AWS Certified Solutions Architect Associate 2022 (Full Free AWS course!) | Part 5

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone this is michael gibbs again happy saturday and i hope you're having a wonderful time this is going to be day five of our free aws certified solution architect 2022 boot camp it's a real honor and a real privilege to be with you here all today so this is day five of our free aws course our aws certified solution architect associate boot camp it's been really really great for the first four days we've gone over a lot of aws technologies we actually did a bgp session for people to learn bgp based upon what was going on in the industry we had a lot of open dialogues yesterday we brought in some tech recruiters to help you find your first cloud architect job yes we've done a lot of labs throughout the week which i think have been an incredible good time um for all and you know every one of the people that have been here you know we've had people from country and country and country which makes me really happy if we can spread the cloud computing message if we can train people for the best cloud computing jobs it makes us feel really happy so the reason we create this content is we've looked around we looked at all the certification training that was out there and we could not find anything that we found to be really good at helping you get cloud hired so we wanted to do this as free training for you all today we have a lot more fun things to go over and our training systems today we're going to be going over a lot of the aws services and some more of the aws security services because security is absolutely critical so this is something i'm super happy about to do with you guys today if you guys are here and you guys are ready let me know by typing cloud hired in the chat box and then i know you guys are going to be here and after you guys let me know what the cloud hired if you guys want to keep me going in the direction you want that is great you know i had a lot of fun yesterday with you guys we were going down the standard path for the certified solution architect associate and then you guys wanted more so we went into i am depth of the level of the certified solution architect professional and i am happy to do this absolutely for you guys anytime a whole message the whole point of training is to get cloud hired that's why we're not focused on certification we like certifications to help you guys get a cloud architect interview or a solution architect interview but what gets you hired what gets you that cloud architect job that whole cloud hired concept is really a great degree of technical competency a high level of emotional intelligence executive communication skills executive presence roi modeling business acumen and everything but we know this certification is really important for lots of people we know we have a cloud architect versus a cloud engineer we cloud architecture designers and cloud engineers are builders so we've tried to give you some aws labs during the week we've tried to give you some aws tips whether you're an engineer or an architect and we've brought in lots of people done lots of question and answer sessions so without further ado all you guys that i've seen and girls have typed hashtag cloud hired which means i know you're there i know you're having fun and that makes us great i'm also going to do some housekeeping i'll probably do it two or three times throughout the session if you enjoy our content please hit the like button please subscribe and hit the bell so you get informed of every time we come online we're going to be doing a lot more professional development i'm going to try and come at you a couple times a week with some of the latest and breaking changes in the technology industry we don't have the time to do it every day but we're going to really try and you know give you guys much more so you guys can benefit from our 20-some years of experience so let's go back to some aws certified solution architect associate training so now let's talk about security now while we're on the discussion of security there's nothing that's more important from security than keeping bad things bad actors bad people bad systems out of your network so how do you do that at the edge of your network you need to use something called the firewall here's what a firewall does it keeps bad things out of your system it allows your traffic to go out to the internet and come back but it keeps everything out of your system that you don't specifically permit so we're going to talk about firewalls with aws you're really going to have two options option one is to go to the marketplace and when you're in the marketplace you can get really big really good really robust enterprise grade solutions from cisco from palo alto from fortnite really big enterprise-grade security and when you're in a big environment and you're consulting with the world's biggest organizations like me you're going to use a lot of the marketplace you're going to use them for firewalls on all kinds of cool appliances but when you're working on a lot of organizations or smaller organizations or people that don't need that big enterprise grade security you're going to be using the cloud native services and here we're going to talk about wow i just want you guys to understand there are two kinds of firewalls there are these industrial firewalls that we've been all using they're typically made from checkpoint palo alto cisco fortunette or and even sometimes juniper networks has some and if it's not made by them you're going to be using the aws shield i mean the aws waf which we're going to talk about but let's really still remember this firewalls are for perimeter security they keep stuff out of your network how do you keep your systems secure well you don't give routes to people that don't need it and they can't reach it if you don't have a road you can't go drive down the road then part of it what we'll be doing is we'll have firewalls we'll have ids ips systems we'll have network acls which we talked about security groups adding host-based firewalls you name it we will be using it we will be using a whole lot of technology to really promote a layered approach to security but right now we're talking about aws native things and we're going to talk about waff so what is waff aws laugh is a web application firewall it's designed to protect against common attacks so it's going to look at http https requests for common exploits and if so it'll block it waff can control your cloudfront distribution an amazon api gateway a rest api or load balancer request laugh because it's a firewall will block you know connections at the edge locations long before they get to your network so basically wap controls who can access your system just like any other firewall laugh is cloud native web application firewall is part of the aws and cloud native security services now because it's a firewall it enables you to get relatively granular and control access to your resources whether you do it with what's called like an access list but an access list on a firewall is basically stateful even though on the router or the subnets they're typically not you can create rules or rule groups realistically speaking you create a policy traffic from this subnet may pass through the firewall and come in traffic from this subnet is blocked that's what you're dealing with with so typically speaking firewall at the end of your network people can try and come in try and hack you they're blocked they are blocked they are blocked and if anything breaches your firewall in an ideal world you have an intrusion detection intrusion prevention system to do that but right now we're just talking about firewalls so now that we've done this let's talk about you know how you would use wav very simply you enable laugh on your application or device you create a policy that says you're allowed in versus you're not allowed in when traffic hits the firewall the laptop will analyze your policy and say allowed or denied and if the attack is occurring you know anytime you're dealing with firewalls you can create new firewall rules and it'll stop it now if you're dealing with a next generation firewall like the kind of great stuff from palo alto or cisco or fortunette they can actually look at patterns of behavior and literally create access controllers on their own reset tcp connections do a lot of the cool things that ids ips systems so realize with new and modern firewalls the new stuff the next generation firewalls they are self-healing just give you a little bit of information on firewall so let's look at this in this situation and we're going to look at it you know in a couple different ways architecturally speaking so you could apply waff your cloudfront distribution your application load balancers your gateways basically what's going on is you're setting a policy and it'll just either filter your traffic and monitor what's going on now let's look at it as part of a more holistic sort of environment so you know this is showing you just the aws called native services in reality you may actually have a lot more but in this particular case what we're actually referring to is you can see we've got our internet gateway we've got our load balancers we've got our aws waff which is the firewall protecting the things behind the load balancer and after we actually have that what we actually have with the network acl protecting the subnets a security group that's now actually um taking take that's actually controlling what's going on here something interesting just happened to my slides so bear with me while i try and fix this for you i am not mr microsoft or mr powerpoint by any stretch of the imagination but you know let's make sure we get this fixed for you i think we got it fixed there a little bit more i'll try and make this look a little more elegant for you something happened with the slides i don't realistically know how but uh hopefully that gives you what you need over here maybe if i go that way okay that looks like we're a lot closer to where we want to be so let's go back so i can so let's work on this so now um actually bear with me one second while i try and figure out what's going on with my view on powerpoint so let's talk about distributed denial of service attacks as soon as uh what is a distributed denial of service attack a distributed denial of service attack is when a hacker hacks into a bunch of systems on the internet and then launches an attack on you so in this particular example here's what it's going to look like we're going to have an attacker that takes control of a server or his server or her server then they infect a lot of systems along the way and after they infect a lot of systems along the way they basically take control of these environments so that's realistically speaking how a hacker actually will attack environments bear with me i'm really struggling with my powerpoint right now i like to get new slides so i can talk to you and i can actually okay good okay got back got access to the slides like i said i am not mr powerpoint um it's not who i am i've been designing systems forever just writing them up designing them sending them to a graphics team and after i send them to a graphics team they all get beautified and indesign and things like that but you know when you're making your own things so how do you stop a distributed denial of service tech so i told you here's what an attack is you take a system you attack a bunch of other systems and you use those other systems to attack you here's what's realistically speaking go on i want you to think about this for so you understand the attack if you've got a web page that can handle 5 000 web requests per second and all these servers hit that web page 100 000 times a second for the web request the server can't meet the needs so five thousand capabilities ten thousand fifteen thousand twenty thousand web requests the fake web requests from the hacker overwhelm the server now when a server is this busy basically it can't serve the web page to anybody else because it's busy dealing with the hackers attacks and more importantly if the server gets hit hard enough and maybe the oh buffers overflow some memory buffers the attacker can then take access to the server escalate privileges and do damage to the server change files to the server snoop on you and in some cases you don't even know so these ddos attacks where you take one system and use a lot of systems to hack into things this is a big deal and you've got to work really hard to do it so what do you do you use a layered approach so first at the edge of our network we're going to use some kind of ddos protection which we're going to talk about then behind that we do a firewall and behind the firewall we're going to do an intrusion detection intrusion prevention system and behind that we're going to have some network acls we're going to have some security groups on our servers we'll have host days firewalls we'll add to malware protection we'll disable unnecessary services this is part of the process of locking down your systems but there are also ddos services which don't believe in for a moment are going to stop ddus attacks but they are going to help they are part of the process it takes a lot of layers and there's ddos protection which you can get from cloudflare which is helpful from akamai the content delivery network or from aws attached to their content delivery network or other things aws has a good dds service it's very robust and it's called shield and we'll talk about shield basically shield is a ddos protection service and there's going to be two versions of shield we're going to talk about we're going to talk about shield and shield advanced now these two services are really good because basically shield itself basically is free if you use wealth and it's extra protection i'd prefer shield advanced and we'll talk about that why in a minute but the point is even the free shield if you believe what the documentation says from aws uh that 96 of most common ddos attacks are thwarted by the basic shield and whether it be a synack attack or reflection attack and http slowly slow read these are your basic more common attacks and aws shield standard does it now the thing to remember with shield stereo shield is it's not next generation it is not adaptive it's static meaning you set the policy and shield will protect you old firewalls are static you set the policy and they protect you according to the policy next generation firewalls can look at patterns of behavior and say this is no good and stop it so aws shield advance gets closer to what you find in a next generation firewall and it's quite a good ddos service basically what happens is shield advanced is adaptive just like a modern firewall so shield advance will basically look for patterns of behavior this doesn't look right this doesn't look right deploy an acl reset a tcp connection something cool automatically on their own and when you're dealing with shield advanced now you're getting you know some help because you get visibility for your layer 3 your layer 4 layer 7 attacks you really get to see what's going on it's a great service and if you've got the shield advanced you've got customers they're going to even have access to a 24 spy 7 ddos response team assuming the customer has business or enterprise support so this realistically means is if you opt for shield advance and you're using with aws and i strongly recommend you do if you're using aws and integrate this into your systems especially with cloudfront which is a great content delivery network if you've got a problem you've got aws support you always want to be in a position with support these vendors like aws these vendors like gcp these vendors like azure they've got some really good technically competent people working for them and no matter how much we think we know a cloud provider service they know their service is much better because they know all the inner workings they know the weaknesses of their systems the strength of their systems the breaking points in their systems and how to work with their systems better than anybody else now they may not know other people's systems as well but any vendor will know their systems if you go to azure they will know azure like nobody else in the world if you go to cisco they will know cisco gear better than anybody else in the world if you make the product yourself and you have access to the people that made the product and you know exactly goes into making it you will know much much much more than someone that's an outsider that read a book or took a training course because if you make it yourself you know everything so remember that when you need support it's always good to have it now we'll talk about three quick services they're typically speaking found only on the certified solution architect professional but i want you to know what they are just in case there's one service called amazon guard duty and basically this is an amazon service that monitors your aws accounts and guard duty will look at cloud trail dns vpc flow logs and it's going to look for patterns of behavior that don't feel right and if it sees anything that doesn't like it'll send you a cloud watch event so in a way this is like some rudimentary basic intrusion detection the next service is something called amazon inspector and this is an automated security assessment service that helps improve the security and compliance of your applications that's it amazon inspector automatically assesses your applications for exposures vulnerabilities or deviations from best practices and after amazon inspector performs its initial assessment it provides a detailed list of security findings which is prioritized by level of security of course it's automated so when it's automated you know some of these suggestions are going to be great and some of they're going to be all over the place so it gives you a list of things that are not optimal and then you can basically evaluate yes fix this no don't click this this is terrific i got to tell you in my years i used to run sniffers they're protocol analyzers i'd stick it on the land in different places just to see what i could find you'd be amazed what you can find systems that don't belong there unpatched systems non-compliant systems so amazon inspector is kind of like a sniffer meaning it's not a sniffer where you're looking at package but it helps you get information to determine what's compliant and not compliant this is great you want to know what's on your systems along with this there's another aws security service called amazon macy and this is a fully managed data security and privacy privacy service that uses machine learning and pattern matching to discover and to discover and protect what's going on with your sensitive data basically macy automatically provides an inventory of your buckets including a list of unencrypted buckets publicly accessible buckets and buckets with shared outside your organization very important sixteen percent of all cloud attacks happen from misconfigured s3 buckets you've got some automation checking it's great so macy will look at it and then it'll apply a machine learning and a pattern matching technique to the buckets you specify to identify you if a sensitive data or any important data is out there so it's kind of a nice feature that they've given you with aws macy now let's talk about the service catalog i want you to picture two environments environment one everything that you deploy is deployed methodically and in the best interest of the organization optimal perfect i want you to really look at production you'd play everything that's supposed to be there somebody else at their desk to play something and doesn't tell anybody somebody else to play something there's an outage and a bunch of people make a change during the outage and don't notify anybody this happens this happens this happens the next thing you realize you've got systems they've got thousands of servers you don't even know about it routers all over the place with wan links to things you don't know about routing protocols that are not functioning optimally giving you routing loops just like we just saw on facebook basically what happens these systems get really complicated they get complicated beyond the point where somebody actually knows what to do and then they make configuration errors and it happens not because the configuration is challenging because the person doesn't have access or knowledge of everything so that's reality so aws does have a system to help you identify things that aren't supposed to be there and that's called the service catalog basically what happens is you create a catalog of approved services whether it be machine images whether it be servers software databases and application architectures only approved services you specify this ahead of time and what it'll look like is you create a catalog of approved services and user goes to the catalog they kick off like a cloudformation template and they deploy only what's allowed so seriously think about that you can compete people from doing things they're not supposed to with the service catalog that is really cool because like i said you will find stuff that's not supposed to be there and when you find stuff that's not supposed to be there the stuff that's not supposed to be there causes all kinds of problems for you so don't make it a problem know what's there and only let your people deploy ideal perfected lock down services and that's what the service catalog's for and the service catalog is usually a great idea while we're at it let's talk about the last security service we'll talk about which is the systems manager parameter store again i don't know who thinks of these names now the systems manager parameter store is another component of your strong security posture here's what's great about it it enables you secure storage of passwords database strings and licenses these are the things where if we're compromised your systems are a problem so it will look it's a way to deal with your passwords your database strings and your software license keys aws will help you with a place to store it and it's called the systems manager parameter store and it offers basically a hosted serverless scalable environment for storing your password keys api keys license codes those kind of things so the way this works is for