1 00:00:06,540 --> 00:00:09,050 - Now let's talk about the Amazon Machine Image 2 00:00:09,050 --> 00:00:10,400 or the AMI. 3 00:00:10,400 --> 00:00:12,670 Within EC2 4 00:00:12,670 --> 00:00:15,160 when we create a virtual machine 5 00:00:15,160 --> 00:00:17,670 we have to have something to begin with. 6 00:00:17,670 --> 00:00:20,220 We have to have a way for that machine 7 00:00:20,220 --> 00:00:22,580 to boot into some kind of an environment. 8 00:00:22,580 --> 00:00:24,880 We have to have an operating system 9 00:00:24,880 --> 00:00:28,750 and perhaps even applications 10 00:00:28,750 --> 00:00:30,930 or other configurations already done 11 00:00:30,930 --> 00:00:33,310 and so, that's what the machine image is for. 12 00:00:33,310 --> 00:00:36,160 The machine image is, essentially 13 00:00:36,160 --> 00:00:38,850 a bit-for-bit copy of the root volume. 14 00:00:38,850 --> 00:00:41,170 It contains the operating system 15 00:00:41,170 --> 00:00:43,760 and anything else that was installed. 16 00:00:43,760 --> 00:00:47,990 And so, we generally have our choice of Windows, 17 00:00:47,990 --> 00:00:51,100 Linux, FreeBSD... 18 00:00:51,100 --> 00:00:55,033 and many different flavors of those operating systems. 19 00:00:55,870 --> 00:00:58,830 At this time, we don't have access to Solaris 20 00:00:58,830 --> 00:01:00,990 but we should be able to choose 21 00:01:00,990 --> 00:01:02,763 and make use of those other three. 22 00:01:04,590 --> 00:01:06,380 Now, we can find machine images 23 00:01:06,380 --> 00:01:08,250 in a number of different places. 24 00:01:08,250 --> 00:01:11,930 We have machine images that are provided by AWS 25 00:01:11,930 --> 00:01:14,630 such as Amazon, Linux, 26 00:01:14,630 --> 00:01:17,330 different flavors of Ubuntu, or Red Hat, 27 00:01:17,330 --> 00:01:20,600 or Microsoft Windows 28 00:01:20,600 --> 00:01:22,980 and then we also have trusted publishers like 29 00:01:22,980 --> 00:01:25,620 Canonical, or Red Hat, or Microsoft 30 00:01:25,620 --> 00:01:28,670 for other flavor, or specialized flavors 31 00:01:28,670 --> 00:01:30,610 of those operating systems. 32 00:01:30,610 --> 00:01:33,050 We also have community AMIs. 33 00:01:33,050 --> 00:01:36,150 Community AMIs are publicly available 34 00:01:36,150 --> 00:01:39,300 being provided by other AWS customers. 35 00:01:39,300 --> 00:01:40,150 So... 36 00:01:41,070 --> 00:01:45,710 I could shell into a machine, a virtual machine in instance 37 00:01:45,710 --> 00:01:47,870 and I could install whatever I wanted. 38 00:01:47,870 --> 00:01:50,320 I can install, you know, perhaps Nginx, 39 00:01:50,320 --> 00:01:53,640 or, you know, certain flavors of Node.js, 40 00:01:53,640 --> 00:01:55,350 or Phyton, or what have you 41 00:01:55,350 --> 00:01:58,130 and configure a machine in a certain way 42 00:01:58,130 --> 00:02:01,720 that might be useful for myself as a developer 43 00:02:01,720 --> 00:02:03,600 and then realize, you know what? 44 00:02:03,600 --> 00:02:05,360 This is useful for a lot of developers 45 00:02:05,360 --> 00:02:08,160 so let's make this publicly available 46 00:02:08,160 --> 00:02:10,620 as a community AMI. 47 00:02:10,620 --> 00:02:13,930 Now, generally, the way I approach community AMIs 48 00:02:13,930 --> 00:02:17,810 considering that they are published by who knows who 49 00:02:17,810 --> 00:02:21,430 is that if I wanted to experiment with something 50 00:02:21,430 --> 00:02:22,780 then I might look to the community 51 00:02:22,780 --> 00:02:26,360 to see if somebody has already compiled, or installed 52 00:02:26,360 --> 00:02:30,340 a particular configuration of different pieces of software 53 00:02:30,340 --> 00:02:33,930 so that I have a fresh place to start. 54 00:02:33,930 --> 00:02:37,440 And then once I run that prototype and check it out 55 00:02:37,440 --> 00:02:40,700 and feel satisfied that yeah, that does work 56 00:02:40,700 --> 00:02:43,160 I think I do want to invest more time 57 00:02:43,160 --> 00:02:45,320 into that particular, you know 58 00:02:45,320 --> 00:02:47,470 configuration of software 59 00:02:47,470 --> 00:02:52,470 then my policy is well, I don't know who created that. 60 00:02:52,810 --> 00:02:55,790 I don't know what else they may have put on that machine 61 00:02:55,790 --> 00:02:59,870 and Amazon will also tell you, if you read the documentation 62 00:02:59,870 --> 00:03:04,310 Amazon says that AWS will not vouch for the security 63 00:03:04,310 --> 00:03:07,470 or the integrity of community based images. 