foreign if you can see my screen yes sir okay cool so how many of you uh know the cloud Basics just want to get a ground to grab how many of you know the basic Cloud things right how Cloud Works what are the models subscription models basic models benefits of cloud this basic screens I'm just going to work you through this is what I'm asking you that uh so I'm just asking about this Basics how many of you about these Basics what is cloud computing how does it works advantages disadvantages how many of you know about it we are expecting you you're not aware about it let me just take some of the basics then I'll come to that okay so let me introduce myself first my name is nitesh I do have total of 12 years experience in software industry so I'm going to take this AWS architect plus devops there are two things welcome to KDM Music World Bluetooth device so there are two two types of courses will be there one is we are targeting for the AWS solution architect if your career reason is to become a solution architect to the developer then this is a curriculum that you can get occurring from moment and second would be training would be on the AWS solution architect plus devops first few lines first few slides will be targeting on the AWS solution architect and then in last we will start covering about devops also in devops we are going to cover lot of things like understanding gate working with Jenkins how to create pipelines working with terraform then another examples like Docker deep type kubernetes and sonar Cube and other monitoring tools everything in this sessions will be 100 practical I do not believe in theoretical knowledge so I am going to start with very very basic things today which we say cloud computing so what is cloud computing cloud computing is one of the service available on the internet where servers Networks storage development tools and even applications are enabled over the click so button So Gone are the days when people used to see that that only few Services you can see over the Internet over the cloud now almost every service is available [Music] over the cloud let me try to explain you what I'm trying to say here is so when you go to Cloud there are multiple Cloud vendors available one is create Affairs one is azure one is gcp Google Cloud right so multiple Cloud vendors are there so now the question comes is which one you should use my advice would be go for AWS because it has a great Market percentage in the industry it has more services available without so so what are the things mainly we are targeting for the cloud like I said what are the main examples what are the main things what are the main advantages of the cloud like I said it is cost saving how you can say it is post saving first of all you need to understand how Cloud works so traditionally if I'm working let's suppose I am working with one of the company and that company name is TCS okay all right company name is TCS and I'm working with them I need one dedicated server I need one dedicated server let's imagine this is my server and I need this server to host my code that means I am going to create This Server as a web server so what I will do in that case is as a TCS employee I will ask my manager to schedule or I would say I will read the request and they will install a server in their data center that is a traditional approach bone are the days I am talking about 15 to 20 years back of time right nowadays how you work these things how you work on this scenario is you have the AWS portal access right you have the AWS portal access you have the gcp access Google Cloud platform access you have the Azure access right in any of the portal you can go and raise a request that I am looking for this capacity of machine for example my requirement says I need 16 GB of RAM and I need 48 or 480 GB of hard drive hard drive so what I will do in that case should I go to Hardware provider no no answer would be no that's the traditional way of doing the things now nobody can wait for that right you cannot do it for couple of days to install a server and everything now you what you are looking for because everyone is looking for their services very quickly it's a time they are asked we are demanding right so in that time if you're looking for 16 GB of RAM for 80 GB of hard drive you can very easily this you can achieve this thing very easily in AWS gcp or azure so I'm just discussing about three Market vendors that 100 plus vendors available in the market like AWS gcp SEO so for example go with this thing only I am going to ask I need 116 GB of RAM what I will do I'll go to my AWS account and create instance very easily they have given a flexibility to you so what I am going to do in front of you just to tell you that I'm all I'm teaching is first thing first I will tell you how to create ec2 instance using Windows operating system operating system and then as a second lab what I will do is I will create ec2 instance but this time I will be working with Linux as operating system and in both the use cases I will host my web app basic web app I'm going to work default Drop app here also in Linux I am going to work with default web app so these two scenario I will cover once I am done with this new scenario I will I will also come to Ami Ami means Amazon machine image Amazon machine image I will be discussing how to create Ami how to create instance from Emi so don't worry just sit relax and enjoy this session how to create ec2 instance now first question first what is easy to what is ec2 I am going to create ic2 I'm not sure how many of you knows about it but what is ec2 when is when I say ec2 I'm saying elastic compute cloud and guys please trust me on this part this is a fancy term this is the only fancy term actually it is VM when I say virtual VM it's a virtual server it's a virtual server nothing beyond that it's a virtual server it's a you can say uh it's not available in the physical manner but is it is a virtual server that I am going to create in AWS with few clicks I will create one server in front of you but before that let me try to explain you few things about AWS which is going to help you to understand about AWS first thing first you need to understand here in AWS we have a concept of region region when I say region I'm talking about geographical location of AWS locations for example AWS says I am giving services in India I'm giving services in U.S I'm giving services in Singapore and giving services in Dubai I am giving services in another country right in that case what AWS says is I have a Mumbai region for example this is India region similar like AWS says I have another region copy this I have another region which is in U.S which is in U.S I am calling it Northern Virginia reason right Northern Virginia reason in that case similar like this I have another region AWS says in Singapore Singapore now you might be asking why WS is creating three different regions at different different places or we have at least as of now if you go with the AWS documentation we have more than 31 reasons available if you go with AWS documentation it will show you exact number of AWS infrastructure so for this you will need to type AWS Global infrastructure it will start showing you Global infrastructure of AWS it says it has 31 launch reasons with multiple availability Zone I am going to explain you what is availability Zone but in short it has 99 availability zones and 450 plus point of presence so let's understand what is region region AWS says is hey I have a customers in India I have customers in U.S I have customers in Singapore I