extremely sensitive information you put it in the parameter store in an encrypted environment and in this manner your code is separated from your passwords you've got a means to audit things easier and you can track your password usage so the system parameter store will basically scan your instances or your virtual machines and report policy violations so now you know these are the aws services that are available for security so next section it's a long section is going to be aws services and there's a lot of them and we're going to spend some time with each one of them so [Music] prior to doing this let's see if there's any questions from the audience because i want to make sure we get to them chris are there any questions from the audience you want to bring up on screen before we move to the new traffic yes are you looking at streamyard or youtube i'm going to be looking at streamyard in one second okay i'm looking at stream here mw mover what is the best industry practice using waff going to the marketplace or both this is a case by cases mw murio if you as a general rule if you've got a really strong organization that needs real enterprise-grade environments you're going to be going to the marketplace you're going to have vpn users for example lots of vpn remote access users it's going to be a lot easier using the auto autovpn technologies that cisco has to take in your users add them into vgp and promote your routing than anything available from aws when you're dealing with the company like cisco or checkpoint i want you to think about this basically have thousands upon thousands upon thousands upon thousands of employees a company like palo alto for example will have had are an incredible number of the best security architects in the world and the best security developers and all they do are make firewalls for example i'm exaggerating the concept a little bit they do more but when you deal with a company like checkpoint that's made security software and that's their whole business and they've been doing it day in and day out for 30 years cisco's been doing the same with their firewall they have 30 years and thousands of developers focused on security from the beginning so aws hasn't been around that long great company love what they do aws does a little of a lot of things checkpoint does nothing other than security for 30 years who do you think has a better product for these environments who do you think's got more robust when you deal with cisco and you deal with the router you're dealing with you have access to to four million routes basically 800 000 routes from five isps no big deal on a cisco router when you connect to aws you have a hundred routes it's not that aws isn't awesome they are you got to remember they have to do a lot of things so what is a jack of all trades a master of none so if you get these things from the marketplace of course you can get a better more robust service than any cloud provider can give you because that's all these other services do so if you're looking for inexpensive quick simple to deploy wifi your awesome firewall if you're dealing with an organization that's got extreme security requirements and lots of remote access employees and they want to use the next generation firewalls that self-heal and adapt the things going on around them which most big global organizations were they're going to go to the marketplace they are not going to use the cloud native service i hope i answered your question with that manesh what is the difference between a waff and a knuckle okay good question a web application firewall is used to keep people out of your systems and network acl is used to keep people out of your subnets a real firewall or laugh in certain cases is adaptive it's going to look at a pattern behavior and say i don't like this and block it and stop it and network acl cannot a firewall is stateful if their data comes from inside the network out to the internet your traffic will be allowed back because the firewall is maintaining stator tracking your connection with network acls there's no tracking so firewalls much more robust protection much more monitoring of the question and firewalls keep people out of all your systems network acls protect the subnet afreep question what can we do about the actual trend that modern malware is being written in new age programming languages like go julia and the firewall ideas can so aphro p what's going on is the new next generation firewalls can actually know this in fact a lot of times the best new firewalls will actually take the code they'll spin up a virtual machine on that firewall they will test the code before they even allow it on the network so that's why we're using networking that's what we're talking about next generation firewalls as the means to lock this down and not the laugh and not the basic traditional firewalls laugh is great i'm not against web i love it but i'm just saying that you know depend you have to architect based upon the needs of your client abigail marx can bots create ddos attack well you got to remember ai and of itself is not that smart a human can write the code or the human could even write a machine learning algorithm to go infect other things and i guess you could call them bots but basically a human decides to take this malicious attack and whether they create a bot that launches the attack or they do it manually it's really one of the same but yes humans can create bots that can launch a ddos attack absolutely sm7 can i specify what services each grow is allowed to access well sm7 it's 100 up to you as the as the con as the architect you design who you think should talk to whom and then the cloud engineer will put those things into the firewall for you or your cloud security engineer so it's that's up to you and me on the policy that we create for our customers derek is the systems manager parameter store only used by root user or can it be used by all users it can be used by other users but generally speaking you need administrator privileges to launch virtual machines so definitely a root user definitely administrators there may be a policy direct to connect other users i've only set these things up to basically work with you know systems admins because they're the only people that i want actually launching systems in the first place so good question there derek lightning ddd1 where do you use waff and shield security groups network acls load balancers cloud fund okay so i guess that's a pretty good question are you guys trying to tell me you want to see some architecture that's outside of certifications if you're telling me you want to learn cloud security architecture let me know i'll walk through a generic example what an organization would do let me know in the following if you're joining the content smack that like button um and if you want me to actually walk you through to how to do that i will do it but it's going to take about 10 minutes so let me know if you want cloud security architecture let me know and i'll go do it michael then i'll answer a question before you get to that okay what's that answer this one before you get to that i can't really do how reliable or pro how reliable are products from third parties in the marketplace how reliable are products from the third parties in the marketplace um it depends on the product that you actually get if you get something from cisco or palo alto it'll be the most reliable product in the world um and extremely good now the only problem we have is when we go to the marketplace is normally speaking you go to cisco you got a firewall it's a high availability device you go to uh palo alto the same thing you can have multiple devices and the heartbeats between them load balancing keeping each other healthy all of it for security you can do it here's the problem in the cloud you can't bring a good device with you so what happens in the cloud you're running virtual devices meaning you're actually doing this cloud security on a virtual device inside of your the marketplace which means that if the device goes bad it's broken so what you typically do when you're doing these kinds of devices from the marketplace which are awesome by the way is you typically have two firewalls and you use a network load balancer or a gate reload balancer to kind of file to kind of do some of these architectures to make sure you've got high availability so all right let's let's walk it through because people are actually asking this question um i actually don't think we went through a real security design here yet so let's walk through exactly what it would look like home let's do make a new slide over here and then i'll share my screen and we can do it together so here's what it really looks like if the let's say you've got a content delivery network let's say this is your cdn you're going to put something like shield advanced here this is going to keep people this is going to help stop some of the ddos attacks now behind your uh your d-dogs you're going to put a firewall and the firewall is going to keep people from getting inside of your systems now if you're using a next generation firewall great if you're not using a next generation firewall you're going to put an intrusion detection intrusion prevention system behind your intrusion detection procrusion prevention systems typically speaking you're going to have network acls protecting your subnets then typically behind that you're going to have a security group that's going to protect your subnets and then behind that now you're gonna you're gonna be on your servers themselves and on the server like this what you're gonna do is you're gonna put a host-based firewall and you're gonna put some anti-malware protection and then on this what you're going to do is you're going to disable any unnecessary service that's how you're going to lock this down and of course you know the reason we said so this is what's protecting you this is keeping bad guys out this is keeping bad guys out this is if a bad guy got in keep them out this is keeping more guys out of bad guys out of your subnet this is keeping more bad guys out of your server the host-based firewall again protects your servers the anti-malware protects you against things and you disabled unnecessary services so you're not listening on all ports you know now you've got the what happens if so this key so this keep bad stuff from getting to you in the first place this protects the front door of your house this protects the front of your house this keeps traffic from getting to your servers this keeps traffic from getting to your service and then this protects your servers now once your system's on when somebody's knocked in broken through the front door and now they're at your house now you've got to determine who's allowed what they can do and then track it so here's where iam comes in after all of these things have failed that's why i am as the last line of defense and then what you typically do is you also want to take any storage that you have and you want to make sure that people can't use it should the hard drive be stolen on the cloud provider and you do that with encryption this realistically speaking this is what goes into a security architecture so for the folks that have asked the question where do the pieces and parts go yes you block them one at a time from the edge on your way in so i know we kind of kept it i know we're kind of doing some certification training but you know i still want you guys to be cloud hired so if you liked us doing some architecture work please put hashtag cloud hired in the chat window so i know you're paying attention and hit the bell and subscribe and like and share with others if you feel appropriate like the content's good so while waiting for you guys to let me know if you liked it with the cloud hires i will start working into uh so for jillian mfa comes into the iam component it's the last last last component when somebody's already knocked into your door dean haycox i think you becoming a cloud security architect is awesome especially coming from an emergency services background like you and me those of us that really work really hard to lock systems down or protect others often do well in the security environments this security thing is really important and it takes a layered upon layered upon layered approaches otherwise you know it's not there that's why you're dealing with really high paid quality security people it there's only a few there's a such a small percentage in the world that really know how to lock these systems down and even if you do the best of everything at some point your systems are going to be attacked so the point is that's why you've got to use so many layers that's why you've got to do things this is why you can't forget the lost art of network security by limiting routes to people that don't need it only the people that know how to do that for the most part are the cci level people that really know the network security that's why on your team you need everybody you need networking people you need security people you need application people you need engineers anytime you ask one person to try and do too many jobs they're bad at everything so be great at what you do and keep organizations from getting these problems now let's talk about these aws services and there are a lot of them i mean a lot of them and a lot of questions on the exam are going to come here so for the aws certified solution architect 2022 exam you will see a lot of them so let's go over these services the first service we're going to talk about and we've talked about it before a little bit is amazon sqs or simple queuing system aws sqs test answer is used to decouple your application answers if you're asked a question on how do you decouple your application environment the answer is sqs simple queuing service but realistically speaking let's talk about what is sqs or simple queuing service sqs is amazon's branded simple queuing service here's the good news it's pre-made for you so you don't have to hire somebody to code it for you so when we start thinking about the cloud and why is the cloud so great it's because a lot of this stuff is pre-built for you and in common easy to use use cases if it's pre-made you don't have to spend a fortune to make it and amazon's sqs is really great it is a message queuing service designed for transient storage now here's the thing why do organizations use it to not lose messages so think of it this way you've got a web server an app server and your database servers if you're if you get orders that come in too fast through your web and app servers on the way to the database servers they'll be dropped and lost so imagine a retail store that gets a million orders in a second and loses a half a million of them look at how much money that business would lose half of their sales so now if the application was decoupled your web tier goes to your app tier and you drop the messages into an sqsq and then it leaves the queue into the database as needed problem solved so sks is a cue for transient message storage it decouples your applications and it makes them scale by default messages placed into the simple queuing service will be kept there for four days but you can configure it for up to two weeks that provides a lot of message storage and if the database were to fail the messages could be stuck in the queue for longer so the queue now provides you a extra way to protect your environments sqs enables you to right-size your applications without this you'd have to over build your databases with this you can drain the queue as needed what else sqs can help facilitate auto scaling you can set up a policy that says when the queue gets full add more servers excellent without sqs you'd have to use some specialty middleware or make it yourself for these multi-tiered applications so love sqs it is one of these really particular environments here's what it looks like let's say a customer to place an order over here they leave they go hit the web server they then hit the app server and they use ses or simple email service we'll talk about it to send the customer hey thank you for your order and then the message hits the sqs q and hits your database and no messages are lost that's why we use cues so let's talk a lot more about sqs because you will use it in a lot of places sqs is really fast and by default the messages come in and leave that queue as fast as possible so fast almost like an unlimited number of requests and messages per second standard cues messages come in and leave as fast as possible this is the fastest you make sure that every message is delivered once but messages in the message order is not accomplished this way standard q come in and out as fast as possible perfect for most environments but what if you're dealing with an environment that requires the package to be delivered in order message one message two message three message four message five i mean and you need the message one to come in message one to leave message two to come in message two to leave in order then you can use a first enforced out cue or a fifo queue and this is gonna be high throughput but it's gonna be slower than the standard queue why is it gonna be slower because if message two takes a long time to get out then message three four and five can be behind it so these are going to be slower so just keep that in mind the last kind of cue you can create is something called a dead letter queue which is comes from the old mailbox world what would happen is the post office had letters that couldn't be delivered they were stuck into a dead letter queue and we can still do the same thing messages that don't get delivered we stick them in a dead letter cube we periodically check the queue and see what happened we don't lose orders that way we don't lose messages that way and even better um we can find things that went wrong so just to keep you informed those are the kind of things that we're trying to do let's talk about how it works basically speaking you've got a message that's sent from the computing platform to the queue the message is in the queue and it gets scheduled for delivery to the ultimate destination if the ultimate destination is busy the message just stays in the queue until it's open and the message can stay in that queue for upwards of two weeks based upon the configuration the message is pulled from the queue and processed and after it's pulled from the queue the message is deleted from the queue so let's now walk into let's walk through that to give you an example message is sent from the sender enters the queue cues here as soon as there's room the message is pulled and given to the receiver and it's drained from the queue so it's not there for future things that is you know when you're using what the flow is like with regards to sqs so lastly when do you use sqs or simple killing service you use sqs to assist with capacity planning you use sqs to make sure that messages are not lost use sqs because it optimize costs because it lets you use smaller computing systems in order because you have the ability to not lose the messages so you can use a smaller system and then give it the messages as needed sqs is a fantastic way that can help your systems auto scale so there's two ways to auto scale you can auto scale based upon a metric like cpu or you can really look at what's going on and say i've got to scale this because there's too many messages speed it up so this is a great way to facilitate auto scaling it helps you channel pike spikes and traffic without changing your platform sqs is really really really great with regards to improving the right capacity on your databases by smoothing out the rights so now you know all about sqs or simple queuing system remember simple queueing system is a message queuing system i'm going to say that again simple queuing system is a message queuing system that is designed out to smooth the load and decouple your application environments and make your system skill why did i refresh that because now we're going to talk about s n s what is aws sns or simple notification service that is a different kind of messaging service that is a notification service amazon sns is a managed messaging service to deliver messages between systems or between systems and people it is used to decouple messages between microservice application sns can be used to send an s es email push messages to mobile devices it's really great an sns or simple notification service facilitates communication between centers and recipients and it uses this publisher subscriber philosophy kind of like an email distribution list the publisher subscribe messaging model works as follows it enables messifications but basically as follows let's say i'm the subscription service and i'm the publisher i publish to a topic and the subscribers all say it like an email list or like if you hit the bell on a notification you get notified of new videos that were released so please subscribe and hit the bell for that reason but that's a pub sub service just like aws s and nets so please subscribe like the like hit the bell and you'll be for informed by notification through a notification service just like aws sns so we'll talk about the publisher's subscribers the publishers send messages to the topic and the subscribers basically subscribe to the topic so let's look at architecturally what we're talking about here especially because this is often used to do what's called messenger fan out so let's say you've got a publisher let's say i'm publishing a new youtube video i hit the sns topic i may have it hit a queue i may also have it kick off a lambda function i may also have it set off an email notification or even an http notification like chrome would push to you that's what this amazon sns service is for it's to push messages to fan out messages for message distribution so let's talk a little bit more about sns so sns which is good news is run by default across multiple availability systems so when you use aws simple notification service remember it's high availability so you don't have to think about having a bunch of them so you people often use that as i mentioned to fan out messages to a large number of subscriber systems like customer endpoints think like sqsqs or lambda functions you can use sns to send a message to a lambda function at an sqsq all at the same time so really what's going with sns is that it allows the creation of a