AWS Tutorial | EC2 Masterclass | Launching an EC2 Instance | Nov 14, 2019

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so the topic of this day is easy to easy to stands for Elastic Compute cloud Elastic Compute cloud you will see this term elastic in many different services we'll discuss that what exactly lastic means now what support will solve Elastic Compute cloud and why do you need this so if you see the Elastic Compute cloud the purpose is that it provides but it gives you it provides the resizable compute capacity in the cloud so it gives you the resizable compute capacity in the cloud fine so it gives you the resizable compute capacity in the cloud now if I say resizable would be very sizeable this means that this can be resized it can be changed whenever you want we'll discuss that in detail so it gives you the resizable compute capacity in the cloud that's a purpose of the Elastic Compute cloud now how this works for you let's imagine that this is my 8 of this cloud so this is the Amazon Web Services cloud this is the Eid of the Scout and this is my virtual machine what's that this is my virtual machine or this is my virtual server what's your machine slash virtual server now if you have any virtual machine or any virtual server that's running in the confinement of database cloud that's labeled as my ec2 instance you can also call it as an instance but generally we label it as an easy-to instance now Initiatives test is nothing but it's a virtual server or the virtual machine that you deploy in the confinement of the Amazon Web Services cloud and it has some compute capabilities it has some compute capacity compute capacity means if I just list down the attributes the compute capacity includes your virtual CPU right so virtual CPU it will consist of the virtual CPU RAM storage and GPU graphical processing unit etc so it has some compute capabilities it has some compute capacity it has some compute capabilities it has some compute capacity that this can be resized this can be changed we'll come to that afterwards but right now you have to understand why you need a virtual machine see everything you launch any application any service there to deploy upon the virtual machine it runs upon that so you have to have some compute capabilities and compute server some compute node upon which you can run your applications and services so the ec2 instance consists of the OS or the operating system you install upon the operating system upon the system's so it comes in two different formats one is the Linux and the other one is the windows these are two different types of operating systems you can install upon thee is two instance then you have the applications that you deploy upon your virtual servers plus your services you also run upon or you also install the software upon the virtual machine and also you execute some scripts so you install everything upon the instance operating system applications services software and script and script so you install everything upon the instance that's why you need a virtual machine that's why you need an Eastern instance coming to the computer Basti this compute capacity is defined by something called instance type so depending upon what's the instance type you choose it defines the compute capacity or the compute capability of your instance so if someone asked you what's an instance type it's nothing but it's a virtual representation what's that it's a virtual representation of underlying physical resources of underlying physical resources so it's a virtual representation of the underlying physical resources it depicts that what amount of CPU RAM storage GPUs is associated to that instance I give you an example this one example I can give you for example there's one instance type that we'll use quite often because it's free to eligible that's T 2 dot micro ok this is a free tier eligible instance type and you don't have to pay for it if you use it it gives you almost one virtual CPU 1 gigahertz oh I'm sorry 1gb RAM and it gets us to of 2.5 gigahertz of Intel's Xeon processor you can see that it has these specifications for you to get started and depending upon what type of operating system you choose so it gives you eight or I would say thirty gig of storage on an average if you have an annex you get eight gig of storage if you have Windows you get thirty gig of storage these are the different parameters are different attributes of the teetotal micro instance so these are decent specifications for you to get started and get the hand song get a feed vet and start using the virtual machines or the East two instances they to deploy upon thee aid of this cloud so got the idea you have the virtual machines or the East instance upon which you deploy everything starting from the operating system application services software scripts and this gives you some compute capacity it has some compute capabilities now the thing is that I use this term elastic or resize it's the same thing what exactly mean by this term called resize elastic this means that you have the flexibility to change the specifications of the instance for example right now you have t2 dot micro which gives you let's imagine 1gb ram this is the amount of ram you get from distance type you want to have a higher instance type because you want to have some more ram because one gig of ram is not sufficient for you depending upon the type of application services you want to run upon the instance you want to bump up the ram you want to get now you can change the instance type so you can very easily change the instance type for example m v dot X naught which might give you let's suppose three gig of ram so you can bump up the specs of instance by changing the instance type I'll show you the process it's a very easy thing now this thing where you add on the specifications so this cancer is called vertical skinning this is a very common term that we use in the industry it's called vertical scaling where you bump up the specs of the existing server you beef up the server's you add a more RAM more CPU or GPU etc that concept is called vertical scaling opposite to it we have something called is not a scaling so I've discussed with you the vertical scaling where you bump up the specs of the instance then you have something called horizontal scaling the horizontal scaling is a kind of a term where you increase the number of instances for example right now I have 10 T 2 dot micro instances instead of beefing up the servers or anti-god most CPUs and RAM to those servers you increase the numbers because there's a high peak in the traffic there's a high demand from 10 you can go up to 100 so you can have hundred similar servers so you have increased your capacity 10 times from 10 to 100 also you have the option to go back you have this elasticity you can increase or decrease the number of instances ok so this is how you can resize the compute capacity either you can beef up these servers you can bump up the specs of it by changing this test type and if you want you can also revert back to the previous instance type if you want and the horizontal scaling you bump up in the province testers and if you want you can revert back to the same number that you had before this kind of flexibility and this kind of elasticity you get only in a cloud because in a data center environment it's very tough to achieve this type of flexibility okay now that's why a double stands for Amazon Web Services they give you these type of compute nodes in form of the services and you can use this as a service and you get a lot of flexibility because you can change the specifications or you can increase or decrease the number of instances that's what this is all about now and it's the one thing I just mentioned some more things over here for you because it's really important that you understand these concepts in detail the next thing we'll discuss is that how exactly you managed to define these things the open system applications services software and scripts how exactly you are able to define all these things basically all these things have been encapsulated in the form of AMI it stands for Amazon machine image okay this stands for Amazon machine image so Amazon machine image it defines the opening system the applications services software and scripts which you bundle together in a single package I'll just show you this thing on the management console right now you have to understand the concepts first so if you want to understand what an AMI I just want to make sure that I just make this concept clear first and a-m I stands for Amazon machine image what's that it's the Amazon machine image amis machine image now what is this Amazon machine image it's nothing but it's a pre-configured template what's that it's a pre-configured template or I would say it's a pre-configured package it's a single package it's a single package which consists of all the different attributes including