cannot create a one Data Center and serve to all right I cannot create a single data point so what they are doing is they are creating multiple data centers at different different locations that's what we call it availability zones availability zones are people joining from the name oppo's iPhone please do not join from join from your real name if you really want to join the session I will otherwise I'll exclude you from the session so here in Mumbai region North Virginia region what they do is they have different different availability zones for example AWS sales in India we have three availability zones when I see three availability zones I am talking about easy one easy to az3 AC3 P data three data centers or you can see availability Zone availability Zone and data center both are same thing in Layman times I am talking about you I am not talking about very fancy terms this is very data centers pure data centers as per the cloud principles good Cloud principle it says one data center should be 300 miles from another location for example I am saying this is in location one any location it can be and second location is different so there would be a difference both 300 miles in every location every Data Center every Data Center amid they are not joining with their real name they are joining with Oppo iPhone Okay so ac21 ac23 and let's imagine this is location three all right guys this three data centers now the first question comes in our mind when you go for the interview or certifications why three why not four why not two why not five y y three because every cloud vendor is going for that day two are not sufficient if you are saying I am going to create one Data Center and you are keeping one copy extra copy of it that copy can be also hamper right so that's the reason they have arrived on a decision as a cloud standards we should have three in the initial days of the cloud they were having two data centers also in some of the organizations like IBM Oracle they still have two data centers yet that is not against of principles of cloud that is also fine but what AWS is targeting for in every region if you see the region list these are the written list basically if you click on regions and easy it will show you all the reasons in regions for example in North America they have one two three seven regions these two are government regions that you can exclude but under these regions you have in U.S West Region you have availability Zone 4 now the first question comes in mind I am explaining you here in Mumbai there are three data centers but in in U.S vs they have availability zone four it might be possible that is what I am saying according to their need they are creating a data centers in U.S there is
a huge demand Plus they have created a systems in a way so that they can serve the less latency right so they have created the multiple data centers multiple huge demand is there in U.S east region we have six availability Zone but if you go with India in Africa in Asia Pacific if you go with India in India now we have two regions one is in Mumbai one is in Hyderabad so we have two regions now so if you go with it so if we it will tell you in India we have Mumbai right we have Hyderabad Hyderabad is recently launched just four to five months back it has three availability Zone similarly a shape asset Mumbai has three availability Zone so if you go with this diagram now why they are creating a three four pieces because they want to store your data at a safer place if one data center is going to impact due to flood due to earthquake due to political reason due to electricity issue due to any possible issue in that case what will happen is they will move your data to location 2. or they create a copies in a way so your data is secured so data is safe if entire data center is down down still you have location two still you have location 3 with you right with this mindset what the internally doing is let me just delete this platform now and expand this let's imagine this is one data center I'm just moving this part to here then imagine this is one Data Center now I am going to start with ec2 what is ec2 like I have created I told you I am going to create two ec2 instances right I'm going to create two ec2 instances one using Windows operating system one using a Linux operating system so what they do internally is when I talk about ec2 ec2 is a elastic Computing Cloud which is a computer which is a virtual machine I am going to create one virtual machine now in front of you so that you and you can understand now so for this I am going to login in my AWS account this is my AWS account I'll go back to services and in surface I will look for ec2 the moment you type ec2 in this search bar it tells you it's a virtual service services in the cloud click on the cc2 and this is a ec2 dashboard click on this instances and guys if you have any questions feel free to speak you can unmute yourself and let me know your questions if you have any questions till now arvind Vivekananda Deepak gaurav any questions guys Manoj yashika Vivek sham Shivam any questions guys so uh I have on one uh I'm still confused between the uh you know easy to uh or the reason you're saying the reason and the data center you are saying so are so what is the reason and the data center I understand that that's a single point Data Center and yeah region is something that you can learn data center is your physical presence right but region is your logical presence okay under one region I have three data centers okay so when you say three data center these three data centers are connected with high fiber lines very very powerful lines where internet connectivity is on Boom you can say yeah so so the data will be copied on uh all the uh these locations or it will be available on one machine only I I mean uh availability Zone so it depends on which service you are working on for example you are going to work with S3 service so in S3 service you also got a option to store your data in single DC data center or you also go to option to store your data on multiple DC data centers in that case if you are choosing that option because I want to store that data on multiple data centers AWS is going to charge extra money but if you are saying I want to store my data to one easy one ability Zoom they are going to give you discounts disaster I will recover a data stored in one www yeah that is what I am saying in in normal scenarios where you are working with financial critical applications or your data is required or data is critical you cannot go with one reason it this is not a best practice in case you are saying I won't I just want to store couple of data which is which might