Pass Amazon AWS Certified Solutions Architect - Associate Certification Exams in First Attempt Easily
Latest Amazon AWS Certified Solutions Architect - Associate Certification Exam Dumps, Practice Test Questions
Accurate & Verified Answers As Experienced in the Actual Test!
- Premium File 418 Questions & Answers
Last Update: Mar 22, 2023
- Study Guide 632 Pages
Check our Last Week Results!
Download Free Amazon AWS Certified Solutions Architect - Associate Practice Test, AWS Certified Solutions Architect - Associate Exam Dumps Questions
Free VCE files for Amazon AWS Certified Solutions Architect - Associate certification practice test questions and answers are uploaded by real users who have taken the exam recently. Sign up today to download the latest Amazon AWS Certified Solutions Architect - Associate certification exam dumps.
Amazon AWS Certified Solutions Architect - Associate Certification Practice Test Questions, Amazon AWS Certified Solutions Architect - Associate Exam Dumps
Want to prepare by using Amazon AWS Certified Solutions Architect - Associate certification exam dumps. 100% actual Amazon AWS Certified Solutions Architect - Associate practice test questions and answers, study guide and training course from Exam-Labs provide a complete solution to pass. Amazon AWS Certified Solutions Architect - Associate exam dumps questions and answers in VCE Format make it convenient to experience the actual test before you take the real exam. Pass with Amazon AWS Certified Solutions Architect - Associate certification practice test questions and answers with Exam-Labs VCE files.
AWS Fundamentals: IAM & EC2
4. EC2 Introduction
Okay, so we are getting into the first service of AWS, which is Amazon EC 2. So when you start with AWS, you kind of want to start over there because that's kind of the basis of AWS. That's how Amazon used to work for a very long time. Now it's more serverless, as we'll see in this course, but easy too; you have to start there. So it's one of the most popular services of AWS Server, Inc. And basically it consists of the capability of launching virtual machines in the cloud but also storing data on virtual drives, which is called EBS; distributing load across machines, which is called ELB or load balancing; and scaling servers using an autoscaling group, or ASG. So it encompasses a lot of different services. Knowing EC2 is, for me, fundamental to understanding how the cloud works, which is where the revolution started. It's the ability to just start a machine right away, and we need to start there to understand how serverless later on makes a difference. So, for this first hands-on, I'd like to launch an EC2 instance running Linux, and so we'll be launching our first server and using the AOS console, and this will give us a high-level overview of the various parameters that we'll have in this course and for the easy launch, but we'll go over them one by one in much greater detail. In the next lecture, we'll learn how to start, stop, and terminate our instances. OK? That's super important just to get a feeling of how things work. So without further ado, let's get started. Okay, so I am on my AB console, and although EC Twolink is right here, I want you to get used to writing "EC Two" in the search bar and just getting the first link. So first, make sure that you are in the region that's close to you. OK, for me to use EC Paris, but please choose the region where you are in the world that makes the most sense for you to use EC Paris. So we are in the EC-2 console, and as you can see, pretty much nothing's happening. We have zero running instances and a bunch of things in one security group, so basically this is the basis of things, but the first thing we want to do is launch an instance. So there's this big blue button right here to launch an instance. Now when I click on it, the first thing I land on is creating and choosing an AMI. So Am I stands for Amazon Machine Image, and this is basically the software and the operating system that will be launched on that server. Now there are a bunch of distributions that you may recognize, such as Ubuntu, Red Hat, or Microsoft Windows, etc. But in these courses for the certification, it's much better if we go with the Amazon Linux AMI because they come with a lot of Amazon-specific stuff. Especially recently, Amazon Linux 2 came out, and to me, it's kind of what you have to use today because that's how Amazon sees you using Linux. And so we'll use Amazon Linux too. And the thing is, I'm telling you this because if you use Amazon Linux for the tutorial, the commands are going to be slightly different. And because I want you to use the exact same setup as me and the exact same tooling, I would like you to choose Amazon Linux too. Now, if you notice something on the left-hand side, it says Free Tier Eligible. So yes, we are going to try to remain all the way in the free tier when you start your Australian accounts. So when you start working with Amazon, they give you a bunch of free stuff to try the services, such as the one we're doing right now. And it's much better for me and for you if we manage to remain free. So we'll choose something that is Free Tier legible.We'll choose Amazon Linux Two. We'll select the AMA. And now we have to choose the type of machine we have. So when you select an easy-to-use machine, you can select the type, and basically the type is saying how powerful do you want your machine to be? How many vCPUs do you want it to have, and how much memory do you want it to have? If you scroll down this page, you can see there are a lot of different machine types. Okay, a lot of them. But only one of them is free. Tier eligible. So we'll just go for T. 2 micro. In the next lecture, we'll learn about the differences and why there are so many names. But for the time being, let's just use two micros. Now