Site Loader
AWS SysOps Administrator Training | AWS SysOps Tutorial | AWS Certified SysOps Admin | Intellipaat

hey guys welcome to the session on AWS
sysOps and AWS SysOps Administration that is the person who operates manages
and also uses the systems on the AWS cloud in this session we’ll be learning
all the skills of AWS SysOps Administrator comprehensively before
moving on to this session please subscribe to our channel so that you
don’t miss our upcoming videos now let us take a quick glance at the
agenda to start off with we will be learning who is an AWS sysOps
administrator and also what is their role after that we will be looking at
the various services provided for monitoring by AWS and also do a hands-on
on a AWS cloud watch alarms after that we’ll be looking at various security
services and also do a demonstration on Amazon inspector after that we’ll be
learning how to download and install aws CLI and also launch an easy to instance
directly from the command line interface also guys if you want to become a
certified AWS SysOps professional intellipaat provides a course on the same
and those details are in the description now without any delays let us start with
the session hey guys let us start and look at why do we need AWS sysOps
Administrator so why sysOps Admin creating automatable and
repeatable deployments of networks and systems on the AWS platform is the basic
requirement or the primary function of an AWS sysops administrator’s so now what
is the average salary of an AWS sysOps Admin and according to
in the USA it is 83,000 dollars per annum and in India it is 4.7 lakhs per
annum coming back to the sysOps admin part so sysOps administrators are two different roles actually so SysOps is system
operators and admin is an administrator so these two are two different roles in
a huge organization but when you come to AWS you will have to configure on create
automatable and repeatable deployments as well as maintain the service you will
be operating the service and also maintaining it so right now a work for a
system operator and then administrators combined
together that’s why AWS SysOps administrator is a role here so
AWS SysOps Admin is one of the popular roles and systems operator or an
administrator could take up the certification and become AWS SysOps Admin now moving further hey guys a quick info if you want to become a
certified AWS sysOps administrator Intellipaat provides a course on the same
and you can check those details in the description now let us continue with
this session now let us see the roles and skills opening AWS sysOps
administrator so the first role or the first skill he has to have is configure
the obvious cloud management service yes you can segregate this role into three
parts one is Amazon Web Services when the system operators and one is
administrator so this person has to know how AWS works second he has to know the
work of a System Operator third one he has to know the work of an administrator
so now configure the AWS cloud management service he should understand
what is that organization’s usage of AWS services according to that he’ll have to
configure it to make them better and then coming to this point that is
monitor and manage this services as I already told you if he configures those
services obviously he’ll have to maintain and monitor them and constantly
update it whenever there is a need and then efficiently monitor billing and to
develop cost optimization strategies so he’ll know how the entire architecture
is working right now after he configures it after he monitors and gets the metric
data after all of those operations right now he’ll understand how the central
architecture is working and he can now efficiently monitor the billing costs
and create a cost optimized architecture and fourth point is infrastructure
security and data integrity yes he’ll also have to maintain the
security because he’ll be the person who will be creating users for the
organization and those users should have strictly less of permissions for only
their tasks for example a web developer should not be given access to the
database part or let’s say an admin an administrator has the complete access
if you take a different way let us take a business analyst a business analyst
doesn’t need ec2 servers or he does not need elastic beanstalk but and web
developer will need them because he has to host is the pages inside a server so
the administrator has to decide that and so that this infrastructure is secure
enough and also the data is confidential and also the data sent or coming in are
the same so the integrity is not going away and then automate infrastructure
deployment I already told you the basic primary need of them him of an AWS SysOps
admin is to automate a process so that’s exactly what they are saying here that
is automate infrastructure deployment so to do that
aws provides a stack web service that is cloud formation you can use cloud
formation and you can create a JSON or a Yamil file which you can run on cloud
formation which will automatically create a complete AWS architecture
for you which you have designed in that the Json or Yamil file and then finally reduce the
time required for the production so yes your organization might have
applications so when an application is created and is tested and it’s
successfully running in your staging environment you will have to or the
company wants to shift it to the production environment so to do that it
takes some time you will have to create a plan or you’ll have to keep the
services as such this process is seamless as possible because this will
directly affect in your profits because the faster the application is up an
online and running people start buying early so that you can get more customers
so you will have to do that so these are some roles of an AWS SysOps admin and now
let us see the skills required for an AWS SysOps admin as I told you first
one is AWS skills he should understand in depth how AWS is working and also the
