Day-1 | AWS DevSecOps Crash Course from Scratch English | Aviz Academy

Added: 2026-05-13

[00:00:05]Hey. Hi everyone.

[00:00:08]Can you guys hear me?

[00:00:10]>> Yeah.

[00:00:13]>> Yes.

[00:00:14]>> Ah, thanks for confirming that Brain Udai.

[00:00:18]Right. So, let me share my screen.

[00:00:26]Hope you guys are able to view my screen as well.

[00:00:35]Right. So yeah, so officially we are kickstarting our program. Yesterday we discussed what actually this program is offering, right? So we discuss lot of things like you know what actually we are going to learn here in this program and the common uh queries you might have and the LMS portal overview everything we discussed in our last session and um here in today's session we are going to discuss what actually this AWS and DevOps is and How basically they both are interlin and um so what is the security in between? Okay, why we are calling it as a dev sec apps instead of just dev apps and also we are going to discuss what actually the shift left mechanism is and why recently every organization is going with that uh uh shift left mechanism and also how we can use AI here in this course and what are the AI options we have here. All right, so this is what we are going to discuss. So this is going to be our day one and whatever the um like you know 120 hours or like uh 90 days classes I mentioned right technically that is starting today. So technically today is a day one of our course that means the actual class. Okay. So we are not going to repeat same thing again. So we will uh share all these recordings with you if you uh skip in between or if you miss somewhere and uh how actually this AWS got it popularity. So firstly you know what AWS stands for right? AWS stands for Amazon Web Services.

[00:02:45]So do you know when actually AWS started AWS officially when actually it is launched? Can you give a guess? It's there from last 5 years or 10 years or 15 years.

[00:03:00]>> 2008 >> 2008. Okay. Bit close but not exactly the answer.

[00:03:14]any other >> 2008 >> 2008 again. Okay.

[00:03:24]Not exactly.

[00:03:26]>> 2006.

[00:03:28]>> Yes. So you know AWS turns 20. AWS turns 20. You can see here. So basically on 18th March AWS officially launched March 14th sorry not 18th as of March. Okay as of this is ah so you see this as of March 14th so the AA is responding with like you know March 14th as of 14th but today is May 5th right? So this is something different. So basically the LLM they trained right that has data only till March 14th. So that's the reason as of March 14th it is giving. So but you see here March 14th in 2006 AWS officially launched and uh AWS turned 20 years now.

[00:04:24]Okay. So they have evaluated this to almost 200 plus services. You can even see that road map here. You can see that road map. 20 years of AWS. They started with something called S3. Okay. In first 10 years they have only this particular services. S3 is for storage and uh they used EC2. This is kind of game changer for all the organizations.

[00:04:51]Before this EC2 right if you want to deliver an application you should have good amount of money. If you have good amount of money, you can go out and you can purchase a servers and you can build the data center and you can actually like u uh deploy your operating system on top of that. You can install the softwares then only you can deliver the application to build a data center right. So you need to spend lot of money. So again people really don't know whether that application is going to work well or it may not work well. If it is working well that absolutely fine but what if it is not working well. So then a problem right. So people once this AWS introduced this Amazon EC2 right.

[00:05:43]So people started using this servers on cloud which AWS is providing those servers. What we can do here, we can just simply log in, create a server, use it, you don't want it, you delete it, the server configuration is very small, you bump it up, the server configuration is it's overprovisioned, you bump it down, you upgrade or technically you downgrade and then you need a database for your application. Then they introduced RDS service. So generally you take two tire, three tire kind of applications, right? We will have web web server, we will have application server, we will have database and for that databases AWS introduced Amazon RDS. Then obviously end of the day we have to secure all these things. To secure all these things we need to have a proper underlying network. For that network they introduced Amazon VPC. Then they introduced something called Dynamob. It is AWS own NoSQL database service and that too particularly serverless till now this EC2 is a server right but this Dynamob is completely serverless where we really no need to launch a server no need to install anything just need a database you go there you create a table and you start using with your application They introduced that. Then later data warehousing where you can store pabytes of data and you can integrate with lot of business analytical applications and you can run your analytical tools and you can get like okay so what what is my sales last year?

[00:07:37]So which area I need to improve such type of business analytical queries we can run here on this Amazon red shift and also they introduce something like a workspaces and here in this easy to write we can launch only serverass operating systems.

[00:07:56]So serverass operating system means like uh Linux servers like uh Red Hat servers or Windows servers. we cannot run client class operating systems like uh Windows 10, Windows 11 kind of work spaces. So AWS in introduced workspaces where we can run this client class operating systems. Then to replace this Amazon EC2 they brought something called AWS Lambda actually this Dynamob is a serverless right similar way AWS Lambda also serverless. Then later they introduced AWS IoT services like a green dress and all where have actually you can use this Amazon Alexa or this uh like you know AI powered or the IoT like you know you can ask uh set temperature to your fridge.

[00:08:49]You can ask your TV to change the volume kind of all these internet of things.

[00:08:55]They introduced that and from 2014 onwards they released containers and kubernetes and in 2017 they released their own database called Aurora and later in 2017 itself they started developing this Amazon Sage Maker and in 2018 they launched Amazon EC2 A1 instance which running with their AWS graviton processors.

