EC2 & Getting Setup

6. Security Groups

The security group is basically a virtual firewall and it controls traffic to your instances. And when you first launch an EC2 instance, you associate it with one or more security groups. So you can have one EC Two instancebehind, you know, 2345 different security groups, and you add rules to each security group that allows traffic to or from instances. So essentially, a security group is your first line of defence against hackers. So we saw in the last lab that if you lock down your SSH port to your IP address, it means that a hacker will not be able to even SSH into your EC2 instances. OK, so let's get started. So I've logged into the AWS console and if we just go over to services and we click on EC Two. Now we have our EC2 instance from the last lab, but we deleted it. So what we're going to do now is to create an EC2 instance that we're going to use for the rest of this section of the course, and we'll just keep it running. So go ahead and launch your instances. See if you can do this all on your own without watching me. But it's entirely up to you. We'll go ahead and hit Linux AMI. We want aT two micro, so go ahead and hit next. And then here we're going to leave everything as default. We're not going to change anything. Go ahead and hit next. And again, we're going to leave our root device volumes. This is our virtual hard disc in the cloud. We're going to leave that as the default. I'm going to go ahead and add some tags. So I'm just going to call this my web server. Go ahead, and I'm going to add a few tags here just so we can see it a bit later on in the course. So department, I'm going to say developers and then I'm going to add in my team, and this could be my R and D team, and then I'm going to add in my employee ID, employee ID, and just make a number and then go ahead and hit next. And so here we go. We've got our security group. Now we're going to use an existing security group. We're going to use the My Web DMZ that we created in the last lecture. If you still don't have this, just create a new one,call it My Webdmz, and then add in these particular ports. So, go ahead and review and launch http SSH and https ports 80, 22 and 443. And again, you'll get this little warning message because your SSH port is open to the world, which means that anyone in the world can try an SSH into this instance and try and brute force it. It's entirely up to you if you want to lock that down to your IP address. If you do lock your SSH port down, however, you will notice, like in a couple of hours from now, that you can't actually SSH into your EC2 instance anymore. It's very likely that your IP address has changed. So you'd have to go in and update that security group rule. I'm just going to leave everything open because it makes it easier. We're not going to have this easy instance running for very long. Let's go ahead and hit Launch and then just select your existing key pair and select this. I acknowledge that I have access to it and hit Launch Instances. And so that brings up this instance. What we're going to do is to do exactly what we did last time. So we're going to SSH into this instance. We're going to go apply all our security updates. We're going to go in there and install Apache and then we're going to make a little web page that says Hello Cloud Gurus. And then what we're going to do is we're going to start playing with security groups and see what we can do with them. So I'm just going to pause the video here and wait for this EC-2 instance to provision. Okay? So my EC two instances are ready now. So all I'm going to do is copy and paste the public IP address. Now I'm going to open up my terminal window. OK? So I'm in my terminal window and all I'm going to do is type SSH EC two hypermuser at my public IP address and then the private key, which is called myEC two key pair, and go ahead and hit Enter. Type? Yes. type. Yes And then it has now connected to the host. So I'm going to increase my privileges to root. I'm going to clear the screen. Now, see if you can remember how we installed Apache last time. The very first thing we did was just a Yum update. It's always good to get into the habit of this because you're updating the, you know, the kernel, so you're applying all your security patches, making sure that your EC2 instances are as secure as they can be, and it can take a little bit of time. And there we go. So now what I'm going to do is to clear the screen, and what I want to do is install Apache. So I'm going to just type in Yum, install Httpd, and yes. And that's going to go ahead and install Apache. And that's done. And so, just click the screen. And now what we need to do is start the Apache service. So all we have to do is type in http://start and we're done. started it. And now what we want to do is to make sure that the Apache service starts automatically every time we boot up our EC2 instance. So, for some reason, it restarts itself without our guidance. We want the Apache service to come on automatically. So to do that, we just type in check config and then Httpd and then on. And that will make sure that the Apache service always starts every time we reboot. So I'm going to clear the screen and we're going to go to our VAR dub dub dub HTML directory. And so, anything in this directory will be publicly accessible. So this is where we're going to create our websites. And if we type in LS, we can see that there's nothing in there right now. So what I want to do is create a website and call it Index HTML. So we use our nanoindex HTML. If you remember from the last lecture, nano is basically a text file editor. So in here we're just going