best practices of using Amazon Web Services and then second one as I told
you it is a two different role combined together one is systems operators and
one is administrated so he should understand how a system operator works
that is he runs servers and he configures it administrator takes care
of everything else the complete infrastructure so he should understand
how both of those roles work and he has to keep his work aligned as such third
one is a Linux and Unix because most of the organization’s applications are
hosted on Linux so he has to understand how it works and also how to configure
those Linux environments fourth one is secure and all cost optimized
architectures and we discussed this in the roles so secure and cost optimized
architectures should be created by this person so he should keep the
architecture secure enough and also it has to fill the company so it a bill has
to be the lesser cost it should not go beyond an expected limit he has to
create an architecture or the person who is SysOps admin has to create the
architecture as such it gives the lowest bill possible fifth one and one of the
most important tool is he should understand how automation tool works
automation tools in the sense he has to learn few of the DevOps tools that like
Jenkins Kubernetes docker so these tools will be used by an organization
for hosting or for a Ci/Cd processes for a complete software lifecycle so they’ll
be using this so this lifecycle will be implemented on AWS
so this person has since this office admin he has to understand how that
works so that he can help and implement and also make the process more automatic
and also the repeated processes are made better so that very less time is taken
for our software to be uploaded to the AWS environment so guys this is done so
now let us go ahead and look at monitoring services and other tools for
the world hey guys a quick inform if you want to become a certified aws SysOps Administrator Intellipaat provides a course on the same and you can check
those details in the description now let us continue with the session so first
what is monitoring to observe and follow a process over a period of time to get
data out of it which could be of help to the business or rectifying error so what
this means is if you have a particular process running for you you will have to
follow and observe that process and get data out of it
that is if you are watching a football game or a cricket game and so what do
you do you record the scores you record the runs if it is a cricket game the
number of balls has been played and you see what is the economy of the player or
if it is football how many goals a player has scored so you check all of
these so these are the data which you get out of something so the same thing
goes with monitoring so you get some data out of it which you will use to
help the business so you can use this data in sports you can use this data to
make the team better so you can give guidance and help the team to get better
using all of this data so the same goes with monitoring in a software so you can
give all this monitoring metric data so that they can make the software better
and build it better and then also what is IT monitoring so basically monitoring
is so generic monitoring can be done on anything in this world so monitoring is
a generic term so IT monitoring is the term which we use for monitoring a
complete organization which runs on a complete infrastructure and IT
infrastructure so basically what we are going to see is what is IT monitoring
that is information technology monitoring yes so IT monitoring is the
process of gathering metrics or telemetry of the organization’s
applications to ensure everything works well and also to support them as I told
you previously for a sport team let us consider a football team they see which
player scores a lot which player passes a lot which player assists a lot so they
take all this data and then they use it to help the team play better so the same
goes with IT monitoring so if you have three four applications and you have so
many features within that applications let us consider we have one application
which has four different features so what do you do you monitor all of those
features individually and get metric or telemetry data from those services are
from those features so when you do that what is the advantage of getting data
from each feature we can understand which is the most used feature which
feature has the most time used on so the amount of time people are spending on
our application the amount of time people are spending on each feature so
we can understand which is most used feature and we can make that
feature better and also we can find out why people are not using the other
features asked that much as the first one so we can do this by collecting
metric data so this is what IT monitoring is called moving on now let
us see why monitoring is a need so the first thing is better usage of IT
infrastructure and hard work if you are a huge organization who has their own on
premise set up so basically when there is on premise
set up it has to be monitored and maintained by the organization itself so
when the organization itself does it they’ll need to have a proper monitoring
tool to monitor it and also get all the metric data so that they can build their
IT infrastructure as such as all the hardware is consumed all their resources
are finally used so this is one of the reason and when it comes to AWS it is
the same thing when your infrastructure is on AWS again you will have to monitor
AWS to get the best out of it and reduce your bills second one is analysis and
graphical visualization in near real-time so when you are getting
real-time data so you can use that data to build visualizations and graphic
patterns you can build the charts so that it can be helped so when you are
going in a business meeting instead of taking numbers you can take a
complete a PowerPoint or a presentation with all these graphs and graphic
visualization which you can get from even cloud watch or other tools which