what it consists of your operating system which comes in two different formats either it's Linux odds windows plus your applications your services your software and your script scripts you put that in a form of package and then needed they are required to boot instance from scratch they are needed or they are required to boot your instance your ec2 instance from scratch you need a complete package to build the instance from scratch that's the the purpose of am i stands for Amazon machine image you need to have this thing otherwise there will be nothing for you to install pon the operating system applications services software and scripts upon instance you have to have that fine you have to have the Amazon machine image that you can install body instance now if you see the broad categories they have multiple categories of the ami I discuss all the different categories one by one so ami has multiple categories so at this elaborate those categories right now in front of you so if if I discuss with you each one of them the first one is the public ami public ami is the one that's being pre-configured it is a pre-configured template that anyone can use it's a pre-configured template let's try it on once again so the thing is that you have to understand this fact that you have different categories of the ami so you have different categories and the first category is the wish ami public a em I okay and what is that it's a pre-configured or it's a default template pre-configured slash fault template now anything that you get by default or pre-configured will come with one disadvantage that is it will not give you any type of flexibility anything that comes pre-configured or it's a default thing it doesn't gives you any type of flexibility and also it will not give you any type of customizations one thing you have to understand anything that you get by default it's not customized it doesn't gives you the type of customizations that you need to have okay let me do one thing I did stronger to my aid rosemary console and I show exactly that how that publicly Amma looks like so I shoot back to my aid of spamming console real quick and show you that how this looks like so let me just open my management console and I show you from scratch it's really important that you understand this concept because this concept is the essence of the other services that we'll discuss in the future so I just log into my the management console real quick and I show you exactly that how you can leverage the public am I so I just logged in and you will see that I just go ahead and go to be easy to I just could be easy to under the computer section once it is go to the ec2 from here like a large master says now one thing that's very important before you can launch the instance you have to choose the preferred availability zone this thing is of utmost importance you have to choose the-- the availability zone not available is on right now because availability zone you will just choose afterwards but the region because you can also choose the availability zone but we have to choose the region first you have to choose a region first before we can just go ahead and start with the deployment of the instance fine so I just go to the Mumbai as by region I just go over there once against go to Mumbai as ma region I just go ahead a click on launch instance not this entire page that you can see right now this is my easy to dashboard what's that this is my ec2 dashboard I click on launch instance right now in front of you and this is the public ami page this is the ami this is the Amazon machine image now if you see the definition on the top like if I can just highlight the definition you can see that an ami is a template that consists of these software configuration which includes your operating system application server and applications that are needed to Mbutu instance from scratch fine now this is a list of T publicly M eyes now a.m. eyes come in two different flavors either tell Nanak's or their windows you can see that right now these are the Linux based a.m. eyes and the one that you can see free to Elizabeth this one let me show you this is free to eligible these are the one that you can use with the free to account without pink any charges fine guess you can see that the you're saying that my screen is stuck as if now I want my public a my page okay thanks one further confirmation so over here what we can see is that these are public iam eyes the two main flavors of the am ice Amazon Linux or I would say lonex distributions so for example Amazon Linux redhead SUSE Linux Ubuntu so these are different Linux distributions these are different types of Nanak spaced am eyes then down below these are the windows-based am eyes these are the windows-based ahem eyes so I can use any one of these am eyes these are the public am eyes I can start using them and each of the EMS would consist of the ami ID fine I can start using them on the fly but they don't give me any type of customizations this thing you have to understand you don't have your own flavor of services and upon them it's a raw type of public image you can use it for the demonstration purpose for the lab purpose and so on the main thing that you have to use in business environment is the my M eyes on the left hand side you can see there's Def Con degrees the second category so this is my publicly and my page then we have my a.m. eyes my MS is the second category which means that you can define your own customized a.m. eyes you can create and manage a complete repository of your own customized here AM eyes now why you need these type of customized ahem eyes this thing you have to understand see in the business environment you have your own custom built application services and you want to have them installed and up and running upon instances for that purpose for that reason you have to have the customized a.m. eyes if you don't have the customized a.m. eyes then you not go anywhere so the second category that will discuss would be the customized am eyes customized /my am eyes so it's your own built you own configured AMI now the thing is that how exactly you manufacture it I'll show you in a form of a demo session afterwards but right now you have to understand the concept first that how a customized ami is manufactured this concept is of utmost importance let's imagine this is my a SS cloud this is my eighth of a scout and this is my easy to instance what's that this is my easy to instance fine now upon this to instance I want to launch I want to deploy upon some opening system first things first before you can carve out the customers DMI you have to make use of so the very first step is that you have to make use of a public am I to loss assistance you pick any of the public am eyes and you install the open system services applications upon it fine that's that's a first step that you have to do you got the point to manufacture the customers they of mine the very first step is that you have to make use of a public ami then in the second step you have to install your applications SERPs applications services let's write it down applications services and scripts power says software or scripts upon the systems and you perform some base magicians awesome advanced Christmas customization see you perform Lee customizations so you perform all the different customizations based upon your taste and preference okay you install everything upon instance and you customize it that's a second step once you're done the third step is you capture image from it which becomes your customized /my am I this becomes your image because once you install everything upon that instance using public AMI and you install your custom-built application services and software's and perform the customization in the third step you capture the image out of it you capture the image out of it that's the whole story that's the process you have to follow to create your own custom-built EMIs that's a main purpose that's a main thing that you have to perform done so I think you I hope that you understood that process now the thing is once you have this customized image once you have so once this is the Bible this is the final product you have the customized ami that's a final product or the my AMI now from this customized ami you can launch any number of instances any number of instances okay of any instance type of any instance it's right down any instance type okay you think this customized image you can launch any number of instances of any instance type of aina you can launch any number of instances of an instance type and all these testers will have the same set of services and applications running upon them all distances will have the same set of services and applications turning upon them that's a beauty of the customers image once you capture it you can launch any number of instances from it with the same services and application running upon them let's take