need but in case it is going to uh delete it somehow it is going to delete then I'm fine still I have the data on the replace yeah that only cases you can go with single Liberty Zone also in single availability Zone they create multiple copies of your data in single availability Zone if sometimes what happens is one rack is down but your data center is out you one rack is down you understand drag right that might be possible okay so uh I have a small dot on availability Zone like do you mean availability Zone in the sense a small part of server in the Mumbai region no no it's not small part of it when you say availability Zone in India AWS has three locations for example one is Pune one is Hyderabad one is Mumbai or any other location it is not small it is a big data center where AWS is keeping Hardware machines physically okay but they never disclose exact location to you for you it is a Z1 az2az3 okay so if it's that Mumbai so Mumbai internally has three locations yes right okay they're gonna store so okay I need in Mumbai and other in Hyderabad can we do that yes yes I will show you that example also okay so you can do that but some of the applications for example I am working with very critical application where I need a lot of bandwidth good bandwidth in that case you can also have an option that you want to create all your instances in single availability Zone that is also possible I will show you exam working example of it then you will understand better so ultimately any more questions guys stand now so in Practical one zone will be your production and one will be your uh Disaster Recovery that is PR and so right you can say like this so but actually when you do when you do Disaster Recovery you handle your things on the region level instead of and along the availability zones okay it depends if if you take example of aadhar Card application in India like uh in in that case that handle on the national level but if you take the example of Facebook or multi-region applications you have to create multi-region architecture I hope you are understanding this language right okay cool so here what I am trying to explain you that AWS how ewc is internally working let's imagine this is your Hardware machine this is your Hardware machine not your AWS Hardware machine AWS is creating machine and you are coming as a customer this Hardware machine multiple Hardware machines are available in data centers you can say I have created four but multiple data multiple machines are available in thousands machines are available now you are coming as a user I'm deleting this one extra region here and deleting it this is a u right you are coming to AWS AWS I need 4GB of machine what AWS do in that case is they cut out a instance from this Hardware they cut out time stamps and give to you that is what we call it virtual server why virtual server because the existence of this server is not existence of this server is not right but it is virtual only out of this physical machine they have cut out one of the machine and give to you using virtualization technology which using virtualization for example I am saying this is AWS hardware and this has a capacity of this has a capacity of 1 DB Ram and uh 1000 DB hard disk for example you can understand this this is this much capacity they have in single computer and you are asking for 4GB or 6 GB with example I'm just saying you are asking for I am looking for 8 GB of instance Ram I'm talking about and I'm looking for 100 GB of hard disk 100 GB of hard disk what you do in that case is you give a command to AWS what AWS is giving AWS is giving back to your virtual server right that virtual server is having 8 GB of capacity and 100 GB hard disk it is a real-time system for you but for AWS it's a virtual server for you you can do everything with it it's just a matter of physical appearance that's it else everything you can do in this system this is a virtual server let me create boxes yeah cyber please this is taking distributed and operating system like your voice is very low but earlier it was good okay uh as this AWS Hardware gonna use the distribute to the operating system to divide the memory yeah I will show you them of it let's go to instances I will show you how I'm what I'm talking about go to ec2 once you go to ec2 click on Virtual server in the cloud click on kc2 here I am going to create instance or you can call it virtual machine or you can call it instance virtual machine or machine all words are same this is AWS dashboard here it is showing you instance running r0 as of now so let's click on it instance so moment you click on this it will start showing you number of instances in your account in Mumbai region and guys make sure when you are entering in your account after creating account I will tell you in next session how to create a free session who are going to enroll for this I will help them to create AWS account so once you enter in your AWS account you will see options here regions this is what I'm talking about so as of now I am working with Asia Pacific Mumbai but in case you are working with Tokyo in case you want to work with Ireland or other regions what you have to do just click on us East or any religion any other region where you want to work with you will be working with that region now North Virginia now you are working in northwich area and one more very very important thing the pricing model of AWS got changed when you change your regions in Northern Virginia they have higher prices in India they have less prices it depends on service to service data centers or data sector cost employees cost lot of things comes into the picture when they calculate the cost of test Services you just make sure you are choosing the right location or right region before working in my case I am working with Asia Pacific Mumbai so when I am going with Asia Pacific Mumbai I am going to create one instance of window like I described here I am going to create one easy to instance using Windows operating system how I am going to do that click on launch instance and moment you click on launch instance it will launch your window for you and do it on this window you have to fill a couple of details for example I'm saying web server one all right and here adding windows web server windows web server you can add any name here it's your call then it asks you application and Os image that's what I was telling you it's an Amazon machine image I'm talking about Amazon machine image I am going to discuss in detail but here you have two options you have Amazon machine image which is created by AWS itself here it is showing you all the images whether it is Linux Mac OS Ubuntu Windows Red Hat sushi all the Linux distribution flavors are available here scroll down instance type instance what is instance type instance type is like what kind of configuration you are looking for for instance type you need to go to this link and start let me just write here instance family ec2 instance family when I come to ec2 instance family you will see AWS is giving lot of variety for you a lot of variety means general purpose machine compute optimized memory