21. Networking Module Introduction
As you might guess, for instructors like myself that have been in information technology for way too long, when we’re teaching a CompTIA subject like this, we often have to really be careful. We have to reel ourselves in from getting too carried away in any one area because that area tends to be our expertise. We have arrived at that moment in this Cloud+ journey. I am, like, I have the most experience and I would consider most of my expertise, in the area of networking so I promise to you I will be very careful. I will be diligent to stay within our required scope and to not go too crazy here with lecturing on one of my favorite topics. Let’s talk networking, not so much specifically cloud networking yet. That’ll come later, but for right now just some key networking in general.
22. Network Segmentation and Security Protocols
Let’s have some fun right now and let’s do a little history lesson on this concept of network segmentation. In fact, if I worked at CompTIA and I was in charge of this title, I would’ve called this topic something like Network Micro Segmentation, because today that’s really what we’re talking about. It is no longer just segmenting networks. It is micro segmenting networks. And I’ll explain that evolution to you. And also as a bonus in this video, we’ll talk about some of the common network security protocols that we’re dealing with in our environments today.
So let’s not waste any time. Let’s get to our whiteboard here. What we want to discuss is how network segmentation became a big thing. When networking really first started out we had the hub type of a device, and that was taking in a signal and it was sending that signal in a total non-discriminatory way out every single port that it possessed. This of course, was a nightmare and it created collisions in the traffic. And also just what a terrible use of bandwidth, because it’s this device here, device one, wanting to communicate with device two and the information is transmitted everywhere.
Well, the bridge came along. ‘Take me to the bridge,’ I think is something that maybe Rick James once sang. But anyways, the bridge came along and what the bridge would do is it would at least make two segments so you could constrain the information into these two segments.
And then what came along was a switch, of course, and the switch, also known as a transparent bridge, what it’s doing is it is micro segmenting the network. Yes, it has a ton of ports on it, and each station that connects its location is learned by the switch. And so now when this device wants to talk to this device the switch keeps that traffic constrained to those two devices.
Now, what’s interesting about micro segmentation is that while this is the brief history of it, these hubs which became bridges, which became switches, this evolution, this exact type of thing, happens inside of our virtual world with virtual machines. It’s so amazing. They have a virtual network interface card that’s gonna connect into a virtual switch. That virtual switch might connect into another virtual switch. And then it might connect into a physical switch. So I’ll say P-switch, you get the idea, right? So it is remarkable how these same concepts are going to be translated and utilized in the virtualized world as well, that we tend to work with so much in a cloud-based environment.
Now, as I said, kind of a bonus in this video, let’s talk about some of the network security protocols that you need to become very familiar with. And I would really encourage you if you are going to be doing cloud in any kind of a capacity, if you’re doing, my goodness, cloud in the capacity of design or implementation, it doesn’t matter. You need to be well-versed in these. So, think about what’s going to be happening. We have some kind of, oh, maybe it’s a branch office and this branch office has a whole bunch of data and things that are going to be needing to be transferred into, maybe, the public cloud. So, what are going to be are options for doing this securely, because after all that is the Internet and that is that scary place that is just chock- full of individuals that would be interested in obtaining this information. And this very reason is why some, you know, very old school C-suite executives within organizations say, ‘No, no way. We’re not going to the cloud. We’re in a panic about doing such a thing.’ So, guess what? We have an environment where, thanks to the Internet now and its adherence to HTTPS. This is used to be secure socket layer, but it’s really evolved now into what’s called transport layer security. Since it’s still borrows so heavily from the SSL, it’s often called SSL/TLS. But this is the technology that’s behind the HTTPS secured connection. This is TCP port 443. Notice I have that memorized because of how commonly we use this to interact between like a branch office and the public cloud.
Now what if this connection needed to be up all the time and we wanted even more security enhancements? Well, that’s when you can go ahead and do like a VPN, a hardware based VPN solution and then you can do a virtual software-based VPN device up at your public cloud. And what you’re gonna be doing, of course, is an IPsec tunnel over those, that connection, right? So, those hardware VPN devices and the software VPN devices are establishing an IPsec tunnel. And that can remain up all the time. And that is a really-really great way when you know your branch office is gonna need to communicate with your public cloud like at all times. So, keep a nice VPN connection with IPsec up all the time.
Now, another protocol you want to be familiar with is Secure Shell (SSH), because remember Secure Shell is how we often will go in from the branch office and get to a virtual machine that is running inside of the cloud. Maybe it is a Linux machine, and of course it’s powered by the command line interface (CLI). So, we use Secure Shell to make a remote connection in and access the CLI of that device. If you are in a Microsoft environment, you’re probably using remote desktop protocol (RDP) to do the same thing. To go in and get to the graphical user interface in that case of the Windows server that might be running for you up in the cloud.
