1

00:00:07,610  -->  00:00:12,450
Welcome back to BackSpace Academy.
In this lecture I'm going to give you a

2

00:00:12,450  -->  00:00:17,940
quick overview of the trusted adviser
service of AWS now what that is it is a

3

00:00:17,940  -->  00:00:24,150
online service that will audit your
infrastructure against best practices

4

00:00:24,150  -->  00:00:29,869
across a number of different areas being
cost optimization performance security

5

00:00:29,869  -->  00:00:34,230
fault tolerance and service limits now
make sure that you remember those

6

00:00:34,230  -->  00:00:40,260
because it may come up on the exam now
depending on what level of support

7

00:00:40,260  -->  00:00:46,110
you've got with AWS will determine how
detailed the trusted advisor report will

8

00:00:46,110  -->  00:00:52,199
be so this account here has enterprise
level support from AWS so it has all of

9

00:00:52,199  -->  00:00:56,550
the available recommendations from
trusted advisor but if you've just got a

10

00:00:56,550  -->  00:01:00,600
standard account it will have the
majority of these will be grayed out but

11

00:01:00,600  -->  00:01:04,710
you will have the essential ones there
so don't be too concerned if everything

12

00:01:04,710  -->  00:01:08,610
is not there and available for you it
just means that you haven't you haven't

13

00:01:08,610  -->  00:01:13,020
got that level of support from AWS so
looking at the first one here we've got

14

00:01:13,020  -->  00:01:17,670
cost optimization and so everything is
with a green tick so there's nothing for

15

00:01:17,670  -->  00:01:21,750
us to be concerned about but I can click
on that and have a bit of a closer look

16

00:01:21,750  -->  00:01:27,780
at it so we can see there it's looking
for idle DB instances or ec2 instances

17

00:01:27,780  -->  00:01:31,560
or any sort of instance that we're not
using we need to get rid of those and

18

00:01:31,560  -->  00:01:38,729
save the money we can see their idle
load balances ec2 instances that are not

19

00:01:38,729  -->  00:01:43,920
utilized fully and they can go to a
smaller ec2 instance unassociated

20

00:01:43,920  -->  00:01:48,570
elastic IP addresses so there's quite a
bit of stuff there that it can recommend

21

00:01:48,570  -->  00:01:52,860
for us that can save us quite a bit of
money and not only that is that we can

22

00:01:52,860  -->  00:01:57,990
actually expand these and it will tell
us exactly where these resources are so

23

00:01:57,990  -->  00:02:01,560
that can be quite difficult to track
those down sometimes but this will make

24

00:02:01,560  -->  00:02:07,920
life a lot easier for you trusted
advisor can also advise us on

25

00:02:07,920  -->  00:02:12,599
performance how we can reduce the
bottlenecks in our infrastructure how we

26

00:02:12,599  -->  00:02:17,040
can reduce
sale cost with resource record sets in

27

00:02:17,040  -->  00:02:22,370
Amazon route 53 how we can use cloud
front in front of our our buckets to

28

00:02:22,370  -->  00:02:29,370
minimize our costs for delivery of that
content in security there's also a lot

29

00:02:29,370  -->  00:02:34,049
of areas that we can look into right
here we've got everything in green but

30

00:02:34,049  -->  00:02:39,090
we've also got two which are actually
alerting us to a problem so we can see

31

00:02:39,090  -->  00:02:44,040
down here we've got we don't have cloud
trail logging on any of the regions here

32

00:02:44,040  -->  00:02:47,730
so that's something we'd want to
implement we also have some security

33

00:02:47,730  -->  00:02:56,159
groups that have unrestricted access so
let's have a look at those so I can see

34

00:02:56,159  -->  00:03:02,790
here when I've created a wordpress ami
or use the WordPress ami for a lab it's

35

00:03:02,790  -->  00:03:08,340
create a security group and by default
it's just had that open on port 22 for

36

00:03:08,340  -->  00:03:16,169
for all IP so we can now just click on
that and it'll take a straight there

37

00:03:16,169  -->  00:03:20,879
where it is so we can see there here are
these two security groups and they're

38

00:03:20,879  -->  00:03:27,299
being created for that WordPress ami so
if we have a look at that and we can see

39

00:03:27,299  -->  00:03:33,449
there we've got SSH and we use SSH or
secure shell to connect directly into

40

00:03:33,449  -->  00:03:37,829
the Linux operating system of an
instance and we can see they're on port

41

00:03:37,829  -->  00:03:44,939
22 it's open for everyone so that's not
desirable it's not a major deal but it

42

00:03:44,939  -->  00:03:50,040
is not desirable to have that and so we
can edit that and we can change that to

43

00:03:50,040  -->  00:03:57,659
our IP so the only way of accessing over
secure shell will be from our own IP

44

00:03:57,659  -->  00:04:03,569
address anything else outside of our IP
address will not be allowed but that

45

00:04:03,569  -->  00:04:09,180
said you still need AWS credentials to
actually get in anyway but again it's

46

00:04:09,180  -->  00:04:12,810
not a good practice and you should have
that lock down as well so what I'm going

47

00:04:12,810  -->  00:04:15,979
to do is just delete those

48

00:04:18,800  -->  00:04:24,750
so they've gone now so what go back to
trusted advisor and if i refresh this

49

00:04:24,750  -->  00:04:28,640
one that should no longer be a warning

50

00:04:30,620  -->  00:04:36,570
okay so after a short amount of time
those that warning for that alert for

51

00:04:36,570  -->  00:04:40,590
those security groups has now
disappeared so we don't have to worry

52

00:04:40,590  -->  00:04:44,070
about that anymore
so let's go to fault tolerance and here

53

00:04:44,070  -->  00:04:48,900
we can see we've got two warnings here
for s3 bucket logging and also for

54

00:04:48,900  -->  00:04:53,640
versioning on our bucket so it's not
it's not a major deal but it's something

55

00:04:53,640  -->  00:04:56,790
that it's recommending we should do we
should have versioning on a bucket

56

00:04:56,790  -->  00:05:03,090
that's that's certainly a best practice
and finally we got service limits so if

57

00:05:03,090  -->  00:05:07,200
we're exceeding our service limits
that's going to cause problems for us if

58

00:05:07,200  -->  00:05:11,280
we're exceeding the number of instances
that that you know that we should have

59

00:05:11,280  -->  00:05:14,820
then we're going to have a problem when
we go to launch instances but you can

60

00:05:14,820  -->  00:05:18,930
see there we've got no problems there
but it goes through a whole heap of

61

00:05:18,930  -->  00:05:23,790
different stuff there to make sure that
you're not exceeding the service limits

62

00:05:23,790  -->  00:05:28,260
for example elastic IP address so if
you're getting close to that then it all

63

00:05:28,260  -->  00:05:32,310
warned you that there is a problem with
that so that's the trusted advisor

64

00:05:32,310  -->  00:05:36,480
service so make sure that you go to it
and the way you get there is go to

65

00:05:36,480  -->  00:05:42,570
services and trusted advisor quite
simply and and again your trusted

66

00:05:42,570  -->  00:05:46,710
advisor won't be as complete as this one
if you don't have enterprise support

67

00:05:46,710  -->  00:05:52,320
from AWS but still it's a good idea to
go and have a look at it and just see

68

00:05:52,320  -->  00:05:57,680
how it all works so that's it and I'll
see you in the next step