optimized escalate Computing so what does it mean it means that they have different different variety for example you are saying hey AWS I need 64 GB of RAM in that case AWS says you can choose this machine in case you say hey AWS I need memory optimized instance memory optimize means I am going to develop One gaming application in that case AWS go with memory optimized in memory optimized you have different different flavor you can see you can see series this is you can see companies if you take this example with the mobiles in mobiles we have Samsung right in mobiles we have iPhone in another variety right other companies also if you say memory optimize this is another company kind of thing you can say for example I'm saying in memory optimized I have Samsung 100 Samsung 200 Samsung 300 depends on feature you are going to pay money right so if you click on r5a Series in this series you have this much of capacity 768 GB Ram right if you scroll down it has maximum 768 GB of RAM so if you go with high memory in high memory it shows you that it has a memory GB of 24 000. as a ram that much of capacity it gives to you but I am going to create one Journal purpose instance and in general purpose also they have very wide variety available like m61 M6 in M6 M5 T1 T2 T3 a lot of options are available so here I am going to choose the option and you go to ec2 instance here it is asking you option which one you want to choose if I click on the scroll you will see a list like 42 GB 96 GB 190 2GB right so here I'm choosing let's suppose 2 GB this one I am going to choose T2 dot small family to T2 2GB of memory and key pair what is key pair is a thing that you will need this key pair while retrieving a password so when you are going to create this instance or when you are going to launch this server or when you are going to launch this VM ultimately you need some kind of password so that you can connect with that machine right and to retrieve this password you need some authentic way that you are the right user and that is why AWS giving you option key pair using this key pair what you can do is click on this create new key pair a one file will be downloaded and once that file will be downloaded under that file you will be having private key and that private key you will give to AWS when you want to retrieve a password let me write any name here for example I am giving test file test file create key pair so this file is downloaded right so moment I click on this file if you want to see what is available in this file is it will show you that private key is available this is private key guys private key I will use this key later moment of time but at this moment of time I'm just closing this file cool right cool so far so good right we are on track any any questions anything in your mind taking as no cool next section is network setting network setting is the backbone of AWS network setting is backbone of AWS this is super important part VPC is subnetting internet gateways Nat gateways that we will see in another lecture but as this moment of time I am just telling you one thing I am going to create this instance in default VPC now you might ask me this question what is default VPC VPC is a virtual private Cloud which is private Cloud so when you look for one service VPC it shows you isolate Cloud Resources by default when you going to login in your AWS account you automatically will see one VPC is created by AWS one VPC is created by AWS this VPC I am creating uh talking about if I click on this VPC you will see one VPC is available and If I scroll to the right you will see a section default VPC which is yes is that default to be PC right so this is what I am talking about this is a default VPC this then default VPC so here I am going to choose my default VPC but answer to your question uh that who asked this question there was somebody Siva right or who asked this question can we choose ciphon right [Music] once you click on this network setting part you will get a option here subnet under the subnet you have three options in Mumbai I have three availability zones right so here it is giving you three options AP South 1B AP South 1C AP South 1A but they don't disclose the exact location but you can choose I need all the machine in one beam that you can do and you also mentioned like quick uh the instances will be stored in three available to John's right that will cost extra if you want that option where is that now that option we have to create we have to that option I'm talking about go to ec2 this part instances here you will see a option of placement group let me scroll down you will find the optional placement group okay let's see the network security yeah this one placement group under the placement group you have three options if you're going to create a place placement group it will show you cluster spread partition that is where you will design your if you if you want your system to be in a single rack that is also possible okay it's also possible three partitions they give the three options it will give you in the coming session we'll also explore about placement group practically on this any more questions here uh the thing while you create the key value pair it shows two options right one is for PPM and one is for PPK and it is shown for PPM it's for only SSH part so where do we use these SSH I will tell you I will take because I have taken a two examples here one is for Windows one is for Linux for Linux you use PPK I will take you on that I will do a practical running as of now uh I'm seeing subnet I am choosing here is uh episode 1B Auto assign public type is enabled and Security Group who don't know about the security group is this is very very important Security Group Security Group means what traffic is allowed what traffic is not allowed it's kind of Fireball that's why AWS says firewall Security Group Security Group is a set of firewall rules that control a traffic for your instance here I am saying what I am going to choose here is because I am going to work with window here and choosing Windows here I'm going to change from Linux to Windows and in Windows I am going to take 4GB of instance this one I am going to take 4GB of resistance and of which key I want to take it for example I am saying here I want to take it uh window test window test key create key here I am taking in AP South one and here I am saying please be focused now here I am saying I want to create two RDP two rules one is says RDP should be allowed another Security Group rule I am going to add and here I am saying http 80 which works for Port 80 should be allowed for everywhere everywhere means 0.0.0.0 means everywhere whole internet