to write HTML and then we're just going to write H1, and it will be Hello Cloud Gurus, and then I'm going to end my header and then I'm going to end the HTML. And yes, we could do a bit more HTML. We could have like bodies and titles and all that, but I'm just keeping it really, really simple. You could even just type Hello Cloud Gurus here. It wouldn't make any difference. So hit control x. We'll ask you if you want to save. Hit yes, and then hit Enter. And then if we just type in LS, we can see our index HTML directory in there. So now the next thing I want you to do is open up a web browser. Okay? So I'm in my web browser and if I just click here and if I paste in the public IP address,we should be able to see there we go. Hello Cloud Guru. So we've got our web page.Now the very first thing I want you to do is just go back over to the ECTwo management console and go over to security groups and click on your Web DMZ security group. And here you can see the description. So you can see the name, the group ID, the group description, and the VPC that it's sitting in. Then here we've got our inbound rules. And note we've got three inbound rules and then outbound, we actually just have all traffic. So we're allowing all traffic out across all protocols, across all ports to any destination. Then here we've got our tags, and we have no tags whatsoever. So if I was to go in and delete this HTTP rule, what do you think would happen? How fast do you think deleting this would stop us being able to see HTTP traffic? Do you think it would be immediate? Do you think it would take a couple of minutes? Do you think it would take 24 hours? Well, let's go ahead and have a look. So with Http, I'm going to delete it and hit save. Now I'm just going to go back over to this tab and I'm going to go and hit the refresh button. And you can see here, it says, "Connect, connect, connect." So that answers your question. Any rule you make for a security group applies immediately. And this is a really important topic to remember in your exam because you're going to get a whole bunch of different scenario questions. You might be trying to troubleshoot something, and of course it will ask you a scenario where you've got to fix something. It might ask you how to fix something, and then it might also ask you how quickly it's going to take. Now, if you're fixing a security group or implementing rules across security groups, it happens immediately, as you can see here. So this is just going to time out. I'm not going to wait for it if we go back and then add in our rules again. So go here and edit the rule. We're going to add HTTP back to the game and go ahead and hit save. Now we can click back here and just hit refresh again. It did pause for a second, but it has now refreshed. And you can see it says, "Hello Cloud Gurus." So there we go. It does apply immediately. So let's go back to our EC2 management console. Now, notice that we've got three rules in here. We have just this one rule here. So if we go in and just delete this rule, what do you think is going to happen? Do you think that basically now, what we've got in terms of our rules is that we're allowing HTTP traffic in? So when we're making a request to view the webpage, that request is going to hit the web server. But do you think the traffic is going to come back out?because we've just deleted all our outbound rules. It says it has no rules. Do you think we'd be able to resolve it? Well again, let's go and have a look and hit refresh. And it loads straight away. So this is another really important point. So security groups are stateful, and that means that when you add a rule down here,whether it's HTTP, SSH, https, RDP, whatever it is,that rule will automatically be allowed back out. It doesn't matter that you have no outbound rules here whatsoever. As soon as you add an inbound rule,outbound rules are added automatically, so anything that you allow in will go out as well. So that means it's stateful. Now, when we come to the VPC section of the course, we're going to look at network access control lists and their stateless. So when you add an inbound rule, you also have to add an outbound rule. So we will cover that off in the VPC section. But the thing I want you to take away from here is that security groups are stateful. So just by adding an inbound rule,it automatically adds an outbound rule. You can go back here and just go in and add all the traffic just to make sure it's consistent. Simply add all traffic, all protocols that display, and then set our cider address block to zero. And then we go and hit save. And so now we've set it back to what our security group was by default. And finally, I want you to pay attention here if we just go into editing our security rules. So it says "edit inbound rules." We want to add a rule. Note that you can't deny traffic. I can't just deny traffic from SMTP,or I can't deny POP3 traffic. I can only allow traffic if everything is blocked by default. And then I allow traffic in. I can't specifically deny traffic over a port, and I can't specifically deny an IP address using security groups. I can do that using Network Access ControlList, and we will cover that again in the BPC section of the course. Okay, so there are a couple more things I want to show you quickly. First, we're just going to look at our default security group. So we can see here it says allowall traffic from all protocols from all port ranges from the source, and the source is itself. So basically, this means that any instance that we put into this security group is able to communicate with other instances within the security group. And once it's created, it doesn't