't speak okay so now let's consider the requests are coming from a user
in India or served from the Singapore server while the requests coming from a user and the US are routed to the Oregon region for example uh let's say the application is In the US right the application is in the US so now this is the Oregon data center this is the Singapore data center so let's say this website is not available in Indian data centers so now a user is basically trying to request right uh some data or the website so the user is requesting from India so request from user routed to Oregon region so
this is uh basically for this so now when a request comes from the Indian user Route 53 checks for the nearest Server so the nearest server this time would be Singapore so in this case the request from the Indian user would be redirect to the Singapore server and the data would be given back to the user as fast as it can but if a user from the US region itself is trying to access they will be taken to the nearest server in this case it's Oregon so this is how it maintains High availability and low
latency so this is especially for low latency not high availability but higher Availability there are so many different things which you can talk about uh other AWS so there are multiple data centers so your application can be replicated in multiple data centers even though one data center is not available for example even though if the Singapore data center was not available at that particular point of time Route 53 would have taken them to the next and nearest server right next nearest data center so that's exactly how it provides higher Availability okay so now coming to
the next question how can we send a request to Amazon S3 so it's a rest service and you can send a request by using the rest API which is available or you can use by using the AWS SDK wrapper libraries that trap the underlying Amazon S3 rest API so basically you can use the rest APA manually in order to do it or you can use AWS SDK and you can basically create a code piece of code and you can use That code whenever you run that code it will send a request of whatever request you
want to by using the wrapper libraries which you have created right so that's how you can do it because the next question what does AMI include so first of all Ami basically means Amazon Mission image so an Ami includes the following things template for the root volume for the instance so how exactly the root volume should be Formed how much storage it should have and what kind so what are the things which it should have okay second launch permissions to decide which AWS accounts can Avail the Ami to launch instances so when you create an
Ami you can choose whether it's public or private if it's private only that particular AWS account would be able to do it but that particular AWS account would be able to give access to another AWS account even though it's private but you can also Convert it into a public Ami in that case every single person in the world would be able to use your Ami to create a or launch instance now a block device mapping that determines the volumes to attach to the instance when it is launched so whenever the instant launches it needs some
volume to be attached right so that particular volume is basically uh so that information is also stored in the Amazon Mission image so basically When you use the Amazon Mission image you can launch one instance or you can launch multiple instances according to whatever is your requirement but the Ami will contain all of these things the template for the root volume the permissions to launch in whatever AWS accounts and finally the block device mapping that is what are the different types of block devices which needs to be attached to this instance so when the Ami
is creating it Will also basically launch the volumes and attach it to itself so this is basically what an Ami is right if you want to know more about Emi you can go check it out so what exactly Ami is it's a template which is used to create instances so you can't create an ec2 instance without an Ami okay so that's basically Ami coming to the next question what are the different types of instances so we saw one type of instance so that is One Singular type of instance but these are basically the groups the
types so basically groups uh in types of instances so there is a compute optimize there is a memory optimized storage optimized accelerated Computing in general purpose so the t2 instance type which we previously saw was a general purpose type of instance which is basically used for generic usage and also it will provide you a burst in performance whenever required but it's Mostly basic but compute optimized will basically provide you a really good processing power so basically it will provide you more CPU cores than the ram provided okay so that's basically computer optimize it will be
optimized for compute memory optimized is optimized for memory that is it will give you more RAM but the cores will be less the virtual CPUs would the number of the virtual CPUs would be comparatively less than the ram so this Is for memory so if there is any in memory processing you would have to choose a memory optimized the instance type storage optimized this is for storage so for example uh in this particular reason there is open data coming in data going out you want the data read and write to be really really fast in
that case you should go for storage optimized so that's exactly where you should go for that finally The Accelerated Computing So this is basically for for example if you're running an artificial intelligence model or a machine learning model or if you are transcoding videos or if you are rendering videos or graphics on the server in that case you need accelerated Computing which would provide you a really high performance for these kinds of requirements right so this is different types of instances uh coming to the 17th question what is the relation between the availability Zone in
the region so to put it very simply the region is the entire region so there are that could be uh so the regions are geographical within the region there could be any number of data centers but usually around there are maximum there are six to seven data centers in AWS so an AWS availability is known as a physical location but on Amazon data center is located on the other hand an AWS region is a collection or group of availability zones for Example let's consider in us there are so many different states so for example when
they say Oregon right in Oregon there could be multiple data centers and different physical locations but the group of them in that particular region so that region Oregon is the region and within that there are multiple availability zones so they are the available results that's basically it availability zones are individual data centers region is just to group them Together okay so this setups helps your services to be more available as you can place your virtual missions in different data centers in even different AWS regions so you can have your data center in uh Oregon you