[00:09:25]And you can run your cloud in your data center with something called AWS outpost where AWS is going to place a server rack in our office and then so on. You can see here they introduced generative AI app. Then they launched code whisperer where you can start like you know your coding companion where you can like you know start using it while you are writing itself. It is going to give next suggestions. Later it is rebranded as Amazon Q and they introduced something called Kirro. I do have Kirro here in my machine. So this is the IDE.

[00:10:03]Okay. So it's build something on top of Visual Studio only. So here I can simply give like a okay. So this is what I required. I can open a chart here. I can give the specifications. So I can go with the specificdriven application development or I can go with the wipe coding. I can simply give my instructions and which model you want to use. So we can pick the model or we can go with the autopilot option. So once you started giving this prompt it is going to start building this application. Right? So they have this KO and also they have this KO CLI as well. So if you basically observe here so ko cla um I think I have to log in that is the reason it is not showing the models as well. Okay, welcome to Kirro. If I log back in, I can simply give like a Kirro CLI. So then it is going to login. Yeah, welcome to Kirro CLI. Let's get you signed in.

[00:11:12]If I press enter, it will ask me to login so that I can use AI in my local laptop itself. So they introduce such type of uh AI agents where we can run in our laptop. So it is evaluating and it's launched exactly 20 years back in 2006 March 14th. So AWS is not something new.

[00:11:40]It is not there from just 10 years. It's there from almost 20 years. And yesterday someone asked me this question why I have to learn AWS. So I told you their customer base their major clients and everyone like you know as it is kind of first in this market right so a lot of people lot of organizations are using this so obviously when adaptability is more job openings are more so that's why AWS is a global leader and they are evaluating with the market right so this is AWS now what is devops Can anyone answer what is DevOps?

[00:12:24]AWS is a cloud.

[00:12:27]So we are going to use this cloud service provider or AWS is technically CSP cloud service provider. Now what is AWS?

[00:12:40]Can anyone answer? You can unmute and you can answer.

[00:12:45]So DevOps is the method uh to release the software and perform the changes on on the servers and the apps and how how quickly we want to move to the production. So what what methods you use to make it happen?

[00:13:03]>> Right. Exactly. How quickly we can deliver our changes to end customer.

[00:13:10]Right. So to deliver that application quickly we our organizations are adapting this dev apps. So before devops organizations not delivered any kind of application if you don't want to unmute you can put your answer in our chat window I can pick from there. So before Dev apps don't we have any kind of applications that delivered?

[00:13:40]>> Yeah, there were but very slow.

[00:13:49]>> We do have lot of applications but slow.

[00:13:55]See nowadays why India is investing a lot on bullet trains.

[00:14:04]We do have trains from British era, right?

[00:14:11]We do have train from British era. Why like you know everybody like you know even recent times like you know so a bullet train from Hyderabad to Bangalore, Chennai to Bangalore or Delhi to Hyderabad or Mumbai.

[00:14:25]So why these bullet trains?

[00:14:28]>> Look at the terminator the different asy as possible.

[00:14:32]>> Exactly.

[00:14:34]Exactly. So the speed right? So we want to cut down the travel time. So generally if I pick a regular train to travel from Hyderabad to Bangalore it is going to take approximately 10 to 12 hours. Right? But if I pick a bullet train okay then the same time is now reduced to almost 6 hours or 8 hours. So 12 hours is now cut down to 8 hours. So that's the reason like you know this governments and like you know they are investing a lot and why you are purchasing your own cars whenever we have this bus train and everything we want to like you know use our own thing and also we want to like you know wherever we want to go we want to go very quickly I don't want to uh wait in a bus turn for that bus for so long time right so we should have that flexibility So organizations earlier what actually they have used they used something called waterfall methodology waterfall model or waterfall methodology.

[00:15:53]So then later they realized okay what is the problem with this waterfall methodology we cannot come back okay I I'll I'll generate a simple diagram for this okay and for this purpose I will use claude okay I'm going to use a tool called excalidra excalra colon generate a diagram for waterfall methodology ology versus agile methodology versus DevOps methodology.

[00:16:34]Add only key stages.

[00:16:40]Add only key stages.

[00:16:43]Okay. and mention delivery time for a 10 pages website in same canvas. Let's see what actually it is going to uh build.

[00:17:04]Okay, it is going to develop a simple excalator diagram where we can like you know instead of I'm going here and rubbing here drawing all the stages I can simply generate one simple diagram I can actually use it here. I can actually use it here.

[00:17:25]Okay, it is creating right. Once it is ready, we will just pick.

[00:17:39]Awesome. Right. So basically AI is making my job our job is easy. Okay.

[00:17:47][snorts] Perfect. So 10 pages website delivery time summary. I'm not taking any kind of fancy application. This is just a 10 pages website. Okay. Let me um one second.

[00:18:20]Let me open this in excalra.

[00:18:36]Okay. So now when coming to this software development methodology comparison if you have a 10 pages website delivery time comparison is you see here if you are using waterfall methodology it is going to take four to 6 months why just for a 10 pages website why we have to wait for four to 6 months. So first we have to go to client we have to take the requirements then we have to plan for system design then we have to plan implementation then testing then deployment. So once this deployment is completed then we will go to the customer and we'll mention okay your 10 pages website is ready your 10 pages website is ready. So now he's going to review all the 10 pages and then if he gave any suggestions we can add it as maintenance and here what is the problem?