I could go ahead and click on "Review and Launch." It's a big blue button, and it's quite tempting, but I will just do the next configure instance details because I want to show you all the parameters that are available for you. So now we're getting into a lot of parameters, and you may be overwhelmed right now, but don't worry; overtime, over the lessons in the next lectures and soon, you will become much more familiar with them. number of instances we want to launch is one that sounds about right. I will not request spot instances. We want an on-demand instance. As a result, we will not accept this box. Now the network is built around VPCs and subnets. Now when you create an AWS account, it comes with something called the default VPC. So we'll just use the default VPC right here. And the subnet basically tells AZ availability zones where you want your instance to be. So I'll say I have no preference because I have no preference. But as you can see from before when I talked about AZ, we now have three EU West members: A., B., and C. And we could choose to launch our instance in one of these data centers, or AZ. In the same way, I will auto-sign a public IP, and I will just use the subnet setting. Now, we don't need an IAM role; we'll see IAM roles in great depth in the next section. The shutdown behaviour is that if I shut down the machine, it will stop, and so on. All of these are advanced parameters that we'll see later, followed by advanced details and sprinkled user data, and I have a lecture on this now that I clicked on storage. When you start an instance, basically, is that okay? Right now, we have pretty much all the default settings. When you start an instance, it has to have its operating system somewhere, and that's a disk, and basically, that's called storage. So storage is an EBS volume, and currently we just want the root storage, which is where our operating system is going to run, and we'll leave it at devxvda; we'll leave it at 8 GB of space; and we'll leave it as an SSD All of this is very important, and as you can see, when the instance is terminated, so is the root volume because this is ticked. Now leave it like this, and you'll see it's not encrypted. We'll talk about EBS encryption later. Another key and then another value It's whatever you want, okay? You're free to have tags or whatever you want, but the name tag is going to be quite important because it's going to show in the UINow Security Group. Wise, this is basically going to be a firewall around your instance, okay? And so when we get started with our instance, the first thing you do under Linux is make sure we can SSH into it, so there's an SSH rule, and then you can define a port and you can define a source; currently, I will go and create a new security group, which in terms of name I'll just call my first security group, okay? And the description I will say created with my first ECtwo instance and I will allow SSH on port 22 andthe source currently I'll just leave it as kept quite backpreface you could set up as my IP if just youwanted to use that port but to make things super simpleright now and not overload you we will set it ascustom which means any IP now description is something new butyou can set SSH to the instance and if you don'tknow what SSH is just wait until the next lecture nowwill review and launch it and we'll get a big warningsaying your security group is open to the world so zerois not best practise so we get a bit of awarning here but that's okay and here we can review allthe parameters that we've had okay so everything looks good Just make sure you have a T2 micro, and make sure you use Amazon Linux 2. Okay. But everything looks fine, so we'll click on Launch, and the last thing we have to do when we click on Launch is to create a key pair. Now, basically, a key pair is what's going to give you access to login to or to SSH into the machine you just launched. Right now, we have no key pairs, so you can import key pairs if you already have key pairs, but for this case, we will go and create a new key pair, and for this key pair, I'll call this EC Two tutorials later, the next step is for me to download that key pair, and it downloads a tutorial PM file, and then I click on Launch instances, so that's about right, and then we click on View instances in the bottom right, and we end up with our first instance starting. so as you can see now our instances started we can seethe instance type it's T two micro the availability zone was launchedin so from it's EU West three C and the instance statewhich is pending so it's been created everything looks good and we'llsee how we deal with the IPS in the next lecture aswe can see the tag here My first instance was used under the name column, so basically, our instance was being named, which is great, and so we are good to go now. One thing I want to show you is that once the instance is started, we have a green bar running, okay? And green running means that instance has started and you can be billed; this is a TV Micro, so it's free tier usage, so you won't be billed for this instance, but if there was another instance, you'd start getting billed if you right clicked on it, and you could stop it. Reboot or terminate an instance if you stop it. It will just not bill you for it, and the instance will be stopped if you reboot it. If you expect it to be like a computer, it will reboot it, and if you terminate it, you're basically saying, "I don't want it any more." Don't save the data. Just take it away from me, and basically you won't be able to access your instance ever again. Okay, so this is very bad. For now, we'll just keep that instance running because we have to do a tutorial with it, so I will see you in the next to show you how we can SSH into it from either Linux or Windows. Mac or Windows, so see you in the next lecture.
