Видео

Hi Jay, Sorry for the confusion, but yes, each task is deployed in an isolated environment. When I said a shared pool of resources, what you must remember is that Fargate ECS tasks are likely to run on physical hardware that are shared by other customers or your other applications. However, when you deployed two tasks that belong to a specific application and cluster, those tasks will be isolated on different resources. but ultimately, you are still sharing a pool of backend resources other application stacks or customers. Hope this clarifies the statement.

Hi Harry You are right, you do not need to specify the ECR repository URL during the build command. Howerver, you would then need to at least tag your image so you can push the image to repository. The step shown in the video basically bypasses that step. So if you look at the ECR push commands you will note that you would need to tag it before you push it. So this step in the video just avoids that step. But both options are correct. Hope this helps

@@DummyAccount-io9xl thank you

Also, NAT gateway costs some 0.062 USD per hour, which means that per month that would cost around $44 (not "a couple of dollars"). Just to have the ability to do some apt updates... is there cheaper solutions?

There is a file in the repository called db.php. This file retrieves the secret name from the #Amazon ECS Environmental Variable and then proceeds to dynamically retrieve the credentials from #AWS Secrets Manager. This means that whenever the script is executed, it will query AWS Secrets Manager for the current credentials. This is advantageous because: - It ensures that the script always has access to the latest credentials. - It reduces the risk of hardcoding sensitive information like database credentials directly in the code. Have a look at the db.php file which is included in the zipped file. Hope this helps Thanks

Depending on which updates you need, you could store them in an S3 bucket and retrieve them via a VPC endpoint. This article provides more details - repost.aws/questions/QUmfyiKedjTd225PQS7MlHQQ/vpc-nat-gateway-vs-vpc-endpoint-pricing

@@sean_reyes Haha… thank you for you kind feedback. All you need to do is like, subscribe and please share! Best wishes

Hi For the run.txt file can you try the following: Step 1: Initiate Inventory Retrieval Job aws glacier initiate-job --account-id [ACCOUNT_ID] --vault-name [VAULT_NAME] --job-parameters '{"Type": "inventory-retrieval"}' Replace [ACCOUNT_ID] and [VAULT_NAME] with the appropriate values. Step 2: Describe the Job aws glacier describe-job --vault-name [VAULT_NAME] --account-id [ACCOUNT_ID] --job-id [JOB_ID] Replace [VAULT_NAME], [ACCOUNT_ID], and [JOB_ID] with the appropriate values. Step 3: Retrieve Job Output aws glacier get-job-output --vault-name [VAULT_NAME] --account-id [ACCOUNT_ID] --job-id [JOB_ID] output.json Replace [VAULT_NAME], [ACCOUNT_ID], and [JOB_ID] with the appropriate values. The job output will be saved in output.json. Step 4: Extract Archive IDs from the Output jq '.ArchiveList[] | .ArchiveId' output.json > archiveIds.txt This command extracts Archive IDs from output.json and saves them to archiveIds.txt. Step 5: Delete Archives aws glacier delete-archive --vault-name [VAULT_NAME] --account-id [ACCOUNT_ID] --archive-id [ARCHIVE_ID] Replace [ARCHIVE_ID] with the specific Archive ID from archiveIds.txt. Note: In Linux, single quotes (') are typically used around JSON parameters, and you should ensure that you’re using straight quotes rather than curly quotes. The rest of the commands remain largely the same as they are on Windows. Then for the script: #!/bin/bash # Set the vault name and file vault="panamericaglacier" file="archiveIds.txt" count=1 echo "$vault $file $count" # Check if the file exists if [ -f "$file" ]; then # Read each line from the file while IFS= read -r line; do echo "Deleting Archive $line" echo "Count: $count" aws glacier delete-archive --account-id [ACCOUNT_ID] --vault-name "$vault" --archive-id="$line" --profile [PROFILE_NAME_IF_REQUIRED] count=$((count + 1)) echo "$line" done < "$file" else echo "File does not exist" fi exit 0 Ensure you have the AWS CLI installed to the latest version

Hi Raju Thank you so much for your valuable feedback and suggestion. I have removed the account-ID and replaced with a placeholder. Awesome... :) Have a great day ahead!

Glad you liked it!

Hi Bharat I think there was some issue with the code. I have re-uploaded the correct code zip file which you saw in the video. The file name eb-rds-todo-app-code-v2 (1).zip Also uploaded a sample JSON file for the IAM policy that needs the Secret ARN. I have retested today using this code and its works well. Please note that the code is designed to run in us-east-1. It has been tested in this region and works there. The code would need a change if you run in other regions in the server.php file. Try the updated code... hope this helps Best wishes Rajesh

@@awstraining Thank you for sharing the updated application code. I selected PHP 8.3, which was not compatible and gave a 5XX error, so I created another application using PHP 8.1, and it worked fine.

Thank you. Appreciate the feedback and support

Thank you for your feedback. Yes, I wanted to ensure that anyone viewing this tutorial can easily learn how to deploy a multi-tier application stack using AWS Elastic Beanstalk. Best wishes

Many thanks!

Thank you for your valuable feedback. Glad the AWS Elastic Beanstalk Stalk Tutorial was helpful. Best wishes

Glad it was helpful!

Glad you liked it!

Thank you 🙂

Thank you for your valuable feedback - Please do like and share the videos and channel with your colleagues. Best wishes.