[00:19:35]Customer sees product only at the end no feedback loop. So you are taking requirements here you are giving final product here customer don't have any visibility what actually happening how actually the application is designing. So this methodology organizations started with later they identified okay this feedback loop is missing. So how we can reduce it. So then what these guys did okay so in waterfall methodology one big release at at the end. When coming to this they came to this methodology called agile methodology. In agile methodology, delivery happens for every 3 to four weeks. The first working version will come in 3 to four weeks.

[00:20:27]Now we are going to segregate this something called sprint. For every one to two weeks, okay, first we are going to plan, design, then develop, then review, then we are going to test.

[00:20:40]So now once this first page is completed, then we will go to sprint two. So let's assume in first phase we have taken page one and two. Once this sprint is completed we will inform client okay hey client your page one and page two is ready you can have a look at our application. Then client is going to review it and he's going to say okay you do these changes then it goes to something like a retrospective uh call again. So then again like you know we will have someone called scrum master. Okay. So then every single day we are going to have a standup call.

[00:21:19]Then finally they it goes to sprint two it goes to sprint three then once it is completed then we will release it to production.

[00:21:28]Okay. And here what is the advantage? We are involving client at every stage. So customer gives feedback at every sprint.

[00:21:39]Changes are welcome at any time. But here do we have that fe feedback option?

[00:21:44]No. But here every sprint or in every single day the client is joining the call and he's going to observe how that application is application development is progressing. So then he's going to give his suggestions on the same day so that the developers can add their changes into the pipeline. Then when coming to this dev apps so what is the problem? It is such a great option. It's a uh like you know uh we are able to involve client in every single call and we are able to build application right.

[00:22:21]So then what is the problem here? Fine the development is fine but once this development is completed we have to deploy it into a server.

[00:22:32]So till this two weeks stable version is ready we cannot deploy into server and we cannot deliver it right.

[00:22:40]So once it is deployed to the server then it have to go to testing phases and all. So again there is a clear gap between developers and operations team who manage the infra who develop the application. There is a clear gap here.

[00:22:57]To fill that clear gap we got something called devops methodology. So here instead of three to four hours it is going to take minutes to hours if application like you know is ready. So we are going to plan we are going to code we are going to build test release deploy and you just monitor it and once so here we have something called CI pipeline. Once this is stable, once this particular thing is stable, there is a pipeline. Whenever developer write code, whenever he commit the code, automatically one pipeline triggers.

[00:23:37]Automatically one pipeline triggers and it is going to perform the testing the code quality vulnerabilities and everything. It is going to test. If nothing found then it is going to deploy to server automatically to perform this we have to depend on some set of tools.

[00:23:59]You see here there are some tools automatically this claude mentioned. So those tools are git jenkins or github actions docker kubernetes terraform. See here every code push every single code push okay is going to every code push triggers build test deploy 10 pages site deployed in hours not weeks auto roll back if it is failed automatically we can roll back. So the gap between the development team and operations team is now reduced because automatically developer commit something it is available to end customers right so I I'm actually using this method trust me I'm using this method so every single day for example you know our LMS portal right so this is our LMS portal yesterday I have like um shown you this LMS portal. Okay.

[00:25:10]So, okay. What actually pipeline means?

[00:25:14]Pipeline is nothing but a process. So, when developer here for every two weeks, we are taking the code and we are going to give a proper format and we are going to place it into the server. So, this is a manual process. So manually we are taking the code, we are reviewing the code, we are building the code to get a proper format. Then finally we are placing that code into the repository. Right? So but here we have an automated process that we call it as a pipeline.

[00:25:53]Okay. So whenever developer commits a code to g the place where multiple developers code resides.

[00:26:04]So this g informs immediately okay I got a change then immediately what it will do it will inform other tool okay some changes are here then build is going to happen automatically. The entire code we cannot place into server as it is. If it is a Java code, we have to convert it as a jar file or v file. So this conversion is a manual process earlier. But now once code is in the git then build is going to happen automatically. The final output or product is going to tested.

[00:26:42]Then if test pass then it is going to placed into server so that we can access. So these all things are happening automatically right this is all happening because of this process we call that process as a pipeline.

[00:27:01]All right so hope that answers your question Udai.

[00:27:05]So let me quickly show you 09.

[00:27:12]Okay this is place like you know for 09 batch 9. So for a batch 9 I'm going to upload all the recordings here itself.

[00:27:20]Okay. So once I log in here you can see day one. This is a dummy. I did a test and this is day two. So just for testing purpose I added this. These are dummy video files. Okay. But today's video today's video I'm going to upload here and also in YouTube as well. So whoever com complete the registration they will get credentials to this LMS portal. So they can watch that video from here itself and to upload a new video every single day.

[00:27:57]You know what I'm doing? I'm not going to the server. I'm not going to do the code changes. I'm not going to upload the file. what I'm going to do in my local laptop is so this is what devops and uh I can see some more modifications generally whenever we are onboarding new batch right such type of like you know small small mistakes happen so what I did I took batch 8 file but I forgot to edit this so here you see it is showing as a batch 8 only and 20 sessions this is not right I have to adjust this and also I want to add day three video as well. Okay. So then how I can do by using this devops methodology I told you that we can deliver any changes in minutes. Right? I will demonstrate that now.