64 00:03:07,470 --> 00:03:10,510 So, it is our responsibility as a customer 65 00:03:10,510 --> 00:03:15,130 to ensure that we are using things that are secure, right? 66 00:03:15,130 --> 00:03:16,780 So, in terms of the community images 67 00:03:16,780 --> 00:03:18,860 I would just leave you with the warning that 68 00:03:18,860 --> 00:03:21,540 you don't really know what went into them. 69 00:03:21,540 --> 00:03:25,010 They might be fine to try and experiment 70 00:03:25,010 --> 00:03:28,080 a little prototype, or something, in a sandboxed environment 71 00:03:28,080 --> 00:03:29,840 but when it comes to production 72 00:03:29,840 --> 00:03:33,340 I would always start with a machine image 73 00:03:33,340 --> 00:03:37,130 from Amazon, or another trusted provider 74 00:03:37,130 --> 00:03:39,560 and then whatever software I needed 75 00:03:39,560 --> 00:03:42,230 I would install and configure myself 76 00:03:42,230 --> 00:03:45,993 so I know exactly what is on that instance. 77 00:03:48,230 --> 00:03:50,270 And then lastly, like we mentioned earlier 78 00:03:50,270 --> 00:03:51,770 we have the AWS Marketplace 79 00:03:51,770 --> 00:03:55,170 where we can find those canned solutions. 80 00:03:55,170 --> 00:03:57,610 So, in terms of launching an instance 81 00:03:57,610 --> 00:04:00,520 we first choose the machine image 82 00:04:00,520 --> 00:04:01,930 whatever that is, right? 83 00:04:01,930 --> 00:04:04,880 Again, it's gonna be the operating system 84 00:04:04,880 --> 00:04:06,920 and any software that's installed 85 00:04:06,920 --> 00:04:09,750 any configuration that was put in place 86 00:04:09,750 --> 00:04:12,280 any users or group that were put in place 87 00:04:12,280 --> 00:04:14,520 within the realm of authentication 88 00:04:14,520 --> 00:04:16,680 that is the operating system. 89 00:04:16,680 --> 00:04:19,660 And once we choose the AMI 90 00:04:19,660 --> 00:04:23,240 we then launch the instance by choosing, you know 91 00:04:23,240 --> 00:04:25,130 what type instance do we want? 92 00:04:25,130 --> 00:04:28,050 Do we want, you know, like a T2 small? 93 00:04:28,050 --> 00:04:29,700 Do we want a C4 large? 94 00:04:29,700 --> 00:04:31,570 An M5 extra large? 95 00:04:31,570 --> 00:04:34,910 We choose the family and the type of instance 96 00:04:34,910 --> 00:04:36,380 and once we launch that instance 97 00:04:36,380 --> 00:04:39,970 we could stop there, and we could have that machine running 98 00:04:39,970 --> 00:04:44,300 doing its job, using the software that was installed 99 00:04:44,300 --> 00:04:46,874 as a part of the image. 100 00:04:46,874 --> 00:04:50,950 We could go further and install different applications, 101 00:04:50,950 --> 00:04:54,110 configure, what have you 102 00:04:54,110 --> 00:04:58,390 and then go on to create our own private machine image. 103 00:04:58,390 --> 00:05:02,330 When we create images of instances 104 00:05:02,330 --> 00:05:05,130 those images default to being private 105 00:05:05,130 --> 00:05:09,600 only accessible by the account in which they were created 106 00:05:09,600 --> 00:05:12,430 but you could go on to share that image 107 00:05:13,340 --> 00:05:15,100 with another account 108 00:05:15,100 --> 00:05:16,480 you could share it to the public 109 00:05:16,480 --> 00:05:18,780 by making it a community AMI 110 00:05:18,780 --> 00:05:23,770 and any instances that are launched from that private AMI 111 00:05:23,770 --> 00:05:26,900 will all, essentially, be clones of one another, right? 112 00:05:26,900 --> 00:05:29,510 So, creating custom machine images 113 00:05:29,510 --> 00:05:32,350 is a really good way to give yourself 114 00:05:32,350 --> 00:05:34,287 a known state, right? 115 00:05:35,707 --> 00:05:36,900 So, when a machine comes to life 116 00:05:36,900 --> 00:05:38,920 you know exactly what is installed 117 00:05:38,920 --> 00:05:41,483 and what is available on that machine.