0.0.0 slash zero means whole internet I am talking about scroll down configure storage how much storage you are looking for I am giving 30 GB cool all things are good number of instances how much you need one let me click on launch instance let me click on launch instance so moment you click on launch instance it will accept your request and start creating machine for you and when it start creating machine for you it is going to take two or three minutes of time internally because it has to install Windows and everything on that operating system right so it will going to take two or three minutes of time till the time if you click on instances you will start seeing this option here this is optional window web server so if you see now I can see three instances are available one is Linux gate demo that I have just given a demo to someone Linux git demo I've installed git on Linux machine then we have Linux VG machine where I am working with Jenkins where I'm working with chef and sybal on this machine this is in stop State and this is terminated so multi you can say instance type instant State can be running can be stopped can be terminated so if you refresh now if you refresh now now you can see Windows app server is running but status check is initializing initializing means it is under the progress as of now not live as of now it is under the progress so you have to wait for one more minute but after one minute what you will do is you will create you will retrieve a password so before retrieving a password let me click on this Row the moment I click on this row it will start showing you public IP address of this machine and here is private IP address is this is public this is private like this so this public ipv4 address denotes you that you can connect with this machine using public IP from anywhere how can I say that anywhere that is what I am going to take you to the security part of it and once I click on this security part this is what AWS automatically created for you and attached to this instance this Security Group if I click on this Security Group in and take you in the separate window it will show you inbound and outbound rule of that security grade this is what I was talking about inbound Rule and outbound role in inbound rule if I click on edit inbound rule you will see there are two rules as of now one is RDP rule which work on Port 3389 if you stay focused here this is what I am talking about Port range is 3389 and this is HTTP range 80 HTTP works on 80 and for your RDP works on 3389 right and both of them allowed with with whole internet although it's not a good practice to allow from everyone for the whole internet but in a coming time we will work on this also as of now just for the demos understanding we are able to see that this we are taking with the help of old internet but this is against the security in a coming time when will come to discussions of Securities in AWS we will understand how to limit this how to limit how to remove this even we'll see in one of the session even without adding a RDP you can take a remote using Bastion client using system managers that tons of way available in AWS because this is the first session we are going with very basic things but in a coming time you will see very Advanced topics so let me delete this now and go back to your instance Let me refresh if I refresh now you see 2 upon 2 it passed wow right it says everything is done do not write cat box to you now you have to connect this instance with your operatings with your RDP what you will do in that case is click on this and retrieve a password go to actions click on security get Windows password go to upload private key file and here I have Windows test key open this and click on decrypt password the moment you click on decrypt password it will give you password copy this password and keep it somewhere Notepad can you please show this once again go to Windows go to actions go to security go to get Windows password you have to upload same file here which you have uh downloaded right because in that in that file you have private key AWS has given a private key at the time of creation of that file and now you have to give back that file to AWS to retrieve a password I have that file available right I'll click on open and I will click on decrypt password got it oh yes so why we are using this one uh which one creating this getting this Windows password again no earlier we have created a file only which is a we never demanded for password earlier earlier we have created a file and now AWS won't authenticity from you that you are the right user to retrieve a credential and you have to give your private key to them okay got it here you have just downloaded the file your good or you need monetization okay yes sir now I am going to connect with the server what you will do click on this say connect click on RDP client download remote desktop file you have two options you can either download this remote option or you can just go through with the RDP also I am going to download this file it is downloaded Windows web server dot RDP so I will double click on this file this will open remote desktop connection it will ask confirmation and saying yes I want to connect it will ask you password password I will go paste this I have the password right and click on OK [Music] click on yes wow your machine is ready in a few minutes your machine is ready right now you can work on this machine whatever you want to do yeah this is my machine now on this machine I want to like I have stated to you I am going to create easy to instance using operating system Windows operating system and I will post default web app for hosting default web app what I am going to do is I will be installing IIs which is a internet information server before that I want to take a pose and take a questions any kind of questions here arvind Vivekananda Samuel gaurav Hari any kind of question you have yeshika so in general I'm facing some small issues like while launching this connective internet so it's showing like virtual mission is unable to connect and it is popping up on uh is that because of security thing yes okay so the process you did before will help me to overcome that right yes right you just need to make sure your instance is having the right Security Group if you go to the stances you click on instances and you will find your Security Group go to security this is your Security Group go to that security group and check if RDP is allowed or not these entries design these are an Autumn check that please when you say uh this is available from anywhere in Internet what then does that mean uh means what does that mean is if you having a credential if this credentials if you are having username and password you can connect with this instance from anywhere in the world 0.0.0 means any IP so that will be the uh IP of my RDP right no no that will not be IP of your IDP what I am saying is for example I am giving you few details let me give you the details you are just for example you are my employee I want you to connect on that instance so what I will do in that case is I will come to this instance I will come to Windows I will give you this public IP okay right I will give you this public IP you can copy this public IP then go to RDP in your machine and you will enter this IP here and you will press on connect right so once you click on connect it will ask you credentials in credentials you will go to user account and you will type it here administrator and if you have the password you can connect with it so by default the user will be administrator by default for Windows it will be administrator for Linux it will be easy to user okay so that means if you come now to the security Point answer to your question 0.0.0 means you can connect from whole