5. SSH Overview
Okay, so we are getting into the lecture of how you can connect to your EC2 instance. and for this we'll use the SSH utility. So based on the different operating systems you have—Mac, Linux, Windows Lesson Ten, or Windows Ten—you may be able to use the SSH utility. So the SSH utility works for Mac and Linux, but it does not work for Windows Less Than Ten, and it actually works for Windows 10. So I have created two lectures. one for Linux and Mac for SSH, and the other one for Windows 10. Then, if you have Windows less than 10, you need to use Putty. Putty is a drop-in replacement for SSH. And so if you are on Windows 10, you should use Putty. If you're on Windows Ten as well, you could use Putty. And nonetheless, if none of these things work for you, there is something called EC2 Instance Connect. And EC2 instance Connect allows you to connect to your EC2 instance from any operating system's browser. So you may be asking me, okay, which lecture should I watch next? If you're a Mac or Linux user, you need to watch the lecture on SSH on Mac or Linux. If you're a Windows user, you need to watch SSH on Linux, Mac, and Windows, because there is something in it called the "chmod 400 command." and that is something to know going into the exam. So you still need to watch that lecture, even though you cannot do it on your laptop. Then you go into the Patty lecture to learn how to do SSH on Windows using Putty. And if you have Windows Ten, then you should also watch a lecture called SSH on Windows Ten. Finally, for everyone, I want you to also look at the ECQ Instance Connect lecture because I think it is really cool, can solve many of your problems for SSH, and will allow you to keep on moving with the course no matter what. Okay? Now, SSH is what students have the most problems with in this course. So if things don't work, don't panic. Number one is to rewatch the lecture. You have no idea how many people just miss something in the lecture, and by missing a small detail, then they fail and things don't work. So rewatch a lecture; maybe you'll figure out something that you haven't done before. Start over. If things still don't work, I created a troubleshooting guide that I have at the end of all the SSH lectures. So go to the Troubleshooting Guide and have a look at it. It contains helpful tips on how to solve your issues with minimal steps. And if things still don't work and you can't do SSH or Patty, please look at the Easy Two Instance Connect lecture. And this lecture works for everyone. Okay? So if you don't get SSH to work on your machine, then use the EC2 Instance Connect lecture, and you'll be able to do SSH from your browser and be able to keep on going with this course. All right, that's it. I hope you're excited, and I will see you in the next lecture.