policy to determine who gets the notifications and where and the good news is all your messages are encrypted to protect you from unauthorized access so nobody can see them so let's talk about some common sns use cases maybe if you want to set up an application or system alert for example when cpu hits 80 notify systems administrators or an order comes in and we want to use a simple notification from message fanout it could be sent to an sqsq to be stored it could be then sent to a lamp to kick off a lambda function except etc etc the last major use case and there's lots of use cases are mobile notifications let's say you've got realtors and you want to push a message to all realtors that new house is available for sale or anything new cell this is the kind of push notification that we're talking about so so far we've talked about the simple killing service and the simple messaging service so hopefully that makes sense to you guys now the next one we'll talk about and then after we go through three or four we'll take a stop for you guys to ask questions is aws swf or simple workflow solutions so sws or simple workflow solution is a workflow management solution it basically enables an organization to control task one task two task three task four so if you've got an environment where you've got multiple steps you can automate these steps so you don't have to use humans each time to do it if you can automate you can speed if you can automate you can remove mistakes if you can automate you reduce costs because you reduce people so those people could then be redeployed doing things that are much higher business value much more strategic for the organization so let's go back here for this let's talk about it so let's say you've got a multi-step workflow step one step two step three step four that's what sws is for so now let's look at it um sws real quickly and here let's look at something that might be going on that would be pretty common so let's say you've got a workflow that includes the following a video processing workflow so in this particular example i upload a video raw video simple workflow then sends it to a next series of servers that do video optimization for example maybe they take my raw video and condense it with an h.265 codec to give me high quality video at a smaller file size then next let's say i want my video transcribed so simple workflow sends it to i'm aws transco the transcription service and it transcribes it and then poof maybe i send it to another server to burn captions into my video then maybe i take the finalized video send it to an s3 bucket and use snwf to then kick off the messaging service to send me an email that says mike download your new video this is what we're talking about when we're talking about these kind of services so real quick before we move on to the next topic does anybody have any questions on either simple notification service simple workflow service or a simple queuing service if so let me know otherwise we'll get on to the next topic chris were there any questions on this section that you saw not while you were uh not while you were speaking okay so if you have any questions ask them now if you're ready to go type hashtag cloud hired and we will keep moving on i'm always happy to keep moving on okay jeremy sounds like you got a minute she said cloud hired okay so um beautifully explained i will take that and work with that and say that we're very happy with that okay so if that's where you guys are right just waiting a couple one or two more seconds just to be sure and there's a request for a uh swf example okay let's walk through an swf example one more time let me do this let's say i work in the video business and i basically have a multi-step process in the video process let's say i take raw video let's say my workflow is upload raw video have the raw video optimized into a video codec like an mp4 kind of file that's much more there after that it's going to go to get transcribed after that somebody's going to add subtitles burn it into the videos after that the processing will be will be completed and the video is stored and then it's going to kick off a messaging system so yes it is a workflow solution a simple workflow environment and yes there is another example called step functions which are very similar and you're basically using them to scale lambda functions so simple workflow solutions is one way to do that and the other way is to do that people would talk about skinning the cat i don't need two ways to skin this cat i would say that's a great example but i love cats so i won't use that example but hope you guys understand that someone asked for the significance of push versus pull i don't know what they mean by that um because it's kind of out of context um so i don't really know how to answer that question it's missing the remaining information so if you'd like to ask the question another way um i'd happily answer it okay so the next question is best rule to uh does a person really need to know all the services the person needs to know everything about the data center and the network everything because you can't take from the data center to the network what you don't know do you need to know all of these services the answer is you need to know most of them now having said all of that it's uh it's not just knowing these services it's knowing how these services work if you take your information from a from the data center and you then move it to the actual cloud you have to know what it is so for example if i need a virtual machine in the data center i need a virtual machine in the cloud if i'm using a current middleware killing system in the data center i can use that same middleware killing system on the cloud if i choose to or i can swap it out with an sqs it doesn't matter this is just an option so what i would say is you have to learn all of the network and the data center to be a solution architect you must have excellent executive presence communication skills emotional intelligence sales skills presentation skills writing and documentation those are the skills for the job those 60 business 40 check for these kind of things so realistically speaking you have to know what the services are on the cloud for example you might need to know for an automated thing i can use something like a lambda function and google has their equivalent of land by function aws you have to know what the functions are you need to know what kind of queuing or messaging services exist on both cloud on the cloud providers and then you just pick one it doesn't matter which cloud you're on it's like going to the store if you go to the store and buy a brick you can buy the brick from home depot or aws but you need to know you need a brick so you must know you need a brick so it's more important to know what you need functionally because you can always look up the services on any cloud provider but if you don't know you need a virtual machine you're in trouble if you don't know you need a container you're in trouble if you don't know where you need your firewalls your ids ips systems your your network access controllers your security group what services you're disabling and how to lock down your host you're in trouble do you need to know the intricacies of every one of these services no you need to know how to design these services and then you can look up these things every single design but to pass the exam you must know these things and realistically speaking to pass an interview you probably should know these things as well so part of getting cloud hired is to be solid solid solid so yes you need to know these things daniel pike mike can i can sqs sns and swf work together absolutely and all the time all the time sns can fan out your messages to an sqsq and an email all the time and if you've got workflow yes absolutely use swf all together um this is not an either or this is a put all your pieces and parts together as part of an architecture so the next question i see here which i thought i saw here which is uh do you need more instances to configure sqs compared the whole plane um of using adi sqs is to reduce the size and number of instances you need because if you didn't have the sqsq and message would be lost you'd have to use much much much bigger instances so the reason to do this is to reduce what you need and for the most part you can integrate simple workflow into a lot of workflows that you're using so derek houston is sqs can use the conduction queue with worker for next steps generally speaking no but uh it's typically a step step so it's it's almost like the simple workflow solution where you do lambda function lambda functional lambda function much much simpler than that dark larry can use any aws services in creating swf it's not necessarily just an aws service that you're using it could be something else that you need to do but yeah you've got good flexibility in the services that you could be using send it to transcribe for example so sure um there's no more questions okay excellent so let's get back to the content then so let me know that you're here having a good time by hitting that like button if you're not a subscriber subscribe and hit the bell and let me know you're still here we're ready to go by typing cloud hired so now let's go into another service and we're going to be getting into a lot of aws services here the next service we're going to talk to is aws elastic map reduce so we talked earlier about data lakes i forget whether it was day one or day two but we talked about databases and creating big data environments we talked about extraction translation and loading tools that could take something from your relational database your data warehouse your nosql database your object storage and create a data lake now when you're going to mistake your data out of your big data environments and try and create a data lake you have to massage your data to get into a format that's usable massage it catalyze it analyze it there's lots of ways organizations do this they can use apache spark on a server and not a python script which is typically what people do but if you're on the cloud you actually have the opportunity to instead of building the scripts yourself instead of really doing the heavy work the heavy lifting with apache spark you can use a pre-made tool called aws elastic map reduce and this is basically a managed cluster for your big data frameworks and it's really just a pre-built system to help you you know massage and analyze your data um it's serverless you don't have to think about it it offers relatively high performance and if you don't have your own tools that are built ahead of time it might be cheaper to actually use the pre-made elastic map reduce from aws than developing your own systems so why do people like the cloud a lot of these tools are pre-built here's a perfect example you can use elastic mapreduce which does the mapping and reducing functions for creation of data lakes and a pre-made tool which is kind of nice so with regards to this when we talk about elastic mapreduce what's really going on we're basically taking our object storage data or other forms of data we're we're pointing it to our sources of data and elastic mapreduce is going to follow it's going to basically take your data and output it in a nice smooth catalog easy way to actually understand what's going on now the next thing i want us to talk about is and it's not so heavily on the aws certified solution architect associate exam but you'll definitely find it in the aws certified solution architect professional exam and let's just say if you're going to go on an interview and you don't know this this could potentially be not good for you so we're going to cover it anyway under the auspices of hashtag cloud hired we're going to talk about amazon kinesis because i feel like it's really important and i don't want to give you something that just helps you pass a certification that doesn't give you a complete picture of what's actually going on so let's talk about what organizations can do with actual streaming data because streaming data is really critical so let's talk about some of the streaming data there is a service called amazon kinesis and this is a really cool service amazon kinesis can take the place of kafka uh if you're not used to using apache kafka or things like that where you're basically connecting real time information in real time and doing something about it very cool think about it this way if you're a business and you could take last year's information and use it to make a better decision that's cool now think about it if you could take the information that's going on this second take this information internalize this information look at the information analyze it and then instantly make a better business decision that would be transformational business can get information in real time use business analysis tools to make better decisions imagine being able to make better decisions because more data is available to you at all times this is where life changes this is where all these systems that we've been building and all the data that we've been connecting realistically can give you some really great environments so let's talk about that so amazon has a service called kinesis and it's designed to collect process and analyze streaming data in real time real time this is really good stuff um so if you've got streaming information great so what kind of streaming information kinesis deal with video awesome audio application logs internet of things devices clicks on your website to track it to figure out where people are going and not going and how long all of this you can track with kinesis this is really great so this is not like collect store and analyze after the fact this is analyzed in real time unbelievable transformational for business this is one of those things i mean you could do a crafted cluster you could do apache kafka in your data center also but this is one of these things that's complicated to do that organizations absolutely love in kinesis is a really great pre-made way to do this so we're absolutely loving this so let's talk about the kinds of kinesis and why to use it imagine having large amounts of information coming in streaming data say weather sensors from all over the world coming in every five minutes where airplanes saying i'm located here i'm at this altitude this trajectory i'm here i'm here i'm here i'm here all this stuff analyze it real time unbelievable so four kinesis platforms kinesis video streams kinesis data streams kinesis data fire hose and kinesis data analytics this stuff is really important so let's look at video streams kinesis video streams enables an organization to collect multiple sources of video ingest them store them and index them so this is pretty cool so kinesis video streams let's look at it this way you can basically have video coming in from multiple sources stream them all into kinesis video streams output it collect it into something for media processing very cool stuff highly transformational businesses now here's where it gets start to get really cool kinesis data streams kinesis data streams can capture your information from lots of sources and can send it to your analytics applications within 70 milliseconds so less than one tenth of a second the data that's coming in is already into your data analytics applications this is cool kinesis data stream can capture gigabytes of data per second from hundreds and thousands of sources so financial transactions location traction from inflated gps devices for trucks airplanes you name it so kinesis data streams can ingest all this information and export it to a tool for business intelligence i mean this is just wild um this is just incredible so look at it this way you take your data you put it into amazon kinesis streams send it to kinesis and then send into a bi tool like tabula you can literally look at things instantly or aws quicksite instantly rapid data you're going to do something about it and you're going to make a data's decision based upon information in near real time this is extraordinary you know as an enterprise architect as a cloud architect our job is about transforming businesses through technology this is transformational hugely beneficial so time to get excited over this streaming data is really special now let's talk about some concepts when we're dealing with these things you've got a data producer things that send data so internet of things bleeping from everywhere data producer what happens is the data producers send records and they actually have a partition key along the way which determines how these things are drawn now when you're dealing with data streams you're dealing with something called shards and basically a shard is just a unit of throughput so what happens you'll have to purchase the number of shards that you need or the amount of throughput for your click stream data or whatever your data coming is data producers are things that send the data data consumers are the things that receive the data so it's like watching tv the producer produces a tv show that you watch and the consumer which is basically your applications are going to retrieve the data and go do something about it so producers produce and send consumers consume the data now while we're actually at it let's talk about the data stream which is then aws terms a logical grouping of shards and a data stream will retain its data for 24 hours but up to 365 days which is a year and just as i mentioned before a shard is a unit of throughput so now let's look about use cases for basically large event data connections real-time data analytics capturing gaming data capturing mobile data imagine this let's say there were 50 000 of you today on this call and instead of me and chris and maybe jesse from my team trying to aggregate questions and things coming in we could literally pull send all this information in and when we send all of this information in we can analyze it in real time instead of two people we know how to pop the screens with all the things coming in streaming information is unbelievable so that's kinesis now let's talk about the other kinesis services we'll talk about kinesis data fire hose now this is really used to collect information so when you're dealing with kinesis fire hose basically what happens is your streaming data is taken in and this can push or output your streaming data and put in an s3 which is object storage which you know which has metadata it can put it in your data warehouse like redshift or many many other services amazon kinesis is ver data firehose is very useful now kinesis data fire hose is again auto scaling monitoring so it's one of those services that's going to meet your needs let's talk a little bit about a kinesis fire hose as with any of these things your pricing is based on throughput which is based upon the number of shards when you need additional capacity you get it now pretty important to note well i said this is unlimited typically speaking you get up to 10 shards per region per account by default but if you need more you can get them but you have to request a limit increase from aws and you can basically set up an auto scaling policy to make sure you have the number of shards or throughput based upon what you need so let's look at this very quickly to show you what this environment would look like with kinesis data fire hose you're going to collect your data and you'll put it in fire hose then you'll put it into say an s3 bucket or basically aws redshift like a data warehouse and then you'll use your business tools like quicksite or tabula to go analyze it so again another way to collect and store real-time storing data storing data and i tend to love these kind of things let's talk about a couple more kinesis concepts and then we'll move on again this is necessary for more of that cloud hired and this is necessary for your interview piece you will not see the kinesis things in much depth on the certified solution architect associate exam but you will find it on the aws certified solution architect professional exam and you also need to know it for interviews so we're talking about it here so what's going on here we will talk about the next so when you're dealing with kinesis fire hose concept remember basically the whole point is to take your streaming data and collect it and store it so now that we're done talking about that let's just talk about kinesis analytics kinesis data analytics is a service that's designed to transform your analyzing data streaming data into something you can do something with it so kinesis data analytics uses a apache flick to basically process data streams kinesis data analytics the screams or autos the streams are auto scaling and the data on your kinesis streams when you're using data analytics can be queried with standard sql queries so now it's basically another kinesis but in this case it's going straight into your analytics tools so how are these analytics tools going to work basically your data is captured by streams firehose or one of these services like elasticsearch and then kinesis data analytics will analyze your data in real time it'll come in from here and then it will send it to analytics tools so all we're really doing with any of these services is following taking in the data and sending it to tools so we can do something with the data data without doing anything with it is a waste of time a waste of money collecting things that cost us being able to analyze that data can do incredible things for us so you know now you know why we're focusing on these kind of things now previously i told you that when it comes to computing there's only two platforms it's true you're either going to be having servers which are virtual machines they're called ec2 winston's aws virtual machines and azure or compute engine on google or you're going to be using a container that's it all your computing on the cloud is a container or a virtual machine now when you set up containers you typically need something to orchestrate it or manage the containers and then you need to build the containers now lots of organizations basically set up their own kubernetes clusters that is the container organization they can set on an ec2 instance virtual machine or a server and then they have servers that actually do the containers lots of organizations do that and perfectly acceptable way to do it most of the