AWS-SysOps: AWS Certified SysOps Administrator (SOA-C01) Certification Video Training Course Outline
EC2 for SysOps
Managing EC2 at Scale - Systems ...
EC2 High Availability and Scalab...
Elastic Beanstalk for SysOps
CloudFormation for SysOps
EC2 Storage and Data Management ...
S3 Storage and Data Management -...
Databases for SysOps
Monitoring, Auditing and Perform...
AWS Account Management
Security and Compliance for SysOps
Networking - Route 53
Networking - VPC
Preparing for the Exam + Practic...
EC2 for SysOps
AWS-SysOps: AWS Certified SysOps Administrator (SOA-C01) Certification Video Training Course Info
Gain in-depth knowledge for passing your exam with Exam-Labs AWS-SysOps: AWS Certified SysOps Administrator (SOA-C01) certification video training course. The most trusted and reliable name for studying and passing with VCE files which include Amazon AWS-SysOps practice test questions and answers, study guide and exam practice test questions. Unlike any other AWS-SysOps: AWS Certified SysOps Administrator (SOA-C01) video training course for your certification exam.
EC2 for SysOps
12. EC2 AMIs
Okay, so let's create an AMI from my first instance. And for this, we're just going to install a small Web server on it. So let's go ahead and take the publicIP, and I'm going to SSH into it. So I'll just disconnect just to show you how to SSH. You just place SSH, and we put the public IP, and we're in. Okay, excellent. So what we want to do is install a very small web server on it to display a Web page. So we'll dopseudo-SU, or pretend to be privileged users. And then we do "yum update minusy" to update all the packages. Then we run yum install --without-yhttpd. So to install something called Apache Finally, run systemctl startHttpd and systemctl enable Httpd. Okay, so now we have started Apache and we just need to write a small file. So we'll say "hey, go, hello world." And we'll just put all of this into a file called VAR www.html.index.html. Okay, so now that file should be accessible on port 80. So if you do curl localhost 80, then we should see "Hello World." And now we want to see if that works from a Web browser. So for this, we'll go to the IP address right here, port 80. And we get a timeout, obviously, because if she's following the time out, it comes from the fact that we have not opened a security group rule. So what? We go ahead and go to that SSH group and we're going to modify it, and I will add an HTTP rule from anywhere so I can view my website. So, as you can see, I'll say Apache server, and we'll save it. Now we go back, and there we go, hello world. So we have a Hello World, and we've basically modified that AMI. We've modified our system to install HTTPD. So now all we want to do is create an image from it. So for this, we'll right-click onto the instance image and then create an image. And so here we go. We have our instance ID, and we'll call it my Apache server. And this is an image that creates, creates, and starts an Apache server. I may have to remove the space. I'll just set up my Apache server; hopefully that works. And then we'll say, okay, the very important thing is that we need to take our root volume and make a backup of it because this is where we have installed our Apache server. So we click on Create image, and now we say Create image, request received. And we click to see how long it will take for the image to be created. So we have to wait a few minutes for this to be happening.So I'll just pause the video. The AMI is now available, and it's ready, so I can right click. And we can do a lot of things. We can copy it if we want to copy it to a different region. So as I said, the AMI is locked to a specific region, but we can copy it to different regions, which is kind of neat. We also can modify image permissions to allow other people or other AWS accounts to see it, and we can obviously deregister it if you want to remove it or whatever, but what we want to do right now is just launch a new instance based on it. So we'll launch it to micro, and then for the instance details, we'll just leave everything as-is. same for storage. But now you can see that the root volume is coming from a snapshot. And the snapshot is my AMI. Excellent. Click on Tags, click on Security Groups, and we'll select the existing security group we have created before reviewing and launching. And now we're ready to launch it, and we'll see what happens. So now our instance is launching, and I'll go back to my entire thing. So this is my second instance. I'll just call it my second instance. And now that the instance is ready and running, what I should be able to do is use that new public IP, this one IP for the public IP, and we should be able to access our HTTP server from it. So before we had a Hello World on the first IP, but I just launched a new server, which has a new IP, and if I press Enter, I also get Hello Weld. So that's awesome because we launched a second instance from the AMI of the first instance, and basically all the things we did on the first instance were automatically done on the second instance as well because it was a backup; it was a snapshot. And so, that's really cool. That's what Amis are for, basically. You can do a lot more than just say "Hello, world" with Amis. But you can set up a lot of software. You can configure security and other features, and then create your own AMIS. And you can just use these Amis for whatever you need. So I hope that was helpful. You can hope that makes sense, and I will see you in the next lecture.