6. How to SSH using Linux or Mac
Alright, so now we're going to SSH into our EC2 instance using our Linux or Mac computer. And you may say what the hell is SSH? What are you talking about, Stefan? Well, SSH is one of the most important functions when you deal with Amazon Web Services. It basically allows you to control a remote machine or server using your terminal or your command line. So how does that look with a diagram? Well, we have our EC2 machine, and we launched Amazon Linux 2 on it. And our machine has a public IP. Now we want to access that machine. And so for this, I don't know if you remember, but we have a security group, and on it we allow the port 22 of SSH. So what will happen is that our computer—my laptop for you, mine for me, or whatever for youth—will connect to the internet via port 22. It will access the EC2 machine, and basically our command-line interface is going to be just as if we were inside that machine. So let's get started. Okay, so I am in my instance console and, as we can see on the bottom right, we have a public DNS and a public IP. So this is basically how I can connect from my computer over the Web to this instance. And this is why we have a public IP. So 35 one 8100 144. So we have to go ahead and copy this, and we'll use it. Okay? The other thing that's super important is that if we look at our security group and click on View in Bound Rules, we should be seeing that part 22 is open on the protocol TCP and the source is zero, which means anyone. OK? So let's go ahead and SSH into our instance. For this, you need to open a terminal. So use whatever you have on Mac or Windows. For Mac If you're interested, I use item. And so what we actually do is SSH into our machine. Now we do SSH EC with two user at.And the IP EC 2 user is basically the Linux user on our Amazon Linux machine. And that basically defines the IP. Now, does that sound right? We click on "okay," and it says, "Okay, do you want to continue? That sounds fine. Say yes. And then it says "Wait, permission denied." So it seems like we can't really SSH into a machine. Well, that makes sense, right? We just launched a machine right here, and it's using a public IP, and the port 22 is open. But we don't want anyone to get into that machine, right? We just want to get into that machine. And so this is why we downloaded a key file, okay? The EC Tutorial P-E-M file And so we are going to have to use that key to get into our machine. So what I did is that I took that key and I placed it into my directory called AWS, but you can place it anywhere you want. Now we basically have to say, "Okay, I want to get into this machine, so I want to run this SSH command," but I also want to reference my key so that I can tell the machine that, "Hey, here's my key," which allows me to get into the machine. So to use the key, you do I, and then you reference the PEM file. So SSHI easy tutorial PM and then the instance username at the instant IP Click on enter, and now we get another warning. It says "Warning: unprotected private key file." And so that's a very common exam question, which says that when you first download a file, the permission is something called 0644, and that's too open, and basically the private key can leak. Okay? So basically, because the private key is accessible by others, it will complain about bad permissions and not allow you to SSH into that machine. So to fix this very common permission, you do chmod 400, and then you reference the key name. So just like this And now if we run this command again, TADA, we are in the machine. So we get Amazon, Linux, and AMI—and we are in the machine. Now if I go and clear the screen and type "who am I," I can see that I am easy to use. Okay? So you can do a lot of things. You can go ahead and ping Google.com if you want to. And as you can see, it works. Google.com is talking to us. So this sounds about right. So this is how I SSH into the machine. Now I'm basically into my EC2 server, and I can run commands from here. And as you can see, we run lots of commands from our EC-2 machine, but it's super important for you to know. Now to exit, you can just press "exit," or you can do control-D to log out. And then you see the connection is closed, and I am back to my directory. Okay? So these commands are going to have to be run very often. Again, remember SSH minus I, the name of the keyfile, and then the username and then the IP. So that sounds right. You just learned how to SSH. I will see you at the next lecture.
7. How to SSH using Windows
Okay, so we are going to learn how to SSH into our EC2 instance using Windows, and for this we use SSH. SSH is one of the most important functions, especially when dealing with Amazon Cloud, because it allows you to control a machine remotely via the command line. Okay, and so what does it look like? Well, basically, we have our EC2 machine and it's running Amazon Linux 2, and it has a public IP, and I don't know if you remember, but we had an SSH security group on it, and basically, we allowed SSH on port 22 to any IP, which basically allows our Windows machine to connect over the internet directly into the machine and control it using the command line. So we'll see how we can meet the requirements for basically parameterizing our Windows, and we'll use patchy to do SSH. So this is a free tool available online, and as you can see, it's a little bit tricky to use the first time, but we'll get used to it, and we'll learn how to install SSD into Linux using Patty. So let's get started. So I am on my Windows machine, and the first thing I'm going to do is download Patchy, so I Google Patchy and take the first link, and you can say you can download Patty here, so I'll go ahead and download it, and I'm under Windows, so you can choose whatever 64- or 32-bit installer you want. I'll just use the 64-bit version and run it, and you may get a little warning when the thing runs to install, but the installation process should go really