Well, it’s a busy whiteboard, isn’t it? Because as we saw, there’s quite a few protocols we need to know in a cloud-based environment helping to keep all of this secure. We remember security is a reason that some are afraid to go to the cloud, but if we do it properly and we learn these protocols, we can make it a more secure proposition than even traditional environments. Thanks so much for watching.
23. Other Networking Topics
So, we are gonna have another just blitzkrieg of three letter acronyms. It really is amazing and, in all fairness, we are gonna have two four letter acronyms and the rest will be three letter. But you’re gonna see my point. These are all services that you’re probably familiar with and I wanna talk to you about how the Cloud really makes them seamless for us.
You see these services are all straightforward and really pretty easy to maintain. But having them just transparently handled for us in a Cloud environment that is just too cool for school, as we used to say. So, we have these systems inside of the Cloud, right? And what’s happening is DHCP is being used just transparently to assign the appropriate IP address information to our happy little VMs that sit inside the Cloud. So, remember DHCP is that service that’s going to be handling the IP address assignments to these systems in the Cloud handled for us by the Cloud provider.
Now, we don’t reference the systems by number. So, if this machine is at 10.101.24.201, if that’s the address that machine is at we can’t memorize addresses like that. So, of course, we would call that something like client1.aws.lab or something like that. And that name is resolved to that address through DNS. And guess what? That is automated and happening for us when we are in a public cloud environment.
Now, what about things like IP address management (IPAM) software packages? Yes. Well, if you have a whole bunch of address space that you need to manage, you now have that functionality built right in to your public cloud service. Something else that you’re probably gonna want is network time protocol (NTP); and network time protocol makes sure that the time is synchronized on all of the various devices that are inside your cloud or on-prem network. So, get all the devices agreeing on the same time.
Now, let’s say that we do have some customers in Asia Pacific. So we are gonna say that we are a US-based company and we do have more and more customers in Asia Pacific. One of the things that cloud services will allow you to do is to take advantage of a content delivery network (CDN). And this is so wonderful in AWS, it’s a fun one as far as its name goes. It’s called CloudFront. I love that name. So, in AWS CloudFront is the CDN solution and what it enables you to do is cache. That’s right. It will cache your content to some other location like the Asia Pacific location so that you will have really great performing access to the content you need to deliver to that part of the world, even though you are located as far as you possibly could be from that Asia Pacific location.
Now, two additional related acronyms are MPLS and VPNs. So, one of the things we might find ourselves doing is MPLS which is taking the traffic that we are sending from location to location and just putting a label on the traffic and then moving the traffic based on that label. You see, having to constantly move traffic through our networks based on an IP address is cumbersome and presents challenges. So, technologies like putting a label on the traffic and then moving the traffic through the network based on that simple label can have tremendous performance. Not so much performance anymore, but can have tremendous flexibility and can be great in cloud-based environments. A type of VPN is an MPLS VPN. So that’s why I said these last couple of acronyms really went together; the MPLS concept along with the virtual private network concept because technically an MPLS network is a virtual private network. It just lacks security, but you could always add that. So, yeah, VPN’s very similar to MPLS, but when we think of a true VPN solution, right, what, MPLS is a bit of a stretch. So let’s just say what would be a classic example of a VPN solution we might be doing in the Cloud and we’ll talk about this in other videos as well but that’s when we’re doing like an IPsec VPN and this is all about security. It provides great authentication, authorization, it’s going to allow us to go ahead and log the activities that are going on with the IPsec VPN and it’s going to offer very strong encryption capabilities should we need to take advantage of that. And why don’t I spell that right?
All right, so lots of acronyms here, but of course, many of these we are familiar with from our other disciplines that we have studied, I’m sure, and even our experiences in networks today. And guess what? We’re almost done but we do have one more exciting topic to discuss here. Yes, it’s our final three letter acronym and it is software defined networking (SDN). This is nothing new. We’ve been doing this for a long time but it is now really taking the world by storm. And what happens here is you separate the logic of everything and how the network works into two separate planes, at least two planes. So, we have a data plane and a control plane. Now, some models you’ll see break it out even further but this is fine for our discussion and this is exactly what CompTIA wants you to know. So, there’s the control plane and the data plane. The data plane is, you guessed it, it’s the user traffic. So the user’s actual stuff they’re sending is on this data plane and we’re typically interested in just getting that done as fast as possible. The control plane is separated, notice from the data plane and this is like things like routing updates and things that are gonna be required to keep the network up and running. This would be where our management traffic is for us ourselves managing the network; and what software defined networking is all about is giving us what’s called a single pane of glass (SPOG). That is everything we need in one website. Think of it that way. Everything we need in one website for controlling that control plane and then making all the data plane magic a reality for our customers. So, it really is neat because we finally have packages now that will have all of your network equipment accessible in one, you know, easy-to-use webpage and you can go ahead and control those devices and configure everything holistically using templates, using this whole concept of software defined networking. Gone are the days where we have to go in and visit like 16 routers and 24 switches and 4 firewalls and 3 IPS devices. You know, I used to do things like this in my networking career and I used to have to go to all of those devices one by one individually and configure them using the CLI to make the changes that we wanted made in the network. Now we just sit down at a handy little webpage and we make the magic happen thanks to software defined networking. Thanks so much for watching.