can have it in North Virginia you can have one more server in India we can have one more server in Japan so it totally depends on whatever is your requirement so that's what they are saying if one of the data center fails the other one Would be a running so that your servers would be always running and that will make it always available so this basically provides uh the failover it provides your fault tolerance even though your server server in a particular region goes down your application wouldn't completely shut down because there are other regions
and other data centers which are actively running this is basically the difference it's Not a difference basically because availability zone is within a region the region is a logical group but within the logical group there are physical components which is an availability Zone next question how do you monitor VPC so as I told you already there is cloud watch it's the default tool but VPC has a separate uh function which is VPC flow logs which will give every single action performed within the VPC as a log so you can see every single action done in
that Particular vbc with flow logs so these are the two different ways you can monitor APC so what are the different types of aceto instances based on their costs essentially three types on demand spot and reserved on-demand instances are when they are prepared whenever you need so you can if I want an instance right now I can open I can log in AWS and create an instance that would be an on-demand instance so that would be that would be created for a short period of Time so basically on demand instances are created for short-term requirements
for example if you currently want to run a particular code and I want to just run a website for a couple of hours just to test it so then I would go with an on-demand instance because on-demand influences are more expensive than sport or disabled instances Let Me Tell You Why when we come to spot our reserved but they are expensive so it is cheap for a short-term instance But it is not cheap for the long term it will get much more expensive uh so that's basically on demand coming to spot instances so these types
of instances can be bought through a bidding model these are comparatively cheaper than on-demand resources so in this case you will have to bid for the instance and if the instance is available you will be given access to it so once you win the bid you will be able to pay for the instance basically that Particular bid amount you'll be able to pay right so these are spot instances but the reserved instances are the one which companies mostly use for their needs so why because reserved instances are reserved for you for example a company wouldn't
be like okay if I want an instance right now they wouldn't go right now and create it they would already Reserve uh some physical Hardware which is already available for example you can create instances that You can reserve for a year or so these types of instances are especially useful when you know in advance that you will be needing an instance for the long term in such cases you can create a reserved instance and save heavily on costs why save heavily on costs because when you reserve instances AWS gives you discounts like 40 to 50
percent that's a lot of money right which you can save and a company wants to obviously cut down on operational costs um they will Always go for reserved instances for example let's say there's a new project coming up and obviously if a new project comes up the project will be always live right so to uh once for maybe for the testing and all you can use an online instance but when it comes to live obviously Reserve instance would be a much better chance because if the application is going to be live for a long time
you can take a three-year reserved instance it'll it Won't be one instance when it's when it comes to a company it will be 100 or thousands of instances uh basically servers so in this case you would be reserving them uh by using by basically using the reserved instances tactic where you can basically Reserve these number of instances for this period of time that is one year or three year you can put a contract with AWS and you can pay them upfront or you Can pay them monthly or there are different types of paying models and
resolved instances but it will be much much cheaper than going with on-demand instances it will save you if it's a three-year contract it will save you more than a one-year contract because your reserving instances for a three-year period of time right so these are basically instances different types of instance based on costs coming to the next question what do you Understand we're stopping and terminating an acid instance really really easy question uh but it comes with certain complications even though stopping and terminating may sound similar but in ec2 it's totally different stopping is basically shutting
down your system for example if you shut down your system and restart it the PC is still there right if I shut down my laptop and open it back and switch it on it'll still switch on the instance it'll Still be available it'll all it'll have the storage it will have all my files everything will be there you can just start from where you left off but terminating is basically like selling your laptop to another person or breaking your laptop so once you break your laptop you can't do anything to it because it doesn't exist
all right so that's basically what terminating is you are completely completely deleting the instance and so nothing would be Available the instance would be deleted the data would be deleted this volume will be deleted everything will be deleted you would not be able to restart or look into the system later in time so that's basically the difference in stopping and terminating in ac2 I hope that's clear okay coming to the next question what are the consistency models offered for modern databases uh by AWS so eventual consistency and strong consistency it's Coming to eventual consistency it
basically means the data will be consistent eventually but not immediately so let's say there are two databases if I upload some data to this database I want it to be available in this database as well but eventual consistency basically means it will get consistent eventually in time but once they upload it it won't be immediately replicated it will take some time to replicate it So this will serve the client requests faster but chances are that some of the initial raid requests May read still data because that data wouldn't be available at that point of time