internet but let's suppose you are going to join one organization and your organization says you can only connect this instance from one IP what in that case you will do is you will remove this and you will enter only IP one IP you will get the option of Mi IP also this is my system IP only I can connect with this okay in case you say only my team can access it then you can go with custom also under the custom you have multiple varieties available I will tell you in coming times how to create this all but you can limit at every level but this 0.0 means it is open for all which is against the security but security is not what I'm trying to deliver you at this moment of time I'm just trying to give you flavor how to create easy to instance and connect with it all right now you got it so HTTP is something which is uh I will tell you why I am adding a HTTP then also I will tell you don't just give me two minutes of time I'll tell you that also save rules now let me go to my machine now and here in this machine I am going to install IES in case you don't know what is IIs IIs is a internet information web server provided by Microsoft just like Apache right we have multiple web servers available here I am going to install IIs so how you will install it you will write server manager once you go to server manager you will find the option here add rows and features even though you can download even though you can download IES from internet install that is another way but using server manager you can also install so what I am going to do here is ADD click on ADD roles and features and click on next you just have to click next next next couple of things you blindly you can do next but here you have to select a web server IES I want to install this add features next next next next install so what I am doing here is I am installing IIs on this machine is on this machine once I am installing IES you will understand role of Port 80 that you are asking here right this is a port 80 why I'm adding 80 here because I want to access my default application in that Port this is what I am doing while doing a solution of IAS I want to see that application over the net you can also see that I will give you IP of that machine and with that IP you will be able to see my website default VP default website so it will take few seconds of time installation is in progress as of now so down now close this instance and come back to your instances this is your instance right click on this copy this IP and hit in the separate URL wow you can see this website right if I copy this URL and give to you in the chat you will also be able to see the website you can try in at your end you will see a similar website page what is Gotti guys now answer to your question you were asked one question why we are adding a port 18. that if I am going to change here I'm going to instances where it is if I go to instances this is my instance right go to the statuses this is my instance and here I'm saying go to security click on Security Group click on ADD inbound rules here it is same port 80 right if I am deleting this entry and saving the root your website will not work refresh it will stop working why because it works on Port 80. it works on Port 80 HTTP works on Port 80 and you have denied the port at Port 80 on that web server right so now this website is hanging it is not working right guys that's the reason site oven or who has this question pardeep right so now if I'm going to ec2 again and I am adding an inbound Rule and saying which is http allowed for everyone same rules again your website will start working refresh did you get that yep cool any questions like why we use this TCP HTTP and I mean HTTP is for website things but where do you use this TCP TCP is for RDP DC your your RDP works on TCP protocol okay RDP in the sense what is that I don't RDP means remote desktop connection this is when you say remote are in generally we should call it a remote desktop connection but we call it RDP this remote desktop connection remote desktop connections means you are taking a remote of another system from your system okay this is called RDP okay there are some other types right so can you please tell first like why we use those which one which one uh if you scroll on this yeah yes mdp yeah there are a lot of things comes into the picture uh I can take another example for example here I am using in another example I will use now SSH ssh is for the Linux operating system this is not at all things are not for Windows they are multiple different flavors right now let me do one thing let me create one easy tools fans using Linux I will go to instances I will click on launch instances this time I am going to create Linux web server so here I'm saying Linux web server Linux web server I'm going to choose Windows uh sorry Amazon Linux instance type is same I am going to work with 1GB memory epair I want to create this key pair I think somebody has asked this question right why we have dot Pembo dot PK now I am going to select dot PPK file and here I am choosing option for any name you can do demo Linux create key pair I have downloaded this file write dot PPK go to networking you want to change something no see earlier in Windows case we were getting allow RDP right in in Linux we have allow SSH allow SSH traffic from anywhere and HTTP also allowed ultimately this is the layman terms but internally AWS is creating a security group for you and then adding inbound rules here I am giving 8 GB as a storage by default number of instances one I want to create this launch this instance now so the click on launch the one question uh yeah please the number of instances means uh you can have you can have 5 10 if you are let's suppose your manager says please create a Windows 10 instances what you will do is write 10 instances here so that means 10 people can connect that IP right at a time no 10 machines will be created then machines will be created and 10 people can be uh using that yeah by default on one machine two people can connect in Windows okay I have a question please yeah [Music] yeah um since we're talking about Security Group I joined late but since we're talking about Security Group so what do we mean by um stateful and stateless and when and how do we use it stateful and stateless so can you ask your question again yeah um I know I've come across um I've gone to an interview and they asked me the difference between um a stateful and if statement um stateless um asked me about um what is the security group and what is this stateful and stateless so I I don't really understand that part that's what I'm asking no I think your question is incomplete according to mates incomplete there's no security group you have to uh create according to stateful and stateless that if you are creating your web API or you are creating a wsdl that accordingly you need to change the ports of that but Security Group you are not going to