[00:28:55]Visual studio code and all my project code here is in my laptop. So generally this is a batch seven this is batch 8 and this is ours. So let me add for example I want to where is that where is that?

[00:29:25]Yeah I can keep on adding everyday content. So currently I identified two things. I want to perform two things.

[00:29:33]One I want to add day three and also here it is showing as a batch 8. I want to fix that error. I just seen this. Now just now in the class itself I have seen that. Okay. I want to fix both. So now what I can do? I can simply I can simply add a new thing. So what I can do this AWS with the dev sec apps live video publish demo.

[00:30:08]Then I actually added AI tools here. So based on the header I gave automatically it is going to pick the info. Done. I did a change and also I told you here right okay batch 8 is something I want to um adjust so that also I can fix it in batch 9 somewhere here let's search somewhere batch 8 is added I forgot to identify yeah I'm going to make it batch 9 and also I'm going to mention AWS with dev secc apps. Right? I did the change. Now these changes are in my local laptop. Now I want to deploy and I want to deliver these changes. And you can see here clearly the commit messages.

[00:31:07]May fifth video added. May fourth video added. May second video added. This is every single day who is doing all the changes. Avin is doing all the changes.

[00:31:16]I have implemented UI changes and all.

[00:31:18]You can see all that commits here, right? Let's add. Okay. Added May 5th demo 5.

[00:31:31]Then click on commit. Sync changes.

[00:31:35]That's it. I'm going to wait for a couple of minutes.

[00:31:39]Okay. So, the changes should reflect here. Instead of batch 8, we should get batch 9. And along with day one and day two we should get day three as well. If our the pipeline so the changes I did here it is going to detect in back end it is going to run security test if the test passed it is going to deploy into the server and that server is added to a load balancer that load balancer is mapped to a domain name and finally we should get the output.

[00:32:20]Can I see where this pipeline is running? Of course. Yes, it is running in my AWS environment. So I can see everything from scratch. I build this.

[00:32:31]Okay. So let me quickly show you that.

[00:32:38]So the pipeline is not the pipeline you are thinking. It is a pipeline that picks code that prepares a build and that is going to deploy. So for this I'm using a service called code pipeline.

[00:32:58]Okay.

[00:33:01]So it's in Hyderabad region.

[00:33:04]And you see here whatever the commit message I have given in local added May 5th demo pipe 1 minute ago. These are the most recent commits I did. And if I want to roll back also I can do the roll back. Okay. And once this pipeline completed, you see this now the issue got fixed. Batch nine and also day three is now added here. So this is what Dev apps will do for our enterprise level applications without disturbing other services. For example, if you're taking some websites like Amazon.in or Netflix. If one particular service is not working properly, we can work on that particular service, we can do the deployments on that particular service without disturbing any other services. So because of that micros service- based architectures only organizations are adopting this devops method.

[00:34:10]Okay. And yeah, hope you got an idea what actually this pipeline means.

[00:34:17]Okay, so good. I was able to identify that batch 8 and I was able to fix that. All right. So you see pipeline is succeeded.

[00:34:30]Right. So this is what devops. So earlier also is there but the slow process medium and running like a bullet red.

[00:34:43]Okay.

[00:34:45]So now how this cloud and how this devops works together. So end of the day okay you need to deliver that application right sometime back you see here sometime back I have shown you the server okay to to to run this pipeline to deploy this to outside world end of the day I need to have a server if I go to EC2 there is one server you see here there is one server there are some IP addresses there are some backups, there are some backend storage, right? There are some load balancer. So these all are running now.

[00:35:32]And without this server, what is the meaning to deliver an application very quickly?

[00:35:41]I cannot write. So I have process to deliver any application very quickly.

[00:35:48]But I need a server to place this application, right?

[00:35:52]So the server we will get from EC2 I need a place to deliver application. So for that firstly what we need one second let me pick this right. So firstly we need to have something called EC2 server. The application actually runs here but without database what we can do with this application we need to have database right. So there is something called RDS and we need storage right all the videos and everything we place in a storage only. So we need storage and obviously this database and everything is going to have lot of sensitive information.

[00:36:36]So we need to secure this. To secure this we should have a network configurations and obviously the server may have high CPU.

[00:36:49]the server may have like you know uh logging mechanism inside this EC2 instance our application is going to run if that application is giving lot of errors let's assume we are getting something called error inside that EC2 instance I want to inform my team so we need to have some tools for observability purpose or1y is nothing but observability so I need to have an observability tool to monitor my database to monitor my storage to monitor my network and also all the data I'm storing here in S3 or database or in server obviously it need to encrypt right so we need to have encryption services as well we need to have complianent services as well for example someone accidentally leaked our data immediately I want to identify And every single thing we were performing in AWS, I want to have a control on that process. Then we need this like you know lag tracking every user activity should be tracked. Then we have some services like a cloud trail and I want to automate all this resource creation. Then we have something like cloud formation templates. So the application delivery is speeden up or faster with this devops tools but the underlying infrastructure is coming from this AWS. Without this underlying infrastructure your application have to run in onremise. Again if it is running in onremise organization have to purchase server they have to spend lot of money. organization is not ready to invest lot of money that's the reason they are going to the cloud so this is how AWS and Dev apps both are interconnected okay fine this is providing the infra this is automating the development and deployment process then why we are calling it as a secaps So generally there is some proverb right prevention is better than cure right. So instead of getting the disease then taking the treatment what we can do you can have like you know the proper measurement so that you don't get the disease.