organizations i worked have done it this way but if you wanted to get something that makes it easier aws has two options they're going to have the elastic container service and the elastic kubernetes service so they're both for container orchestration so let's talk about the elastic container service first basically what happens is aws has a serverless pre-made container orchestration service so we remember when we talked before on the previous day we talked about the difference between a virtual machine and a container we talked about how a virtual machine has a physical server and up it has a hypervisor and each virtual machine has its own operating system and applications and we talked about containers basically being a server with a guest us with a container run time module with multiple logically isolated containers that basically each have the application and some operating system dependencies we talked about how they were lightweight before and we talked about we need a manager or an orchestrator and then we need the stuff for the servers to run so aws as i mentioned has that elastic container service for orchestration or the elastic kubernetes orchestration well that's here and these are your servers that are actually running your containers so let's look at it this way aws elastic container service is a management service for your containers and that's really all it is it manages and orchestrates your container so let's look at it this way this is what we're typically talking about with the aws container service you're going to have the container service that's going to orchestrate your containers and then you got to put your container somewhere your containers typically are going to go on a server with an operating system and your containers are going to be there but you need the orchestration of these containers and that is what's provided by the aws elastic container service so the elastic container service is a fully managed container service that's four nines availability so that aws calls that high availability meaning 99.99 percent of the time which means basically 50 minutes of downtime per year plus or minus a few minutes and it's a high security service so what happens is if you deploy you deploy ecs or elastic container service inside of your virtual private cloud your vpc and that way you can lock these systems down with no more kcls and security groups basically what happens is ecs is going to manage your containers now where you put your containers can be one of two places you can put your containers in their virtual machine this is what we've done forever and it works great put it on the server virtual machine perfect or there's the server list option we're going to show you both the primary way we've always done these things is going to be as follows we typically use a container orchestration service which we typically run on our own servers if we use the aws electric container service all that we're really doing in this particular environment is we're using the aws service to go manage the orchestration then what happens is we build our containers and then we we put them on a computer or like a server in ec2 instance and then we provision them at the the compute computing platform we create our containers we make sure they're all separate and isolated on the same server server and then we manage our applications and we just pay for an ec2 instance and we can put a lot of containers on an ec2 instance and it works perfectly but we can also do this serverless so in this traditional environment we use ecs for container orchestration and then we just place our virtual machines on multiple on a single or multiple ec2 instances now that works great love that environment simple take it from one environment move it to the next environment because you're managing your containers on some virtual machines now you could also go serverless here's the way serverless is going to work you're going to use this system called aws fargate and what will happen is fargate will host your computing platforms in a container they'll scale up they'll scale down for the most part everything you need now there are some limitations on those containers they say almost unlimited scalability but there are some memory and cp limitations on these containers which are relatively strong but you know you can use more containers you can route between microservices with load balancers so i showed you previously the way the traditional way build your containers run your container orchestration put your containers on a server that's what i like and usually do but this is also kind of a cool service if you wanted what you could truly do is as follows you can use the elastic container service and instead of setting up your ec2 instances you could then choose to use a serverless container runtime module so you basically would build your containers you would tell them how much compute memory resources you need and stick them on firegate and everything is managed for you and then you pay for what you use so you're not using your containers a lot this service is going to be really great cost effective and efficient with any of these things that you go pay as you go it's often cheaper if you've got something that you heavily used to use a server because you pay for the server and it might be cheaper but if you're running a bunch of small ones or if you're looking for simplicity and elegance and you don't want the hassle of managing servers and operating systems and container run times and you're looking for simplicity and scalability the the fargate option or the serverless option is also really great so you can host them on computers like we talked about our servers on ec2 instances virtual machines let's say you're on azure compute engine and google or you can use the pre-managed service and the aws pre-managed service is less to compute service does the orchestration and fargate is the best place for you to put your serverless compute environments so now you know let's talk a little bit more about these services you can run it on an ec2 instance or fire gate um i'd like you to think about it this way if you need rail control put your containers on an ec2 instance if you're looking for simplicity use fargate and you'll have to determine the cost which is most cost effective now since we talked about elastic container service as an orchestration and then either fargate or ec2 instances to host your containers that's using the amazon brand that elastic container service but what if you want something a little more industry standard you could of course host your own kubernetes cluster for container management and then build all your containers with kubernetes or aws has a fully managed kubernetes service to manage your clusters and that's called eks stick elastic in front of it and you'll know what it is so a amazon elastic kubernetes service so basically this is just a container orchestration environment provided by aws of course it's serverless because it's provided from them it uses kubernetes which is basically the defacto standard for containers and it's an open source container management platform and basically speaking we just talked about ecs or the elastic container service that's the amazon branded amazon proprietary way to manage your containers the elastic kubernetes service is basically a kubernetes cluster that's pre-managed for you in a server-less environment so you can set up your elastic kubernetes service instead of your elastic container service they're functionally equivalent but this is more industry standard so i would recommend this and then after elastic could burn any service you can stick it on an ec2 instance or a fire gate that serverless environment just like before so let's kind of look at this real quick let's look on this elastic kubernetes service you see we're using kubernetes the elastic kubernetes service for container orchestration we can put our containers on ec2 instances or we can put them on fargate for serverless that's it that's how simple and elegant this situation actually is let's talk about the next aws service which you could see on exam and that is called aws elastic beanstalk aws elastic beanstalk is a service for provisioning to playing and scaling web applications and services basically speaking and again this is automatic and we'll talk about automatic with elastic beanstalk you upload your code and amazon is gonna deploy in the best way possible your infrastructure your ec2 instances your containers your load balances infrastructure automatically deployed this way is auto scaling and if you need additional infrastructure it's going to be coming load balance no now remember this this is automatic and if you trust a computer to design and build you the perfect infrastructure then this is an option if you're like me you've been working in tech for a couple of decades you know that anytime you do something automatic it's never great automatic is never as good as architecturally designed and planned for by great architects so you could do this or you could design it on your own with an architecture team and build a much much better product but i do like this it's simple upload your code and it deploys it and if you're not an architect and if you're an engineer trying to do these things you're a good scripter but you don't know end-to-end system design for many people this could be a good option but it's never going to be as good as having a great architect designing the way it needs to be so keep that in mind with elastic beanstalk here's what it looks like with elastic beanstalk as follows basically you put the user's code into an elastic beanstalk and it will auto deploy your web servers app servers caching databases anything that's necessary based upon the code okay you know what i'm going to take a quick break and ask if anybody has questions there was a question give me just a second to bring it up all right here we go oh no yeah here we go okay so the question is i'm trying to see it can you please give some real exact real example use cases for an amr and actually i will do so very quickly because this is way way way out of the scope of the certified solution architect associate anytime you're dealing with an organization that has a big data environment they're always going to have a relational database for finding the relationships between variables they're always going to have a nosql database for unstructured and big data they're also typically going to have a uh what's what do you what are you referring to it they're also typically going to have a data warehouse now in addition to these things they're typically going to have object storage so emr is used to take the data in and out of these informations and catalog it and create a data lake so that's typically where you're using these kind of things this is a big data environment realistically speaking when we're talking about you know setting up these environments and designing these environments with mapping and reduction we're typically talking about a cloud big data architect and not a cloud architect they're the people that do these things there are people that will spend the next 30 years focusing on these big data environments and and and it takes a lot of knowledge because basically these are people that are going to be looking at a data ingestion data sending data data manipulation mapping and reduction functions extraction translating and loading tools this is a specialty that people can literally speak 20 years on actually because of that next friday as it turns out i have my my good friend praveen who is a very good cloud architect who spent 20 years in a big data environment and on next friday i at 9 00 a.m eastern 2 p.m uk time we are going to walk through big big big data architectures just like this and how to set them up it'll build them and we'll go into a lot more depth but you know what that's going to be taught by someone with 20 years of big data so i want to make sure we give you guys the best and the brightest it's outside of the realm of the cloud architect though we cloud architects know a lot about it definitely in the realm of the cloud big data architects and i have a good friend who's a cloud architect and a working cloud architect and also has 20 years experience and big data so i'm going to bring them for you guys all on friday so if you want that that is a gift in the and hit the like button share with friends inform others and say cloud big data architect and i know you want to see it and i'll make sure to inform praveen to make sure he's ready and excited to teach a large group of hundreds under thousands of people so let me know cloud big data in the chat box below it's chris i see a few more questions yes being stuck the equivalent of google's app engine google's app engine if i i'm pretty sure is the equivalent of a lambda function basically you just installed some code and it worked so i think they're a little bit different chris if you'd like to bring up the next one it's a what is the difference between kubernetes and dr docker they are two different orchestration services kubernetes is the great service you run on your desktop um you want to run some additional containers typically speaking kubernetes as the big cluster is designed to scale there's so many self-healing itself awesome nice capabilities with kubernetes big organizations are using kubernetes for their containers everyone it's the it's the de facto standard for the most part docker is another container runtime module it is fantastic i've got docker containers i run but big businesses use this deepak how do you migrate applications to the new ec2 if i need to upgrade the os okay i mean how do i migrate applications to the new ec2 can let's say using linux for six months no i'm not really sure i understand the question if if you've got something on a on a server you can upgrade the server the way you would upgrade any server like for example a pseudo app-get update on a on a linux uh on a on a debian system or a yum install or a um update on a thing so i'm not sure i completely understand the question now if you're asking how to take a virtual machine in your data center and move it to the cloud which is all what we do with cloud architects that's why you must know the data center it's no more than basically taking a tool to take your virtual machine in the data center and convert it to a machine that you just basically secure ftp or you put on a snowball or you put on the storage gateway and migrate those things directly to the cloud it's very simple so if i knew exactly what you were trying to do i could answer it but basically speaking you know the way you would do it in the data center and the way you do it in the cloud is identical the cloud is nothing more than a virtualized network and data center nothing more like literally the same in every way does it mean that fargate can scale out you can always scale out containers just like you can always scale out um servers far gate is uh it's not the far gate that's scaling out it's the container orchestration service that says wait a second um we need more containers this container is unhealthy um so you need something to orchestrate it you need a runtime environment but fargate will electric container scale in a very simple way they could also scale great on an ec2 instance it's just a place to house your things mw murrow please go through how to put containers in a virtual machine again the one without fargate sure what you do is as follows and there is a video on our youtube channel on how to do these kind of environments chris from my team we had san diego do some container migrations with me and chris will provide the link to that video but i will go over this containers management service one more time to make it pretty clear to you so this is what it would look like in a traditional environment you would use the elastic container service or the elastic can uber and any service that's it or you would set up an ec2 three a couple of ec2 instances and you'd put your own kubernetes cluster they're all the same elastic container service amazon proprietary i don't use proprietary anything so this is not an option for me i used industry specific and that way i can go from cloud to cloud so if we were using the elastic kubernetes service which is a functional equivalent to this but industry standard so much better then basically speaking we'd run our elastic kubernetes cluster and then we would basically get in we'd we'd set up our containers and then we'd take an ec2 instance and we'd push our containers to the ec2 instance we would tell our we would determine the size of the server we need and that's pretty much it we set up an ec2 instance determine the number of processing cores in dram make sure the operators are installed make sure the operating system is locked down because you should on every server disable unnecessary services you got a greater security and it performed better put your containers on an ec2 instance and and and basically just run them so it's no different than it would be running anywhere any place in the environment same thing identical to the same chris was there another anymore before we move on i didn't see any more okay so let's keep going no there wasn't okay the next service is called cloud watch cloud watch is a a monitoring thing that is it monitoring that's cloud watch so cloudwatch is a monitoring service used to monitor your resources as well as your application clogging and knowing what's going on in your systems is absolutely essential if you don't know what's going on in your systems you find yourself in trouble so cloudwatch is a logging or monitoring service with from aws cloudwatch will provide metrics to monitor performance help you troubleshoot things and it can work with built-in metrics or custom metrics so when we talk about the aws native logging the built-in default metrics are really little basically you get cpu utilization disk read and write and network utilization and that's it you've got no memory utilization with basic default apps so basic cloudwatch default metrics basically are very minimal cpu utilization disk read and write in terms of iops and network utilization and that is it so that's probably not going to be enough for anybody so you can use your own system management tools which can be installed on all systems or you can use other forms of cloudwatch which we'll talk about a minute now if you really need to monitor things you can use a cloudwatch custom metric and now you can start monitoring things that matter such as memory utilization api performance and many other metrics so realistically cloudwatch custom metrics give you real data about what's going on in your environment cloudwatch default metrics give you a little bit and that might be okay for a small business it's terrific but for a big business you're going to need a lot more because you're going to have a complicated architecture and you're going to have to constantly be adopting this so cloudwatch basically is a notification system that will notify customers um like what's going on now the good news is cloudwatch events which also sometimes gets called eventbridge is very similar in today's world basically something goes on hey cpu's too high trigger auto scaling kick off a lambda function to automate something send an ss notification hey by the way admins things are going on you got to go look at it and basically a whole lot of functions so cloudwatch is really important now when we're dealing with cloud much we've got two forms of monitoring basic monitoring and detail monitoring basic monitoring gives you information about your systems at every five minutes and it's no charge but think about five minutes a lot can go on in five minute intervals for example i can tell you in the last 30 years in tech a lot of times you would look at cpu metrics of routers for example and they'd look like they were thirty percent what the five minute metrics didn't show you is that the router was at a hundred percent for ten seconds and then lost routes and black holder traffic then it worked great at 20 for the next two minutes then it happens to be at 100 and you have a problem for three seconds and then it goes to 50 you don't know so when you start looking at monitoring over five minutes and you start aggregate averaging or aggregating it's like oh this looks great but when you start looking more closely and pull up more frequent intervals you can find that wow this is not so great so now we're into detail monitoring and with detailed monitoring data is available every minute but of course you're going to pay for that so detailed monitoring must be enabled at the ec2 instance level because you're paying for it you want to pay it from where you need it now talking more about cloud watch events cloud watch events delivers are near real-time stream of systems of events that describe you know what's going on you set up the rules and you route the events to a function or a stream and cloudwatch will let you know when things occur because it's paying attention and it will send a message activate a lambda function to remediate things capture state information cloudwatch events will let you know what's going on now if cloud watch is for monitoring cloudtrail is for auditing and cloudtrall is an aws service that will assist with the auditing process it will provide an audit log that will assist with risk management compliance cloudtrail will track any changes you made cloudtrail is enabled when you create the account and if you want to use it you basically create a trial so start to create a trial with a cloudwatch console cli or cloud trail api and it'll record events that are needed so let's look at the things you're going to hear it will give you an event history that will show you all the events that have occurred in 90 days so something happened you can go back through these logs and figure out who did what excellent if your systems got hacked you may be able to figure out when where and how through these audit logs so basically speaking you can create a cloud trial which is the auditing logs you can create a trail that applies to one region and this is a trail that exists only in a single region and it stores your cobwebs logs into a single bucket and this is the default out of the box now if you want to get more information you can create a cloud trial that applies to all reviews and