matter what region you go into. If we click on Oregon, for example,you'll see the default security group for your default VPC is always the same. So it's always the same rule again, all traffic,all protocols, all ports, and then the sources themselves. So I mentioned at the beginning of this lecture that you can associate multiple security groups to one EC2 instance. So let's go into this default security group. Let's go in and just add some more rules. So I'm just going to go edit. I'm going to delete this one out, and I'm going to add a rule that allows, let's say, RDP. As a result, remote desktop protocol This is for Windows. So if you wanted to administer your Windows PC remotely, you'd use RDP. I am also going to add in MySQL and Aurora. These are important port numbers to remember, especially if you're doing the Syscops Administrator exam. So 3389 is RDP, MySQL is three of six. You don't really need to know them for the Solutions Architect or the Developer Associate exams, though. And then I'm going to allow them in for basically all traffic. I'm going to go ahead and hit save. So now my default security group is allowing RDP into my SQL and then my Web DMZ is allowing http, SSH, and HTTPS if we go back to our instances. So here we can see it says Security Groups. We can see it's just associated with my Web DMZ. Currently, if I want to add a new security group or an additional security group, It doesn't really show you here. It doesn't have an add button. The trick is to do it up here. So you go to actions, you go over to networking, then you just go to change security groups. And then here, I can add my default security group. I can remove my web DMC if I want, but I can have multiple security groups assigned to this EC2 instance. So I've done that. Now if I click on view inbound rules, I'll be able to see some nice checkboxes here. So I can see that under my default security group, it's allowing three, three, six, and 3389. Under my web DMZ, it's basically allowing 80, 22, four, four, and three. Remember, you can't deny anything at a security group. You can only allow So basically, there's not ever going to be any conflicts at this level. So you can't deny port 80 in one security group and allow it in another. So basically, it adds up all the security groups, all the different rules, and then just allows traffic in. Now, fuel doesn't look like this. If it's missing the nice little green ticks,just try removing the security groups and adding them again and it should work. This can actually be a little bit buggy. It took me a couple of days to show up in this particular bit, and that's really it.

7. Upgrading EBS Volume Types - Lab - Part 1

Hello, Cloud Gurus, and welcome to this lecture. In this lecture, we're going to look at how we can upgrade our EBS volume types from one storage medium to another. So where we might want to do this is, let's say, we've got a database server on EC Two. We've got our primary root partition and then we're running a database of MySQL on an additional partition. And this is a tested dev environment. And we've been running it on either general-purpose SSD or magnetic storage. And now we want to move this into production. So we want to change the volume to have provisioned IOPS. So we're going to see how we can do this. Let's just go into EC Two. If you guys have done the solutions architect, I think it's in the solutions architectcourse. We've done this previously, but it doesn't hurt just to watch how it's done again. So go into EC2 and we'll create a new instance. I'm just going to use the Amazon Linux AMI and I'm going to use it as a T to Micro and go and I'm going to basically keep everything as default. Go in and add my storage. I'm going to add a new volume. And this volume is going to be mapped to SDB, or it might be XvDB depending on how it comes out. And here I'm going to change this to magnetic. So we're going to start with magnetic. You can see straight away that we're not going to get any IOPS for our magnet. We're not going to guarantee usIOPS per gig for our magnetic. Delete on termination is not ticked by default. I'm going to leave that alone. Leave it as it is. Go ahead and tag the instance. We're just going to call this my test, my SQLDB, and I'm going to you guys to create a new security group. I'm going to put mine just in a standard security group that I have, which is called my Web DMZ. It's basically open to the world. It's not very secure, but I actually use this for production and thensays improve your instance of security. I'm going to ignore that. It's just saying that port 22 is open to the world and should be locked down. And then you can either create a new key pair or use an existing key pair. I'm going to use my WordPress key. Launch immediately. And so this is now going to provision my EC Two instance and I'm going to have a couple of volumes attached to it. I'm going to have my root volume as well as my magnetic storage volume. And you'll be able to see that these two volumes here are basically getting attached to this. We can go over here and have a look at my test MySQLdb. So once these have been provisioned, I'm going to go in and SSH into them again. Hopefully, you've completed the solutions architect of the developer course and understand how to connect to your EC two instances. If you do have any problems, just let me know in the chat. So I'm just going to wait and wait for these to be initialized, and then on the next screen we're going to see what I've logged into this instance. I'm just going to pause the video now. Okay? So for those of you who are new to SSH, it's probably very few of you, but just in case, this is how