an example let's imagine that this is my a doubles cloud and I launched my ec2 instance a large Mesa to instance using a public ami for example and Amazon Linux AMI so I use this public hereby to deploy my image upon it or this is my operating system now this is my first step in the second step i deploy upon it the tuple web application so let's suppose i deploy opponent the tuple web app to pop up application plus my SQL database okay and I perform my customizations I configure my server I create the web pages and so on now in the third step what I will do I will capture the image is captured image from that instance this image will become my customized ami from the customized ami I can launch any number of instances for example I launched 10 you see two instances now all these tests will have the same application services run upon them same type of application - Krita base all the instances will have the same applications and services turned upon them that's the sources of manufacturing the customized image that's the main process fine that's the main intent that's the main process you have to ensure that you deploy the public EMI or you launched instance using the public here mind and then you install everything upon it including the applications and databases you perform the customizations and then you capture the image from the instance that's the process okay now I just go back to my this ami page real quick and this is these are my public am eyes so if I just go back these are my public am eyes and these this is the space where I can just maintain my own customized emi eyes i show later that how you do that you also have the marketplace the marketplace is the one where i can just purchase the softwares software from multiple vendors like sap Zend Microsoft Cisco juniper f5 Trend Micro and so on in the fall of the e/m ice now these are the paid emi smo STUV them i think you can see that almost 99% of these a.m. eyes are chargeable you have to pay for them for example I want to deploy the Juniper vs xrx next tuition firewall so I just go to this juniper via 6 RX next-generation firewall I click on that and you can see the ante fittest uses ami to deploy the Juniper vs our X next generation firewall in that case what happens is that I can see the product details the latest version the peace-offering system the delivery method lasses increment and so on what are the services needed to ensure that I can start deploying the chipper firewall in it appears I can scroll down and I can see the usage instructions support details infrastructure and on the right hand side I can see the pricing details knife a uses I get a free trial for 30 days and visible instance type I choose I have to pay the software fee per hour this will go to Juniper and the instance fee will go to either place you don't have to pay to Juniper you just pay the collective fee the total fee so behind the scenes 55 cents will go to Juniper and proponents this type the instance specification that amount will be we divided and it will be sent to it appears you just have to pay the total fee that's it and also you have to pay the charge for the storage so this is all about the marketplace you can explored it you can get a ton of multiple softwares or the a.m. eyes for the marketplace then you have community a.m. eyes now the community a.m. eyes are the one which are big used for you to perform the lab sessions or demo sessions it's a community effort anyone you me can create a customized image and publish that on that space basically by default my am eyes are public in nature I'm sorry private in nature when you created any AMI it's private in nature wants to make it public it gets published in this community mi s-- so anyone can create a custom image and publish that make it public and it will show up under the community here - these are all the things that we'll get over here now let's listen to one thing I go to Quick Start menu and I just go to the Amazon annex ami I use this public ami too large for instance I click on select once I go over there the next thing I will do is that I will choose my instance type now as we have discussed then different types of instance types will give you different types of resources in terms of virtual CPU RAM storage GPUs etc it all depends upon you that what type of application services you wanted to play upon instances and what are their specifications what are the requirements ok you can see that these are general purpose these are different families for example right now these are general purpose am eyes you can use their for any type of purpose if you don't have any an extensive requirement you can use it generally to deploy any type of web application upon them or even the database then you have these something called compute optimized they will give you a higher amount of compute power then you have the memory optimized or cheap instances graphical processing units then you have memory optimized which gives you a higher amount of RAM so these are different instance families and issues this family will consist of different type of instance now you can see the virtual CPU Ram storage the higher you go the more you have to pay the higher you go - what do you have to pay now depending upon the type of services and applications that you'd be running upon the instances you have to carefully choose instance type now even if you make that mistake you can always switch back to any of this test type later on you can perform the vertical scaling and you can change the instance type of the existing instances now there might be a question how do I get to know which is the stamina to choose from because I can see hundreds of them see first thing first any application that you deploy upon the instance it's obvious that you have some experience deploying or running that application in your own infrastructure any application that you run any service you run it consumes some compute power maybe CPU RAM so you already have the idea or the knowledge that what type of compute capacity you need to support that application or the applications for example the application that I'm running it needs 16 gig of ram so I will say ok 16 gig is supported by seed Road X slash I'll go with this one so it's your responsibility that you have to match these specifications and based upon that you can choose the instance type if by mistake you choose any any instance type which is not appropriate you can't change it afterwards even after you have launched instance fine now you have to choose the T to drop mic resistance type if you perform the lab sessions because this is free of course you don't have to pay for it t2 dot micro I click on next configure sense details and now we can configure a lot of details from scratch I'll discuss with you some more consept a few more concepts because as if now we've discussed the it's test type nami these are the components of the instances that I've discussed with you let's take it forward and I discuss the next level of concepts the next thing that we'll discuss would be the IP addresses see you this is the third component discuss the IP addresses see why you need the IP addresses you need to assign the IP addresses to the components of your infrastructure so that they can be a communication between these servers so these are used for communication you need to assign the IP addresses so that is the communication going on between the different servers in either player's the three types of IP addresses we are being used I'll just short down each one of them just try to understand their relevance so the first type of IP address that I'm going to discuss with you is called the private IP address what's that that's the private IP address now what's the relevance of private IP address this is purely used for Intel communication whatsapp it's used for internal communication what do we mean internal communication for example if this is my aid of this cloud and these are my two different stresses a and B running in the same infrastructure same cloud to communicate internally they'll be using the private IPS it's the internal communication stuff so it facilitates the internal communication and they don't allow they they don't allow external communication what a mere external communication I'm talk I'm Internet because internet is the biggest public cloud you have so if you use the private IPS they are not supposed to be used to access the Internet they are not supposed to be used for the external communication or communicate with Internet so it only facilitates in telecommunication that's what we make use of the private IP addresses it allows the internal communication so that the resources but it is in the within the same clout they can communicate they can send or see the traffic to each other but it doesn't allows the external traffic flow okay now the next question releases that who assigns them okay let's do one thing let's understand