[00:39:37]Prevention is better than cure. So now in software terminology we have something called shift left mechanism.

[00:39:47]Have you heard about the shift left?

[00:39:51]Anyone?

[00:39:52]Do anyone know what is the shift left mechanism?

[00:39:58]Yeah. Not even one single guy.

[00:40:08]No.

[00:40:16]Okay. I'm taking it as a no. Okay.

[00:40:20]So you you you guys can hear me right?

[00:40:26]>> Yes sir.

[00:40:27]>> Ah okay.

[00:40:29]Right. So I got response from Pravin.

[00:40:32]Okay. Thanks for response Pravin. So basically shift left mechanism means the one I mentioned right prevention is better than cure. So generally why applications like you know expose their data why like you know you might see even I'm um I got affected with this okay uh I got an email couple of days back I got an email couple of days back I can even show you it's happened very recently have I been puned is the website.

[00:41:12]Yeah. Have I been puned? You see this?

[00:41:15]You've been puned in the Udemy data breach. So almost 1.4 billion account information is breached in April 2026.

[00:41:28]my email address, my employees, my job titles, my payment methods, my phone number and my physical address that I have given to Udemy is actually compromised.

[00:41:41]Okay. So there is like you know a attack like you know pay or leak I have your data you pay me otherwise I'm going to leak. That is what pay or leak is like you know the the UDM is victim of pay leak. So this shiny hunters group did this. So now so how this happened there is a small loophole in their pipeline. So they have not identified this. So in general whatever application we are going to take right. So generally what we will do we will build we will deploy we will deliver that once we identified the issue then we will try to fix it okay so generally we will have that particularly like you know um we Indians have that mentality I'm not criticizing so even uh let's see when that comes you know we all we all like you know at some point of time have that mentality right h let's see when that comes But why can't we prevent that now? Okay.

[00:42:51]Why to take that chance? That is what shift left mechanism. So shift right means after issue identified.

[00:43:02]Okay. Then we can take like you know measurements. We can take like you know uh fixes. We can apply some fix. But before that also we can apply some fixes. So before code before code reaches to this you have plan you've written the code you prepare a build before it is released we can test it with a lot of security tools. So today morning itself I covered one topic guys uh it is on GitHub actions. Okay. Um so I have integrated security tools here. Yeah, you can see that here there is something called um GitHub actions that we discuss in this course. So you see this update image scanner and you see I can show you these all today 10:30 10:35 yeah you see this okay so wantedly I have compromised some of the credentials and you see this git leaks detected secrets before deploying it to the server there is something called git leaks it identified okay in your repository tory you have some credentials these are the credentials we cannot go and we cannot deploy this code if you have these credentials okay so this is one example and another one if it is a docker image something like that what actually we can see here image scanner we are going to scan the image we are going to before pushing okay so you see this I have updated did the Docker file and you see here build completed successfully but build okay lint lint lint issues we got okay you see here this is successful but the image scanner it identified some issue we have used something called trivy and you see this this is you see here in your code you have all these issues it is using aqua security tree and uh it is using this GitHub actions.

[00:45:23]Vulnerability scanning is enabled.

[00:45:26]Secret scanning is enabled. Okay. Then it is uh it completed it and this is a report summary in my GitHub actions app latest. We have seven vulnerabilities.

[00:45:40]Then what is that like vulnerability and what is the severity? What is the severity is it affected and what is the installed version and you can see that here so how many critical and you see here until unless you go and you fix this issues I'm not going to deploy so we can add this even yesterday also I discussed some of the security tools for Python okay for example yesterday's is all workflows.

[00:46:21]Do I have next page? Yes. Ah, these are May 4th, right?

[00:46:27]Yesterday is May 4th. Yeah, you can see that here somewhere if you scroll down.

[00:46:36]So, May 4th, right? So here I have added three jobs or later I made it as a one job.

[00:46:53]Yes.

[00:46:55]So you see here code quality is actually failing. So it is giving clear message.

[00:47:01]Okay. You are trying to use this particular like you know we used another tool called bandit. Okay. So what actually it is do doing? So in your code there is a field where DB password is equal to super secret password 1 2 3. So that means some developer commit some API key or some secret or some like you know AWS access key secret access key committed without any idea.

[00:47:33]Then if it deploys pre build prepares then deploys into the server someone observes that and he got the credentials and your application is gone and sometime back I have shown you right pay or leak so I have your database credentials your database is in my control you pay some ransom otherwise I'm going to leak so we will become victim for such type of issues but you see here you have some kind of hardcore credentials and these are the total lines of code and total issues low medium severity issues and I'm not going to perform the deployment right this is again it is performing the dependency scan so we are using something called pip audit here so this dependency scan also should complete then only so it is going to look for CVS Okay. Common like um uh CVE common vulnerability and vulnerabilities and exposures. So it is looking for common vulnerabilities and exposures and lot of tools before our code reaching that actual server. We are doing lot of testings and this is not just in that pipeline. We are doing all these testings and everything in our AWS also.