you do it. So you basically just type in SSH, your username is EC, and two users at a time. Then you want to cut and paste your public IP address or your elastic IP address that you created when you created your EC2 instance. And then you want to use the iand then the name of your key. So mine is called My Wordpresskey PEM and essentially you get a message to say, do you want to trust this? And say yes. And now it's added it to the list of nonhost and I want to elevate my privileges to root, and then I'm going to clear my screen. So the first thing I want to do is just see what volumes have been mounted on this EC2 instance. So if we just go back to our control panel and have a look at our volumes, you can actually see this is our magnetic storage volume. And you can tell that because the volume type says standard and we can see that it is attached to the My Sequel DB. That's the instance name of our AC two instances. So it is attached to the instance but we haven't actually mounted it. So if we go back in here, we type in thiscommand lsblk, you'll be able to see that the xvda volume is mounted and this is where it's mounted to. So it's mounted to the root partition and we have attached XvDB to this EC Two instance, but we haven't actually created or basically created a file system on this volume and then mounted the volume to a specific directory. So that's what we're going to do now. So we're going to type in make file system and then we're going to do TXT four and then we're going to enter in the device name. So in this particular instance, it's going to be devxvdb. OK? And that's going to create a file system. You wouldn't want to do that if you were restoring from a snapshot because it would essentially wipe the snapshot. So we will have a look at how to handle that situation when we essentially restore the volume when it's provisioned I up.So we'll look at that a little bit later. But for now, we've created a file system and what we need to do is we need to go in and just basically mount it to a specific point. So the first thing I'm going to do is just make a directory and I'm going to call it A Cloud Guru. And then we're going to mount this volume to that directory. So we're going to do that by typing in mount and the device name. So in this case, it's dev ex VDB and then it's going to go to A Cloud Guru, which is our mount point. And now if we clear the screen and we type lsblk, we can see over here that it is mounted to this A Cloud Guru partition. So, LS, become a cloud guru. We've got our lost and found directory. We're going to go here. We're just going to make a new file. So I'm going to run nano and I'll call this my test HTML file. And then here I'm just going to write "test, test." This could be a web page. This could be our MySQL database. I could go in and just hit CTRL X for those who are using a Mac or PC, hit yes, and hit Enter. And now if we type LS, we can see this file called Test HTML. Okay? So what I'm going to do now is I'm going to clear the screen and I'm going to unmount this directory or this volume from our EC Two instance. So I'm going to go back to a directory and now I'm going to type in, I'm going to clear the screen and I'm going to type in umount Dev Xvdb. OK, so we've now unmounted that directory or that volume. And if we go into the A Cloud Guru directory and run an LS, you can see that it's empty. So come out of that directory. I'm just going to remount it just so you guys can see that the data is still there. So we're going to go in and we're going to type in Mount Dev Xvdb and then theMountPoint, which is a cloud guru. And then if we go into the directory run LS,you can see that the test HTML file is there. So we'll come out of it again. And one last time, we are going to Mount Deb Xvdb. Okay? So it's unmounted and if we just want to test it one more time, you can see that there's nothing there. So now that it has been unmounted, I'm actually going to detach this from my EC Two instance. I can do that by going back to my EC Two or my web console. And just make sure you click on volumes, find the volume,and then you can go in and go to actions, detach volume. If the volume was mounted, you can use force detachvolume to force Amazon to detach it. And you don't need to go in and unmount manually, but that can take some more time. And of course, if your EC two instances write to that volume when you're forcing adetached, you can get data corruption. I'm going to go in and just hit a detached volume. It's going to take a little while. So I'm just going to pause the video and refresh the screen. And then what we're going to do with this detached volume is we're going to create a snapshot. So just give me a couple of minutes, guys. Okay, so that has now successfully been detached. And what I could do is I could attach this to other EC instances and mount them. And effectively, when I do that, I can see that test HTML page. But I'm not going to do that in this lecture. In this lecture, we want to look at how we can upgrade the storage medium. So what we're going to do is we're going to go in here and we're going to create a snapshot. We're going to call this the test HTML vol. HTML Vol. Test Go ahead and hit create. And that's now going to start creating a snapshot. I can come in here and see my snapshots. This is going to take a couple of minutes to do. So again, I'm going to pause the video and then we're going to restore this snapshot. So I'm just going to pause the video now, okay? So that snapshot has now been completed. And essentially, what I want to do is create a new volume off the back of this snapshot. So I'm going to go in and hit Createvolume and I'm