smoothly overall, so you go ahead and click on Next, Next again, and Yes, so it instals Putty, and then we don't need to read me and we finish. So the first thing you have to do is go under Windows, scroll down, and all the way to the bottom, we see a Patty folder, and underneath we have Patty Jen. Now using Pattygen we are going to convert thekey we have downloaded from the EC two consoleand we're going to convert it into a formatthat Putty likes which is called PPK. So we'll go ahead and click File, then Load Private Key. Now we need to go wherever you downloaded your private key, so for me it's on my desktop. Click on the desktop, and you need to open all files. Here are two easy tutorials. P-E-M stands for successfully important foreign key. Okay? And basically it says use this key withbuddy you need to save private key command. So I did load again, making sure to scroll down and click on allfiles to see the file that you just downloaded. So here is our key, and it's imported, and what I'll do is, as I said, click on Save Private Key. Here we get a warning saying, "Are you sure you want to save this key without a password to protect it?" Yes, for me this is fine. I don't need a password. But if you want extra security, you can say no, and you can save with a passphrase. So here on the desktop, I will say "EC Two Tutorial." And then you see PPK. Okay, so this is a party private key file. We click on "Save." And now we have done the conversion of our key from a PEM file to a PPK file. So, we can close this. And this is something we just have to do once. Then if we go back to Windows and scroll down and look for Patty one more time, here is Patty. Here, we can now go ahead and open the program, Patty. And here is our PatTY program. Now we need to go ahead and basically enter the IP address of our EC-2 machine. So, under my EC2 machine, we see an IPV4 public IP, which we'll use for this. So I'll just copy the public IP and paste this under Hostname. Now we also need to add a username. So I will. EC two minus user at the IP address. EC-2 user is basically the host name we'll use to log into our EC-2 instance. Now what we can do is go ahead and save this, and so I'll give it a name; I'll call it my EC2 instance. So we save it, but we're not done yet. So click on my two instances, obviously, and we click on yes. And so we get a little error about the serverhost keys not caching the registry. And then we get an error saying no support authentication method is available because we haven't linked our private key file. So if you get that error, you can close this. We go back to the party, and I like to show you errors before I show you how things work, because these are errors you could have had all along. So we click on my instance and click on "load." And now we need to reference the PPK file. So for this, we go to SSH. We open this and there is off. And then under Auth, there is a private key file for authentication that you can browse. Then we navigate to Desktop or wherever you saved your PPK file and refer to your easytutorial PPK file. Now we're almost done. Don't click on Open just yet. We return to Session and save it once more. This way, our easy-to-instance save session will have the PBK file. Now click on Open, and all of a sudden things work. We are inside the machine, so we have a nice terminal and we can see that we are inside the machine. For example, if I type, who am I? I say I'm easy to user. Great. and if I ping Google.com. I can see that Google.com is responding and we get information fromit so control C and then to exit you can just pressExit or exit using the way you prefer so I'll just goand press Exit and as you can see things just exited nowif I go back and one last time to put it justto verify that same work properly if I click on my studentsand load the profile usually if I go to SSH and againoff now the private key file should be saved and so we'regood to go we can just directly click open and we haveSSH into the machines now what we'll do is that we'll dothis pretty often so make sure you have the hang of itand we are ready to go into the next lecture to dosome more fun stuff with easy to so see you then.
8. How to SSH using Windows 10
So if you are on Windows 10 or a very new version of Windows, then you may be able to use the SSH command instead of PT to log on to your easy-to-use instance. So I have Windows 10 right here, and I want to show you how we can do it. So if you go to PowerShell, for example, and you type SSH, and then you get this commandback about the usage of SSH and a lot of options, that means that you have access to SSH. If you don't have PowerShell, you can just use the command-line editor and type SSH to see the exact same thing. That means that you have SSH. If you see "SSH command not found," that means that you don't have SSH installed on your Windows, and that means that you will have to use Patty, as we saw in the previous lecture, to connect to your EC2 instance. But say you have the SSH command; then we can do the exact same command as what we do on a Linux or Mac computer to log on to our instance. So what we have to do is do SSH I, where I stands for Identity File. So we need to provide the location of our identity file for me. This is my EC tutorial P-E-M file andI'm just going to copy the entire location. So the location right here is copied, and I'll pass it in here, and then I'll add the EC Two tutorial PEM. Okay, next we have to decide what user we are going to use to connect to our EC2 instance. So if we go back to our EC2 instance, we launched an Amazon Linux Two AMI. So the user to log on to theEC Two machine is always easy to user. That is something you have to do when you use Amazon Linux. This is why we have an EC2 user in here, which corresponds to the IP of the machine. So here we go to the public IPV4 address, and you'll copy it. Remember that this IP will change if you restart your machine. Start and stop. So we'll just paste this