you are using for monitoring so you can get all these tools and explain it in a
better way and also this can be easily read right so why do we use graphic
visualization and data visualization because they are easy to read they are
pleasing to the eye so if you just take numbers still 60% of my IT
infrastructure has been used double rest forty percent is not instead of that you
can show why the 60 percent is used what are the services used in those 60
percent which resources are not properly used or which resources are not required
at all so this you can graphically visualize so this is one of the need
then lesser time spent on controlling the resources so when you monitors
anything so you will be getting Constant data so when you get data in real
time you will understand when you check the data you can get to know where the
mistake is or when there is something wrong with the particular resource you
can correct it in real time so whenever you get it you can be able to make
those changes but if your monitoring tool is not in real time so basically
what happens is if you’re not doing proper monitoring you might get an error
but that error might have already occurred like two three days back and
still it’s going on so now if you get that data and with that data even if you
correct it right now if you lost business for two days so this is one of
the reason and then prevents errors when errors occur Dex faster so prevents
error in the sense you can keep your monitoring tool so that you can set up
maintenance windows you can set up maintenance windows in the sense like
every five minutes or every ten minutes or every h ard every day that is your
wish you can set that and also you can code as such as that they prevent the
most common errors so you will know what are the errors which are keep on
occurring constantly so you can code as such these errors when they occur they
are automatically prevented and also when there are errors found you will be
able to see them in near real-time so that will help you to detect it faster
and correct so these are the four most important points which you have to know
why we need monitoring so to know why we need monitoring these are the four most
important points moving on so questions on monitoring data even this comes under
why do we need monitoring because these questions have to be answered while you
are creating a monitoring service or while you’re using a monitoring service
so for what metric is the data collected so for what metric is the data being
collected in the sense if you are running a particular ec2 instance or
your own on Chrome I set up that particular instance or that particular
server will have a lot of metric data going on the CPU utilization the amount
of bytes going out of the system coming through the system the throughput so
there are a lot of metrics you will have to choose a particular metric or two or
three metrics for which the data has to be collected which will be useful for
you then how valid and accurate the data the data has to be nearly
accurate or they at least should be valid so that it can be used for the
business the betterment of the business and also if the data is available or
accessible immediately so the data might get stored somewhere else and it might
be hard to get them back they should be stored in a place where it is easily
accessible and available like an s3 bucket so that you can get it back
easily and also to acquire data in even in AWS you have some retrieval phase so
you will have to also check that which is the most efficient way and the
cheapest way to retrieve data because we will monitoring and keep on doing the
changes continuously you will have to know how to acquire data from a
particular source cheaply so moving on so we’ve learned what is monitoring what
is IT monitoring and why do we need monitoring in the first place so these
three questions got their answers now let us see what are the monitoring
services which AWS provides and after seeing what are those services after
seeing that we’ll be looking at best practices which AWS themselves recommend
so AWS monitoring services so in this session we’ll be looking at these
three services these three are the most used basically Amazon Cloud Watch is the
most used monitoring tool in AWS then comes cloud trail and trusted advisor is
one of the tool which is not used constantly but it gives you a lot of
suggestions and it is paid so can watch AWS trail cloud trail can be
accessed for free lot of their services and features can be accessed for free
but in trusted advisor a lot of their services are paid so now let me explain
what are these services then there’s more so first Amazon Cloud watch Amazon
Cloud watch is a monitoring and observability service so what it means
is cloud watch can be used to monitor any
AWS service if you consider ec2 for example you can check the CPU
utilization of that particular ec2 instance you can monitor that also
observe in real time what is going on in that service so
AWS cloud trial is a service that enables governance compliance and
operational auditing so cloud trial basically gives you logs logs of
particular services you can create a trail for any
service which you want to create for and after that after creating a trail what
you can do is you can use the trail logs and you can push them to AWS cloud watch
so that in cloud watch you can create alarms using them so when there is an
unnecessary log or when you don’t need a log or you need a logs you can just
mention it in Cloud watch and you can create an alarm using that after that AWS trusted advisor so trusted advisor is basically a tool
which will guide you how to provision or how to keep your services and also how
to reduce your billing amount so basically it checks all the services
available and it has its own limits service limits so when you exceed that
or when you are equal to that it shows your red flag if you’re slightly above
the expectation it shows you an ello flag then if you are currently using all