going to change the type. Initially, we had magnetic I can now have general-purpose or provisioned IOPS. And I'm just going to go for provisioned IOPS and I'm going to go ahead and hit Create. So that has now successfully created a new volume. Okay? So we're now going to see if we can find it. And the easiest way to find it is by looking at our volume type. So IO one means provisioned IOPS or GP2, as the general purpose and standard is simply magnetic. So this is our new volume here. And what I want to now do is go and attach it to my EC two instances. So I need to normally know my instance name. If you click on the box, you'll be able to see that we called it "My Test SQL DB." And then we'll go ahead and hit attach. So that is now attached to my instance. And if I go back to my SSH window,I'm just going to clear the screen here. Okay, now I'm going to run lsblk. So we can see a new partition which is called xvdf. This is a new volume, essentially,and it's not called Xvdb. I mentioned before about running a command to create a new file system. If you are restoring from a snapshot and you want to see if there's data on it before you mount the volume, you can run the following commands. You can type in File minus Sand, then dev, and then xvdf. And you can see here, it comes up and says "largefiles," huge files, or it comes up with data essentially. Now if that was empty, it would just say the word "data." If it says something else where it talks about journal recoveries or large files, huge files,that means that it has data on it. So right now it comes up with more information than just saying data, which means that it has data already on it. So what I want to do now is mount my devxvdf to My, a cloud guru directory. And then if we go into a cloud guru, you can see we hit LS and there you go, there's the test dotHTML and we can go in and have a look at it. test HTML and we can see our data is still in there. So in our scenario, we were talking about basically having a MySQL server. It's running the MySQL databases off of a separate volume and it's test and development. It might be on a magnetic or general-purpose SSD. And we then want to essentially upgrade the storage type to provisioned IOPS. So the way we would go about doing that is first stop the MySQL service, then unmount the volume, and then detach it from the EC2 instance. We then take a snapshot of that EC instance, and then we restore a new volume from the snapshot and we change the storage medium. Then when we go in there and remount it to our EC2 instance, we'll still see the same file structure, but this will now be onprovisioned IOPS as opposed to magnetic drives. So just remember that those steps going into the exam can be an exam question. It's good to know that, as Sysops administrators, we can change the storage underlying storage devices while keeping our files consistent. So guys, if you have any questions, please let me know. If not, feel free to move on to the next lecture. Thank you.

8. Upgrading EBS Volume Types - Lab - Part 2

Okay, so here I am. My snap has now been completed. We can see it's one gig in size, and it's the snap of my magnetic volume. So what I can now do is go ahead and start my volumes over here. I can grab this volume and I'm just going to go ahead and detach the volume and hit yes, because the instance is stopped, it should detach relatively quickly. So you can just hit the refresh here. There you go. It is now available. I'm going to go ahead and delete this volume. So yes, delete. What we want to now do is create a new volume from our snapshot. We're going to hit "Create volume." So we're going to go back over to our snapshots. We're going to click on my snap. We're going to go. Actions create volume. And here you can see now that we can change the volume type. So this is really important for the exam. If you are doing anything in terms of best practice,you should always stop your EC two instances, create one asap and then change the volume type here. And that's how you can change magnetic through all the different other ones. The other ones you can do on the fly. But it is best practise to stop your instances first, because then you know it's going to be application consistent. So I'm going to go ahead and do provision. A general-purpose SSD, one gig is fine. I'm going to put it in EU West OneB, which is where my EC two instance is. And I went ahead and hit create. And so it has now been created successfully. We go back to our volumes. We can see it here. So now all I'm going to do is go ahead and attach the volume. So go ahead. And then if we click in here, we'll be able to see our EC two instances, and then we'll go ahead and click attach. Now it has changed its status to "inuse." Let's go back over to the ECQ dashboard, and let's go and start this instance again. So for instance, start And I'm just going to wait for this instance to come back up, get its public IP address, and then I'm going to SSH back into the EC2 instance. Okay, so I'm logged into my EC two instances. I'm going to type in lsblk. There we go. We can see the XVDF mount. It hasn't been mounted to anything. Now, if you remember, in the last lecture, we talked about creating a file system. So if I went and created a file system over XVDF,it would actually go ahead and just wipe all my data. So what you might want to do is just test whether or not that volume has data on it. To do that, we just type infile minus S and then the address. So dev exvdf and you'll see it's returning some data. Now if that just said data itself,it means that it is blank. But because it's coming back with some data,it means that there are files on there. And so