13. EC2 AMI Hands On
So let's talk about cross-account AMI copying, because this is quite a frequent exam question and there is a small little tip you need to have. So you can share an AMI with another AWS account. And when you do so, it does not change the ownership of the AMI. So if you share your account with someone else's account, you still own that AMI. But you should be aware that if they do copy your AMI and copy it into another region, they will become the owner of that AMI. So it doesn't prevent copying. So basically, if you need someone to not copy your AMI, you either do not grant them EBS snapshot access or Sfukt access. But that's not all. This is not enough. You can't just prevent someone from copying, because there is a way that if someone launches an EC2 instance from an AMI you own and then makes an AMI from that EC2 instance, they'll be able to create and effectively copy your AMI. So the limit is that you can't copy an encrypted AMI that was shared with you by another account. Instead, if you have access to the underlying snapshot and encryption key, you copy while reencrypting with the key you own. So that means that you register the copied snapshot as a new AMI. And more importantly for the exam, you can't copy an AMI with an associated billing product code that was shared with you from another account. So basically, if you get a Windows AMI or an AMI from the A-list marketplace, they will have a billing product instead. If you want to copy these things, what you do is create an instance, launch it from that AMI, and then make an AMI from it from the instance, and that effectively makes you a copy. And this is what the exam will ask you. The exam will ask you about billing products and say, okay, billing products must be coming from Windows AMI or the A-list marketplace. When you do want to copy an AMI with a billing product, you first launch an EC-2 instance from the AMI, and then you make an AMI from that EC-2 instance, and that's it. All right, let's just quickly see in the UI how that works. So to share an AMI fairly easily, you right-click, and then you modify the image permissions. And here you can make it either public so anyone can see it or private, in which case you have to set the account numbers that you want to have access to so you can have whatever you want. For example, if I take my account number right here, right click, and modify the image permissions, I can add whatever number I want. So I'll just add a three at the end and add permissions. And so all these accounts will have access to my AMI. If I tick the box, I create volume permissions. That basically means that these account members have the opportunity to make a copy of my AMI. Okay? They can still launch an instance from my AMI if I do not ticket. And then from that easy-to-create instance, they can create their own AMI. So it doesn't fully prevent them from copying it. It just prevents them from copying it using the Copy utility. So they can't immediately imitate Mi. They have to launch an EC2 instance and then, from that EC2 instance, create an AMI from it. So that's what you should know. This is also valid for Marketplace images. So if someone shares an AMI from the Marketplace with you, you can't directly copy it. You would have to launch an EC2 instance from the EC In two instances, you would have to basically create a new AMI from it. So that's it. That's as simple as it is. But it is something that comes out of the exam. So you need to see it. wants to know. Alright, that's it. I will see you at the next lecture.