the services it shows you the green flag so these are the services we’ll be
looking at these services in detail right now I just wanted to show what the
services which we are going to learn and the most-used services in AWS so now let
us go to the AWS management console and do this guys this is the dashboard so
right now we will have to go to alarms and click on create alarms so now we will
have to select a metric but how do you get a metric so for that we need an
easy-to instance so first let me create an easy-to instance quickly and i have a
code in that SAP util code so I already have an ami to create that so
I’m going to launch an instance configure it and just add storage and
I’m done with this that’s it so launch I have a keeper but I do not
know whether I have over here so I will create a new keeper not required so I’ll
just go with this launch instances yes so my instance is launched right now so
what I am going to do I’m going to run that code within this within this
instance so when I run that code after creating the alarm so that if you go to
alarm state when the CPU till goes beyond 60% so while this is creating it
me show what exactly we are going to do in a launch so we are going to launch an
instance add a script to increase CPU util I already have the script I will
show how the script looks so I’ll show that
and after that what we are going to do we are going to create an alarm which
will basically send an email to us which ever SNS end point we have mentioned
little send an email to that telling the CPU tool has gone beyond the threshold
value with an extremely detailed information so that information I will
show when showing my account so right now you just remember this so
ok so right now let us get back with us it’s running right now so let me open my
instance here so I’ll open party and then I’m choosing this and then taking
here authorization I’ll have to browse so my keypad is over
here so I’m opening it and open so yeah so now if I do an LS
you can see there is a Python code over here what am I going to do I’m going to
open this and first show you what it is exactly it’s a simple Python script so
basically it creates a loop so it just keeps on running it increases the CPU
utili code so this multiprocessing and you’re importing pool and CPU count basically this code will
increase the CPU Util that’s that’s how much we have to know and yes
so just closing this file so guys soon right now let me you run this code so
done so my code is now running so right now we will have to start creating the
alarm so first we’ll have the selector metric
click on select metric we’ll have to choose the CPU utility of ec2 namespace
so this is the namespace clicking on it so these are the metrics but right now
there is no metric over here for my instance low so let me copy the instance
ID so this is the dimension I’m going to paste it here and search it so you can
see there is no cloud watch metric over here because I just started my instance
there is not enough metric data to create a metric for that particular
instance so what I’m going to do I will go back click on create alarm once again
click on select alarm go to ec2 namespace go to boy instance metric and
you can see still it’s not available so what I’m going to do I’m going to wait
until so just a second I will stop this from running so let me wait until
this metrics are available in my cloud watch dashboard so once it is available
then I’ll run the CPU util Code and after that I’ll create and alarm so guys
let us check once again so right now yeah there are 178 a matrix that means
it has been created so let me search with my dimension that is my instanceid
yeah there are metrics for my instance ID so you can see over here Network
packets in network packets out CPU utilization a lot of other metrics so we
need CPU too so right now if I click here and go to custom give it as one
minute you can see the CPU till was sixty three point nine at some point
when it got created but right now there is no other so let me make this place so
yeah so what we can do is now we can just wait before waiting we will run this
so what I’m going to do I’ll run this yes so right now the CPU Util is going
to be increasing so within that will create the alarm so I’ve selected the
metric I need CPU utility so now starts creating the alarm so my alarm
name is going to be so it’s not over here will have to mention that later so
currently it is CPU utilization the metric I’ve chose is CPU util the
instance ID is this the same instance as this and then that statistic is going to
be averaged so you can choose that over here you can basically keep it as
maximum or minimum so you can do that so I’m okay with average yeah so period let
us keep it for one minute because you see only a period greater than 60
seconds is supported for metrics in the aws slash namespaces so if you have your
own custom namespace then you can give less than 60 seconds but if it is an AWS
namespace then one minute is the least time you can provide and then now we
come to this condition spot in the condition spot I’m going to give sixty
percent greater than sixty percent so here we are will have to give greater
than sixty percent and static normally detection greater greater greater or
equal lower or equal lower you can select anything over here I’m going to
go with greater or equal so if it is greater than or equal to sixty percent
then eat we’ll send the notification so additional configuration is not required
we are good with one data point next yes so now we’ll have to configure our
notification guys so for that what you will have to do is if you already have
an SNS endpoint you can just select an existing one or you click here enter the
topic name it can be my new subscription or whichever topic name like this my new
sub and then click enter the email address which you want this particular
email to be received in so give that and click on create topic then it will be
getting created now you’ll have to go to the email address which you are