[00:49:04]So testing or security is not just one session topic. Throughout our course we are going to discuss how we can secure our resources that is actually part of every single topic.

[00:49:20]Okay. So hope you got an idea why I'm calling this as a dev sec ops. Between development and between like you know deploying it to server and delivering by the operations team we have a security phase. We are going to secure all our applications by using that security phase. And this is the reason every organization is migrating from traditional workflows to devops. And this pipeline is not just limited to our workflow. This pipeline is same for artificial intelligence AI ops also. All right. So as as we got topic of AI, right? So how actually we are going to use AI in this course. So firstly here in this pipeline to generate the code we manually no need to write line from line one. So we can use like you know this AI tools and also we have something called MCPS.

[00:50:32]For example, this cloud itself has an MCP tool. I'll quickly show you this. So here if I want to if I want to develop something where is that connectors and where is that?

[00:50:55]Is it moved?

[00:51:04]No.

[00:51:06]Um, one second.

[00:51:13]Skills have moved to customize, right? You see this? I designed a skill.

[00:51:23]I designed a skill. Okay. So, where this skill basically AWS solution architect.

[00:51:31]So, this what actually it will do. So it follows all the best practices and it is going to create resources as per AWS standards. As per AWS standards, it is going to create resources like serverless services. It can generate like you know cloud for template. It can stable application architecture by using this autoscaling load balancer. It can configure stoages. It can perform event-driven architectures. It can perform API operations and it can configure CI/CD pipelines. I built this skill and I have added all the steps. So you can simply give okay for example you want to prepare infrastructure as a code you can simply mention hey cloud I just added the AWS solution architectric skill can you can you generate cloud formation template for three tire web application with autoscaling and RDS just I can give this to claude and claude is going to follow all the best practices and it is going to design This in similar way what actually AWS did. So nowadays see this diagram I designed such a beautiful diagram right this excalidra has an MCP server that MCP server I have added here you can see this this is the connector that I'm talking I use this tool I use this tool this official excalid MCP I can generate a slide just in 2 minutes whatever Whatever the topic you gave, I can generate a slide by using gamma.

[00:53:19]It just just one prompt away. I'll show you gamma.

[00:53:24]Generate a like uh prepare a presentation.

[00:53:32]prepare a presentation on AWS and DevOps in 2026 and uh how AI is helping how Dev apps is helping AI to deliver fast to end customers.

[00:53:59]Keep it technical instead of generic. Now click on enter.

[00:54:06]So it is going to prepare it is first it is going to call this tool. So you see this it is loading the tools. It is calling the tool then it is going to use a custom theme. Then it is going to prepare something here and it is going to develop. In similar way what are the tools you have? We can have the tool we can have that MCP. So AWS also AWS serverless MCP server you see this this is officially coming from AWS. Okay. 29th May 2025.

[00:54:49]So 29th May 2025.

[00:54:52]So they released this official like uh MCP server. All we have to do is you just add this MCP uh in your cloud or any other AI tool.

[00:55:05]So whatever the best practices AWS defined I'm picking this from AWS only right. So it is going to follow that AWS defined best practices and it is going to generate. So now you see this it is going to generate this presentation right. So even we can ask new chart.

[00:55:28]Hey Claude, use AWS solutions architect tool and generate a cloud formation template to create an S3 bucket.

[00:55:49]And always whatever the context you are giving, whatever the prompt you are giving that is very very important.

[00:55:56]Keep this bucket private and enforce all the security standards.

[00:56:08]Okay. So now whatever the skill I already build, it is going to use that skill. It is reading that skill and it is going to read whatever I have mentioned in that skill.mmd and uh you can see this this is what the skill dom. So well architecture framework is here serverless land is here. So basically whatever instructions I have given here it is going to follow that and it is going to give me a cloud formation template.

[00:56:39]Okay. So let's observe that output and also meanwhile this um gamma slide gamma presentation is now ready. Let's see generating gamma. This should take a minute or two.

[00:57:02]And by the way, have you guys gone through the cloud series I made recently and I uploaded in my YouTube channel?

[00:57:09]So if not just go through that even through if you don't have cloud code subscription I strongly recommend you to go through that.

[00:57:20]Okay I can see Ram raise a hand. Yes Ram.

[00:57:25]>> Uh sir so one question. So now you added a connector. Uh so without connector can't we get the same output or will we get a different output is it?

[00:57:37]>> Uh yes. So basically connector is official way right.

[00:57:44]So see whenever you are purchasing something you always look for okay is this uh a original one or is this compatible one or just Chinese one we verify it right? So the instructions is it coming from official AWS?

[00:58:05]Answer is yes, we don't worry much, right? Why? Because AWS follows all the best practices as it is AWS one, right?

[00:58:14]So, it's always recommended to have add that official MCPS. So, you see this AWS and Dev apps in 2026. Let's see edit in gamma. Let's open this what actually uh it generated.

[00:58:28]Okay. AWS and Dev apps in 2026. It is for Avis Academy. And you see this 85% enterprise AI in CI/CD.

[00:58:40]Whoever is actually using AI they are using this DevOps CI/CD pipelines.