now all we want to do is go to the A Cloud Guru directory, and you'll see that it does exist, but there's nothing inside it. So let's return to the A directory. Now what we want to do is just go to Mount Dev and then xvdf, and we're going to do that to A Cloud Guru and hit Enter. And then if we go into the cloudguru directory, a cloud guru We type "LS." We can now see the hello TXT file. We switch to nano and say hello to TXT, where you can see the data. And then if we also type in, I'll just clear the screen to make it a bit easier. If we type in lsblk, you'll be able to see that the mount point for this volume is to A Cloud Guru. Okay, so let's clean up. Which goes in here, we're just going to delete this instance. Go ahead and terminate it. "Hit yes, terminate." Of course, when I terminate an instance, if we go back over two volumes, we'll be able to see if we hit the refresh button here. It might take a couple of minutes. Okay, so hit refresh. We can see that the root device volume has now disappeared because we've deleted it. But the volume that we attached to it because we didn't have to delete it on termination, checked the volume, it still exists here. And that can be a big thing that catches students out when they're adding additional volumes to their EC in two instances. They go in and delete the EC two instances,but those additional volumes are not deleted as well. So go ahead and delete that volume. You can also go across to snapshots and delete your snaps as well. I've still got some snaps left over from other courses as well, so I'm going to go in and delete those so I'm not charged anything. Okay, so what are my exam tips? And if you go into the exam knowing EBS inside out as well as VPC, you're really, really setup to pass all three associate exams, to be honest. So these are my exam tips. The EBS volumes can be changed on the fly, except for magnetic standard. For magnetic standards, as we saw in the last lab, what we had to do was stop the EC two instances, take a snapshot, and then create a new volume from that snap. And then we could change the volume type. And that is best practice. It's always best practise to stop your EC two instances and then make a change to the volume. So you might get a whole bunch of different scenario questions. Your best shot is to always stop your EC in two instances. First take a snapshot and then create a new volume from that snapshot. And you can change volume types just like I said, by taking a snapshot and then using the snapshot to create a new volume. If you do change the volume on the fly, you're going to have to wait for 6 hours before making another change, so that's when you're changing the volume type or when you're changing the volume size. If you do change the volume size, you're going to have to tell the file system to recheck the volume in order for it to see the new volume size. And then you can scale EBS volumes up only, so you can't go from 500 gigs down to 250 gigs. You have to go from 500 gigs to 600 gigs, for example. And then volumes must be in the same availability zone as the EC, two instances. And there's no magic button where you can just say, "migrate this volume to another availability zone." The way you do it is, again, you take a snapshot, and then you create a new volume from that snapshot, and then you can put that new snapshot or that new volume into another availability zone. So that is it for me, guys. It was a bit of a long one, but it is so important to get this to understand EBS inside out, especially for the Certified Solutions Architect Associate Course, as well as the SIS Ox Administrator Associate Exam. So if you have any questions, please let me know. If not, feel free to move on to the next lecture. Thank you.

9. EFS – Lab

So, what is EFS? Well, EFS is Amazon's Elastic File System, and it's a file storage service for Amazon ElasticCompute Cloud, or EC Two as it's called. So Amazon EFS is simple to use, with a simple interface that allows you to quickly and easily create and configure file systems with Amazon EFS storage capacity. Stasty is elastic, growing and shrinking automatically as you add and remove files. So your applications have the storage they need when they need it. So, in some of our previous labs where we had EC two instances and were attaching additional volumes to those EC two instances, we had to go in and pre provision those EBS volumes. We had to go in and say, "Okay, I want an EBS volume of SSD storage that's eight gigs in size." We would go and provision that EBS volume, then attach it to that EC2 instance. We would then have to mount that to a particular directory, etc. So it's great and that works. But at the same time, you can't mount an EBS volume to two EC instances at once, and that's what EFS allows you to do. EFS is still in preview. I do have an account that has enabled access to EFS and it's only available in Oregon currently. I'll just quickly go through the features of EFS. So it supports the NFS version four protocol and you only pay for the storage that you use. There's no preprovisioning required. So it's not like EBS where we have to spin up an eight-gig volume. We actually just start putting files on it and we're charged thirty cents per gig in terms of storage costs and that's it. It can scale up to a petabyte and can support thousands of concurrent NFS connections at once. And the data is stored across multiple availability zones within a region. To my knowledge, we don't actually get an adurability rating from Amazon to my knowledge,at least to what I could research. But that's because it is quite new. So it's not going to be like S three where we get the eleven-nine S