mentioned there will be an email so you’ll have to click on the link there
so once you click there the subscription will be achieved so basically it’s like
verification so subscription will be verified
after that you can use that in SNS in topic so right now I’m going to select
the existing topic which I have I’m choosing this and the email endpoint is
this so you can view it in the SNS console or we can just proceed so
whenever this is an alarm state it has to send an email to this particular SNS
emd point so that’s it guys and next and also I didn’t mention one thing you can
add an ec2 action also for example you can stop the instance or terminate the
instance or even reboot the instance if you’re in a long or okay or insufficient
data state you can mention whichever state you want to but I don’t want
anything let my instance be running so next a long name will have to provide
right now so my alarm name is going to be CPU Utill alarm and next if you want
you can give a description so right now you can see it went down after I removed
the CPU Util code and right now it will be increasing am pretty sure because I
already run that code and it has been like around 2 minutes after that so
right now just review your alarm and click on create so this is how you
create an alarm guys so you can see the condition my alarm name is CPU util alarm
it is in the state of insufficient data and the conditions are CPU utilization
greater than or equal to 60 for one data points within one minute so for one
minute it calculates the average and if the average goes above sixty then an
email will be sent to my SNS endpoint so right now let me
– endpoint so this is my SNS endpoint so you guys you can see there were a lot of
I had two other SNS notifications so right now let us go back to our console
and let us wait until it goes to alarm state so still now it is in insufficient
data state that means still no it does not calculate the average for one minute
so let us wait and we can see the code is still running and if you want to also
check you can go to graph and you can see the CPU Utill it has went down after
that it’s not showing it is going up so we’ve given one minute let us wait until
then and let us check after that then this insufficient one will be 0 and in
alarm it’ll be 1 so we’ll have to wait until that happens guys so that’s how we
will know the long has been triggered so once it goes to launch state if I open
my SNS endpoint I’ll have a mail a detailed mail on what this alarm is
about and what happened in my alarm so why it changed the state or which state
it was previously available in and now what state address so it gives a
detailed explanation with all the details which we require so still now it
is an insufficient state so let us wait until it goes to alarm state so guys
right now the alarm is not found in the insufficient section so we’ll have to go
to alarm section we can see it is in state in alarm so this means I would
have received a mail so you can see my inbox is one so basically i’ve received
a mail from AWS cloud watch and i have received it in my SNS endpoint so let me
go over there so first let us check here so you can see the CPU Util went up to
ninety nine point six within from this period to this period so yes within this
it went up till this so right now let us go to my SNS endpoint and check it so
you guys can see alarm CPU to the lung and you receive this email because your
Amazon CloudWatch alarm CPU till long in the US East region has entered the alarm
state because it is old one out of one last their endpoints is ninety nine
point six three seven seven zero four nine one it gives the most accurate
value of your CPU utilization and gives the date and the time as I told you date
timestamps and it gives that and then it also showing it went from okay to a long
transition so basically you can see the long details state change was actually
from insufficient data to alarm because it was collecting data it was within
okay but it never turned to okay because it was already in the alarm state when
the alarm was calculating the average so the first state change was alarm we can
see alarm details name CPU alarm insufficient data alarm threshold
crossed one out of one lost data points and you can see all the details over
here it timestamp Sunday 20 October 2019 and even the time and doesn’t
UTC guys not in local time and then here you can see monitored metric it was the
AWS ec2 namespace they to a CPU utilization metric the dimension where
my instanceid period was for sixty seconds the statistic was average the
unit is not specified and the data is to the last machine but right now you can
see states change actions there was only one action which happened
that is when an alarm it has to send a email to this SNS topic which it sent so
guys we have succeeded in creating an alarm and also to make it send an email
whenever it crosses the threshold value so let us go back and see
so right now it went back to insufficient data state let us stop this
so I don’t need this right now I just closed this yeah so right now we have
done it so let us go back to the slides and start with the next portion guys
what is cloud security cloud security is a set of procedures and technologies
that work together to protect cloud based systems and data stored in the
cloud we the customers we store our data and host our applications on AWS and we
also pay AWS to do that so AWS has to provide us security in return so AWS or
any other cloud service first priority is to provide security because they want
to restrict unauthorized access and also to keep the data secure so that they do
not leave let us see why cloud security is a priority in AWS so at AWS cloud
security is the highest priority and by AWS you will benefit from a data center
and a network architecture which is built to meet the requirements of the
most security sensitive organizations as we know AWS also hosts government
applications which have highly sensitive and mission-critical data in them so
they also provide the same data centers with the same network architectures