14. Cross Account AMI Copy
Okay, so let's talk about elastic IP. So when you stop and you start and you see two instances, we know very well that the public IP will change. And so if there is, for whatever reason, a needfor you to have a fixed public IP, then weneed to use some form and called an Elastic IP. And so what is an elastic IP? Well, it is a public IPV four IP and thatyou own as long as you don't delete it. So it's yours. They will never change as long as you don't delete them. And obviously, you can attach it only to one instance at a time, and we can remap it across instances. That means we can move our IPV fourfrom one instance to the other one. And we'll see this in the hands on. Overall, we're not paying for the elastic IP if it's attached to a server and that server is running, but if you don't, we start paying for the elastic IP if it's not attached to a server. So this is where it gets tricky. So when you have elastic IP, make sure you're always using it, otherwise you're going to pay for reserving an IP you don't use. So why would we even use elastic IP? While the exam is mainly going to ask one thing, it says we want to mask the failure of an instance by quickly remapping the IP address from one instance to another in the account. And so for this, we have to use an elastic IP, and we'll see this in the hands on.So this is the main use case when we have a static IP, or when we want to be able to quickly remap the address of a web application using IPS. This is the use case. Overall in your account, though in the real world, you can only have five elastic IPs, but we can ask AWS to increase that. But overall, just in the real world, I would try, if I were you, to avoid using elastic IP unless you really need it. So always consider whether there are other options available to you, such as using a random public IP address and registering a DNS name to it, perhaps using Route 53, or if it's just a classic web application, using a load balancer with a static hostname that automatically maps to your back end instances. So always think about whether or not you need an elastic IP. But for the exam, just remember: Elastic IP is for a fixed IP address to be able to remap between instances. So let's have a look at how they work. So we have my first instance and my second instance right here, and they're both running the same Web application. I'm just going to SSH into both of my instances and change the hello world a little bit. So I'll just edit the VAR (www.html.index.html) for this one. and I'll say it's.Hello, world one.And then I'll exit and save, with permission denied. So I need to do "pseudo" NanoVar wwhat.Okay, now we can say, "Hello, World One," and we're good. And then I'm going to go ahead and SSH into my other instance, and I'm going to run the exact same command, the pseudonano right here. And this time I'll say hello, world No. 2. This way, we can recognise which instance is what. So if we go back to our browser and refresh the first one, we get Hello there, World One, and hello there, World Two. Great. Okay, so now we're going to go ahead and create an elastic IP. So, we go to elastic IP. We assign a new address. The scope is VPC, and click on Allocate. And here we go. We have an elastic IP. As you can see, 10's IP address is 63 30 317 116. So this is just something that I have had all along. It's not allocated to anything right now, but I have this IP. It's mine. Now, if I go ahead and associate that address with my instance, say, with my first instance, we can click on Associates. And here we go. My first instance will now have a new public IP. So if you go back to my instance, my first instance, we can see that the public IP has not changed. The IP for Public IP is now a link, and that link is the link to my Elastic IP. So that's how we know if we're using an elastic IP. So if I copy this, I'll just click here, copy the IPV4 for the public IP address, and go here. Now we get hello World l just copyAnd so hello, world. One is perfect. We'll just refresh. And it's always Hella World One, right? But now, what if I want to quickly remap my Web server by remapping the public IP? Well, we can do this for this: we'll just take the elastic IP, we'll disassociate it, and then we'll associate it with my second instance very, very quickly by clicking on Associate. Done. And now if I go back to my web browser and refresh the exact same page, I get Hello World too. And so all of a sudden, thanks to the elastic IP, I was able to direct all my traffic from my instance one to my instance two. So it's pretty awesome. So that's it for elastic, IP. I hope you enjoyed it, and I will see you in the next lecture.