year, and here we go. So I've done SSH with the entire path to the PM file and then the EC2 user because Amazon X2 is at VIP of our machine. Let's press Enter, and we're prompted that we want to verify the host's authenticity because we've never connected to it before. Windows needs to know that we can trust this host. So I'm just going to say yes and press Enter, and now I get an error warning: "Unprotected private key file." So you may or may not get it, but it's important that if you do get it, you know how to resolve it. So this is the same problem that we have when we have a Linux or a Mac: we want the private key file so that the PEM file is protected correctly and has the correct permissions. And so how do we fix this? On Linux and Mac, we use a command called Ch Mad. But for Windows, this ch mod command does not exist, therefore we need to use something else. So I'm going to clear the screen, and we have the command ready already. But I'm going to go to my PEM file. So right here in my downloads, right-click and click on "properties," and then I'm going to go to "security," and here we can see who has access to this key. But in there, there's an "advanced" tab. So click on Advanced, and you are getting into the advanced security setting. So the first thing you have to do is make sure that the owner of this key is yourself. So I'm going to go here and I'm going to look for Stefan and check the names, and here I am. I make myself the owner of this key. So the owner has to be you, and then you should remove any other user. So this one I can't remove, and this one I can't remove either because it has inheritance. So I need to disable inheritance right here, and I say okay, convert inherited permissions to explicit permissions, and now I can remove the system and I can remove the administrator. So here, now this file institute has inheritance disabledand only me is able to control this file. So I click on "apply," and then I have said, "Okay." Now that I am here, I need to make sure I have full control. So yes, I do have full control. This is perfect. and if I didn't, I'd click on Permissions and then add myself to full control. So now we have done something so that the properties of the security file are just us having full control over this file. So that's perfect. And now if we try this command again and press Enter, we are logged on to our Amazon EC2 instance, and the reason it works now is that we had the right permission for security and we were not prompted with a yes-or-no question because we already told Windows to trust this EC2 instance and this IP. So this is really cool. What I can do now is demonstrate how it works exactly on the command line. So I go to the command line and paste the command. Oops, let me do it again. I'm going to the command line, copy this and paste it, press Enter, and again, it will work right away. No, no, no question about entering the instance because Windows already trusts it, and no security error because we fixed the security for this download. So now you've seen how to do it on Windows using the SSH command. Hopefully that covers all the use cases you may have and all the issues you may encounter, and you have to remember that you can only do this on Windows 10, Mac, or Linux. But if you have an older version of Windows, you can't install SSH on it. You have to use a Patty, as we saw in the previous lecture, to log on to your EC2 instance on Amazon Linux too. So that's it for this lecture. I hope you enjoyed it. I hope that was really helpful, and I will see you in the next lecture.
9. EC2 Instance Connect
So now let's have a look at EC2 two-instance connect. So if we click on our instance and just click on Connect, we have the option to connect to our instance, and we can connect using the standard SSH client. And we've seen how to do this using the different tutorials from before or by using Patty. But also, we could use something called EC Two-Instance Connect, which is a browser-based SSH connection. We just specify the username, which is EC. Two users for Amazon Linux Click on Connect, and automatically we're in. Nothing to do. So this is quite magical, I know, but it works. And now, from the browser, I can issue some commands and things will work, so I can clear the screen and so on. So the really cool thing is that I've just done that from a browser, and this is the exact same equivalent to doing SSH, but I don't have to use a terminal and I don't have to worry about keys. So behind the scenes, AWS will upload a key to your EC2 instance that allows me to connect to it temporarily. So it's pretty cool, right? So this does not work if you block the SSH port. So if we go to our launch wizard and then we go to the inbound, we delete any SSH rules—just delete everything regarding SSH—and I try to connect again using EC2 Two Instance Connect. This one time, it will not work. The screen will remain black and there will be a timeout. And this is because I still need to have my SSH port 22 rule in there for it to work. So I go back to my security group, and I'm going to have port 22, and then the source is going to be anywhere. Click on Save, and now I can close this tab and try again. Click on Connect and connect again, and I'm able to go directly into my EC2 instance using EC2 Instance Connect. That's pretty cool, right? The only last thing you need to know is that this only works right now with Amazon Linux, too. So if you click on the AMI ID right here, it says Amazon Linux Two AMI 2.2.1. So it needs to work with the recent AmazonX Two Mi, which is the one you have when you launch on Amazon Linux Two Mi. So please make sure in the tutorial and all the tutorials we do that we use Amazon X-2 AMI. And so if you don't want to use Patty or the SSH utility and just want to do everything from within your browser, then you know how to do it. Now using simple instance connection. Well, that's it. I hope you liked it, and I will see you in the next lecture.