which are secure enough to host government applications and data for
other organizations and also customers so you can understand how much
aw values cloud security now let us see why is cloud security a priority first
thing protection against DDoS attacks that is distributed denial of service
attacks DDoS attacks might reduce your sales or your business because whenever
there is an attack nobody can use your service for example if you are using
Facebook to sell your products in the marketplace if Facebook has a div you
stack and Facebook has stopped for the period of time until Facebook comes back
again your business is lost so that you will be losing money for the time so
that is DDoS attacks and AWS provides you services and security so that you
can prevent DDoS attacks and then data security to protect
sensitive information as I already told you AWS provides data centers with
extremely securely built network architecture which can protect
government applications and also highly sensitive data they provide that to
organizations and also customers so this makes it highly secure and we can store
we can trusted abuse to store our sensitive information in that and then
flexibility when scaling up and down so basically we use cloud so that we can
scale our applications infrastructure up and down as per the requirements of our
customers so flexibility is also one of the reason why cloud security is a
priority because whenever the scale goes up and hype the security measures taken
should also increase with it and whenever it comes down the security
services which are involved will have lesser time and also they can easily
detect all of the vulnerabilities and security issues going on but when the
application scale increases the security’s surveillance should also
increase there should be a lot of time put into security look for
vulnerabilities and loopholes so that we can fix them before a hacker tries to
quit and then comes high availability and support so if you prevent any
unauthorized access DDoS attacks and any other type of hacking attacks you
provide high availability because whenever your site doesn’t goes down it
is available for customers and also anyone who are using that website so to
make it highly available you should allow cloud security you should allow
services to protect your web application or any application you have hosted on
AWS so to protect high availability to provide high availability and also
support to your applications you will have to enable cloud security and you
will have to use proper services so that your application is highly available in
all of the data centers across the world now let us look into AWS security
services which we’ll be learning in this session and also we’ll learn some best
security practices which we can follow if we are using an alias
account we can follow so that we don’t lick our sensitive information and also
we don’t give our access to our root credentials now let us look into the
security services which we’ll be learning in this session so these are
the security services guys so first is inspector then kms single sign-on
certificate manager and wao so inspector is an automated security
assessment service that helps improve the security and compliance of
applications deployed on AWS we’ll look into these services in detail later now
let me just give you an introduction about them first is inspector basically
dis use to automate security assessment process and then kms it provides you a
service where you can create and also manage encryption keys you can create
keys for encrypting your data and also create keys so that it can help you with
other AWS services and then single sign-on this is a service which helps
you to keep just one credential where you can just log into that and access
all of the applications which are registered to that particular email
address and then certificate manager it provides you and you can also create SSL
or TLS certificates for which you can connect them with alw services and also
take these certificates and implement it in your own on from I said oh and then
WAF as I told you it is a Web Application Firewall this helps you
protect your web apps and also other web applications from common web exploits or
attacks like DDoS or SQL injection attacks moving on now let us look at the
best security practices that AWS recommends us to take up the first thing
is keep your AWS root account password safe and vaulted so what are they saying
over here is they are telling us to keep our root account to ourselves and we
should not let anyone know our root account password because root accounts
are very powerful in AWS and you can launch any services with it so that keep
your root account password safe and only provide iam credentials to whoever
asking for any credentials to you and then use iam permissions and iam users
to provide access to services I say just now told you create I am user
and give those users enough permissions to do whatever services or requirements
they have for example you might give a developer access to an easy-to instance
then access to elastic beanstalk and access to some of the services like s3
but you do not need to give them all the access or you do not need to give him
the administrator access you just need to give permissions for the tasks which
that particular person is going to perform third point is enabling
multi-factor authentication so multi-factor authentication enables you
to keep your account secure because every 30 seconds or one minute
in equal periods of time it provides you a new code or a new set of six digits so
you can only log into your account if you enter that six digits which are
currently showing in your Authenticator app for example you provide your root
credentials to someone and if they are trying to log in it will ask for the MFA
number so you will only have that MFA number in your mobile or wherever you
have installed the Authenticator app so there is an application called Google