15. Elastic IPs
Okay, this is super important for the exam to know how Cloud Watch is linked to EC Two. super, super important. So let's go ahead and see this. AWS provides some metrics for your easy-to-instances, and AWS will push these metrics for you. You have some basic monitoring, such as the metrics being collected at five-minute intervals, but you can enable detailed monitoring, in which case these metrics will be collected at a 1-minute interval. And these metrics include CPU, network disk, and a status check metric. Remember these four. They're very important. You can then use Custom Metrics and Custom Metrics? By definition, they're yours to push. They're custom. And so the basic resolution of your custom metric is 1 minute, but you can go into a high resolution custom metric, which is all the way to 1 second, and the customer metrics for easy Two, which you may want to push, but that includes RAM or application level metrics. For example, if you do that, then you have to make sure that your EC2 instance does have an IMRole that allows it to push metrics to Cloud Watch. So all the metrics included for ECTwo are ones you need to know them.So the first metric you need to know is CPU. We will obtain the CPU Utilization metric, and if we have T-2 or T-3 instances that burst, we will obtain the credit usage for the burst as well as the network credit balance. We're able to figure out how much network is going into our instance and out of our instance.For the status check, it's basically checking whether or not our instance is healthy. We get an instant status, which is Amazon checking if the ECQ VM is working, or a system status, which is Amazon checking if the underlying hardware is working. and so these are very important ones. These are Amazon health checks, so you don't have any control over that, but it basically gives you an idea. And you need to be able to differentiate between your instant status and your system status. Finally, only for instance, for the InstantStore-backed two instances, we get disc information; we'll get the read and write operations, or bites, for our instance store. And finally, RAM is not included in the AWS EC. Two metrics. This is a common question at the exam. They ask you: can you get the RAM from CloudWatch? No, you cannot. AWS does not push the RAM usage in Cloud Watch. It is for you to push. OK? So let's have a look at the type of monitoring we get from EC Two. So, let's take my first instance and go to monitoring. And as we can see here from CloudWatch, we get monitoring of our instance. And so the number one thing we get is CPU utilization. As you can see, the period is five minutes. The discrete operations and rights are then obtained. But these are going to be empty because our instance is not an instance store. It's backed by EBS. So the networking that we receive and network out allows us to see how many bytes go in and out of our machine, as well as the number of packets that go in and out. The status check is as follows: failed for instance and system. And so basically, it will tell us whether or not the underlying EC, twoVM, or underlying hardware is failing. and we definitely don't want this to be one. We want this to be zero all the time. And then we get some information around the credit usage and the credit balance. And so what this means is that as our instance has been doing a lot of stuff at some point, maybe installing Apache server, we've been using some CPU credit, and then over time, our credit balance goes up, so we're able to burst as time goes along, and here we're also able to enable detailed monitoring. And detailed monitoring, as it says, is to get the instance metrics at 1-minute frequency. This is something we have to enable by clicking yes, and I will not do it because then you have to pay for it. You get additional charges for this kind of stuff, but this is how you would enable detailed monitoring. And so that's it. We get the exact same kind of metrics from my second instance, but because this one has been launched a little bit after my first instance, the graphs are not complete. But that's it for what comes with AWS. In the next lecture, we'll be able to talk about customer metrics. Easy to.
16. CloudWatch Metrics for EC2
Okay, let's talk about easy custom metrics. So you may want to send custom metrics for ease of use. That may be the Ram usage of your instance, thatmay be the swap usage, or that may be anycustom metric that you want for your application. It could be a number of requests per second, etc. And so right now we're going to do is doa hands on to push Ram as a custom metric. The reason is that the scripts are missing from the A documentation. So we'll download them, and then we'll push the RAM as a custom metric. And we'll have to make sure that the IAM role is OK. And this is just a very easy and quick example tojust show you how we can extend all the metrics areavailable for easy to get what we want as an output. So let's get started. So what we want to do is get the RAM usage on my first instance, and for this, what I have to do is go to the documentation, and there are some CloudWatch monitoring scripts that are available to us. That's the old way of doing things. Now there are new ways to use the Cloud