change your question seems to be incorrect to me but but do you understand um well on that term stateful stateless when when you're talking about when we're working on um out I think HTTP is for stateless uh I think in those perspective the protocol which we use yeah I think the protocol kind of uh you mean it's a HTTP uh servers like we when we add the security groups we're gonna use this HTTP here HTTP used for only we can access the VM using HTTP products that's it nothing else what was the what was the complete question can you share the complete question what was the scenario um let me just the quick research I'll ask the question again when I get a proper way of asking all right okay let me go to Linux and check if my instance is ready Linux instance Let me refresh virtual do you have any questions any questions okay my Linux web server is ready now let me go to my Linux web server copy this IP and for Linux I would be using putty so in case you're not aware about party but is a way to take a sessions of Linux machines here I'm saying I want to connect with this instance IP is this and you have to provide a SSH connection file go to credentials in case you are not available and you have to this one demo Linux dot PPK and click on open once you click on open I want to change the color also go to colors in a default background I want to modify the color as a maroon color and I want to increase the font also let me go to appearance and changing the phone to size by default it is giving you 10 I'm going to change it to 16 or 18 and OK and click on open so once you click on open a shell will be opened like this where you can write a commands like I'm I'm saying for the for the windows they wrote the default user as a administrator one a button Linux it will be ec2 user once you click on EC to user and press enter it will say authentication successful and it starts showing you Amazon Linux 2023 now I want to install couple of softwares not couple of softwares I just want to install web server so photograph server I have the command ready let me run that command First Command would be you have to enter the sudo user sudo user sudo user sudo user means that I want to convert to super user sudo SQ after that I want to install you might ask me what is httpd iPhone y so in that case if you are writing this yum yum is a package and you are doing the installation here and which package you want to install httpd you want to store and why I am giving hyphen y iPhone y I am giving because if you are not giving hyphen why it will start asking you yes or no in every installation and that is what I don't want that's why I'm giving hyphen y a frontier so moment I type this command and press enter it will start installing httpd which is Apache web server it has started right so it is showing you it has started download package install packages download packages and installation is done now after installation you have to start this service because as of now if you see the status of this service using this command httpd status it will show you the services inactive Services inactive Services inactive but I want to start it how you will you start it you will use one command service httpd start press enter it will be started once your service is started you will go to your instance you will click on your instance this is your IP right copy this IP and go to internet and hit this IP wow it says it works that means your Linux machine is able to host your website now it works me that it is working fine did you get that yes yes control your cc to connect instead of this putty uh can't you ec2 connect is that option right when we go to instances connect this one you are seeing right uh you can come to instances ND you can come to that this one understand it yeah that you also can both options are there easy to install connect you can also do session manager also you can do assist client you can also do serial console also you do multiple ways to uh maybe we can um the thing here you can see this the second is to use serial console right uh this is error I frequently get when I don't know right yeah I want to connect error actually what you have to do is when you have to connect with this ec2 serial console certain permissions you have to add you have to add one role you have to add one rule okay let me do one thing let me take one more scenario that is going to be awesome scenario in front of you that I am going to discuss now this is Windows instance right this is window instance and if I click on this I have security rules here if I go to this security I have security group right on that Security Group I have these rules but what if I want to connect with that instance without this 3389 without this RDP what I I'll do in that case is without RDP we're gonna use this uh the same ec2 connect will be used yes right that we can use so so I wanted to um excuse me I think I wanted to help I wanted to help I don't know the guy that was asking about security groups and then the difference between the stateful and the state LED so um in my opinion I think that um when it comes to Security Group stateful means like let's say any changes that are made to the inbound rule um will automatically be reflected in the outbound rule let's say for example if you um allow inbound ports to let's say for 80 which is HTTP then automatically the outbound ports will also be allowed but then um when it comes to stateless um on the other hand knuckle would be a stake list let's say the changes that will be made in the inbound group will not reflect the album rule so you then need to add let's say a separate rule for example let's say if you add an inbound route to Port 80 on HTTP then you'd have to explicitly like um you know add the album so yeah that is what I can help [Music] okay let me take one more scenario here with um let me go to Windows one and click on connect there's the option right session manager with that session manager also you can connect with your instance without any RDP port so without any RDP Port you can connect to session manager so what are the steps will be involved and just to tell you everyone who is going to join this session there will be lot of assignments I am going to give you these assignments will be uploaded on the GitHub link also you can see that once you are going to enroll for this let me show one scenario to you you would really enjoy this uh there it is session manager plugin this one I was talking about so without RDP I want to connect with my machine for that you have to follow these four steps and four steps I am going to follow first of all I am going to create a role in case you don't know what role is I will try to take a separate session on the IM I will do a separate session but for this moment of time you can say I am going to create a one role with these permissions just understand this part role I will discuss separately with you is it fine with everyone yes okay here you are the root user right so why do we need these permissions no no when this on this instance on this instance you are not able to see this connect button right even though you are a root user