this ranges first what are the ranges that they fall into because every type of IP address will have a certain range this is the range of the private IP addresses ten dot X dot X dot X then we have 172 plus sixteen dot X dot X and it will go up to 170 2.31 destroyer once again 31 dot X dot X and then we have one ninety two dot one sixty eight dot X dot X over here X denotes any number between 0 to 255 these are the ranges of the the private IP addresses this is the range in which they fall into so whenever you private eye piece you have to make use of these fringes these are industry standard it's nothing new with it appears these are the industry standard private eye piece these are industry standard fine so these are the three ranges that they fall into so it's it's used for internal communication and these are the ridges now the rest question releases who assigns them who assigns these Shiro diapies basically it's the architect who structures the private IP the architect is a one the solutions architect the one that deploys these stuff provision the stuff provision instances facilitates the assigning of the private IPs okay so if you structure the entire network by yourself you define the private IP address of the network and the instance right so who assigns them the architect is there any price for this isn't it cost involved if you use this service what's the what surprising it is free no charge for this okay also there's static in nature which means that they will be impacted to the instance until instance pink delete it so it will stay with instance till its lifetime okay so this is about the private eye stranges and these are three ranges these are industry standard we don't have any more ranges these are the three one that we use in the industry these are predefined even if you did if you check your data center these are be used okay this is nothing new these things are we used from we have been using from past many decades then the second one is the public IP address now as the name implies it's used for the public communication it's used for external / internet communication it's used for external forward slash internet communication what I mean by that for example this is the eighth of this cloud and you want to have the resources within a to players being accessed but biggest public cloud resources which is Internet then you have to make use of the public IP so instance should have your ec2 instance should have a public IP so that it can communicate with Internet it's used for external communication now what are the range is there for into this is the next thing you have to understand see they have can have any range except they can fall into any of the ranges except the private IP range so I've shown you the private IP the strange and there's one more private IP that we don't use anywhere this is the loopback IP 127 dot 0 dot 0 dot 1 this is the loopback IP address loopback IP we use this for troubleshooting so these are the two ranges that we don't use in in the public IP except that any range will be a public IP this range right the next question that comes in that who assigns them this is a very important fact for you to understand who assigns these public eye peas aw skin assign it automatically or it's the client or I would say the architect who science who defines the public IP if you you say the players or if you have it of this assign the public ibis automatically this is no charge it's free of cost but if you use your own IPS there's a concept called bring your own own IP bring your own IP where you lease out some public IP is from your service providers and you pay them and you can use that those public IP s on it appears to have the uniformity of the entire design you can bring your own eyepiece you can lease them out from the service providers and use them on a to PS fight and this one thing you have to understand it is dynamic in nature this means that if your server restarts it will change it's not permanent if I say dynamic it is not permanent it can change it is subjected to change it is subjected to change I level at this point afterwards but you have to understand this concept first and of course once we move forward I'll show you in detail that how you implement this entire stuff so we discussed that - I plead it rest pipes the third one is the one that we use in aid of this explicitly these two we use in industry the public and private IP if you check out any of the network diagrams or you just check out your documentation if you fetch any document that's in your company's repository that shows the entire network diagram of the disor psa's you can see that the IP addresses are being assigned to these servers and different resources so it's a industry standard thing that we use the third thing that is just relevant to it appears is the elastic IP elastic IP czar same as public IP same as the public eye piece okay and they're used for external / internet communication however they are static or they are permanent in nature did never change now this is of the biggest benefit for you because in few cases if you deploy some website upon instances you have to have the static IPS assigned to them for example I just give you once single example don't be too much concerned about the example just try to understand the essence of it let's imagine this is my aid of this cloud and this is my easy to instance fight all this easy to instance I want to deploy I have deployed a wordpress site of word press site now how I allowed the external uses to reach my website for example these are my internet users these are my and slash Internet users how they reach my website I'll give them a domain so I will give them a domain they will type in for example X Y Z com it will hit the DNS server which will translate to the public IP address of the instance if you today you type in something called google.com facebook.com any website you type in it gets converted to the IP address of the server behind the scenes the DNS servers takes input and converts to the public IP so that you can Reis the website turning upon that server the problem here is that if your instance restarts if you restart new instance for any reason this public IP gets lost in between its released and your instance will then get a new public IP a new topic IP so you have to go to Tina's server and match the domain with a new public IP so this adds on some more overhead upon you more tasks for you it's a burden for you because every time you stress restarts you have to map your domain to the new public IP to fix this you assign it this instance an elastic IP which never changes it is same as public IP but if even if you restart instance this never changes by itself so you link your domain for example XY c-calm to the elastic IP and if instance restarts it never changes so the static in nature it is static in nature we discussed that in detail afterwards right now you happened understand the concept first the question releases now how it we charge for that what's surprising see you get five elastic IPS VIPs for free okay you get five elastic IPS per region each region this is free of cost and this is the maximum limit you can go up to you can't have more than five last acai piece in any region okay and this is applicable for any account any account type whether it's a business or it's a free tier this is applicable to any account type fine so five elastic I have is per region free of cost and that's a maximum limit you can go up to you can't go beyond that however they will charge you if you assign the elastic IPS to stopped instances stopped instances for longer duration or you have them just sitting idle and not being attached to any instance so if you if you waste them if you don't use them properly they will start charging you because it's a scarce resource in astok I percent public's public Ivies aren't scarce resources there's a scarcity of these IPS these are scarce resources so it is very important that you should always have the elastic type is assigned to running as Tessa's don't keep them just sitting idle which means that if I'm saying sitting idle this means that they are not attached to any instance and don't assign them keep them assigned to these stop and stresses we discuss these things in detail afterwards right now you have a dismissed and II can set so these are the three types of IPS we make use of in our eight of us infrastructure done okay the next thing we'll discuss is the VP see after we discuss the IP addresses the next thing we have to discuss is a VP see now there's a complete section on the VP see devil discussed in detail because once we launch the instance we have to choose a VP see hence it's important that you understand the basics of it first so what is V PC by the way V P C stands for virtual private cloud what's that it's a virtual private cloud basically it's nothing but it's a virtual data center that would deploy upon