this is going to give you really comprehensive logging really comprehensive auditing functionality it's going to provide a record of all events that have occurred inside of your organization's infrastructure and this will help you correlate events across your entire environment so let's look about look at cloudtrail in action basically you've got a server you've got some im things going on you've got a database cloudtrail will capture every change and log it for you on an s3 bucket so it's going to help you figure out exactly what you need on your systems now let's talk about another service called aws config again this is something that can help with your security it's a it's a service that enables the assessment auditing an amount an evaluation of your configurations aws config gives you an opportunity to see who made what changes and when they were made basically when a change is made if you're using aws config it will capture that change and send an sns alert to the system's admin so you can say oh somebody changed something and you can find out if it was good yes if it was bad you can do something about it so let's talk a little bit more about aws config aws fig provides constant monitoring of configurations and it will check these configurations against your organization's policies if a change is made that violates the policies and sns alert is sent to the cloudwatch of nsn basically speaking aws config provides a means to assist with change management aws config can track the relationships between resources so if a change is made in one location it will be easily to determine who made it and when so you can integrate your cloud your aws config with cloudtrail so this is going to give you lots of information to see who made changes when they are made how they were made and how to keep your system protected and or revert these changes so let's look really carefully a configuration change is made each of us config is going to note it it's going to record it in the same way each time so you can correlate things aj both config will then check the change against your organization's policy and this is really great if the change doesn't match the policy aws configure will notify what things are out of compliance and what changes have occurred so you can go fix it man this is really great service let's really look at what's going on over here with aws configure configuration change will make is made config will monitor it and it will it will tell you in lots of different ways somebody made a change so i hope um went through those aws services we did them relatively quickly the reason we did them relatively quickly um almost we've got a lot of these services to cover now let's talk about a really important concept content delivery networks we briefly touched them on day one we've gone back to caching and queuing in a couple times let's make sure we cover the aws cloudfront very well aws cloudfront is the amazon branded content delivery network a content delivery network is both a network and a distributed group of caching servers spread throughout the world to provide fast access to an organization's content content delivery networks can often reduce bandwidth costs and make things cheaper here's the thing let's say you had a a but you were you had a s3 bucket waste website and it was held in the us if you've got users in europe that keep pulling from that same bucket you're going to pay a lot of interregion transfer charges by comparison if it goes through the content delivery network and it's cached it's going to save a lot especially because not all requests will go to the server so the content delivery network reduces your networking costs reduces your transfer cost increases the speed and reduces the need for server capacity because the caching servers help reduce the load on your servers so content delivery networks are going to help you in a lot of ways they generally reduce cost they generally improve performance they generally improve website security because illegitimate requests will never be sent to the web server they'll be blocked at the cache at the edge locations and content delivery networks can promote enhanced availability for example if your web server goes down for 60 seconds but somebody already requested the same website and it's stored in a cache you might even be able to serve that web request because it's already there so can help with availability helps with performance it can reduce cost and definitely helps with scalability so cloudfront can really help with your website performance because let's look at it this way let's say you've got a million requests per second let's say all of those requests are for the same content only the first request hits the web server and the other nine million nine hundred thousand nine nine hundred thousand nine hundred and nine hundred nine hundred and ninety thousand nine hundred nine hundred ninety nine thousand nine hundred ninety nine other requests wouldn't even see the web servers that's how these uh what they call it um caching systems and content delivery networks can really help so they're fantastic how does it work basically the following i send a cache to the content i send a request to our website i go straight to the content delivery network and and let's let me show you graphically what it looks like here's the way a content delivery networks i want to go to the www.gocloudcareers.com website the first time i make my request i'm near palm beach florida the cloudfront distribution is near miami i believe so i leave my house i go to www.goclogcabeers.com i hit my edge front and i hit my content delivery network if the content delivery network has it it sends it right back to me in this particular case content delivery network does not already have stuart www.google so amazon cloudfront the content delivery network we'll send it to where my website is stored which is in this s3 bucket the s3 bucket will respond with the www.gocloudcareers.index.html.home webpage which is our main site which will then give it back to cloudfront and then it will send it here now the next time a client in south florida before the cache times out wants to go to the go cloud covers website they type www.gocloudcareers.com on their browser it instantly gets sent to the cloudfront distribution the cloudfront distribution has it and it sends it back to me so that is realistically speaking how content delivery networks speak content it helps with scalability because frequent requests aren't going to go to the server and because it really offloads frequently requested data now if all your content was new and it was never shared a content delivery network would add latency into the system but in general most websites people are accessing the same information and for that the content delivery networks make a huge difference so because you're dealing with aws you're going to be using cloudfront with a lot of things because everybody uses the content delivery network whether it's akamai's or somebody else's content delivery networks really improve performance so you basically can use it with s3 you can use it with ec2 instances assuming you're using a load balancer in front of them so that typically speaking so cloud front is often used to front and static websites on s3 but you can also front end dynamic websites across ec2 instances if an elastic blow balancer is part of the architecture so let's look at what it could look like over here realistically speaking here you've got an organization that's got static and dynamic content the organization sets up a cloud front content delivery network distribution over here static content is served out of an aws s3 bucket dynamic content is served um from the cloud term distribution which hits the elastic load balancer for which we get the website on our ec2 instances that's kind of how these things work now cloudfront is pretty important i want to go over some cloudfront concepts in case you see them in the exam now realistically speaking we've gone a little above the aws certified solution architect associate level now we're getting into the aws certified solution architect professional level but we want you to get cloud hired and you need to know this so if you get an interview you have to have some knowledge here so i want you to understand three concepts we're going to talk about distributions origins and cache control because they all can set up basically speaking the distribution is basically the origin of your information so when you set up cloudfront you set up a distribution now your distribution is going to have a dns name and it's going to be an ugly dns name once you set this up and the cloudfront distribution of i'm sorry the cultural distribution is going to be the new website the origin is going to be where content is stored but the distribution you're going to set up it's going to have a new dns name then it's going to be an ugly name it's going to like a b c d e f g 1 2 3 1 2 3 1 2 3 dot cloudfront.net it's going to be some ugly looking dns name so what you're typically going to do is you're going to use this ugly name you're going to set up a cname dns record that's going to map www.go cloudcareers to some other ugly looking c name ugly looking url that comes out of the cloudfront distribution so when the customer wants to go to www.goodcloudcareers.com they're going to hit that page in their browser it's going to go to the cloudfront distribution unknown to the user and then they'll get their web pages and it will be fast great content so you could just use the old url the one they're going to give you but i promise you no website's going to be able to remember that so you're going to decide with a c name micro record the next thing that needs to be set up is the origin what is the cloud front origin it's the location where your content is coming from so whether it's your s3 bucket or your ec2 instance or the load balancer whatever it is that's going to be the origin it's going to be where it's there so you might point it to the load balancer behind the low balancer there's your ec2 instances so the origin is going to point to the dns name the last part of this is cache control here's the thing the content delivery network caches or stores your information awesome and that's what prevents the web servers from working so hard now by default the information is cached for 24 hours this is pretty awesome so for 24 hours if it hits your your website and that cloudfront distribution for 24 hours those new requests for the same content aren't going to go back to the server which is great but what if you change your website three times a day for example dynamic content if you've got a cache involved and it stores the data for 24 hours and you update your page three times a day users may not get the most up-to-date content because it's going to store the first one for 24 hours until the cash times out so what happens is you can set up your time to live look at it this way the longer your time to live the reduced workload on your servers the better dds protection you have and the faster speeds and the reduced costs all great things but you will also run the risk of having out of date data if your website changes so you change your cash to basically be about the time that you change your data so if you were to change your data three times a day you would want approximately an eight hour cash if you set up your cash for a week realistically speaking for a whole one week your web servers would see no traffic but if you change your data your web page mid-week it could be upwards of seven days until somebody could actually see the new content so that's the thing going on with the cache you set up that time to live or how long your data stays in the cache so how do you set it up you set up your web servers you put your content you create your cloud font distribution aws assigns a name for your cloudfront distribution you can accept that name which you won't or create a dns cname record for a name that's pleasant and aws will provision and configure the edge locations remember this is what it looks like and we talked about it on the first day in real depth but the edge location is going to be is going to look as follows basically speaking you've got your systems your users access the information to be the edge location and then the edge locations go back here should they not actually have it there now let's talk about one more thing and this is way out of scope of the certified solution architect associate and that is the aws cloud front private content let's say you want to use cloudfront to serve you're normally using it to promote service to your to your pa to your to your website what what if you're like a netflix what if you've got paid website subscribers what if you got private applications what if you want to restrict content to certain users you can do this basically you would set up an origin access identity which is basically if you had your information on s3 you would restrict that bucket to a certain number of individuals that would work perfectly you could use signed urls for example and use a present url or you can use a signed cookie but these are the kind of things that you can actually do to improve your performance now let's talk about the next content concept which is amazon lambda lambda is a serverless competing environment for basic minimalistic functions basically you upload your code and it's serverless there's nothing to manage you can set up a c sharp a go a java node.js or a python automated function and a lambda function aws enables you to run lambda functions and that really is to automate things so step one step two step three step four step five that's what the lamb just lambda can if you remember we talked about simple workflow solution and i talked about automating it and someone said hey isn't that like you know setting up multiple lambda functions one at a time and the answer is yes this is a different way to do it lambda functions are simple you say you have a you know you have a system monitoring your buckets you see an s3 bucket that's open lambda can remediate it for you so lambda can be used to send a message limb that can use to kick off a function lambda is really great so you got to remember that when you're using these little mini lambda functions they are stateless meaning nothing's tracking it nothing's going on and uh meaning if you need multiple lambda functions you're gonna have to set up mult if you need multiple steps in your workflow you're gonna have to set up multiple lambda functions one lambda function does one thing it runs and it's done there's no way to basically have a lambda function to be intelligent enough to know to do something else so lambda is useful in situations processing data across multiple systems we're meeting again against security events patching operating systems lambda is awesome for this so you can basically for example kick off like we went through a video example i could have a user upload a video to a system and i could use a lambda function to basically say take that and move that file um so realistically speaking i can have a lambda function checkup what do you call it a kickoff a simple notification service or an email literally anything i want lambda functions are a really great way to automate so what do they look like basically they look like this let's say i were to upload a video and i kicked off the lambda to s3 i can kicked off a lambda function that can say hey transcribe this and go to the transcription service and then i could set up another lambda function to basically send an email that we received it or take the video optimized it and then push it to another bucket lambda functions are odd for automation now while we discuss lambda there's another version of lambda called lambda and edge realistically speaking that just enables you to run a lambda function on the content delivery network at the edge location close to your customers that's it so since we talked about lambda functions not being stateful being able to do one thing the next thing the next thing that you'd have to set you'd have to schedule around the functions because i remember remember i said lambda does not keep track so we have a concept called step functions so you can basically design multiple steps lambda function one runs step functions kicks off lambda function two now the function two completes step function kicks off lambda number three so it's kind of an orchestration for lambda functions so let's look at it this way let's say i designed an application let's say the steps of the application are as follows i design the steps i create a lambda function per step i then configure the workflow and the amazon step functions and i connect the workflow to different lambda functions and i and they're executed in normal use so let's walk through this one more time if we walk through this here we've got a sim we've set up step functions and when we set up step functions here's what we did we have a step one lambda function runs step two lambda function runs step three lambda function runs step four lambda function runs now we're going to talk about one thing then we'll answer some questions and we'll go back we're going to talk about aws recognition aws recognition is a way to analyze videos and images using machine learning it's really cool amazon recognition can identify people it can identify whether people are happy or sad or they can identify facial expressions you can find unwanted content in your videos very very valid important thing it can able to search a video for a certain person it can look for objects logos things that are not supposed to be there or you want to be there and it can detect anomalies so aws recognition really cool service to figure what's going on in your environment actually you know what because of where i'm actually located in the content i'm going to keep going for a couple more slides before we do questions the next thing we'll talk about is cloud formation this is something again for your devops engineers where we architects we'd never get involved in something like this but the devops engineers definitely will be some of your cloud engineers might and occasionally some of your sysops engineers could be involved in doing this as well cloud formation templates are a means to make a template of a known configuration and then deploy them in an automated environment these are really cool so if you know you need to provision a thousand servers a certain way if you can create a cloudformation template to go do it it is efficient there are also other tools in the industry that do this cloud formation is the aws only template to basically automate the deployment and we'll talk about what organizations probably do instead so you basically set up a cloud formation template which you have a lot of options you write the code for your template in either json or yaml format like think yaml think kubernetes think containers you basically store your code on s3 you basically use and access the code via the cli or the api or the console port and cloudformation will provision your systems based upon what's in the code this is automated this is excellent this is a devops tool this is aws rounded perfect example more organizations are actually using terraform for this reason terraform works across all cloud providers cloudformation works across aws terraform works across all it's very rare to find just aws or just azure or just gcp now everything is multi-cloud or hybrid cloud so cloud formation templates aws branded things to auto deploy things on aws swap that out with terraform and you can create your hybrid cloud and multi-cloud environments in minutes much better version of the same thing but this is the aws branded one and it's an aws exam so we're going to talk about it the last service we'll talk about here in the form of aws services is the aws certificate manager here's the thing the aws certificate manager is a way for you to get ssl or tls certificates for your environment certificate manager will add a layer of protection to websites by giving you ssl certificates certificate manager enables the simple provisioning management and the deployment of certificates so certificate manager makes it easy for you by deploying these certificates so realistically speaking what is certificate manager it's something like this you go to the aws certificate manager and you can get an ssl or tls certificate for your for your your load balancers your cloud front situations or your website last thing we'll say you've got multiple options from the aws certificate manager you basically can use the standard aw certificate manager and this gives you um ssl tls certificates to be deployed in your public environment your load balance is your cloud front your api gateways that's typically how you would deploy it simplest most elegant way now there are times where you wanted to play internal applications that are say https inside of your organization like an internet versus an internet in this case you can go to the aws certificate manager and you do get a private certificate and when you're what happens is you can get a certificate for your private systems to run ssl tls in your internal systems private certificates cannot be used on the internet and private certificates are available at an additional cost so let's open the field for questions we covered a lot of content and after that we'll go to costing and you know what we can probably finish up today um if we keep track and stay no more than 10 minutes of questions now so that way we can finish today and everybody can actually enjoy their sunday if needed i'll be here for you because i want to make sure you guys get cloud hired so hit the like button if you're happy if you're enjoying the content please share with others please like and subscribe and hit cloud hired if you're having fun and if you've got questions pop those questions in and chris from my team will help me find them all right so we've got some questions um let me scroll back here okay here's the first jamal what non-aws monitoring system that you recommend mike so that is a really great question jamal i am not a sysops person i don't do maintenance and i don't do monitoring so every time i design an architecture i typically find an operations person with my team and say what is it you're using and is it working for you is it not working for you if it's continuing to