10. Introduction to Security Groups
Now we are ready to get an introduction to security groups. So security groups, they're the fundamental ofthe network security in AWS and you'llhear them more and more and more. They control how traffic will be allowed into your EC 2 machines. As such, they are extremely important. So we have the WW, the Nets, the EC2 machine, and our security group. And basically, we'll control the inbound and outbound traffic. It's honestly the most fundamental skill to learn to troubleshoot networking issues in AWS. And if you understand security groups, you're sort of a big part of the Amazon cloud. So in this lecture, I want to show you how to use your allowed inbound and outbound ports to give you a feel for how things work. So let's get started. Okay, so we have our EC Two instance andas we can see the inbound rules of oursecurity group says that for 22 is allowed. So if we go into our terminal and have suspicion of it, it works great. But what happens when we start messing around with the security group? So you can click on it, and you are taken directly to the security group page. By the way, on the left-hand side, you can quickly get back to it under Networked Security. So we have a security group, and it has a name, it has a description, and we have Inbound, Outbound, and Tags. Now under Inbound, these are all the rules that will allow traffic into our EC-2 machine. And so by default, there are no rules. Okay? And we have to add rules. And the rule we added when we created the ECQ instance was this SSH rule. If you go to outbound, by default, all traffic is enabled out of the machine. And so that means that the machine can communicate with everything, everywhere. This is fine, by the way. Finally, tags are useful if you want to add a name tag or anything else to your security group. But this is fine. We won't play with it. Now what happens if we just delete that role? So we'll just remove that rule, save it, and now we have no more inbound rules into our machine. Now, if we go ahead and try to SSH again while port 22 is not allowed, as you can see, we'll just wait and wait, which is known as a timeout. And so I could just show you the screen for the next minute; nothing's going to happen. So I'm just going to stop that command. Basically, by changing the security group inbound and removing it, we've basically not allowed anything to go through port 22. And so we can't SSH into a machine. So to fix this, we go to edit, and we can add a custom TCP rule in which we can set the protocol and the port range. So you can say one single port, a range, and the source, which is commonly referred to as a Cider IP security group, my IP. and you get a description. There's a quick little shortcut in case you want to use SSH or HTTP or whatever you want, really. You're free to do whatever you want. So for us, we'll do SSH on port 22, and the source can be either my IP, so from my workstation, or anywhere, which is zero. And this little bit right here is basically what happens when using IPV 6. Okay, so we'll just do custom and I'll do it, and basically we'll say SSH is allowed from anywhere, right? So this is good enough. We'll save that rule, and now that the SSH rule is back in, we can SSH into the machine. And as you can see, things are working. So I'm into the machine. So it's a quick intro to how security groups work. But as you can see, any time you get some kind of time out and you can't get to your machine, not just on port 22, but on any ports, this is probably a security group issue. So I hope that was helpful, and I will see you in the next lecture.
11. Security Groups Deep Dive
Okay, so let's do a deeper dive into security groups because there's so much I haven't told you yet. So security groups, which are essentially firewalls in simple terms, will regulate access to ports, the authorised and IPS for IPV4 and IPV6, and they will control the inbound network. So not only from elsewhere to the instance, but also from outbound networks. That means from the present to other places. And basically everything will look under a nice table where you can see your different rules, maybe HTTP or SSH and a custom TCP role, for example, and the description and the source and so on. So making sure your security groups are great and upstanding is very important to maintaining the security of your account. Now, if we look at a diagram, what does that look like? Well, basically, we can have our easy instance, and it has one security group. But I've just logically separated the inbound rules and the outbound rules. And this is your computer, and it has an IP, and it's authorised on port 22. So what happens is that when you connect to your EC2 instance, the security group says that's fine, your IP is authorized; go through. But if it's another computer that's not authorised on port 22, So, if you only restricted your security group role to your IP, it will be blocked by the security group, as indicated by the red color. And the ECQ instance would actually never see that network request coming through. So the security group is really a firewall outside your EC2 instance. Now, if you have WW, so just any IP, any port, and your instance wants to connect to it by default, as I said, it is possible because all the outbound roles are open and working, and this is what we would actually expect from a server. So that's great. So this is what you should remember from the diagram. Now, that's good to know. What do you need to know about security groups? Well, they can be attached to multiple instances. Okay? There's