thee a Douglas infrastructure see the question releases why you know to have this virtual datacenter what happens is if you look into AWS AWS is a public cloud it's not a private it's a public cloud because anyone you me you competitor can sign up for it appears and start deploying the services and applications without any verification the problem where I arises is that now you don't feel comfortable because your resources will be visible or they might be visible to your competitor or other organizations so how do you get some seclusion up you want to get some privacy you make use of this world data center this way to data center is called the virtual private cloud in that case every organization will have its own DPC let's imagine this is my V PC which belongs to Wipro this is my V PC which belongs to AIG this is my third VPC which belongs to Accenture this is my fourth V PC which might belong to for example spacex every single organization will have its own virtual data center its own cloud even though they are resting on the same public platform the same public cloud that's AWS but they have kept themselves isolated there's no communication by default by default there's no communication so this gives you the isolation the privacy so what are the benefits we get out of it the benefits that you get from this V PC is first one is that it gives you enhanced security what's that it gives you enhanced security it gives you the transparency what's that it gives you the transparency also it gives you the flexibility you can flexibly define the resources without any issues it gives you the amount of flexibility you you aspire for enhance security enhanced security transparency flexibility so this these are the three main benefits that you get also you can see that you get the isolation these are the four main benefits of using the V PC which is nothing but it's a virtual data center that you deploy upon the public cloud platform that's the Amazon Web Services you got the point okay that's the concept of V PC which stands for virtual private cloud now how you structure it I'm just giving the basic concept try to understand the concept because wants to discuss VP's in detail afterwards this complete section upon it will discuss these things in detail yeah we're discussing in detail now if I said transparency this means that you can look into resources in much more depth let's assume let's imagine this cloud is my wii pc now a V PC is but it stays in a region because V PC is a region specific resource so let's assume this V PC is in Mumbai this V PC is in Mumbai and each V PC will be assigned a private IP address block it's called okay let I just make it simple for you it's a private IP block so you have to make use of a private IP block to define the V PC for example 10.0.0.0 slash 16 I don't go into details as if now I'd discuss with you what this sixteen means so you just have to understand you assign a private IP address range to a VP see right then it within the VP see you structure or you carve out the subnets so this is my these are my subnets these are my rectangular blocks what are these these are my subnets these two are my subnets now what is a subnet by the way let me just do one thing that we distill so these rectangular block for example this is my subnet a and this is my subnet B right the question really is what is submit the answer is a subnet is a complete block of private IP addresses which consists of your easy two instances ystos Dez's or your businesses it's a complete block of private IPS which consists of your East justices or database instances now each of these subnets will be linked to a specific availability zone in your region for example this is my subnet a that belongs to ap south 1a availability zone this is my son will be there belongs to ap south 1b availability zone so I've structured the subnets now maximum you can have up to 256 subnets maximum in a V PC okay maximum each subnet can be linked to a specific zone and you launch your instances you for example these are your ec2 instances inside these subnets a B C T these are your instances that's how you structure the V PC you keep the instances inside these subnets and each one of these subnets is linked to a specific zone this is this is a network overview this is your networking infrastructure or architecture from the network effective from the network perspective that's how you place your instances inside the subnet and each of these subnets will be linked to a specific easy or the availability zone fine and your instances will get the private eye piece from the subnet range for example instance a will get its private IP from the range of the subnet for example this is this able get 10.0 dot 2.2 Statuary - because the complete range of subnet is 10.0 dot 2.0 slash here - you don't have to go into details right now for examples for subnet be the range is 10 dot 0 dot 3.0 slash 24 and instance c will get its private IP for example 10 dot 0 dot 3 dot 3/24 your instances will get the private IPS from these subnet range from the range of the subnet from the range of the subnet devil notion to your instances will get the private IP addresses from the rage of the subnets they are launched into so that they can communicate internally they can communicate internally and they can access each other the traffic and flow internally between these two different subnets and instances this is a basic concept deep dive in afterwards because as an architect you should know how to create this entire infrastructure will deep time in we discuss all the things in detail afterwards not right now right now I'm just creating the foundation for you so that in the future you can easily understand how exactly the things have been placed alright this is about the that's all party virtual privately out be PC and your private IP addresses of the instances is being fetched from the subnet range okay the next concept I'll discuss with you is the pricing so you will discuss the pricing in detail afterwards as to show the website you have different types of pricing mechanisms that how you are being charged for the usage of different resources especially instances because the easy two instances they will form the a major part of a billing component this is the component that will be take a lot of space in your billing part so you have to pay a lot of charges for the usage of a easy to it's very important that you understand that you have to understand that how you've been charged for the usage of instances the first thing the first pricing model is called on-demand on-demand means that you are being charged based upon the number of hours consumed it's the number of hours consumed it is strictly the time based consumption model okay it's a number of hours consumed it's on demand it's on your demand there's no long-term commitment no long-term commitment if you don't want this thing you can see thing is that if I say no long-term commitment you run then stresses for maybe one hour or two hours and stop instance and you just have to pay for the amount of hours consumed okay so for example I disrupt the instance for only two hours and then I stop it I have to pay only for these two hours that's it there is no long-term commitment I don't have any long-term contract with the Amazon Web Services okay so this is the basic concept of on demand you pay for for the number of hours consumed there's no long-term commitment but it has a downside the downside is that there's no partial our billing there is no partial our billing what do you mean by that which means that even if you run instance for Less in one hour you'd be charged for complete one hour for example I run the instance so I run two instance for just 10 minutes still in that case they will charge me for complete one hour or 60 minutes there's no partial billing even if even if you run instance for 10 seconds or 10 milliseconds you'll be charged for the complete one over this is a very big disadvantage that it comes with that with it there's no partial our billing even if you run this test for less than one hour you have to pay for the complete hour okay so there's no partial billing then the second thing that you have to understand is reserved this is the another billing model that we'll be using in the business environment the most here you reserve your compute capacity you reserved the compute capacity if I say you reserved the compute capacity I'm talking about the instances you reserve them for one year a three-year contract for one a three-year contract you deserve them okay for example I I can say that I want to reserve 10 M 5.2 X large instances for three years I want to reserve them for three years or to come into a contract the question is is what's the advantage why don't reserve t instances because if you compare that so compared to on demand compared to on demand you get up to 70% discount if you compare that with the on demand you