Authenticator you can download it and install it so that Google Authenticator
will show that numbers and you will have to enter those numbers so that you keep
your account more safe somebody else is trying to do not raise taxes they’ll
need your mobile application and they’ll have to know that six digit number of
that particular 30 seconds so that they can log into your account and then
encrypt important volumes and data storage with kms so you might have EBS
volumes and s3 buckets with sensitive information stored in it so please
create encryption keys which make them secure so you can apply these encryption
keys to those EBS volumes and also history buckets so they are safe enough
to prevent unauthorized access so right now we are going to start off with the
hands-on we saw how to install and configure aw CLI now we’ll be doing it
in practical so first let us download and then install and then configure aw
CLI in our PC so this is the website this is the documentation provided by
AWS you can follow this document to download
a W CLI for the respect to operating systems so you can see here there is for
Linux and then for Windows for Mac OS and for virtual environment also so my
PC is a Windows operating system so I have to install it on Windows and they
also provide you multiple options the first option is to download the MSI
installer which gives you the executable file which you can just install like a
normal setup file and then you can install it using python and type in
windows and then you can also download just the setup file and install it and
just copy your path to the environment variables so instead of doing that we
can just download and install using the MSI installer which is much simpler you
can choose the 64-bit version or 32-bit version according to your computer
specifications or you can just download the setup file so this has both the
32-bit and the 64-bit MSI installers so now let us just download 64-bit so if
you do not know which type of system is your what kind of color specification
configuration is your system is you can just download the setup file and install
it will automatically install the correct appropriate version in your
system so once this gets downloaded we can open it up and start installing it
once we install I can take you to the command prompt and show you how to
configure it now let it download and then it will open then I will show how
to install it so the download has been completed guys now this file has to open
once the entire download is complete so the download is complete and now the
setup file or the MSI installer file has opened we can see over here welcome
today AWS command line interface setup wizard so this is nothing there is
nothing complicated over here it is just a normal installation setup like you can
just click on next few and you can read this license agreement and then click on
next so once you enter your admin password
the application will start install if you do not have any admin fast but it
will automatically start installing once it gets installed I will take you to the
command prompt and in the command prompt I will show you how to check whether the
AWS CLI has been installed on your system or not so right now it’s going to
get completed I’ll open the command prompt and keep it ready so let us wait
until this completes once this completes we’ll be able to check so before that
we’ll check right now AWS – – version is – command so right now AWS is not a
recognized command once this installs it will be recognized commands because it
will be installed in our system so right now it’s done let me hit finish
let me check once again weather is it’s showing here it is not so now we just
have to open a new command prompt and hit AWS – – ocean so now it is taking
some time that shows a double CLI has installed in our system and it is
showing the versions it is showing the AWS CLI versions the Python version
installed in our system the Windows version that is Windows 10 and also the
boat of course sea SDK so about this motor core SDK we’ll be looking at later
but right now just think about AWS CLI Python has been already installed so you
just ignore that part let us just consider we have installed AWS CLI right
now so now let us configure eight up your CLI to configure AWC like the
command is AWS configure this is the command to configure AWS CLI and hit
enter so the first thing it asks for is a a DeBeers access key ID i have already
entered one access key ID when i last try to configure it in this pc but right
now i have deleted that key so right now it requires a new
the ID and a new secret access key and also guys I’ll be showing this access
key and secret access key and I’ll be making them inactive and deleting it so
if you are having an access key or a signal access key don’t share it with
anyone who can misuse it so right now I’ll just go to my console to get your
access keys you will have to go to your security credentials click on it you
will be taken to the iam console in I am console you’ll be seeing all the
security options over here once this page loads after that I’ll take you to
the correct place to get it so you can see it has been loaded so it’s not
password you will have to go to access keys so now you can see I have created
five different access keys and I have deleted all of them so right now I’ll
have to create a new one and you can either download the key file or just
show it over here downloading the key file is a safe practice let it get
downloaded so right now you will have to copy this go here paste it enter you’ll
have to go here copy this entire code or key copied and paste it here and then
coming to default region name I have already entered it – you were
ceased one so let me once again enter it as u.s. least one because I will be
always working in North Virginia region if you work on a different region enter
that over here and then default output format none if you want you can enter
Jason or you don’t need to enter anything so let it be Jason no problem
this is the first hands-on we have completed installing and configuring AWS