not a one-to-one relationship between security groups and instances. And actually, an instance can have multiple security groups too. Security groups are locked down to your region's VPC combination. Okay? So if you switch to another region, you have to create a new security group. Or, if you create another VPC, we'll discuss VPCs in a later lecture. Well, you have to recreate the security groups. The security groups live outside the EC Two.So as I said, if the traffic is blocked, the EC-2 instance won't even see it. OK? It's not like an application running on EC Two. It's really a firewall outside your EC2 instance, to be honest. And that's just advice from developer to developer. But it's good to maintain one separate security group just for SSH access. Usually SSH access is the most complicated thing, and you really want to make sure that one is done correctly. so I usually separate my security group for SSH access separately. If your application is not accessible to timeout, as we saw in the last lecture, then it is a security group issue. Okay? So if you try to connect to any port and your computer just hangs and waits and waits, that's probably a security group issue. But if you receive a "connection refused" error, okay, you actually get a response saying "connection refused." Then the security group actually worked. The traffic went through, and the application was airing or wasn't launched, or something like this. So this is what you would get if you got a connection refused. By default, all inbound traffic is blocked and all outbound traffic is authorized. Okay? Now, there is a small advanced feature that I really like, and I think it's perfect if you start using load balancers, and we'll see this in the next lecture as well, which is how to reference security groups from other security groups. So let me explain things. So we have an EC2 instance, and it has a security group, what I call group number one. And the inbound rules are basically saying, "I'm authorising security group number one inbound and security group number two." So why would we even do this? Well, if we launch another EC2 instance and it has security group 2 attached to it, by using the security group run rule that we just set up, we basically allow our EC2 instance to go connect straight through on the port we decided on to our first EC2 instance. Similarly, if we have another EC2 instance with the security group attached, well, we've also authorised this one to communicate straight back to our instances. And so regardless of the IP of our easy two instances, because they have the right security group attached to them, they're able to communicate straight through to other instances. And that's awesome because it doesn't make you think about IPS all the time. And if you have another issue, say with security group number three attached to it, because group number three wasn't authorised in the inbound roles of security group number one, then it's being denied and things don't work. So that's a bit of an advance. But we'll see it when we do load balancers because it's quite a common pattern. I just want you to know about it. Again, just remember this diagram, and by now you should be really, really good at security groups and understand them correctly. So I hope you liked it, and I will see you in the next lecture.
So when looking for preparing, you need Amazon AWS Certified Solutions Architect - Associate certification exam dumps, practice test questions and answers, study guide and complete training course to study. Open in Avanset VCE Player & study in real exam environment. However, Amazon AWS Certified Solutions Architect - Associate exam practice test questions in VCE format are updated and checked by experts so that you can download Amazon AWS Certified Solutions Architect - Associate certification exam dumps in VCE format.
Amazon AWS Certified Solutions Architect - Associate Certification Exam Dumps, Amazon AWS Certified Solutions Architect - Associate Certification Practice Test Questions and Answers
Do you have questions about our Amazon AWS Certified Solutions Architect - Associate certification practice test questions and answers or any of our products? If you are not clear about our Amazon AWS Certified Solutions Architect - Associate certification exam dumps, you can read the FAQ below.
Purchase Amazon AWS Certified Solutions Architect - Associate Certification Training Products Individually
Jan 23, 2023, 08:52 AM
I’m pretty surprised, because I have never used the SAA-C02 practice test questions before, but I found them to be quite useful. If anyone is taking this Amazon exam, I definitely recommend them to check out these prep materials. The guide and lectures are also good and structured, and it is very convenient to buy a bundle to get all of them at once.
Dec 19, 2022, 02:58 PM
As for me, I like to study in a group and discuss the matter with other students to find out why this or that answer is not correct. For this test, I learned the content with a friend of mine and went through the AWS Certified Solutions Architect - Associate practice tests. We checked all the materials available here to get the best out of it all and passed our tests.
Dec 10, 2022, 02:57 PM
I got the Amazon AWS Certified Solutions Architect – Associate certification, and I am a certified professional now who is in demand by the most renowned global companies. However, it does not come on a silver platter. You have to work for it, go through the lectures and braindumps and practice all the exercises available. This is how I earned my badge.