work for you i consistently do that but i am not i am an architect i don't do any operations and maintenance and there are a lot of really great tools here there are people that actually spout that specialize in network management and is a complete and total specialty cisco used to even have its own ccie for it because it's something that most of the architects don't touch at all or we're pretty far away from so i would say um in this particular case use what the organization is using or when you're doing this part of your architecture team consult with the maintenance people the system people because they're the people that do the monitoring and the maintenance hey chris you want to bring in the next one it's on the screen when do you use i am policies permissions inline policy security group confused between those things i think we answered your question because when i saw this question that's when i said would anybody like to do some security architecture and when we did that that's when we did the ddos protection the firewalls the ids ips and the network acl is the security group time we talked about where it all been along the chain oh i didn't mean to do that much there we go we are doing things live um alonzo welcome back good to be back mike how's everybody everybody is doing great we're having a party we've got about 30 more slides worth of content to go over so we're going to finish today um if we try really really hard i personally have a meeting that i have to get to today so i'm good until about 3 3 15. so concept is either i'll stay on and do this and we can have you do the lab in the end or if we have time we'll pop in a lab i want to make sure everybody gets sunday off and we get through this aws certified solution architecture associated hybrid professional certification cloud hired course that we're running this week stay very quick we've got we've got several questions to get to so i'm going to pop you back how can you integrate content delivery network and api gateway it's not something i've ever done from an architecture perspective so i can't answer that you got to remember there's different things there's what the cloud architects do which is design there's what cloud engineers do which is this i'm not a cloud engineer so i don't do any system integration i do the design and i hand it off to a cloud engineer we architects are designers engineers or builders and they do that i am a cloud infrastructure architect and not an application person i am not a software developer in any way i'm an architect static content does not need to static content for websites can be served directly out of object storage so there's no need to use an ec2 instance or an elastic load balancer for for static content on the cloud that's one of the ways their cloud native serverless environments is so beautiful stick it all in an s3 bucket or object storage pop a cloudfront distribution bob's your uncle you've got a website in 10 seconds and it's super scalable how big is the cash in the cdn that's typically user settable and every cdn is different because you want to bring on the next one yeah you asked for a lot of cloud hired so i'm having to go through okay yeah yeah there we go got to keep the algorithm happy plus it's fun for me to know that people are out there i really like to know people know that they're here minish can we use cloud wasp trail trail services for on-premise resources um you can actually use cloudwatch for your on-premise services there's an agent you can actually put on them cloudtrail is more for your other stuff but you can do some integration and some systems monitoring especially in your hybrid and multi-cloud environments the answer is yes but if you're using other environments you may find you there's a much better logging policy that you could potentially look into when you're dealing with four or five clouds but yes you can and we should keep this related let it day to both lenny can we set an auto sync mechanism when there is a change in origin apart from the ttl eeg a push notification for a cache and that i don't even understand the question you're asking here at all so can you do an auto sync if there's a change in the origin apart from the ttl again i still don't even know what you mean here you could basically synchronize your s3 buckets and run two content up to uh another content delivery network synchronize across two buckets if you chose to do that um realistically speaking i don't really completely understand what you're asking here so chris we need to move on to the next question that's the last one related to the content um here's one that's kind of a general question if you wanted to address it sure what is it it's uh it's on the screen now hi greetings you passed the solution architect exam but in virginia all the recruiters are urging usa citizenships you're a green heart trojan that's the biggest challenge any advice so i will tell you of the students i've had 50 of them are on h1b visas and they get hired every time virginia is a very unique market that is completely different from the rest of the country virginia is pretty much only government work and nobody else is in virginia virginia is one of the most expensive most regulated cities in the world with some of these things so nobody goes to virginia unless they have to be what goes to virginia i mean i love virginia it's a nice place but who's going to move their systems to virginia to one of the with one of the most expensive areas in the country and run much higher data center costs much higher personnel costs because of much higher housing costs not many organizations so start looking for things outside of virginia virginia is predominantly us government u.s government requires green card holders h-1b visa holders have no problem finding a job in any other part of the country and look around for other places and remote jobs you can get plenty of them but maryland dc virginia that area there is super expensive and while they have used to having the rest in virginia a point of presence it's not an area where we're going to find most of your non-government related data centers and government requires u.s citizenship how do you provide security at the cdn well like anything else you start your ddos protection there and your security doesn't go to the cdn your security is at your data center so you push your security like we showed you before you have your your uh basically your content delivery network has some like kind of ddos service like a shield your shield advanced behind that you've got a firewall you've got an ids ips system you've got a network acl you've got a security group you disable unnecessary servers in your host you put host-based firewalls anti-malware protection and then you use im and of course encrypted storage that's the flow outside in i have a niche can we further encrypt the certificates from an acm could you suggest some tools to do it can you encrypt encrypted information of course the answer um but the question is why so you could if you really wanted security you wouldn't really encrypt that encryption with the encrypted certificate what you could do is you could run an ipsec tunnel over https because when you actually look at https or ssl or ssh security versus ipsec they're not even in comparison many years ago we used to have these ssl tls vpns and we stopped using them because they were inherently insecure compared to ipsec so you could use http https and then on top of that you could create an ipsec tunnel that you could definitely do and organizations do do that chris you want to bring in the next one that's it okay great let's get back to the content and then uh i know we've done labs every day this week alonzo's our lab person for the day i'm gonna get through the content and ideally alonso can do a lab with you guys so now let's talk about improving costs so you know the cloud is not necessarily cheaper i'm going to say this again the cloud could be cheaper the cloud could be more expensive it could be a lot more expensive or it can be a lot cheaper don't let the all the uh clouds cheap cloud's cheap hey great it's good to go from capital expense to operation expenses it's a win every time i see someone say that and we will definitely announce the contest winners down every time i hear someone say it's great to go from capital explainers to operational expenditures i know for a fact that person knows nothing about business i know they can't be an architect capital expenditures are things that an organization purchases one time and they typically finance operational expenditures are ongoing expenses look at it this way if you can purchase a product that's capital expense and if you finance that if your weighted average cost of capital is two percent which is the interest you're paying that weighted average cost of capital financing may be substantially cheaper than the operational expenditures of renting equipment on the cloud so it might be cheaper for an organization that has cash to just buy it completely instead of paying so is the cloud cheaper maybe maybe not it's a matter of the use cases the patterns of behavior and that's the difference between an architect knowing what to do and when to do it versus a robot that took a certification course that was taught this is what's going to work so i want you guys to be architects you got to understand that so for most organizations not all most going from the network and the data center that's private to the cloud is cheaper overall most not all so please understand that now when you're in a data center what are organizations paying for servers routers switches firewalls load balancers racks power power distribution units ups generators transformers data center cooling and wow that's a lot of things on real estate that's where the main costs are in a data center now we still have operational expressions what are they we've got a pretty big staff to manage the stuff electric bills when connections that's really our cost that's our operational costs are just the connections for the most part in our electric but most costs are for equipment in a traditional data center and it may be cheaper to buy the equipment and run it on your own than rent your equipment from the cloud if you use your equipment a lot but it also might be cheaper on the cloud and it's up to you as the architect to evaluate the organization's data use how they're using it and what's best for them so you people ask me how do i convince people to go to the cloud and i say i don't convince people to do anything i evaluate the organization systems what are they current what is the ultimate state how do we best benefit the customer then i design something with a technology to do it and then i do an roi model the cost of this equipment versus what does it take to actually what are we doing to the business i evaluate that on a hybrid cloud data center only multi-cloud and or a single cloud environment and from there i can design a system but only until we do that do we have any information beyond that it's all hype it's all fluff and it's all meaningless um by providers that are saying hey we're cheaper we're better festive cheaper maybe they are maybe they're not but it's up to you the architect to know when and how to design it hybrid cloud multi-cloud now cloud all clouds all of it that's up to you guys so generally speaking because with competing there's minimal instances to purchase it is really great for a startup nothing to purchase startups have limited funding cloud is awesome now with the cloud you're paying as you're using the data so the ongoing cost of the cloud could be a lot higher than the cost of just purchasing equipment or a lot cheaper based upon a use case and understand that with the cloud there's very minimal capital costs there's almost nothing to buy but the operational costs on the cloud are sky high sky high so which is cheaper long term i don't know it's different on every architecture i design and i must run this rom model every time i'm not a robot i'm an architect i need to know what my customers want everywhere every time so if people say how do you convince people i say i do an roi model i evaluate what's best under the customers and then i show them but i don't pick something ahead of time because i don't know until i run the business case for every single customer so how do you keep cuss under control well for one thing only buy what you need so don't buy more obvious right now monitor your systems how you're going to know what you need until you monitor them if you've got 128 core server with four terabytes dram and it's running at 80 you can't drink that thing if you have 120 core server with four terabytes of dram and it's operating at three percent memory and three percent cpu shrink that and add more of them in an auto-scaling group it'll be cheaper so properly size your resources but you can't properly size your resources until you know what you actually need so size your equipment on the cloud-based upon average uses this is awesome in the data center you size opponents max uses why in a data center you build your web servers for maybe the christmas season when it's busiest on the cloud you can build it for every day of the year and use auto scaling to scale out when needed so cloud big thing purchase upon average use data center purchase upon peak use that in and of itself may be enough to make the cloud more inexpensive now when you're doing these architectures in the cloud decouple them everywhere use content delivery networks use sqs queuing anything you can do to basically decouple things make them scale independently to keep your costs under control the next way to keep your cost optimized on the cloud or to use the right platform if you know your traffic and it's predictable use reserve compute instances reserve virtual machines why you get a discount for committing to them for one year or three year if you don't know use on demand instances or use a combination reserve your baseline capacity and use on demand for auto scaling it'll be cheaper and you'll always scale and if you've got work and we talked about spot instances that is not critical it can be run f hours and you can get away with starts and stops you can use spot instances or basically bid for reserve capacity for most customers the best customer estimation is going to be use a combination of using reserved instances on demand and spot instances when appropriate what else can you do to keep your costs low well you can leverage managed services and serverless serverless could be cheaper you can manage your data to transfer costs maybe with s3 cross region replication or using cloudfront to serve locally because remember also if you've got a lot of data coming in and out of your network it could be cheaper to use a direct connection versus a vpn because remember aws is charging for the data transport cause so you've got to evaluate on every single question one thing that i will tell you is generally speaking it's good to know you're ahead of your time so i suggest setting up a budget here's how a budget works basically you select the budget and create it and then basically what will happen is aws will monitor your usage against the budget and they will send you alert when you get close to using it strongly recommend we had alonzo teach everybody how to set up a bucket i mean a budget on the first day for this reason the last service we'll talk about is an automated aws service let's be fair what we're talking about here is as follows they call it trusted advisor and now you've got a tool that's going to go through all your systems it's going to analyze your systems and make recommendations again it's a tool tools are not humans so for those of you that have worked on linux and you know there's errors every minute and it's like okay don't worry about an error worry about this instead well you know tools generate a lot of this so trusted advisors and aws servers it monitors what you're doing compared to best practices and it makes recommendations again lovely tool but it's a tool so if you're on the basic plan or developer support plan you get six security checks and 50 service limit checks with trusted advisor if you're on a business support plan or enterprise support plan you'll get a lot more you'll get 115 trusted advisor checks of which 14 are cost optimization 17 are security 24 or fault tolerance 10 our performance and 50 are server limits okay so we're pretty basic for that let me see if there's any questions then we're going to talk about building high availability systems we discussed it throughout the thing and then at that point i'm going to have alonzo do a lab with you and then we're going to announce the winners to our contest and then after that what we will do is we will have alonzo do a lab and we will finish up today around 3 3 15 and that way you guys can all have a free sunday so if you're enjoying the content please hit the like button um inform others and uh i'm not sure if i see any new questions here yes there's there's a couple uh one one not related to the content so i'll bring it up for you to to address if you want to sure it's on the screen it's on the screen okay i haven't so yes seen khan what what is the primary criteria for choosing cloud vendors i also provide some client i go vendor neutral i always am vendor neutral here's the thing about vendor neutral you don't pick a vendor you speak to your customer and you find out what's in the best interest of the customer that's what an architect should do every single time so i never think of vendors i think about what solves my customer problems so i want you to think about you know the vendors the characteristics of the vendors who does what what is google's business google's business is search and advertising and content so what is search search is a machine learning artificial intelligence algorithm google is the number one and number two player in search that's what they do that's their business they're basically a two trillion dollar company or near that doing search so when i think about who's going to have the best machine learning tools that are pre-built or libraries it's going to go google i'm going to think about that all the time i'm then going to think about who's got the best infrastructure and the most infrastructure that's probably aws right now so if i need a lot of big servers lots of infrastructure i might think aws no if i think business friendliness and no one caring about the kind of messages that an organization's sending i might think microsoft microsoft's got some of the best strategic business advisors in the world so i kind of look at it from a perspective of you know who am i specializing in so i always use two clouds i will never use a single cloud it's typically aws and azure or it is an openstack cloud at the data center plus aws or azure or a nutanix cloud plus aws or azure so really figure out what the business needs most then figure out which store or which cloud provider actually offers the best service and that is how you choose based upon nothing other than what's in your customer's best interest chris you can bring up the next one rita o is it possible to automate i i am well you wouldn't want to um i am is determining you know who can access what system and what time so if you automated it in the wrong way you can basically violate your last line of defense for security so there's things that you can somehow automate like adding groups and adding users to groups and there's ways you can potentially do certain things but instead of automation they could have probably wanted to know that they know they they may have probably been asking you could you federate to another environment to pull and use their aws things because yeah i don't want to automate ever you logging in without me checking you but i don't want to be adding users and groups um to an organizations to aws but i could pull them from an organization's active directory so basically speaking federated identity is how you would smooth and simplify the process and this can you migrate data dump captain s33 to document db um i'm not even going to know where to begin with that ashish um because that's a big data architect so praveen big data architect from my team's done nothing other than data architectures for 20 years on friday you can ask him that but this is way way way outside of a certified solution architect associate professional azure expert equivalent course and it's also way outside of anything that a cloud architect would do this is something for a cloud data architect to do so we have one of them coming in on friday that's it okay cool then let's do this let's talk about a little bit about high availability and we discussed it in depth what is availability availability refers to systems being available when you need them now everybody's got a different level of high availability my definition of high validity is greater than 99.999 percent of the time that's what customers demand with me aws calls high availability 99.99 you can get my till at my level of five nines availability on the cloud it's real hard to do in the cloud and guess what it's relatively hard to do in the data center there are those of us in the world that have done this and we're typically ccies with lots of experience because it's really involves redundancy everywhere so most organizations would consider 99.99 available to be high availability and you can do that with a cloud by using two data centers two availability zones so for most organizations high availability means deploying your applications across two availability zones for most but not all if you're an internet service provider that's not enough you can't have an hour downtime per year for your business customers if you're a bank and your systems are down you've got problems if you're a hospital and your systems are down an hour a year people will die so you cannot get away with 99.99 availability for high performance high availability systems you need better so if you're going to do that on the cloud you'll have to use multiple availability zones in multiple regions so kind of hard to do it on the cloud but you can now let's look at what these availability levels mean 99 available meanings 3.65 days of downtime 99.9 not good three nines availability almost nine hours of downtime per year aws definition of high availability is 99.99 of the time meaning two availability