[00:58:47]GitHubs plus MLOps fully conversed into unified delivery platform. We are going to discuss that. So the big shift from software to intelligence.

[00:58:59]Now AWS in 2026 AWS have something called bedrock. AWS has sage maker and they have their own uh processors.

[00:59:10]So Titanium 2. So to training that Amazon Q for like you know what I can say Amazon Q is for like um the just like a chart right. So EKS auto mode it is going to pick the required workload required service automatically. So traditional DevOps versus AIO ops pipeline. So then DevOps flywheel of AI.

[00:59:36]So automated testing infrastructure as a code progressive delivery observability then foster experimentation then build deploy train and evaluate instead of deploying application. So this whoever builds AI right they're going to deploy models and they're going to deliver. So these are the core AWS services and you see this and we have something like you know githops for AI Argo CD is integrated with EKS and we will discuss that what is Argo CD kind of thing and infrastructure as a code for AI workload you can just give simple command and you see this I asked this to keep it more technical the prompt I mentioned right okay keep it technical that's the reason it kept it in technical way and also It used a tool.

[01:00:26]You see this? It used it and it created a cloud for template main secure bucket.

[01:00:36]It is blocking public access. Zero public access. Blocking all bank wall doors. KMS encryption. All files are encrypted. HTTPS only. Encrypt data in transcript. Versioning. Accidental deletion. I can get it back. Access login. Whoever is accessing everything.

[01:00:54]Life cycle rules like uh automatically older version we can move it and we can save some cost and bucket policy if you are getting any bad request it is going to block the bucket policy and it generated this. Now the important thing in 2026 is generation is not a problem. Generating a cloud for script or generating kubernetes template or generating a terraform script is not at all a big thing. Whenever any issue occurred, can you troubleshoot or not? For example, you see something AI added here something like a log retention days. You should know what actually that is and how actually it works in real environment, right? without having this information again what you need to do you have to go with the wipe coding itself okay what is log retention how to adjust this so here it is fine but in organizations it won't work you should know what AI is generating okay you definitely should understand the core concept first once you understand the core concept then you can use any kind of AI tool And this is not something new to me. So before AI there we have something called former 2 to generate script by using existing environment. I used to use this former too and also we have something called AWS console recorder.

[01:02:32]AWS console recorder it's there from so long time right. So but now the process is evaluated. We are we have access to all these tools. Right? So firstly understand the subject then you can use AI to generate all these things and uh you should be in a position to troubleshoot any kind of issues that we are going to get in our real environments. That's what we are going to learn here in this course.

[01:03:09]All right.

[01:03:12]Right. So now hope you got an idea what is cloud, what is devops and why organizations are going behind it and how actually we can use AI. So you know what actually a deless itself have this AI services inbuilt. Let me log into my AWS account.

[01:03:36]Okay, I'll quickly show you. AI is not an optional thing and I want to mention something that AI is not going to take your job who learn how to use AI you have thread with that candidate. So in AWS itself we have inbuilt AI options we have something called AWS DevOps agent.

[01:04:04]So this we will discuss as part of our course how we can use this AWS DevOps agent to run our agentic workflows here and we have lot of capability providers.

[01:04:18]We can integrate with Azure DevOps. We can integrate with GitHub. We can integrate with lot of monitoring tools and we do have an option to create agent space and all. So how actually we can use that a AWS devops agent we will discuss and we have something called bedrock.

[01:04:37]So this bedrock is a place where we can get all the required models for our application.

[01:04:44]Okay. So you see here model catalog. You want model this is just like a market.

[01:04:51]Okay. You want model from anthropic you go and pick anthropic. You have cloud oppus 4.7 cloud sonet you want model for Amazon you have Amazon Nova Nova to light Amazon titon you want model from Mistl AI you see here we have something like a Mistl 14b you know what actually this B means they used 14 billion parameters to train this model and you know what we can run this AI in our own laptop itself. We have something called GMA.

[01:05:37]Gamma 4 is from Google. It is a open model. So you can run this GMA in our laptop. We can use this GMA to connect with a tool. We can use this gamma to build the agent and we can run queries in our local and we can get output as well. I do have that. So I already have that in my laptop. So what I where is that? It's not searching.

[01:06:14]You can see here I have llama and you see here gamma 4. I don't have any kind of integrations. I'm not going to use internet here. But I can give a prompt.

[01:06:28]You see here I have tested. So write a python program to like a this is what my right. So this is what like you know uh question then it analyze that chart gamma fixed. So it is giving like you know uh answer to this question. Even basically this configuration this laptop is bit low on configuration. I'm going to get a new laptop in 10 days. So I can run such type of local models in my laptop itself. Okay. So we can use that local AI tools to integrate with AWS and we can monitor that health as well. So that also this all AI part you will have one week workshop on this complete AI tools how we can use this. Okay this is going to be absolutely free uh for our like you know these uh confirmed students.

[01:07:32]All right. So, yeah, this is what the AWS and DevAps and how AI is actually changing these things.

[01:07:46]Okay.