get up to 70% discount for example if 1m 5.2 X / instance cost me one US dollars per hour so might be that if I reserve it I have to pay let suppose 30 cents per hour so in longer terms I save my cost I reserve my compute capacity for one year or three year there's no to you one year or three year contract and I just make sure that I can get some subsidies I get a discounts so if you have a long term vision with it appears if you have a long term vision you can go ahead and reserve your compute capacity also you have the third one that you will not use quite often it's called spot pricing it's mainly used for the lab purpose experimentation or you want to transport some media so it's used for lab purpose basically used by University students lab purpose it's used for x premonition and it's used for let's suppose media transcoding media transcoding means that you convert the videos into multiple formats for example you have 100 mp4 videos you want to convert it to the AVI format okay you want a lot of compute power in that case now the thing is that you get up to 90% discount compared to on-demand it's very cheap but thing is that you have to bid for it so what you do what you do is that you do the bidding you bid for unused compute capacity you do the bidding so the thing is that you give you you bid price and so thing is that if you bid price you do the bidding if your bid price is more than spot market price then your ping given that instance but it's not permanent this is not permanent this is not permanent if someone bits higher than you then in that case the instance is taken away from you terminate it and given to that other user it's not permanent your instance can be terminated any time yes of course there's some exceptions to it and then SS will be terminated and given to the other user who has given the hybrid this is a temporary type of instance which you've used for a lab purpose experimentation media transcoding you will really use it in your business environment case it don't focus upon that that much you need to focus upon the first two on-demand reserved spot and I'll discuss with you two more that we'll be using in a business environment the fourth one that we'll be using would be the dedicated host dedicated host him what happens is in this case you dedicate yourself are you you allocate a complete physical server you get a complete physical server for your use now why you want to deploy or have a complete physical server of it for you because there are few exceptions where you might need to go without complete physical server first of all let's understand how exactly at a server level at the heart of a level the things are being managed see what happens is in a table is they are two types of tendencies destoyed understand that two types of tendencies one is shared and the other one is dedicated what's the difference see if you go to the shade tenon tenancy shared tea Nancy you have this physical server let's imagine this is your physical server this is your HP IBM or Dell physical server and these are the small virtual machines these are the ec2 instances these easier instances may belong to separate individuals or organizations for example these two belong to pit row this belongs to Ezio these two belong to Adobe so on the same physical machine you have this test is running and they'll be shared among different individuals or organizations this type of tenancy is free of cost you don't have to pay for this tenancy I'm not talking about the instance cost this is the tenancy caused this tenancy is free of cost you don't have to pay for it now sometimes you have to go and dedicate it because due to some software legal requirements or security requirements you might go a dedicated now one thing at the shared tenancy level you get the instance isolation you get the instance isolation no two instances can talk to each other you get the instance isolation so eight of these guarantees youth instance isolation it obvious guarantees youth instance isolation however due to some legal security compliance and software requirements this might not be suitable to you I give one example this one example I can give you for example the Oracle Enterprise Edition database if you want to leverage on AWS it does not supports the shade tenancy instance it does not support share tenancy you have to install the or deploy the Oracle Enterprise Edition database on a dedicated physical host so what happens in a dedicated physical host it's a dedicated tenancy so in in terms of dedicated Dean NC / host what happens is you have the same physical server the same physical server the same HP IBM or it's a Dell physical server you have the same physical server and these instances that are running on on the physical server would belong to you because you have you have dedicated yourself the entire physical silver this is owned by you this is owned by you either you can pay for it on-demand hourly basis or you deserve it in most cases you reserve it okay where you booked it for one year a three year contract the entire physical server this means that all these instances would be yours you will not allow anyone to deploy their instances on the same physical host because you own that physical server it's a private physical server it's your private physical server you got the point that's what it it means fine that's about the entire stuff so these are two types of tendencies that you can opt for now dedicated tenancy as as self is not free you have to pay either on-demand or you pay or you reserve that okay the fifth and the last one that I'm going to discuss with you it's not used that much in a business environment this is the first second billing where you are being charged based on the number of seconds consumed number of seconds consumed now why you go with this number of seconds consumed while you go with this type of billing model because if you go with the on-demand the major problem with the on-demand is that there's no partial billing if you see the on-demand there's no partial I will be linked to solve this problem you can go with the the fifth option that's a person in pinning which means that you pay for the instance usage on pure databases okay so instead of paying for the number of hours you pay for the number of signals consumed however you have to run the instance you have to run the instance you have to run the machine or instance from the instance for 60 seconds at least not less than that for 60 seconds at least and as if now it supports only 2 a.m. is Amazon Linux and it also supports the Ubuntu it only supports the Amazon Linux and Ubuntu Linux ami AMI chains or instances these are the only two am eyes that support this person and billing as if now right you have been charged for the number of seconds consumed you run this test for sixty seconds at least and these are the only two a.m. is that supported this is how you have been billed for the instance usage that's how you've been built for the instance usage you got a point alright that's how you are being charged so over here the next consider I'll discuss with you is called cloud watch okay the next consider discuss with you is called cloud watch see cloud watch is a separate topic on that but because it's a part of the instance competition have to discuss with you what is cloud watch see cloud watch is nothing but it's a default monitoring tool it's a default money to how this works for you monitoring me said it will gauge upon the performance of your resources how this works for example this is my easy to instance and simplify this concept for you right now and cloud watch is a separate service cloud watch will gauge upon the performance of instance and is a frequency if the frequencies five minutes it comes under the concept of standard monitoring where cloud watch will analyze instance performance after every five minutes you can as an admin you can log into the cloud watch and see the exact performance but if you want to make it fast and make it more I would say you want to get the updates faster you can also go with the one rate frequency it's a one minute frequency okay one thing this data monitoring is free of cost you don't have to pay for it if you go with a vibrate frequency which means that the cloud watch analyzes the instance performance after every one minute it's called detailed monitoring detailed monitoring and you have to pay for it this is chargeable so these are the two flavors of cloud wash monitoring you might get a question you may get get a question from this stuff so I just go up to the this page and I just include those things that I've discussed with you right now I'll discuss with I discuss with you a few things I'll apply this sort the same things over here so first thing first I choose the number of instances I can I can just mention 10 20 whatever number I want so I just launch only one instance right now Auto scan group is a different fee we discussed