CLI now let us mourn with this session now let us go ahead and use some
commands to launch or deploy an ec2 instance directly from the AWS CLI so
let me first show you the commands which are required to do that so first this is
AWS ec2 create key pad because when we do it in the AWS management console
after the complete process it asks for a keeper either you will have to create a
new one or you have to use a world one so right now let us create a new key
pair which is named as new key dot p.m. and you can see over you create key pad
so key name is new key and query is key material so it will be written as key
material inside our key so it is just a query and then coming to security group
will have to create a security group and for that security
group we are allowing inbound rule status we are allowing SSH port 22 the
and it is it can be accessed by any IP address that means we can open this
using SSH and then finally we are going to launch an ec2 instance so we are
giving the image ID the image ID can be taken from the AWS CLI or you can just
go to the AWS documentation and get it or you can describe all the instances in
the AWS CLI and get it or you can directly go to the management console
and go to am ice and get the ami ID of the particular instance which you have
to launch from the AWS CLI so the count is one I just have to launch one easy to
instance if you want toward more you can include it over here instance type is T
2 dot micro because theta dot micro is the free instance that is the free tier
Limit instance and then the key name is nu key because that is the key we
created and security groups is taken as new group which we just created so now
let me open the command prompt so we have so we have already configured it so
right now let us start off with it so first let me create a keeper so enter
enter so this will create a keeper so ok there are some mistakes here so let me
just remove this part and hit enter so a new key already exists this means I
have already created a key called new key so let me name it as new key one and
let me try to and solve so I never occurred to keep a new key already exist
so just a second I have to sorry I’ll have to change the name over here so
that is here new cube one so once I do this yes a keypad got created right now
without any error so let this be tried the first time there was some error in
the codes second time that was there because it already had a keypad called
new key so now I’ve created a keeper called new key one so I’ll have to
change that over here so new q1 and others are the same so now let us create
a security group let me copy this and paste it over here and easy to create
security group group name is new security group and description is
security group for my new instances enter and it also should be created yes
a group is created and the group IDs SG and they’ve given a separate number we
can go to the AWS management console and check this and this will be available
right now and then coming to providing inbound rules let me copy this and again
paste it and I think we’ll have to change the name over here that is new
security group now let me copy this and paste it on agenda so right now the
inbound rule should allow port number 22 from any IP address so inbound rules are
done so we have done the three main processes one is creating the keeper
creating the security group and allowing inbound access so the third or so the
fourth and final step is to create an instance from the CLI so this is the
command that is AWS easy to run instances image ID count this one
instance type with still dot micro key name is new key one security group is
new group but we have changed the name to a new security group so let me use
this copy this and paste it over here and hit enter so right now the process
for deploying an ec2 instance would have started so yes you can see a complete
JSON format output has come over here groups instances image ID they my ID
instance ID instance type of steel rod micro key name is taken as new q1 and
and there are other options over here so right now guys
you can see private IP address and you can see a private IP address over here
also and it has a root device name as slash dev slash as the one the root
device type is EBS volumes security group is new security group and the
group ID code is pending so right now it has to be creating now let us go to our
AWS ec2 dashboard and check whether an ec2 instance is getting created or not
so if it is not getting created that means we would have done some mistakes
but it should be creating right now let me open there are three in running
instances so this is the current instance which I created so these were
the previous instances which I already had so currently this is the instance
which is running and initializing this is the instance we created but how to
cross-check this okay now let us check this instance ID let us see 0 c9 let us
go back to the CLI go to the instance ID and check this yes 0 c9 it’s the same
instance guys this is the instance we created directly from the AWS CLI hey
guys a quick inform if you want to become a certified aw assist ops
administrator in telepods provides a course on the same and you can check
those details in the description ok guys we’ve come to the end of this session
I hope this session was helpful and informative for you if you have any
queries leave a comment below and we’ll outta help you out
thank you

Reynold King

4 Replies to “AWS SysOps Administrator Training | AWS SysOps Tutorial | AWS Certified SysOps Admin | Intellipaat”

  1. Guys, what else do you want to learn from Intellipaat? Comment down below and let us know so we can create more such tutorials for you.

  2. 👋 Guys everyday we upload in depth tutorial on your requested topic/technology so kindly SUBSCRIBE to our channel👉( ) & also share with your connections on social media to help them grow in their career.🙂

Leave a Reply

Your email address will not be published. Required fields are marked *