durability just yet, but hopefully as they develop it, we will get a definite durability rating. Now, the cool thing about EFS compared to S3 is EFS's block-based storage, as opposed to object-based storage. So we can put files in there and we can actually share them with other EC two instances. We'll go through how we do that in this lab. And so EFS is very similar to S3 in that you get read after writing consistency. But, once again, EFS is block-based storage, not object-based storage. Okay? So in order to do this, I'm going to go over to the Amazon console. You may just have to watch the video. Until this comes out of preview release, you may not be able to do this yourself. But the other thing you can do is try and sign up for the preview. You'd be surprised. I signed up for it and it was available to me within a couple of days. So if you do get the time, go ahead and try it. OK, so I've logged into the AWS console and you can see here that I'm in Ireland. And we go across here and click on "Elastic File System." Of course, now this region is unsupported. It is only supported outside of the US West Oregon region. Here's the splash screen. So we go in and we hit Create file system. Now again, if you haven't signed up for the preview, you won't see that it will tell you to sign up for the preview. So I've gone in and here's my lovely splash screen. And basically, I have to create mount targets. Well, first of all, I have to select my VPC. I'm just going to use my default VPC for this region. I then have to create mount targets and I can actually choose which availability zones I want to have mount targets in. And I'm just going to click on all three available zones, and then we will choose our subnets. So this is if we were using our custom VPC. We might have different subnets, but these subnets are the default subnets for each Availability Zone, our IP addresses. We can actually go in there and predetermine our IP address, but if we just leave it blank, it's going to automatically allocate us an IP address. And then there are the security groups. You'll see it's the same security group and it's the default security group for this VPC. Okay? So here is where we go in and add our tag. So I'm going to call this my EFS File System, and you can see I've already typed it in before. I'm going to go ahead and hit Next. Then we just review the information. So we're basically putting it in this VPC and these three Availability Zones. We're assigning it an automatic IP address and it's going to be assigned to this security group. And then we go ahead and hit create file system. And it's literally that simple. So what I'm going to go in and do now while this is being created is I'm going to go in and provision three EC2 instances. I'm going to put them in different Availability Zones.So I'm going to go across to EC Two and I'm going to provision. I might actually just provision two instances to keep this video quite quick. So go in and do our Linux. Am I going to use a T two micro?I'm just going to use all the standard settings, except I'm going to choose my Availability Group Availability Zone. So I'm going to go into US West Two A. I'm going to go ahead and hit Next, add mystorage, and we're going to call this US West Two. I'm going to go ahead and hit my security groups. And the security group I'm going to use is one that I spun up earlier. So my Web DMZ is going to go ahead and hit Reviewand Launch, review and launch, and use that private key. And then I am going to go back and review my instance and launch my second instance. And again, we're going to go through all this again, quickly, quickly, quickly. So, this time, we want the subnet to be two B. Go ahead. Hit next. Next, And I'm going to call this West Two B and hit next. And I'm going to use my preexisting security group,which is my Web DMZ, to hit Review and Launch. And again, I'm going to launch it using the key pair that I set up earlier. Okay, so now that that's done, I'm also going to go in and provision a load balancer. You'll see why in a second. So we'll create this load balancer. We'll just call it my production LB. I'm going to create it within the default VPC. We're just going to let it have port 80. I'm going to put it in the same security group and hit Next and hit Next.And we're going to configure a health check and it'll just be our standard health check, except I'm going to change the healthy threshold to three and the health check interval down to 10 seconds just so that it comes online very quickly. And then I'm going to add in both my EC instances. Of course, this is going to fail the health checkuntil I actually go in and start installing that index HTML file and just hit Review and Create. So there we go. We've got the elastic load balancer created. We've got two EC instances that are online. If we come back here, we should be able to see that our elastic file system should hopefully be ready. And yeah, it's available in all three Availability Zones.So here we go. Now what I'm going to do is I'm going to come over here and I'm going to note down the public IP addresses of my two instances and I'm going to log into them. Now I've been playing around with this a bit in the video, you know, just to make sure everything works before I record it. So you can see a lot of different terminated instances here. But here are my two instances. And before we do this, though, there's one important point. We need to make sure that these instances are within the same security group as the EFS mount point that we just created. So we need to go in and go to actions.We need to go over to Networking and change security groups, and we want to make