zones this means 52.6 minutes of downtime per year if you do that in a bank the bank could lose billions if you do that in a hospital people will die so that is not high availability high availability is greater than 99.999 percent of the time for critical environments verizon a t bank of america jp morgan chase any kind of hospital you're talking about kaiser permanente new york presbyterian the cu i'm picking up big global healthcare or big healthcare organizations big banks out of examples there's lots of other examples i can give you four nines is not enough for these kind of facilities they need 99.99 why because you walk into a major hospital like new york presbyterian and the systems aren't down someone could die if you're trying if you're a bank or like a big bank and they're trying to place trades and they can't place a trade they could be losing millions of dollars per second so high availability for many organizations is 99.99 like aws specifies 52.6 minutes of downtime per year to availability zones but if you need more and most of the people i work with need more they need five nines which is ten times greater availability than we're talking about here with aws you're gonna have to have your system delayed in two regions and two availability zones per region or better yet two availability zones in aws two availability zones in azure aws goes down azure's still up azure goes down and the bass is still up don't put all your eggs in one basket we would never use two and two wan connections from verizon we would use an 18 t1 and a verizon one you want to know if your carrier or service provider or cloud provider goes down you're still up so better yet two availability zones instead of if you wanted to create a five nines network on aws you could use two regions and two availability zones per region or better yet use uh azure two availability zones and the other two in aws now you've got four just like before across two providers you've got much more survivability when it comes to availability one is none two is one and three is greater than two let's talk more building a high availability network is based upon the following tenants no single points with power this means redundant power redundant cooling redundant network connections redundant routers redundant switches redundant servers redundant cards in your routers redundant power supplies in your router redundant servers redundant load balancers redundant tns redundant storage on redundant databases this is how you build high availability now generally speaking it's a lot easier on the cloud why because you don't have to figure out the redundant power going to the data center you don't have to think about um realistically speaking we're done in cooling you don't have to think about redundant internet connections across the internet you don't have to because they do it all they've got all the redundancy built in so it makes it so much easier they've got redundant routers switches all the work that people like me have been trained you know thousands of hours of training developed high availability systems aws does a lot of that for you so it makes it a lot easier so best practices spread your load across multi-azs two az's gets you to 99.99 available if you need more than that use multi-region and multi-ac per region or better yet multi-cloud anything that needs a high availability at minimum should be in multiple acs whether they be virtual machines or ec2 compute instances databases load balancers dns everything two regions i mean two availability zones minimum redundant network connections so if you've got two links to aws if you've got a 100 gig direct connection back it up with 100 gig direct connection if you've got a one gig connection you might be able to get away with backing it up with a one gig vpn if you have 40 gigs four 10 gig connections bundled in a link aggregation group chances are you're going to need four 10 gig connections bundled another link aggregation group across another service provider one connection on a tnt one connection on ntt one connection or verizon another correction on ntt or at t it doesn't matter redundant everything across other organizations so most people will get away with redundant direct connection a reconnection and a vpn backup but not all so let's look at the two architectures for connecting to the cloud that you'll probably deal with architecture one is this you have a direct connection which is your primary connection and you've got a vpn backup widely widely used and common but let's say you can't survive on the latency of a vpn you can have a redundant direct connection or multiple connections now the only thing i'm going to say to you is this aws will tell you that this router is highly available and it is because it's a logical router not a physical router and they would say you can use a single router on your end and it's high availability because it builds you connections to two availability zones i'm going to tell you this no if you they're if their render is highly available and you only have one router here that's highly available if your router dies here your connectivity to the cloud is gone so in high availability design you use redundant routers redundant connections to redundant routers on both sides that's how you do it one is none two is one and three is greater than two when it comes to availability now when you're designing for high availability if you get hacked your systems are down so i strongly recommend building high availability interest systems use that principle of least privilege we talked about disable unnecessary servers on all your services regularly patch your systems with security updates limit the blast radius meaning what can happen in one part of the organization to another by using things like aws organizations way out of scope of this course um we want to keep unwanted traffic out of subnets using network acls keep unwanted traffic out of our servers to security groups we're going to use firewalls ids ips sims we're going to use ddos protection those kind of things we're going to have physical security protecting the routers that connect to the cloud we're going to use strong password and passwords needed and we're going to template known good configurations whenever possible and deploy them with something like terraform or cloud formation the next part of high availability system design is back ups if you if you don't back up your systems your machine images and you lose them you lost them your data you should be backed up at all times create images of production servers back up in at least one remote and secure location increase your availability add auto scaling look at it this way if your systems are up if your web server can handle 10 000 requests per second you get a ddos attack at 15 000 web requests per second but your web server can scale up to be able to handle twenty thousand thirty thousand forty thousand requests by scaling out guess what you'll still be able to serve your customers while you're dealing with the ddos attack also if you get a lot more demand than you had compute supply then auto scaling will fix you so that will help improve performance and availability decouple your application architecture so the problems that occur in one area don't affect another use caching to reduce load on your servers use dns to load balance across availability zones or regions or cloud providers use load balancers to eliminate signal points of failure watch your system see what's going on monitor for a lot systems alerts monitor for security breeds monitor for usages change your passwords periodically and make sure you do change management if anybody doesn't know um change management i know they don't know high availability system here's what change management is prior to making any change in any part of an organization's environment here's the thing you actually do you notify all the stakeholders by notifying all of the stakeholders here's what you do you make sure that they know to tell you no don't do this at this time or they may have to prep their systems for example if somebody's running a batch job and you make a change that breaks the vast job and it's a critical batch job that takes 40 hours to complete over the weekend and you broke the system then basically you may have hurt the business so ask all stakeholders before you do it all stakeholders have to agree on a change at the time so that's how you design high availability systems now we're going to do a lab after this but i want to talk just a little bit about passing the exam all aws exams are hard here's the reason they're hard the way the questions are written are really really wordy really really worthy there's always a winning answer but there may be multiple answers which are also good so you really got to think like aws on this exam how do they think what's their brand what is the way they want you to do it so when you take these exams if you're not experienced they're going to be very easy for you because all you're going to know is what's been taught in a course and your practice exams and you're going to be good if you are very experienced and you know 10 ways to do say the same things these exams are going to be challenging because the amazon way may be slightly different than the microsoft way versus the cisco way versus the google way and if you know all the ways that everybody else does it these exams are harder because amazon exams want you to do it the amazon way so my suggestion is whenever you take an exam any company evaluate what it is the way they want you to say it and those are your answers so what else do i recommend i recommend to you know watch this entire thing read all the diagram read the book look at the diagrams in the book read the aws white papers and take a practice test where would i get a practice test i happen to know haman sharma he's the ceo of review and prep i love his practice exams i know haman sharma he's a really great person he runs a classy organization run by good people i can recommend review and prep for practice exams i recommend working on a practice exam until you can score a 95 or better every single time and then you're ready to take an exam because i want you to know when i want to pass i'm also going to recommend this for more good certification content i recommend that you go to andrew brown from exam pro he's got a completely free aws certified solution architect 2020 class and he's reducing a more modern one soon his class is focused on certifications ours is more about architecture combine his combine ours and you have the perfect certification solution all free completely free follow that up with the practice exam from haman sharma these prices are good they're very reasonable we have no financial um relationship with ham and sharma adele but i'd like to be able to give you guys the people that i like the best i think i also on the youtube community tab have a 15 coupon for you guys you can use it i asked tommen for somebody for something to make it a little cheaper for my students and he agreed he's a really good guy again we get no financial transaction with that i just want to align you with the best resources i can because i want you to be perfect now when you take these exams the day before get a good night's sleep eat healthy avoid alcohol or anything like that here's the thing the hardest part of the exam is reading these questions the content of the exams is not complicated but the questions and the way they're asked is very challenging so don't be tired i want you being calm why do i want you being calm when we're calm we're using our happy prefrontal cortexes logical reasoning good when we get uncom the prefrontal cortex shuts down the amygdala kicks in we get very stupid that's why when you're in an argument and you say things to somebody you regret them for forever because you say really stupid things when you're stressed you get dumb so become in order to become make sure you know how to get to the location the day before show up 30 minutes early so that if there's traffic you're not there if you're online be prepared 30 minutes early anyway if you've ever taken to these exams and your computer froze along the way or it's trouble getting them set up i promise you things go wrong gives yourselves time remember you can run into parking problems you can run into tech problems you can run the traffic problem it's just don't be there late make it as easy as possible and remember that you need to bring a photo id when you take these exams so let's do the following i will take questions and uh we will announce the winners of our contest in a few moments and then alonzo will do a lab with you guys that desire because i'd love you guys to get one more lab i just have to finish up at around 3 15 today so are there any questions for me right now yes okay somebody somebody asked if you could speak uh speak more about the about rto and rpo so recovery time and recovery point yeah so when you're dealing with uh disaster recovery you know it's how long till you're up recovery time objective and recovery point objective how old is your data that's going to be backed up so the best way i can describe it is this if you can be up in one minute that's your return time objective but if the data that you have is one day old that's your recovery point objective so you have to figure out how much data an organization can actually live with of that's lost and that's your recovery time objective and then uh you could go over the durability concept again durability means so so here's the difference between availability and durability availability means your systems are going to be there when you need them durability means will your information be it's there so let's say you've got um about s3 durability which is 99.99 of the time that's great i mean s3 availability which is 99.99 that means that with the exception of 52 minutes a year you'll be able to access your data now durability means that the chances of your data getting destroyed so meaning that 11 9's mean that your data will be the the degree that your data is protected from being destroyed or lost is 99.999999 nine percent of the time your data won't be lost so basically it means if you store your data on the cloud it's going to be permanently available until you delete it because it's always going to be there that's what durability means um then someone asked if there's if you're using multi-cloud is there a central management tool for for monitoring and things like that for deployment people use terraform there's lots of monitoring tools that are out there in the industry as i mentioned i am not a sysop professional and there are lots and lots of tools that sysup professionals actually use but i'm an architect not a maintenance person this is not a maintenance person i don't specialize in monitoring systems aws restart that will not cover what's sufficient to get hired in the cloud but it will it will give you some additional competency which is great anytime you can get additional training we think it's great remember that you have to figure out the career you want as architects we're system designers and we system designers do the following we design end-to-end systems all of the training that's out there covers the system configuration so it will be helpful to get a junior implementation engineer job like a junior cloud engineer it will be helpful for the maintenance people like the sysops but for the bigger jobs like the architects it will not be helpful but it would still be helpful to give you additional information so it'll always be helpful but uh your your focus needs to be um what are the systems in the network and the data center because those are the things that are going to the cloud not how to configure a service what you're moving to be an architect now if your hub goes to be a cloud engineer and you just want to configure things all day the aws training is great um here we go i'll post the link for this day if you see the question can we okay so can we talk about vpc please or virtual private cloud yes we actually covered the vpc in extreme depth which day did we do that chris i'm not sure but i'm going to post a link i'm going through them right now i'll post the link for that to really talk about the vpc i could talk about it for about four weeks straight as a cloud network architect like me we spent a cup at least two hours on the vpc virginia before and i don't think i can really give it you what you need in less than those two hours chris from my team will do that we'll give you a link to that one i would love to answer it otherwise but it's too big of a topic yep and that's it i believe that was thursday for vpc say this one more time i believe i want to say uh thursday was the day that we talked about vpc and provided a lab forever yeah i'll put the link in there okay so the next thing on before chris before chris does this we ran a contest this week for which we're going to give two free tickets to the aws certified solution architect for i'm sorry to two or two free courses to two lucky winners to our cloud architect career development program a program that's designed to basically take people and turn them into hired cloud architects where we train them they do live classes twice per week with us and we really design cloud architectures during the two live sessions in addition to the two live three hour sessions that we do of which you know it's on zoom so students ask questions we design architectures for forty thousand remote locations we deal with kind of environments with hundreds of thousands of subnets we deal with environments of hundreds of thousands of servers my students are the best in the world one of the main cloud providers even sent a director from one of the business units to tell my students how much they love them um that happened on june 18 it was from one of the biggest cloud providers so we'll give so what we'll do is follow is we'll do this we are going to announce the winners one of the winners is daniel basu he's winner number one the next winner is ryan perez congratulations to you guys we will see you starting next week in our class you will be doing our three hour architecture twice per week you will then have pro program projects to do during the week you will building career plans we will be building register resumes with you we will help you by with interview tactics interview techniques salary negotiation and we of course cover this so you will be able to work on every cloud provider aws is only one part of it congratulations to you daniel basu and ryan perez you guys did an amazing daniel not only was here the whole week but he promoted it promoted it and promoted it when i saw ryan perez's video that he created and my team saw it we were blown away so thank you you two for those of you that were not that attended this week that participated in i am going to have chris do what we never do and send a 25 coupon off to our entire mailing list for our cloud architect career development program you will be able to use that you can register for our program you can select the payment plan and it will be 25 off for everybody on the session and for the people that participated we will do this which we've never done a 30 off coupon for the people that participated in the contest and they will be distributed very soon so chris will send an email to our entire mailing list with the 25 off coupon code to celebrate all of you that participated this week and 30 off to the people that participated but the two local winners are there um chris make that happen in the next few days um so we've got some people ask us to share ryan's video so what i'll do is from the business page i'll share the post from both of the winners so that they so that everybody can see the ones that that one sounds good and daniels was persistent yeah and he commented on every everybody else's post that was what it realistically took we announced the contest we emailed the contest you know we periodically run them but if you'd like to really get hired we'd love you to be part of our cloud architect career development program chris please post a link to that course while we're at it post the coupon and if anybody's got any questions about our course or our real cloud record training let us know if you guys want to know some more we'd love to hear from you so any further questions from me i know there were some questions on how to register so make sure we add that registration link and a coupon code click abigail marks we don't run contests very often um we don't do it for the following reason there's extreme demand for our training and we we charge about five percent of what we're supposed to charge for our course so we don't do a lot of free contest but you know we'd run into a situation where we decided to run a contest um so we ran this contest and you know we love to run them when we can but you know we probably won't be running anytime soon and a couple of people are saying they weren't aware that there was a contest so the best way to be aware of it in the future is make sure you follow and subscribe all of our social media not just youtube so we um we we announced these things on social media in our email campaigns so if you're following all of our platforms you'll probably you should across one of them see the contest in the future so chris if you uh put uh if you put uh the link to our course and you know this one time we can add the twenty-five percent off coupon code we'll make it yes i don't i don't i don't have the twenty-five percent okay well i will i will i will i will text you one right now um there's one that i made up the other day um let me send that to you right now i'm going to slack send it over to your via slack and that way you can cut and paste it directly in let me figure out how to do this i'm so glad you guys made me move from linkedin groups to slack i love linkedin you should have that any questions for me while uh well uh sorry i didn't mean to interrupt you mike let's finish this and we'll let alonzo do a do a do a lab i love alonzo doing love alonzo is a great cloud architecture got some good cloud engineering skills and he's a close friend so we've got people that want to do labs we've got abba we've got alonzo here and you know let's spread the load to anybody that desires it all we want to do at go club careers go cloud architects is give everybody the best