because it's not transferred to the other database so this type of consistency is preferred in systems where data need not be real time so if you don't want the data to be real time in a particular system in that case you wouldn't want uh this so you would want this type of Consistency for example if you don't see the recent tweets on Twitter or recent posts on Facebook for a couple of seconds it is acceptable so that's where eventual consistency comes into play because it's not gonna kill anybody right it's it's not uh a thing
which is required immediately so let's say you are posting something right now and it takes two steps two seconds to show up on your profile that wouldn't hurt anybody right so that's basically what Eventual consistency is but strong consistency it provides immediate consistency where the data will be consistent consistent across all of your database servers immediately as soon as you upload it to a database server it will be immediately replicated to the other database servers okay so this model may take some time to make the data consistent and subsequently start serving the request so eventual
consistency the data will be Available in one database server but it will take time to replicate to other database servers so in that case the data can still be read from that particular database server but when it comes to strong consistency ask the database servers are currently trying to become consistent by basically replicating it across each other so when you are trying to a request some data it would take some time because it is trying to make every Database server consistent so however in this model it will get it is guaranteed that every single response
you get will have consistent data in the previous one even though uh let's say it takes a couple of seconds to show up it's fine because it's not real time but in this case Funk consistency you would need you basically use it for a real-time use case Okay so this is the difference in uh consistency models offered uh okay next question jio Targeting in cloudfront so gr jio targeting enables the creation of customized content based on the geographic location of the user this allows you to serve the content which is more relevant to a user
for example if you take YouTube some content is available in us but you won't be able to see that content in India or take Netflix some movies are available in Europe those movies are not available in China or that movies are not available In Japan why is that they are using geotargeting right but you're using Geo targeting you can basically serve the relevant content to your user and also if it's an Indian YouTuber if it's an Indian YouTuber it wouldn't make sense to show that particular YouTuber that particular YouTubers uh content to a American right
especially if it's in an Indian language they wouldn't be watching it so it doesn't make sense so by using Geotargeting you would be able to deliver content in a proper manner based on the geographic location of the user for example using geotargeting you can show the news related to local body elections to a user sitting in India which which may not be suitable for users sitting in the US why would they want to watch a local body election happening in India uh same thing if there is a baseball tournament in the US which is going
on We Indians don't play baseball we play cricket and other sports like football and stuff like that so maybe if it's a football game we would watch it but if it if it's a baseball game most probably we wouldn't so yeah so that's basically is Geo targeting right okay coming to the next question what are the advantages of AWS IAM so IAM means identity and access management so it enables an administrator in AWS to provide granular level access to Different users and groups so using IAM you will be able to provide access to a user
who created in IAM so you can basically create users you can create groups and once you do that you can give them permissions to do certain actions for example you want to allow a user to basically work only on ec2 you don't want him to work on other services you can do that you can provide them permissions to only use ec2 he wouldn't be able to use other services right so That you can do with IEM so it also allows you to provide access to the resources to users and applications without creating roles which is
known as Federated access also there is something called IAM roles which could provide an user temporary access to that particular service you are you want them to use right it's temporary access it's not permanent so these are there are more things to IAM so but the advantages are you can create users and groups and you Can control the users by you can basically have access to them and you can have basically uh you can provide them different level of access according to the user for example a developer would need different types of variable Services uh
data scientists would need different types of AWS Services let's say a finance account manager would need different types of variable services so according to that you can Provide them particular access that's basically what are the advantages AWS IAM you would be able to uh basically administer over users and the permissions they have coming to the next question what do you understand by a security group so to be very simple Security Group is basically like a virtual firewall so when you create an AWS instance you may or may not want that instance to be accessible from
the public network moreover you may want That instance to be accessible from some networks and not from others for example you are creating an instance and only you want to access it so you know the IP address of your PC right so in that case you can create uh in the security group you can pass on your IP address and only you would be able to login into that is to instance even though somebody else has a private key let's say You have given the private queue someone else they wouldn't be able to log in
because They wouldn't have the IP address you know coming to uh the second Point Security groups are type of rule based virtual firewall using which you can control access to your instances so you can create rules defining the port numbers networks or protocols from which you want to allow access or deny access okay so it's basically simple you can provide the port numbers you can provide the IP addresses the protocols all the things you can provide so this will Basically and also you can allow them or deny them so let's say if you want a
particular range of IP address to be denied whenever a request comes from that IP address they wouldn't be allowed to access the instance because the security group will stop them so it's basically very very simple you can control who can access and who can't access the instance and where they request course where the request comes everything can be accessed using a Security group okay now what are spot instances and non-demand instances so I think we already looked into this uh but I'll just explain what a spot instance is even better on demand I've already explained