sure that these EC two instances are also within the default BPC security group. So are you going to do that for us west two? And for us west two, do exactly the same thing. Go ahead and change the security groups. And so there we go. Assign security groups. So there we go. Our two ECs Two instances are within separate Availability Zones.They're behind an ELB. They are both now running and they are in the same security group as our EFS volume. If we just go check on EFS, you can see what security group it's in just by reading here. So it's the default security group. So if I now go back to EC two, I'm going to make a note of the two public Ipaddresses and we're going to run two different terminals, and they're going to be different colors. So you can see which one I think US West Two will make blue and US West Two B will make green. So I'm just going to pause the video as I get the terminal windows set up. Okay, so I've logged into two different terminal windows. The blue is us. Two West A. And the green is us, west of B. And so I'm just going to go ahead and log into both instances. So go ahead and hit yes, and that's connecting now, and I'm going to go ahead and hit enter and type in yes, and that's also connected now. It's going to raise my privileges to root and I'm going to clear the screen. Do the same here, raise my privileges to root, and then clear the screen. The first thing I'm going to go in and do on both of these instances is install Apache. So yum, install HTTP minus yes,and the same goes here. Yum install minus httpd I've installed Apache on both. The next thing I'm going to go do is start the Apache service on both the service Httpdstartand then on the other ones service Httpdstart.There we go. And so we started on both. So now when we've done this, it's basically created the VAR. We go across here, it's created the VAR dub dub dub dot HTML or HTML and you can see there's nothing in there. So I'm going to go ahead and clear the screen. I'm going to go back to the root and here I'm going to do the same thing, clear the screen, and go to the root directory. There we go. So, if we go back over to EFS, the next thing we need to do is go over to EFS and click on it here. It's really, really simple. You can click in here. You'll see file system access,easy to mount instructions, and you can click in here. Because we're using Amazon Linux AMI, we don't actually need to go in and do any of this. We don't need to install anything. It's already preinstalled for us. All we need to do is run this command to mount our instances, but this is going to mount them to the EFS directory, and we want to mount them to our VAR Dubdubdub HTML. So I'm going to go back to my terminal window. We're going to paste this command in here and I'm just going to change it so that it goes toVAR dub, dub, dub HTML and hit enter. And I'm going to do the same for this one here. Go tobdubdubh, TML. Now what's really cool is that if we now go to our HTML,this is mounted on EFS and we can start creating files. So go nanoindex HTML, which is what our elastic loadbalancer is now looking for for its health check. I'm going to call it just type in Hello Cloud Gurus. This is my new home page, and I'm going to save this. Hit yes and hit enter. Now if all has worked, we can go back over here and if we go to our Bardubdubdub HTML and do an LS, you can see there's now the index HTML, we can actually go in and have a look at what the data is in there. Hopefully, or obviously, it is going to be the same as what we just saved. So it's the same file and basically we've just got one copy of our code. But we've got two web servers serving up this content. And I'm going to now go back across here. I'm going to go over to my elastic load balancer and, with any luck, this will now be in service. So if we come back over here, go to our loadbalancer, and go over to our instances, there we go. It's now passed the health check. It's finding the index dot HTML. And if we browse to the actual DNS name, click on the description, and go to the DNS name of the loadbalancer, it's going to load that file that we just created. So go up here, go in. And there we go. Hello Cloud Gurus. This is my new home page. So you can see how amazing EFS is going to be when it finally comes out. It essentially means that you can have your code in one container, one file system, and then mount it across multiple different EC two volumes. You don't have to mess around with moving things in and out of three auto-scaling groups. You could simply change your bash script to mount Apache's root directory to thisEFS mount point, and EFS currently supports thousands of different mount points. So you could have thousands of different web servers all serving the same code from that particular file system. So it's going to be a really powerful thing. Like I said though, guys, it's such a new product that it's not yet on the exam. And because it's using NFS four, even some versions of Windows, like Windows 2008 and 2012, to my knowledge, don't have trouble supporting it. So it is very new, but you can see where things are going. It's a great central repository to serve all your code. And it doesn't just have to be web servers. It could be file servers, it could be anything. You know, it's a fantastic product that AWS has come up with. Okay, that's it for this lecture, cloud Gurus. If you have any questions, please let me know. If not, feel free to move on to the next lecture. Thank you.

ExamSnap's Amazon AWS Certified Developer Associate Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Amazon AWS Certified Developer Associate Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.