careers and cloud competing or networking careers we can so let's do what we can to help this beautiful community abu nasser every time we do an architecture we do it on aws azure google openstack nutanix so every time we work across every cloud's up and assert there's no such thing as just aws to us we are cloud agnostic we train cloud architects not solution architects a cloud architect can work on any cloud anywhere anytime the solution architect only knows azure we train people to work on all platforms because that's the job and of god you can't believe your eyes with what you've seen us post in the last few days such a great man and team thank you so much i'm so humbled by that i'm happy to provide cover fire for you anytime anywhere um thank you so much um obviously you and i have a similar background and you know anybody that's got my six i've got your six as well and i'm so glad we were able to help um thank you so much look forward to working with you albert nasser i think you're gonna have an incredibly great time yeah indeed he's gonna have a good time you're gonna learn so much i really like that you know people take my course after the first week they say i learn more in the first week than i have in the last year by doing all these other things and that's how we know our message is on point okay alonzo why don't you take it away and do one last lab with everyone so we can celebrate working on tech playing with tech if you guys love it um um yeah we can get you out of database programming and architecture like nothing my last great database person we had a cloud architect job within literally speaking two months and he's going to be talking to you guys next friday and he's really great so really welcome that okay well what we are going to be doing today we're going to be in the kitchen working on dns we're going to be working on setting an a record and we're already going to have a connected ec2 and we're going to attach an apache server on top of that and we're going to point that dns record to that particular area and we're going to ping for it so if you're ready to go we are about to uh take off and uh do this lab so i'm going to share my screen and let me know if everyone can see it i'm sure chris um let me know if it's big enough for everyone to see if not then i'll increase can everyone see that yeah but you're muted it seems like you're muted alonso okay can everyone see me and hear me yes okay okay great okay okay well we are headed to our aws management console this is where the magic is going to happen this is where we've been all week and focusing on ec2s uh creating a vpc environment for our resources s3s um even touch base on databases so today is going to be a quick focus on route 53. so i spent a little time last night playing around um uh focusing on on uh things like a records uh quadruple aaa records c name records mx mx records and ns name service records and thought that um it would be really cool to just focus on one of them because a lot of this stuff takes a long time to propagate like 24 hours so i wanted to keep it simple i want to keep it focused on just an a record so now remember that an a record basically it's um it determines which ip address belongs to a domain name so with that being said what we're going to do is go to our route 53 dashboard now as you can see we have a lot of different things that we can focus on we have our dns management our availability monitoring our readiness check traffic management domain registry and routing control so let's go over here to domain registry now what i did was uh what you can do is that you can register a domain and you can pick and choose what you already can pick and choose whatever specific domain that you're looking for for every particular website um on average.com is going to probably be about 12 so you can go and check um so what i did was um i already pre-made one but i'm just going to go through the um just say for instance xyz2 something pretty random that we can check so we can see that that domain is available and we can add it to our cart and then we can continue and this is the point where we can add all our registry registering contact information on where we want to uh uh pay for everything but at this point in time i i came up with a cool little name living out cloud a cool little name um for this fictitious website um that i wanted to put together so what i did is that um based on that routing information i spun it up and now i have um a focus on our hosted zones so initially you have your ns and your soa records right here and these particular um servers are the ones where they're going to be bouncing um off and on through the service to create um the dns records that are needed so for this particular one again um i created a simple a record now remember again that um an a record determines which ip address uh belongs to a domain name specifically in ip4 so what i did was excuse me what i did was i created that record and now you can see the nam the name is living out cloud it's an a type record our value is um what our ip address is ip address is right here and then we had set um we had set a time to live basically a ping for 300 seconds if it does not um if it if it can't be heard in um three 300 seconds then it's considered unhealthy so i'm going to go to my um command line interface and right here i've already created an ubuntu um uh virtual machine already so that we can add our apache uh web server to so i'm going to put in that information now so that we can get the ubuntu apache service going okay okay it's going it's going okay wonderful now we're upgraded oops just gotta watch the spelling the details matter so now it's booting up it's packaging and getting everything going sometimes it takes a little while but it's at 2 98 so just waiting for that other two percent and we can move forward okay wonderful okay so now what i can do right now is that now that i've um added on apache which is sitting on the umbuntu now i can search for uh my i can ping for my particular um web uh web domain based on my ip address so there we go if you remember right here we have our a record our simple routing and our 3.142.48.163 and that's our a record right here so what i can do right now is that i can uh grab this value and we should be at a point where i can find my um my apache server sometimes it takes a while let me double check my routes and make sure everything is okay for my hosted zone we're good to go we're good to go pending requests okay okay let's take a look at this one more time [Music] okay all right one more thing we gotta check okay all right let's try it one more time here fresh record might be missing a step it's always about focusing on making sure that you have all your steps available um so uh alonso we got a couple of comments from other people on the program with you um shinton suggests making sure apache is running and then leo uh says after installing apache is it needed to start and enable the web server that's right that's right thanks so much guys and of course they're in the program with you of course right right so let me go ahead and uh get that squared away double check to make sure i have everything that's running this is what i love about live sessions yeah yeah you get to see the behind the scenes beauty of everything that we do it's like uh everybody google go to google go to overstack go to exactly going through all these places it doesn't matter what failure is like it's a google answer no i'm missing something okay i started the pat i started apache my ubuntu was kicking pseudo app updates i installed apache i'm ready to go i should be let me see um another person from the program put a uh looks like you put a code uh in the chat box i'm not sure what that let's give it a try give it a check you can't copy you can't copy and paste oh you can i can't because i'm the host i forgot i remember that's why i'm okay authentication required to start apache uh okay i should be able to do this i just did it all right interesting all right let's try this one more time that's why we are here as a community to get this thing right okay based on that i will get this done because i just did it earlier today oh my goodness where are my where's my information here and this is where you add in i i'm a cloud architect i don't configure right this is exactly i i i am not a command line man i am the first to admit so let's try this okay so i know my answer is in here somewhere okay so let's take a look in our records and then our information make sure our hosted zones are everything that it needs to be details okay let's try this one more time somewhere it's not connecting this is connect everything's good everything's good here so is there other than this uh lab did you have anything else that we were going to cover uh no no this was it it was my focus was to connect uh we already added ubuntu um as a virtual machine and added apache on top of that and then we were going to make sure that we could connect um and show the uh um apache um default page so that is what i'm working on gotcha outside of that okay 153. registration zones all right let's get back to our apache overview i'm going to let's go and do this again okay is installed so now okay okay okay the record is there so now where is our i know i'm missing a step here just got to remember what it is typically speaking gonna reset the service okay and i just i had uh updated i had added and updated the server so now i'm at a point where apache is installed so now i'm just trying to make sure that i can show the default apache page okay i would just restart the service alonzo yeah um it's in slack okay yeah you just put it in there yeah okay all right so let's try this one more time the only problem is when did you set this up alonso i had set it up earlier today and i was kind of concerned because it usually it's not it may not have time to propagate throughout all of these throughout the world so typically speaking when you set this up it can take 24 hours or more for everybody to know about it so realistically speaking what you really want to do is you want to see if that web server is actually up you know you can check a status of it see what's going on in the server um via top you'll be able to see if apache is running and you know that's that's what happens when we architects actually do configuration things because that's not really what we do especially doing linux admin work but you know i know you know how to do it i know you've done it many times yes yes to that do it top see if you see it running see if it's using cpu performance but remember for all of us you know you built this server you just set up a dns thing it's got to propagate the dns servers throughout the world so obviously he restarted the service the service of apache 2 he's done that but i appreciate the uh the linux unix commands because definitely needed to do it he definitely did do it all right now you got the name let's see and i checked my uh security group so yeah because i was able to ssh into ubuntu um try something else we were doing this with a great devops engineer he was doing a great devops demo i was like these things just happen when you do things but realistically speaking if you just it's going to take you 24 hours for dns to really populate everything so you may not be able to do this we may have to come back on another day online yeah straight that it works right i'll i'll do some testing sorry guys for the glitch but i will uh do some testing and if you'd like i won't be more than happy to create a video and put it in slack for everyone to take a look at well and it's not it's not just the people in select so we can we can why don't we do this alone we'll take it offline we'll give our dns servers a chance to do it we'll create a video you and me on how to set this up and we'll just release it on our youtube channel because i don't want to hold people on a saturday while we're troubleshooting um you know dns issues all this stuff is going to happen if you do these kind of things it's part of my life part of everybody's life bill gates demoed windows 98 and the thing crashed on them um i've seen some demos like 20 years ago from steve jobs that also didn't work um live demos you know anything's happened i got to tell you one time and you guys may think this is funny i was actually in dubai um we had we had designed this voice over this voice and video fiber to the home project back 20 20 some years ago when i got there they're like mike you're the multicast guru go solve this for me i walk in and literally people are tracing electrons through the back plane of the switch and i'm sitting there thinking you want me to go fix this uh uh oh and then out of nowhere i was like you know what i noticed that's the most beautiful cards you have the brand new ones let's take the old ones plugged in and it works so you know things happen with demos 25 years of demos things are always going to happen so alonzo thank you for the demo i still think we're running into a dns server issue and i think everybody here to make a nice video and really help everybody about it a video that we can do um take one and if we have to do it take two if we're arguing with dns servers but uh alonzo appreciate everything you've done this week i appreciate it thanks so much mike yeah just part of you know anybody that's ever done any demo or everybody that's ever done an executive briefing or all the folks on this call who one day will will all experience this while doing a demo one time so thank you guys for being supportive it is part of the job i promise you one day you're going to bring a team of 30 cloud engineers with you um and you bring those teams the 30 cloud engineers with you and uh funny things are going to happen so yeah i appreciate everyone's grace that that's i really appreciate it so yeah it's uh it's at the foul line and i did not uh get it in the bucket so no matter how much expertise you have in tech things will happen no matter what you do in tech things will happen why do you think i'm saying multi-cloud it's not because i don't think aws is full of really great smart people they are i know a lot of them it's not that azure isn't full of great smart people azure got hacked last month it's just part of life um and no matter how much you prepare tech does a mind of its own sometimes so i've got seven well actually nine vmware esxi servers in my house all have the same e5 26 70 v3 cpus in them all have 128 cores and all have two terabyte nvme drives and you know what you install it on five of them they all work the sixth one you basically gotta take everything apart pop it back in and then all of a sudden it works it's just part of the fun so you know mike um we've had a couple of people ask how long the coupon code is good for we will keep that 25 code active for the next two weeks after those two weeks it will not be active and the 20 code that we typically provide will be active but for the 25 code i'm going to have to be of actor for two weeks for the people that have actually submitted to the contest many of you have not submitted your email addresses to us please do so and we will email you a 30 off coupon if you participated in that contest the people that participated in the context were the ones that created a post that had a certain things that included the words cloud hired that included a link to um our training course or this free training because we we were permitting the free training i'm super happy you passed your ccp um thanks so much uh wonderful so happy to have you here daniel green excuse me mike guess what we got it running you got it running now is it just enough let me show you yeah yes let's share this is what happens with dns you know okay let's uh i'm gonna add can everyone see that and we're gonna add that there we go we got our apache ubuntu fault default page so we were able to set up that a record um as i was saying earlier um we set up a via ubuntu uh virtual machine and we added apache on top of that we pinged it with uh with the server ipp um ip address and now it's connected so i'm glad i was able to complete uh this lab for you guys successfully although we had a couple of bumps in a row but i'm glad we were able to do that when you're dealing with other stuff that has to propagate other stuff to other stuff to other stuff or caches that could be timed out that's when funny business happens so alonso great job thank you for doing it's not engineering work for us this week i know you're mostly a designer like me i know i design i knew you would get it done i was still thinking it would take a couple more hours for dns to propagate across the internet but you know what we got there that's all that really matters so we gotta gotta do it on the fly man we can't quit we gotta always look for that answer we gotta provide the answers um and when i don't have them um i have i have my mentor mike and and chris you know he doesn't want to talk about the things that he can do but you know he's a superhero in his own right as well so it's good yes it's good to be surrounded by quality intelligent people that i can learn from and that we as a community can as well thank you alonzo i have a philosophy when i build a team i hire people smarter than me every time i hire people they're going to tell me what i don't want to hear every time mike don't do this mike do this mike the 50 presentations you thought you could do by tomorrow you can so it's what it takes alonzo excellent job you're talking to a mute button um which i do all the time as well so you're here wall's good so everyone again thank you for participating in the aws certified solution architect 2022 course abu nassar was um we will keep that coupon with 25 off valid for two weeks um after uh the third we will also administer a 30 uh 30 coupon to anybody that participated in the contest chris from my team apparently knows who all they are because keep track of everyone and because he did that he will send 30 coupon codes off to anybody that did it alonzo i definitely definitely appreciate you coming in here with the cape as the superhero kind of configuring and setting all this stuff up for us real grateful for all of you folks that are out there we truly love you we want to do everything we can to help you i want to let you know that on monday we're going to have our free how to get your first cloud architect job webinar first thing in the morning we'll tell you everything to do to get your first cloud architecture up what you need to know what employers care about all of it after that monday afternoon we will do free question and answer sessions anything related to cloud computing careers on tuesday we don't have anything on wednesday next week we will do a free how to get your first cloud architect or we will do a completely free um question and answer session on thursday we will have a how to get your first architect job session live on zoom where you can ask questions of course on friday we will bring in praveen who's a working cloud architect he was one of my students and he's a fantastic student but he has 20 plus years experience in data big data environments and now he's working as a cloud big data architect after running through our program but also he had huge amounts of great big data experience in the past and it's that big data experience that we want to share with you remember it takes a team it takes a village assemble the best people on your team there's nothing you can achieve so thank you so much it's been such an honor if you haven't hit the like button please do so if you're not a member of our channel please uh subscribe and hit the bell um we uh so you can be informed of a lot of the new free services that we're going to be doing coming very soon lots of them you'll be notified them if you subscribe and hit the bell next week thank you all so much um thank you again mike for having me thank you for everyone for taking the time to be patient and i hope that i was able to help you with uh continued learning join the community be a part of the community if you are a part of the community be more active raise your hand um help one another support one another create projects and and grow together this is an awesome community to be a part of and thank you again for mike for having me and thanks chris again for everything you have you helped me with as well alonzo thank you so much chris thank you so much for putting up with me calling you at two o'clock in the morning hey chris can we do this or hey chris is this going to work hey chris can we stream to 50 different media streams at the same time this is what chris has to contend with for me i am a hyper active bounce off the walls executive with about 20 years experience doing these same kind of thing so let's all thank chris for helping to orchestrate and make sure this works and keeping me on track and even reminding me when i have to be in certain places at certain times so thank you chris i was talking to chris about having a behind the scenes edition i think that would be uh awesome [Laughter] actually one day we should do it it would be a best comedy hey chris nigeria and dubai all at the same time he means like be a zoomer in person exactly i think they would get a kick out of it especially chris love it i think chris would be able to finally figure out a way to get me to go from legos to athens to dubai all at the same time he's probably if anybody could figure it out it would be chris indeed so thank you you have something you have to do mike i do have some please i actually so thank you for reminding me go to physical therapy for my bad hand and my bad foot take care everyone it's been such an honor and a privilege to have you all here today take care everybody

Info

Channel: Go Cloud Architects

Views: 6,087

Rating: undefined out of 5

Keywords: aws certified solutions architect associate 2022, aws solution architect certification, aws solution architect interview questions, aws full course tutorial, free aws certification training, aws certification course online, aws certification course free, free aws course, cloud architect career, aws career tips, cloud architect training, cloud computing architect, cloud architect, go cloud architects, saa-c02, aws cloud computing full course, cloud computing complete course

Id: iOUj3aumou4

Channel Id: undefined

Length: 201min 37sec (12097 seconds)

Published: Sat Oct 09 2021