in a previous question you can go check that so spot instances where you create easier instances there are some blocks of computing capacity and process using power left and used so let's say you launch a really cute instance but only Utilize one certain part so now these blogs are known as spot instances so these part instances that run wherever capacity is available so these are a good option if you are flexible about your where your applications run if you don't want your application to be running in a physical Hardware which is dedicated to you in
that case you can go for spot instances which are much cheaper in nature right so Uh yeah so if you're flexible with that you can go with spot instances so that's basically it on demand instances are already explained and you can look into them you can just go back in the session you can look into them right next is explain connection draining so connection draining is a feature by AWS which enables users enables your servers which are either going to be updated or removed to serve current requests so that basically means let's say you are
a Server all right it is going to be updated to a newer version but connections are still coming in so it will still allow the server to basically serve those requests so if connection training is enabled the load balancer will allow an ongoing instance to complete the current requests for a specific period of time for example you can set that up it will allow let's say the incoming request it will serve for 10 minutes and then but will not send Any new request to it so if already 100 requests have been made right so it
will allow those 100 requests to be served but after that it wouldn't let any new requests to come in but that 100 requests will be served once it is served then it will be stopped so now without connection draining and outgoing instance will immediately go off and the requests spending on that instance will error out so that would be a major problem for users right so because if You are trying to retrieve some data and the application was working at that point of time so once you click on retrieve data and it doesn't give you
the data you would be kind of pissed off so but in this case using connection training that wouldn't happen if system is going to be updated you would get back to data and then it will go to an off state where it's in maintenance so otherwise you would get the request back so this is basically connection training And this feature is available in load balancer next what is the stateful and stateless firewall a stateful firewall is basically the one that maintains the state of the rules defined it requires you to Define only inbound rules based
on the rules it automatically allows the outbound rules outbound traffic to flow so you only have to mention the inbound rules basically means you only have to decide on the incoming traffic so it Will automatically choose or it will automatically filter the outgoing traffic but the only thing you'll have to provide is the incoming traffic rules so who can access the server from where you don't want so who can't access the server all of these things you will have to do but the outgoing from the server will be taken care of the uh system itself
so that's basically stateful in stateless you explicitly Define rules That is you can basically decide uh what is the IP addresses what are the things which comes in and what are the things which goes out everything could be handled by you but you will have to do it by yourself you have to explicitly Define those rules for example if you allow inbound traffic for port number 80 State firewall will allow Earthbound traffic report 80 but stateless firewall will not do it because in stateless firewall if you provide inbound traffic For port number 80 and leave
it it'll only allow inbound traffic for port number ID but if in stateless firewall you will have to go ahead and explicitly mention that also I need output traffic for port number 18 right once you do that then it will allow but in stateful you basically means if you mention something if somebody can enter the instance right somebody can inbound they can also go out so that's basically What stateful does stateless doesn't do it in stateless you have to give every single detail manually coming to the 28th question what is a power user access in
AWS so it's pretty simple it's like a sudo user in nuts so a power user will be given administrator access so using IAM you are creating a user once you create an user you can give them administrator access so once you give new administrator access they can do everything the root user does Only thing they can't do is like if they can't delete the AWS account they can't check out the billing dashboard so those are the things they can't check out but they can do everything else apart from those so without the capability to manage
the users and permissions in other words a user with power user access can create delete modifier see the resources but he cannot Grant permissions to other users so he will not be able to create other Users and Grant permissions to other users but he'll have all the access to use any servers in AWS he wants or she wants right okay next question is what is an instance store volume and an ABS volume so it's basically uh two different things so instance store volume is a temporary storage only temporary data is stored because let's say the
instance is restarted that data will be gone that is instant store it's like Ram but ABS Volume is like your SSD or your HDD so once the data is stored it is stored there because it's a storage disk and once it is stored even though the instance gets turned off it will be available that's the only difference instant store is like Ram when the instance is running when temporary data is available it will be stored in the store once your instance is restarted or it's shut down the data will be gone but whatever data is
stored in the EBS Volume will still be there 30th question what are a recovery time objective and required Point objective in AWS so recovery time objective it is the maximum acceptable delay between the interruption of service and restoration of service this translates to an acceptable time window when the service can be unavailable for example a recovery time objective let's say AWS tells you that five minutes per day so you can expect That the service will not be available for five minutes in a day but it is not acceptable if it goes beyond that five minutes