Watch agents. But we'll do this in the next lecture. For now, we'll use the Cloud Watch monitoring scripts to basically push RAM as a customer metric. So before doing this, we have to install a few things. So we have Amazon Linux 2. For Amazon Linux 2, we need to go ahead and run these commands right here to be able to install some prerequisites to run the scripts. So let's go ahead. We have to SSH into our instance. So let's go and find the IP first. Here is the IP of my first instance: I'm going to copy it, and I'm going to SSH into it. Okay? Next, we have to install all the prerequisites. So we'll install all these packages, and this is basically something called Perl that launches some scripts for us. So this will go ahead and install itself. And while this installs, we scroll down, scroll down, scroll down, and then all the way down we see that here we have to download, install, and configure the monitoring scripts. So let's go ahead and download these scripts using this curl command. And now this will go ahead and download a zip file. So, if we do LS, we now see a zip file containing Cloud Watch monitoring scripts, which we must unzip and enter into the AWS crypts monitoring. So we'll run all these commands, and now we are into the AWS scripts monitoring folder. So here are all the files that we have. Okay, next we have to ensure that we have the correct permissions to perform Cloud Watch operations. As a result, we must be able to enter metric data, retrieve metric statistics, list metrics, and describe tags. So for this, we can use an IAM role. We're not going to paste credentials, and we're going to use an IAM role. So it's good exercise. Let's go to Services IAM, and we're going to create a role for our EC2 instance. We'll go to Roles > Create Role, and this is an easy two-instance role permission. And here, we'll just look for Cloud Watch. And then from here we'll scroll down and we'llhave a Cloud Watch full access, which is nice. This is what we want. So we get to the Cloud Watch star. So we can certainly do something in Cloud Watch. And this looks like it's going to be enough. So I'll go ahead and click on Next, and then click on Review. And I'll simply call it simple to push to CloudWatch to create the role, and we're good to go. Now we go back to our first instance and right-click instance setting to attach an IAM role. And here we can attach the easy topush to Cloud Watch role we just created. Apply it. And now our instance should be able to report its own metric. Okay, excellent. So next, what I have to do is just start the scripts. And so for this, we have to scroll down a little bit, and we can just perform a simple test run posting data to CloudWatch. So we'll just run this and the memory will be posted. So let's run this command, and it says metrics were successfully reported to CloudWatch. Here is the reference idea for your query. So this is awesome. Now we just have to do it and push these every so often. So every minute, maybe every five minutes So for this, we're going to edit the Chrome Tab. So Chrome Tab e. And here we're able to start putting some data in. So I will insert data and copy this entire line. Here we go. It's copied. Now I have to exit using WQ. Okay, so now we have installed the new Chrome Tab. And basically, what this will do is that every five minutes, it will push some RAM information. So now we just have to wait about 1015 minutes to see the instance begin pushing data to Cloud Watch. and I'll get back to you when it's over. Okay, so now it's been about ten minutes. So let's go to Cloud Watch. And for this, you go to Services and you can type "Cloud Watch" directly on the top. And then in Cloud Watch, to see the customer metrics that we've pushed, we click on Metrics on the left-hand side. and here you can see that there are AWS namespaces. So these are all the metrics pushed by AWS. So we have the easy two metrics, but we can also go to a Linux system. And here we see four metrics. These are actually custom metrics pushed by our script. If you click, we can see them by instance ID. And here we can see the memory utilisation that's available. And we can see a graph showing the memory utilization. So you can go to the options of the graph, obviously, and set, for example, the Min to be equal to zero to have a much better graph. And here we go. We can see that our EC2 instance is currently using 29% or 30% of its memory as SRAM, and we can get that metric over time. Obviously, the longer we wait, the more pretty the graph will be, and the more our instance does, the more diverse the graph will be. But it just gives you an idea that by running some scripts on the ECQ instance—the collector scripts and the monitoring scripts—we're able to push the RAM as a custom metric and visualise it. We could save this graph as Ram for EC two instances, for example. And here we go. We have a beautiful graph. So that's it for this customer metric, and I will see you in the next lecture.
Pay a fraction of the cost to study with Exam-Labs AWS-SysOps: AWS Certified SysOps Administrator (SOA-C01) certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including AWS-SysOps: AWS Certified SysOps Administrator (SOA-C01) certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.