[01:07:48]So now I'll take your questions but before that I just want to mention one point that okay from like you know in our next session we are going to discuss what is AWS global infrastructure how we can create our AWS account what are the support plans we have in AWS that is we are going to discuss in our next session first thing second Okay. And um yeah so as I mentioned today is a day one from today onwards we are going to share the videos and technically this is a actual session. I hope you got an idea what we are going to discuss and also you can go to our website to understand this course curriculum. You can go to this course curriculum in our website and you can see this slides like uh this is what our course curriculum. Okay. So you can go through that. So first phase completely AWS we are going to complete the project then we will move to devops.

[01:08:56]Okay. So yeah I just want to mention this part and um yeah I know you might have lot of questions. Okay. So, let me pick your questions. You can unmute or you can drop your questions in chat window.

[01:09:15]Okay. Uh I understand how Dev apps used for application development but I worked on data and DTL process. Could you explain how Dev apps and AWS are used for building and managing data? End of the day what actually data pipeline means? Udai here.

[01:09:30]So it is an ETL kind of thing, right?

[01:09:34]So you are going to firstly where you are going to store your data.

[01:09:39]>> So you need some kind of storage.

[01:09:41]>> Yes. Yes.

[01:09:42]>> You need some kind of storage. So your data is going to store in technically as per this diagram your data is going to store here in S3.

[01:09:51]>> Right.

[01:09:53]>> So now when data is in S3 how you are going to identify potential issues? For example, some of the customers, they may accidentally push their PII information, personal identifiable information like their name, their address, their phone number. So, how you are going to identify such type of PI information in your data pipeline?

[01:10:21]Obviously, we need to integrate AI services here, right? So, similar way you take anything. So basically this is becoming kind of mandatory nowadays.

[01:10:37]So the data pipeline or ETL is not something new. Okay. So it is a completely different process. We are going to take the data. We are going to filter it. We are going to refine the data. We are going to give a proper format. Then we are going to put it to a database. then that is going to consumed by BI applications or you're going to put it into like data warehousing solutions where BA or BA application is going to pick and use it right so once data is ready again now to filter this also earlier okay let let me quickly show you that okay so to filter or to run a query on large set of logs you need to write some logs and all. But now we have something called u cloudatch here log management automatic log analysis.

[01:11:44]now not in this account. I do have another account.

[01:11:56]Okay, let me go to cloudatch.

[01:12:01]Not sure I have some logs here. Okay.

[01:12:04]Yeah, I have some logs here. For example, these all logs I'm getting from my server. I have a server inside that an Apache server is running that is sending all the logs here where I can apply metric filter. You see here in that logs whenever I got 404 kind of errors I'm going to trigger an alarm. So now here we can configure anomaly detections. We can configure metric filters. We can configure log streams.

[01:12:36]Now so to query this what actually we can do? We can go to log insides.

[01:12:42]Okay. And here you can see which log group. Okay. Pick the log group. Then here logs inside QL is required. But I don't know what is that log insights.

[01:12:53]Right? I can use this query generation and I can give okay identify most recent log contains error then generate new query.

[01:13:11]So then it is going to show the query accept the change then run the query. It is going to display that information here. You can visualize it. You can add to dashboard. Okay. So now you can see that here right. So AI is everywhere.

[01:13:35]Hope that answers your question.

[01:13:39]Yes.

[01:13:41]>> Uh with this course would I be able to integrate a as well as you have done and also I'm beginner in this domain. I just have two years experience in SR role. I hope I'll be able to get all the things in the class. If anything needed to be done from my side like u um I would request you to share the same so that I can easily get all Yes. So firstly whatever I'm demonstrating here you can get that okay so I'm going to teach you whatever I'm demonstrating here in this sessions I'm going to teach you in our course all right >> right so any other questions for me Nice.

[01:14:51]Okay, I'm taking it as a no questions and whoever is interested and want to register, you can navigate to this page.

[01:15:07]You can navigate to this page aisacademy/ payments.html.

[01:15:13]So you can find all the payment information here. you can do the payment and if you are planning to pay using credit card you can reach me separately.

[01:15:24]So you know the payment gateway charges are too high like you know so yeah we have payment gateway as well. So you can reach me separately and if you want to go with the UPA and all you can find the information and if you want to go with the NFT or IMPS transaction you can go with that option here. All right so yeah once you done the payment make sure you take the screenshot and you share that screenshot with me and um I'll start your onboarding process.

[01:16:02]uh is this timing is fixed or may change to some half an hour earlier. So the timing is fixed prain.

[01:16:12]So let me let me do that now. If everybody is okay then I'm okay to have a session from 7 to 8:30.

[01:16:23]Okay, let's take a poll.

[01:16:28]>> This 7:30 works for me.

[01:16:31]So, so basically that is what the finalized time. So, yeah, it's actually 7:30 to 9.

[01:16:42]So, by the time like you know most of guys comes from office and sit and for even like a um it's a convenient time for other country guys as well, right?

[01:16:56]So yeah, it's 7:30 to 9.

[01:17:04]All right. So hope um this session is informative and from tomorrow onwards we are going to discuss AWS and AWS global infrastructure and other components. All right, see you again tomorrow. If you have any questions, you can reach me over WhatsApp or you can give a call. If you have any plans to call tomorrow morning, please call after 11:30 a.m. IST. I can pick your call. Okay. Thank you. See you again tomorrow, guys. Meeting link is going to be same for this entire week.

[01:17:47]>> Thanks, sir.

[01:17:48]>> Yeah.