it afterwards we can deploy the instance in one single auto scaling group but as if now I will not use this option basically it is used to promote automation as if now I am NOT automate anything but Jessica option by default it's the on-demand purchasing apprising we're using if you check this off it becomes spot we can bid for it but right now because we use in feature account we'll be using the on-demand freising network now this is the VP see the virtual private cloud I was talking about so I discuss this concept with you VPC right so what's the VB scene it's a virtual private cloud it consists of subnets and each subnet is linked to a different zone so having said that I can choose my V PC this is my default PPC and I can if it's use this subnet of V PC in that case I'll be launching ok my page got refreshed every scope at once again so if I choose this subnet in that case my instance will be launched in AP south 1a if I use the second subnet then when stress will be launched in AP salt 1 P and 4091 IP address is available this miss ed these many instances these additional stresses I can lodge in the subnet however eight of this recommends that you choose no preference because if it's use no preference in that case what happens that if you choose no preference then a SS will launch your instance in any of the best available zones or supplements by itself but you have the privilege you can choose any subnet of your own choice then wanting that your instance will get the private IP address range from the subnet range by itself but as an architect once you move forward you structure the V PC and a supplement by yourself then you also have the public IP you can also assign the public IP iris to the instance so that it can be used for external communication by default it's enabled if you want to can disable it but I want to enable the public IP address because I want to communicate with that instance using the concept of the public eye piece okay then we have placement group and capacitor salvation these are two separate concerns and discuss these concerns with you later on you can skip them as if now I am role we discuss the I am row I can choose the this I am role so that this instance can communicate with my buckets in the future and if I want to add more subnets I can stick on create new subnet and I can just add on more subnets by clicking over here then we have shutdown behavior shutdown behavior our two buddy for it stop I can if I shut out the instance I want to stop it if I choose terminate in that case tell me it means that you permanently kill the instance if you terminate any instance you can't get it back you can't get back and it's test which is terminated so I will choose stop now let's suppose this instance that you are just in the process of launching it's a very important instance for you you can't afford to lose it maybe this is this is a master server in your Hadoop cluster so you want to prevent any type of accidental termination because might be this is this is being shared among 100 REM users and someone can by mistake terminate or delete this instance by mistake so I can check this option so that I give immunity to this instance the termination options get greyed out no one can accidentally terminate or delete the instance because the termination option were being created out of being disabled monitoring I'll discuss with you there two types of monitoring standard or detailed by default it will be standard which has a five-minute frequency which is free of cost but if I check this option cloud watch detailed monitoring which has a vehement frequency in that case we have to pay for it Saginaw and check it and keep a stick to these standard Travis wanted drink didn't say we discuss that shared and dedicated means that I can have instances up and running on a shared physical server but I don't have to pay for it I can also go with a dedicated way I run my instance on a dedicated physical server and have to pay for it ok t-2 t-3 unlimited usually you don't use that in any business environment basically if your instance wants a very high CPU CPU performance if an instance was very high CPU performance then it can burst the CPU credits of it basically don't use that in any business environment I can also add a file system upon this instance like elastic file system but as if no I will skip it Nadeau interface this is the default elastic Metro interface attached to this instance ok we gonna accept the default values under advanced details I can mention a script like a Python script a bath script a perl script so that was assistance gets launched I can have the services and applications deployed upon denseness automatically ok that's bothy advanced details now i just go to next and storage you can add on the EBS volume the elastic block store volume to the instance this is a complete lecture on the EPS we'll discuss that in detail afterwards it's nothing but it's a virtual disk it's a virtual storage that we assigned to the instance like you're using a laptop or computer it's a heart it has a hard disk embed into that similarly you have a virtual disk linked to this virtual machine so that we can use this virtual hard disk to boot the instance and you can you can install upon the operating system upon it it in the system of the program files your documents and your data by default it will allow me to assign 8 GB or 8 gig of storage the EBS volume this is the EBS volume elastic block store volume it's the kind of a virtual hard disk you allocate to the instance and the maximum size can go up to is is 16 to the pike these are different types of volumes will discuss these different types of volumes later on when the time comes and based upon the type of volume you choose these are different performance parameters we discussed that thing later on once we discuss EBS in detail afterwards if I uncheck this option delete or termination in that case I make this volume independent from the instance lifecycle this means that if this instance that I'm launching I terminate or delete instance in the future in that case this 8 GB of hard disk will not be deleted will not be deleted ok also I can perform the encryption of the volume if I want so if you uncheck this option delete on termination in this case if it terminates instance in the future this volume will not be deleted I click on next add tags now we discuss the purpose of tag we can add a tag for example tag key is name and the value is type in Amazon Linux instance and the tag be signed to the instance and the volumes basically will send a pattern instance so that we can recognize instance because we may have hundreds of instances on a single dashboard so we can tag the instance so that we can easily differentiate between multiple instances running on the same instance dashboard also help us to extract the billing reports then we just click on next configure security group now the security group is nothing but it's a virtual firewall that you assign to the instance basically you assign the security group to the instances so that you can restrict the incoming and the outgoing traffic with respect to the instances a security group is a set of firewall rules that control the traffic for instance so you restrict the incoming and the outgoing traffic with respect to the instance ok let me just discuss with you how how it operates how it works for you so let's imagine let me just go back to my iPad screen this is a very important concept and this is the first step towards the enhancement of the security this is this thing you have to configure properly so that you prevent you your instance from some unwanted traffic ok so what's the security group just try to understand concept right now and I just show you the the configuration so a security group is nothing more than it's a virtual firewall what's that it's a virtual firewall you make use of that virtual firewall to restrict the incoming and the outgoing traffic with respect to instance for example this is my instance this is my ec2 instance okay and this is the instance data just up and running now to restrict the incoming traffic this is my incoming traffic and this is my outgoing traffic so incoming means that the traffic that reaches my instance that hits my instance and the outgoing traffic means that the traffic that's been generated by the instance that's outgoing you filter the incoming or the outgoing traffic using this virtual firewall that we call at as a security group okay it's a virtual firewall now we apply the filters three main filters to perform the restrictions what are the three main filters we make use of so the three main filters that we may use of are the following the three main filters are the first one is the protocol the second filter is port and the main filter that we use is the source slash destination IP addresses source slash destination IP address or addresses these are the three main filters