Course programme
Designing AWS Environments
19 lectures 01:51:17
Designing AWS Enviornments - The Course Overview
This video gives an overview of the entire course.
Opening an AWS Account
In order for the student to follow along with the on-screen examples, they should open up a free AWS Account.
• Browse to aws.amazon.com
• Enter your personal and payment information
• Verify your identity and choose a support plan
The Free Tier
For the first year of your AWS Account, there are many things you can do for free. We will discuss what these are and how to avoid accruing any charges.
• What is free for the first year?
• Avoiding monthly charges during your first year
• What you can always get for free on AWS
The Management Console
The AWS Management Console is the easiest way to launch AWS services. In this video we show you how to navigate the console, access your billing information, and switch regions.
• The first step is learning how to log in to the management console
• Next, you need to know how to locate the various features and services that AWS provides
• Finally, you should understand how to switch regions, and how the console changes when you switch
Amazon Machine Images
How to launch an EC2 instance from the AWS Management Console.
• Select a Windows or Linux AMI
• Select the instance type and size
• Attach storage, add tags, and a security group
EC2 Instance Types
AWS EC2 instances are available in several types and also various sizes. To get optimum performance and cost, you need to select the correct type and size instance for your application.
• Learn about the five general categories of instance types
• Within a type, there are sizes that determine the server capacity
• Select the instance type and continue launching our instance
EC2 Storage Options
There are several types of storage volumes we can use for our EC2 instances. We need to understand the significant differences and trade-offs.
• Local instance storage provides the fasted IOPs
• EBS volumes provide durable storage
• We add the storage volumes and continue launching our instance
Security Groups
It is very important to keep our instances safe from attacks. Security groups give us a way to protect our instances with firewall rules. These define what type of traffic will be allowed in and out of the instance.
• The first step is to create a security group
• Next, we add rules to allow traffic flow by protocol and source
• Finally, we complete the launch of our instance
Key Pairs
Logging in to an EC2 instance requires that you create a key pair, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance.
• A key pair can be generated by several means
• On Linux, users are authenticated by providing the private key
• On Windows, the Administrator password is decrypted by the private key
Logging in to Linux Instances
To connect to EC2 Linux instances, we use SSH and authenticate with a private key. However, the process is different from Windows and Mac/Linux. To other users, to connect requires creating more key pairs.
• Connecting with SSH from Windows
• Connecting with SSH from Mac/Linux
• Adding Linux users
Logging in to Windows Instances
To connect to EC2 Windows instances, we use RDP and the administrator password. To obtain the password, we need to decrypt it first with the private key.
• Obtaining the administrator password
• Connecting to Windows instances from Windows
• Connecting to Windows instances from Mac
Classless Inter-Domain Routing
Defining a Virtual Private Cloud (VPC) on AWS begins with selecting an IP Address block for the instances that will run in the VPC. This requires an understanding the CIDR notation and the valid private IPv4 addresses ranges.
• Understand how CIDR notation is used to define IP address blocks
• Understand the IP Address ranges that are set aside for private networks
• Understand that some IP addresses are reserved for use by AWS
EC2 IP Addressing
When you launch an EC2 instance into a VPC, it will be assigned a private IP address. If you want the instance to be reachable from the Internet, you will need to assign it a public or elastic IP address.
• First, we need to understand the difference between public and private addresses
• Next, we need to know when to use an Elastic IP address
• Finally, we learn how to assign multiple IP addresses to our instance
Subnets and Route Tables
Every VPC must contain one or more subnets. Subnets can be configured to be either public or private, depending on whether their instances need to be reachable from the Internet.
• First we need to decide on the number and size of subnets we should put in our VPC
• Then we need to use Route Tables to make some of our subnets Public
• Finally, we need to give private instances the ability to reach the Internet through a NAT
Getting Started with VPCs
VPCs allow you to launch instances into a private network space. There are three primary ways to obtain a VPC including using a pre-defined Default VPC, building your own with the VPC wizard, and creating a completely custom VPC from scratch.
• Using the Default VPC is easiest, but least secure
• The VPC wizard will create a VPC from one of four standard configurations
• Creating a VPC from scratch offers the most security and flexibility
Creating a VPC Demo
The default VPC will require a lot of modification to be able to provide the level of security we need to protect our instances. The solution is to build our own custom VPC with private subnets and custom route tables.
• The VPC wizard can create a VPC from one of four common configurations
• A fully custom VPC requires you to define a CIDR block and configure options
• Once the VPC is created you define the subnets
Connecting to a VPC
Once we have a VPC and some private or public instances, we need to be able to securely to connect those instances from outside the VPC. This requires attaching one or more gateways and establishing a secure connection between our data center.
• A gateway attachment provides communication with a VPC over the Internet, or private connection
• Direct Connect provides a dedicated connection from a data center to a VPC
• VPC peering allows instances in two VPCs to communicate
Securing Your VPC
Relying solely on Security Groups for our firewall increases the likelihood that an accidental misconfiguration could leave our databases and other private resources exposed to hackers. Best security practice mandates that we should backup our security groups with an additional layer of security.
• Network ACLS provide an additional security layer at the subnet boundary
• Bastion Instances can be configured to allow SSH or RDP to private instances
• Our NACLs and Security Groups can be configured to allow connections through a Bastion
Highly Available Architectures
Regions on AWS are divided into two or more distinct locations known as Availability Zones (AZs). With the proper architecture, we can leverage multiple AZs to give our applications high availability.
• Subnets in our VPC can be located in different AZs
• An Elastic load balancer can distribute requests to instances in multiple AZs
• Autoscaling can automatically add more instances in the event of an AZ outage
Designing AWS Environments.