you are not able to see this connect you will only be able to see this connect button once you have the uh these permissions assigned access yeah so guys just to tell you in case you are not familiar with this thing I have taken a remote of one of the instance right this was my instance if I click on this this is my Windows Server right if I click on connect you can connect using session manager also but session manager installation manager window you are not able to see connect button right how can I see that button so my basic goal is I want to create one instance and I want to connect it without RDP and that is what we are doing in companies you don't open the RDP client for everyone it's against the security so what I'm gonna do is that case is first of all I'm doing it quickly don't worry I will repeat this part again once you are going to enroll this is just for demonstration I am doing it I am going to IEM and under the IM I am going to create one role under the IM is its identity and access management service I am going to click all rules so once I am going to the roles click on create role and here I am choosing AWS service here I will be choosing ec2 because I want to create this role for ec2 in case you are not familiar with how I am creating this you would get it in couple of sessions but as of now just follow the same steps click next and here I want to add three policies three policies one is Amazon ec2 role for SSM this one is first and second is Amazon SSM manage instance core and third one would be Amazon SSM full access enter these third three policies I have added click on next you can see three policies are added and here I am giving a role name PC2 without RDP down ec2 without RDP demo and I am going to create a role cool my role is created successfully now I am going to work with ec2 I am going to create one ac2 or you can attach this role to your existing instance also that also you can do it go to dashboard let me create a new instance launch instance here I am giving web server without RDP port without [Music] without RDP port all right and using Windows or here I'm choosing that suppose 2GB for 4GB whatever you want to take it create a new key pair I already have the key pair right which one I have used for Windows this one window test key network setting I am going to use this time I'm along RDP traffic but I will remove it later but one thing for everyone one thing you have to do is scroll down click on Advanced details and here you need to choose your role in IM instance profile you need to choose the same role you have created ec2 without RDP demo okay that's it launch distance class and similarly we have to wait for two three minutes here if this is what you're not getting don't worry I will repeat this part the purpose was to show you how to create uh ec2 instance in Windows and Linux that you have already seen right am I we will skip that because in the place of Emi what we are doing is now session manager part so we will not will not have one more time probably we can wrap up this session in 10 more minutes click on instances refresh as of now this is coming right without RDP it is showing you initializing probably in one minute this instance will be there and I will show you how to connect with it and before connecting you have to make sure one thing on your machine you have to install AWS CLI also you have to install session manager plugin session manager plugin for Windows in case you are using Linux you have to install for a session manager plugin for Linux this software session manager plugin you will find it very easily just go to Google and say session manager plugin install for Windows go to website of AWS this website you will find a link here you just need to download and install this is for Windows copy this plugin link and install after installation you need to run this step I will tell you how go to your instances first instance request answers let me close out the window which I will not needed Let me refresh this is line right this web server is there let me click on this now let me click on connect so moment you click on connect you will see this this time you will see this button right connect so click on disconnect so once you click on this connect a session will be open for you question is going to open for you this is your session right this is opened now next step would be you have already done session manager plugin what you have to do is copy this AWS SSM session manager command is and go to your CMD click and paste this command but before pasting the command you have to change something in this command and understand what this command is doing this command is doing AWS SSM start session SSM means System Manager System Manager start session hyphen hyphen Target Target means which instance this is a target copy this ID go to Sim window on this one and replace this paste iPhone hyphen document name AWS start port forwarding session which is working on local port number 6060 and actual port number is 3389 copy this command go to your CMD right paste it here and press enter once you press enter it says session starting right session starting tool open for connections now what you can do is go to your RDP and you can type here localhost and what is the port you want to connect 6060 correct you're connected but you don't have the password right for password I am going back and I am going to retrieve a password go to actions security and get Windows password same key I have to use uh Windows test key and copy this password decrypt copy and uh go to machine where it is this one and enter your password click on OK yes see now you are connected on localhost even though now you go to your instances and remove the RDP that connection will be live go to security click on the security group click on edit inbound Rule and I am removing this save rules still you are connected with this instance like this wow right yes yes so there are multiple things will be available according to your use case or time to time we will explore lot of things please let me know if you have any questions I am good for today any kind of your questions you have can you please repeat what is the use of this sessions manager session manager is useful when you don't want to use RDP Port this RDP rules no security group is there right bus but still you can connect with RDP instance without any security so this session manager comes into the picture when security comes into the picture so you are increasing the security of your components or ec2 this we can do for Linux machines also yeah yeah that process will be little different but you can do the same so if you are giving no inbound rules then the applications means not nobody from the outside cannot connect to any application if it is running in the instance correct right that way you are adding more security right nobody can come to your system okay so uh so this is this is this is in case of a scenario when your uh in when you when your uh this one instance is in private it then also you can connect connect and connect through this sessions manager yes right nothing so if you lo
2023-04-01