you make use of to perform the restrictions it's very very important that you apply this thing properly let's take one example let's imagine that this is the aid of this cloud and this is your easy to lonex instance you using a Linux based operating system to run this instance now this is you you are the administrator okay so you're sitting in your office you want to use Internet as a medium to get a connectivity to the eastern an existence so from outside from any of you you'll be initiating the SSH connection SSH stands for secure shell it's a protocol that you use to get connected to the LAN existences only lonex secure shell it uses port 22 what supported uses 22 now it's very important that you because this will give the route access to the instance root access the command line and access to the instance it's very important that you allow it from the gnome source IP so no I pee it should be an out so might be you're using a laptop using an app tub or a machine it has the IP address like 50 7.20 8.20 9.35 every machine gets an IP address so this IP address should be used to initiate the SSH access to the Lankes instance because we can do to access the admin axis similarly if you use of windows instance let's suppose that this is your window systems now so this is my a w s-- cloud and this is my easy to windows instance now for the windows instance use a different type of protocol so for example this is you okay to get the root access to the windows instance you choose a protocol RDP for the windows that stands for remote desktop protocol it uses the port static port 3 3 8 9 ok so if you want to get the if you want to get the do to access to your windows instance you have to use the this protocol protocol and port so it should be it should be alert from the nor source IP you can't allow it from anywhere from the known source IP ok so that's about the getting the do to access to the linux em windows instances ok let's imagine let's forget about lonex or windows let's imagine let's take a third example this is your a double out and this is your instance it can be non-existence or it can be windows instance it can be any any of these two different stresses the main thing that you are I want to focus upon is that upon this instance you are running a Drupal website a Drupal web app web application or a website now you have the external users these are your end-users or external users who want to browse your website okay so this should be able to send the HTTP they should be able to send the HTTP requests the HTTP uses port 80 and you want to encrypt it you can use the HTTP which uses port 443 so if you want to allow the web traffic the web access by the end users you allow the HTTP or HTTPS but the thing is then you have to also define the IP address what should be the source IP the source IP is any IP now the source IP is any IP anyone can browse a website okay and any IP is this IP 0.01 term once again so it is 0.0.0.0 forward slash 0 this is any IP you allow anyone to browse the website running upon instance but the duty access is given to the node IP addresses okay like anyone can ring your bell but you only allow the known people to come into your house so the end users all external users can browse a website but the root access is given to only your admin users the known people who can get to the core of the instance and perform the patching maintenance soft installation and so on ok this is the concept of the security group I give you one example we are this and capsulate all these three examples this Nanak's one windows one and this one I'll just take one example we are discuss all these three things in one single example so in this example strata once again so in this example let's imagine this is the aid of the Scout fine this is my easy to lonex instance ok this is your branch office these are your windows this is your corporate slash your branch office ok where all you are mr. to sit on the left hand side these are your internet / end-users right now upon this Amazon existence you have deployed a wordpress site a block fine now the people in your branch office because every branch office every data center this is compute this can be your data center every single office will have an IP address range every single office is it leases out an IP address from the service provider for example this branch office has this IP this range of 54 dot 72 dot 0 dot 0 star 16 and people sitting here in your office need to get a Jew to access to the instance to perform day-to-day operations might be customizing the web site installing the software patching maintenance and so on so I will say SSH which uses port 22 will be allowed from this IP address range okay and what about these people who want to access my website they don't need to access my WordPress site so I'm saying that the HTTP which uses port 80 and HTTPS which uses port 443 will be allowed from anywhere 0 dot 0 dot 0 dot 0 slash 0 this means that any user can browse the website running upon my instance but the huge access I'm giving to the people in my office the aid of architects system Staters and so on so it's very important that is segregate the incoming traffic that's coming to instance by making use of this virtual firewall which is my security group ok so I'll do one thing I just shoot back to my eight of his family console and then I need to create a new group says name it as Amazon so you can ascend any name to it Amazon Linux is she as u stands for secret group and I can briefly describe this group this is she will be assigned to my Linux web servers so you can assign the same group to multiple servers right and then the next thing I will do is that I just choose the SSH for example SSH is given the root access because this is the Atlantic's instance this is the nonexistence so I'll be using the SSH and then the source is anywhere now you should not you should not allow the root access from anywhere you can see the warning message juice with the source 0 dot 0 dot 0 dot 0 dot 0 slash 0 in our all the IP addresses to AXA instance we recommend setting the security group rules to allow access from known IP addresses only ok so it should allow the ssh from the node IP so i can choose for example my IP if I choose my IP it automatically picks the IP address of your computer the present IP address that you compute is getting right now so I'm using iMac this is what the IP address of my machine I can also choose a custom range of my branch office I can say this is the custom range of my branch office ok so I can say SSH sorry SSH from my branch office okay and then I can say that the HTTP can be allowed from anywhere so I would say HTTP access from anywhere I can say that I need to allow the HTTP from anywhere HTTP from anywhere so can you relate this to the example that I've shown you I'm giving the due taxes to my branch office but the web access is given to the end users any IP address I click on review and launch ok let's go back yeah and this click on review and launch I can review the screen I can view all the parameters and I can change them as if now but presently everything looks perfect I click Launch now this is the method of authentication to authenticate and get access to the instance use two keys public key that's being embedded into your AMI and the private key that you store on your desktop I'll show you later on that how you attenti Kate so basically you mask the private key with the public key it's been embedded into your AMI so you have to create a new key pair for authentication and you have to name it for example and symbol as AWS am Zn - KP that's it that's the name of my keeper that we using for authentication it has it will have two keys public key that was stole that will be stored by Edo Prius it would be embedded into my AMI and the private key copier I will store that in the future if you want to authenticate I'll match the private key with the public key and if the mat is correct I'd be able to authenticate and get access to my instance I think on Donald keep here it downloads the private key on your computer and let me show you the copy of it it will be downloaded on your in the downloads folder of computer this is the complete algorithm I show you that how use it you'll be using it for the authentication purpose I go ahead and click on launch instances and my instance is being launched you can see that it says your instances are now launching I just go to the instance dashboard and you can see that it's in the process of getting launched and you can see it got the public IP the private IP I can see all the details on a description that's the process you need to follow to launch their stance

Info

Channel: Rohan Arora

Views: 890

Rating: undefined out of 5

Keywords: EC2, AWS, Amazon Web Services, Cloud Computing, Virtual Server, EC2 Instance

Id: f_6GmwWnyNc

Channel Id: undefined

Length: 111min 23sec (6683 seconds)

Published: Sat Nov 16 2019