so if it goes beyond that five minutes you will be able to get a refund or whatever from AWS but that's the limit given to you so but it's five minutes per day it's also a lot of time so that's not the case it's totally different but I'm just giving you an example next is recovery Point objective so in this case It is the maximum acceptable amount of time since the last data ratio point it translates to the acceptable amount of data loss which lies between the loss recovery data point recovery point and the interruption
of service let's say data is being uploaded and the service has been interrupted so there would be all obviously some data loss right so how much data can be lost how much Theta loss is acceptable that's basically a query Point objective so these two Things has to be given to you when you are trying to create a mission critical application on AWS because machine critical data can be lost mission critical applications uh might be interrupted of service so these are the things we should have to discuss with the AWS team AWS sales team uh the
tech team everything before you basically transition all your stuff into AWS right 31st question is there a way to upload a File that is greater than 100 megabytes in S3 so in S3 at One Core you can't upload files more than 100 megabytes but there's an option to do this which is multi-part upload utility so it will split the large file into multiple parts that you are uploading a file of one gigabyte which is 1024 uh megabytes right it is split it into 10 parts and it will upload it or it will split it into
11 parts and upload it and then once it's uploaded it'll be clubbed Together so you can also upload a decrease upload Time by uploading these parts in parallel uh so in this case largest files can be uploaded in multiple parts that are uploaded independently so if you want to reduce the time you can upload those 11 files at the same time and then you can clip them together after the upload is done the parts are merged into a single object or filed to create the original file from which the parts are created so You can
use multi-part upload to upload a really huge file coming to the 30 second question I'm going to change the private IB address of the ec2 instance while it is running or in a stop state so first of all once you've created an easy loan sense and what's a private IP address is assigned you will not be able to change the private IP address when an ec2 instance is launched a private IP address is assigned to it so once it is assigned you will not be able to change It because it is attached to the instance
for its entire lifetime so once it's terminated you can create another instance and that instance can have the same private IP because this instance is dead it's not available and the private IP address is free now so it can be assigned to another uh a server but that server cannot have a different private IP address it can have the same it will only have the same IP address So the third question so what is the use of lifecycle Hooks and auto scaling so life's life cycle hooks are used for auto scaling to put an additional
wait time to scale in or scale out event to make it even simpler let me just expand use uh using this particular thing so this is a life cycle hook and this is a life cycle logo right first of all scale out scale out basically means decreasing the number of instances let's say you have five instances now you don't need For instance you want only three instances so now you are reducing two instances right now scale out pending so life cycle hook basically pending weight bending proceeds so it is basically the instances are launching so
sorry scalar basically means increasing the number of instances sorry my mistake uh so once then the instance once it is launched it would be in service and then scale and comes in so in this case there Is another lifecycle hook which is for terminating First Once the terminating is started it'll wait and then it will check what how many instances has to be terminated so once that is decided it will terminate the instances and then termination will be done so in an auto scaling instance so this is what happens so it basically gives you an
additional wait time to scale in or scale out that's exactly what lifecycle hooks does and that's exactly I wanted let's check And the final question which you're going to look into is what are the policies that you can set for your users passwords okay so you're let's say using IAM you're creating users passwords so what are the different kinds of settings you can do to that user's password so that they create a secure password first of all you can provide a minimum length if you want the minimum length of the password to be 10 characters
you can do that second you can ask the users to add At least one number or special character third you can provide a requirement like particular character type like add or hashtag or forward slash or backward slash so you can provide that you need at least these or you need uppercase letters lowercase letters numbers and non-alphanumeric characters so you can ask these requirements fourth we can enforce automatic password expiration that is you can set up a password expiration period after every month They'll have to change a new password that's basically the fourth one and the
final one is you can have the AWS user's contact an account administrator when the user has allowed the password to expire so basically you don't have to manually uh change the password you can allow them so you can basically give the access to the account administrator when the user has allowed the password to expire right so if the user allowed the password to Expire then they will be able to contact the account administrator and get their password back if they are not able to create a new password so these are the different types of things
this is different policies which uh AWS administrator can set to the IAM users right so these are basically the questions guys so now coming to the final part I'm going to ask you a question so if you know the answer put down in the Question section and we would give you a heart from our side to recognize that yes that's the right answer so the question basically is which of the following is an edge storage or content delivery Network so which of the following is an edge storage or content delivery system that caches data in
different physical locations four options relational database service dynamodb cloudfront associate web services so I'll repeat it Again which of the following is in Edge storage or content delivery or CDN that caches data in different physical locations so is it RDS or dynamodb Cloud Center associate web services if you know the answer put it in the comment section so that's basically the session guys I hope it was helpful so meet you in another one and if you like the session please leave a like thank you
![Upbeat Lofi - Power and Energize Your Workday - [R&B, Neo Soul, Lofi Hiphop]](https://img.youtube.com/vi/ONcY0BM5EAg/maxresdefault.jpg)