19 lectures 01:51:17
Designing AWS Enviornments - The Course Overview
This video gives an overview of the entire course.
Opening an AWS Account
In order for the student to follow along with the on-screen examples, they should open up a free AWS Account.
• Browse to aws.amazon.com
• Enter your personal and payment information
• Verify your identity and choose a support plan
The Free Tier
For the first year of your AWS Account, there are many things you can do for free. We will discuss what these are and how to avoid accruing any charges.
• What is free for the first year?
• Avoiding monthly charges during your first year
• What you can always get for free on AWS
The Management Console
The AWS Management Console is the easiest way to launch AWS services. In this video we show you how to navigate the console, access your billing information, and switch regions.
• The first step is learning how to log in to the management console
• Next, you need to know how to locate the various features and services that AWS provides
• Finally, you should understand how to switch regions, and how the console changes when you switch
Amazon Machine Images
How to launch an EC2 instance from the AWS Management Console.
• Select a Windows or Linux AMI
• Select the instance type and size
• Attach storage, add tags, and a security group
EC2 Instance Types
AWS EC2 instances are available in several types and also various sizes. To get optimum performance and cost, you need to select the correct type and size instance for your application.
• Learn about the five general categories of instance types
• Within a type, there are sizes that determine the server capacity
• Select the instance type and continue launching our instance
EC2 Storage Options
There are several types of storage volumes we can use for our EC2 instances. We need to understand the significant differences and trade-offs.
• Local instance storage provides the fasted IOPs
• EBS volumes provide durable storage
• We add the storage volumes and continue launching our instance
Security Groups
It is very important to keep our instances safe from attacks. Security groups give us a way to protect our instances with firewall rules. These define what type of traffic will be allowed in and out of the instance.
• The first step is to create a security group
• Next, we add rules to allow traffic flow by protocol and source
• Finally, we complete the launch of our instance
Key Pairs
Logging in to an EC2 instance requires that you create a key pair, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance.
• A key pair can be generated by several means
• On Linux, users are authenticated by providing the private key
• On Windows, the Administrator password is decrypted by the private key
Logging in to Linux Instances
To connect to EC2 Linux instances, we use SSH and authenticate with a private key. However, the process is different from Windows and Mac/Linux. To other users, to connect requires creating more key pairs.
• Connecting with SSH from Windows
• Connecting with SSH from Mac/Linux
• Adding Linux users
Logging in to Windows Instances
To connect to EC2 Windows instances, we use RDP and the administrator password. To obtain the password, we need to decrypt it first with the private key.
• Obtaining the administrator password
• Connecting to Windows instances from Windows
• Connecting to Windows instances from Mac
Classless Inter-Domain Routing
Defining a Virtual Private Cloud (VPC) on AWS begins with selecting an IP Address block for the instances that will run in the VPC. This requires an understanding the CIDR notation and the valid private IPv4 addresses ranges.
• Understand how CIDR notation is used to define IP address blocks
• Understand the IP Address ranges that are set aside for private networks
• Understand that some IP addresses are reserved for use by AWS
EC2 IP Addressing
When you launch an EC2 instance into a VPC, it will be assigned a private IP address. If you want the instance to be reachable from the Internet, you will need to assign it a public or elastic IP address.
• First, we need to understand the difference between public and private addresses
• Next, we need to know when to use an Elastic IP address
• Finally, we learn how to assign multiple IP addresses to our instance
Subnets and Route Tables
Every VPC must contain one or more subnets. Subnets can be configured to be either public or private, depending on whether their instances need to be reachable from the Internet.
• First we need to decide on the number and size of subnets we should put in our VPC
• Then we need to use Route Tables to make some of our subnets Public
• Finally, we need to give private instances the ability to reach the Internet through a NAT
Getting Started with VPCs
VPCs allow you to launch instances into a private network space. There are three primary ways to obtain a VPC including using a pre-defined Default VPC, building your own with the VPC wizard, and creating a completely custom VPC from scratch.
• Using the Default VPC is easiest, but least secure
• The VPC wizard will create a VPC from one of four standard configurations
• Creating a VPC from scratch offers the most security and flexibility
Creating a VPC Demo
The default VPC will require a lot of modification to be able to provide the level of security we need to protect our instances. The solution is to build our own custom VPC with private subnets and custom route tables.
• The VPC wizard can create a VPC from one of four common configurations
• A fully custom VPC requires you to define a CIDR block and configure options
• Once the VPC is created you define the subnets
Connecting to a VPC
Once we have a VPC and some private or public instances, we need to be able to securely to connect those instances from outside the VPC. This requires attaching one or more gateways and establishing a secure connection between our data center.
• A gateway attachment provides communication with a VPC over the Internet, or private connection
• Direct Connect provides a dedicated connection from a data center to a VPC
• VPC peering allows instances in two VPCs to communicate
Securing Your VPC
Relying solely on Security Groups for our firewall increases the likelihood that an accidental misconfiguration could leave our databases and other private resources exposed to hackers. Best security practice mandates that we should backup our security groups with an additional layer of security.
• Network ACLS provide an additional security layer at the subnet boundary
• Bastion Instances can be configured to allow SSH or RDP to private instances
• Our NACLs and Security Groups can be configured to allow connections through a Bastion
Highly Available Architectures
Regions on AWS are divided into two or more distinct locations known as Availability Zones (AZs). With the proper architecture, we can leverage multiple AZs to give our applications high availability
Amazon Machine Images
How to launch an EC2 instance from the AWS Management Console.
• Select a Windows or Linux AMI
• Select the instance type and size
• Attach storage, add tags, and a security...