We will be producing some additional Beanstalk Advance topics soon. I will keep you updated

Hi Thank you for your message. Yes, in the video tutorial, I only use 1 NAT Gateway because since it was a LAB, I did not want to create additional NAT Gateways as they are a chargeable service and do not fall within Free Tier, If you need to deploy two NAT Gateways, one in each public subnet, then you will need to also create an additional route table. Normally your private subnet attach themselves to the Main Route Table as a default behavior. If you plan to use two NAT Gateways, then it also means you should create at least two Route tables - one for each Private Subnet hosting your EC2 instances which Elastic Beanstalk will deploy. Then you can configure each route table to point to the NAT Gateway target for Internet Access (0.0.0.0/0). You would then need to disassociate those pirvate app subnets from the main route table and attach them to the two new route tables you created. This means that only the database subnets will be attached to the main route table. This way the instances in each private app subnet will now access the Internet via their relevant NAT Gateways in their availability zones. Adding two NAT gateways offers redundancy and is good practices for production environments, Hope this helps... Rajesh

Thank you for your feedback. We are bring more mini project tutorials for AWS soon

Thank you for your valuable feedback. Really appreciate it. We will be bring more videos and how-to-guides for AWS

Thanks! 🙂

Thank you for your feedback. Please do share

Thank you for your valuable feedback

Thank you for your valuable feedback. Yes, learning the principles of AWS serverless architectures is critical for any one on an Solutions Architect role. It not only enables you to build with agility but can also be far more cost effective if done correctly. Best wishes on the career change!

Glad it was helpful!

Hi Divya, as discussed, this is likely to be an issue with a misconfiguration of the Environmental variables where a misspelled variable prevented the code from running. When we checked the health check file itself, that seems to be in the right location anyway. Hope this helps.

Yes, you can configure IAM accounts which need to be able to assume the Cross Account Access Role (OrganizationAccountAccessRole) and then they can perform the cross account access.

Thank you for your feedback. I'm glad to hear you found the tutorial useful on Amazon ECS Fargate.

Thanks ✌️

You're welcome!

This is a good question, and it depends on your role within the organization. As a Solutions Architect, you may have developers building application code for you - you may just be responsible for the overall architecture design and incorporating additional infrastructure builds, standards, security and design for cost optimization. Your team could comprise front-end and back-end developers, separate individuals you work with to build end-to-end solutions. Obviously, if you have a developer role in the organization, you and your colleagues would also be building the code. Nevertheless, the demarcation between architects and developers is much less clear today than it was years ago. Even Solutions Architects are expected to work with code (at least Infrastructure as Code) to build solutions more reliably and consistently. And post this, having some knowledge of Python is always good. Hope this helps...

@@awstraining ok so if i get you well, in the scenario in this video, the lambda code is written by the developers who equally wrote the code for the app?.

Yes, but it doesn't always have to be like that - front end developers for the S3 Website Code may be different from the ones who write backend operations.

@@awstraining okkk great thank you very much. I am working on projects that can help me acquire more skills in aws. Your Chanel is definitely going to be very help. Thanks again

Thank you for your valuable feedback on our AWS How-To-Guides. Best wishes

Thank you for your valuable feedback. I presume that the region is enabled for your account. The change to the server.php file for the region for secret manager should not give such an error. The secret simply enables the application to authenticate against the database and perform CRUD operations. You should still be able to access the front website. It is more likely to be an issue with the network configuration such as security groups, IGW or NAT or the route tables not been properly configured. It could also be that the server did not install the application as it did not have the right IAM role attached to it. Could I request you to check these parameters and let me know if that helps... let me know how you get on. Best wishes Rajesh

@@awstraining , thanks for your response. I tried to segment the code to isolate the error and I cam to the conclusion that the problem id db connect (server.php line 38 - $db = mysqli_connect(DB_SERVER, DB_USERNAME ...). Commenting it (and doing small modifications to avoid php error on missing $db variable) the application works (of course user can't do any action, the db is missing !). "devdb" is not accessible using usual tools, so I can't check if it exists, the same for "devdb" schema; again, error_log messages are not included int EBS logs, so I can just guess ... I also re-create the db following the tutorial, but nothing change. Any suggestion ?

Just to confirm are you using the same server.php file provided in the GitHub repo -I only ask because my line 38 is different. $result = $client->getSecretValue([ 'SecretId' => $_ENV["SECRET_NAME"], ]); // result contains a few key-value about that secret. // The key named SecretString has the username and password encoded as a plain json string // Decode the json using json_decode function to get username and password $myJSON = json_decode($result['SecretString']); define('DB_SERVER', $_ENV["DB_ENDPOINT"]); define('DB_USERNAME', $myJSON->username); define('DB_PASSWORD', $myJSON->password); define('DB_DATABASE', $_ENV["DB_NAME"]); $db = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE); $table = "user"; Also did you create the secret in Secret Manager..? Would you be able to share any screenshots?

Also this might be a silly question so I apologize in advance, but are all your resources in eu-south-1 (rds, secret manager, etc)

@@awstraining I just dropped some empty line, so the connect has changed position. Sorry. I also confirm that all resources are in eu-south-1 zone. Please, Here blow two links to secret and db screenshot drive.google.com/file/d/17ZgmWSXLYIt3kdU4YrQFIV4MwNtYERI1/view?usp=sharing, drive.google.com/file/d/1B4iTMACOIk-RKVejhZRzM1NOkKmesjPD/view?usp=sharing

Thank you! Cheers!

Thank you for your valuable feedback. Yes, ofcourse, feel free to us it for your capstone project. The link to the application code is provided in our GitHub repo. Best of luck

Thank you for your valuable feedback. We hope to bring more AWS training videos like this in the near future. Please do like and share...

Thank you too!