24. Building a Virtual Network in AWS
Sure, there are wizards that will automatically build resources for you inside of AWS. Sure, there are templates you can use but nothing is gonna help you adapt to and get more comfortable with the cloud, nothing will help you get there faster than with us walking through how you would build your own virtual network step by step. Let’s do that in this video.
Now, it is definitely the case and you’ll notice it right away that the more you are familiar with the traditional networking components, well, then certainly the more very comfortable you are gonna be with these virtualized components of the cloud. Well, here we are inside of AWS’s VPC Dashboard, the virtual private cloud dashboard. And notice there is a wizard. You see that, launch the VPC Wizard. And this wizard is going to really automate the creation of a VPC for you. But as I indicated, that’s not what we are going to do.
Instead, we’ll go ahead and create a virtual private network in this cloud manually step by step. So, let’s go ahead and create the VPC. And notice I’m gonna create only the VPC. And I’ll name this cloud_plus_vpc. And notice we will go ahead and provide an IPv4 classless Internet domain routing prefix. So, what IP address space do we want associated with this VPC? And I’ll go ahead and say, all right, I would like the entire 10.0.0 range available to us. So we’ll go ahead and give that overall CIDR address. And we are not gonna do anything with IPv6. Now, as far as the tendency goes, this is not going to be a dedicated VPC on set equipment. We’re just gonna default it to the, you know, normal, multi-tenancy settings of AWS. And this is going to really help ensure that we are not charged too much for this resource. Notice there will be the name tag. And bing! We just created our VPC. You saw how easy that was.
Now let’s review the properties of this thing. So, the VPC got an ID and that is how it will be known in AWS. We had the default tenancy. There’s no default VPC configured here. This is just a new VPC we have called cloud_plus_vpc. There’s nothing done with DNS resolver firewall groups. It’s available. There’s a DHCP option set in case we need to make any changes or tweaks to DHCP. There’s our CIDR range we set, there’s our owner ID. DNS hostnames are disabled. And look at this, there is a main routing table as well as a main network ACL.
What is the main routing table? Well, let’s go take a look at it. So, I click on it and we are going to examine this routing table, and notice what it’s doing. It’s just ensuring that the 10.0.0.0/24 CIDR range is kept local. Yeah, no need to try and send this to an internet gateway or anything. It’s all locally accessible address space. Interesting.
Let’s go back to our VPCs, and let’s go look at our cloud_plus_vpc that we created. And let’s talk about this main network ACL. Notice there is a network ACL associated with this VPC and notice that it is permitting all traffic. So, absolutely all traffic sourced from anywhere is permitted. And notice that’s the same with the outbound rule. So, all traffic is permitted thanks to this network ACL. What is the network ACL for? What would be the role of such a firewall-like structure? Well, the job of the network ACL is to protect traffic flows, to protect traffic, to secure things that are flowing from VPC to VPC. So, as we get more sophisticated with a VPC type of structure, you might use the network ACL to control the traffic that is flowing between VPCs.
All right, so there you see, we have created the VPC but a VPC all by itself isn’t going to do much for us. No, no, it’s not because a VPC all by itself like this is not going to have any subnets inside it. And it’s the subnets inside of a VPC that we are actually going to place our network resources in.
So let’s go ahead and now create a subnet that’s gonna live inside of our VPC. And by the way, notice one of the things that you are gonna want to develop, is your naming convention. Yeah, for sure. So notice when we create a subnet we are gonna place it in our new cloud_plus_vpc. But notice when I name it, I’ll go ahead and use kind of a consistent naming approach. I’ll say cloud_plus_subnet1. So notice, I’m not thrilled with my naming convention but at least it’s a start.
Now, what about an availability zone? Be careful with this. This is where you can get yourself into trouble. When you start forcing resources into certain little nooks and crannies of AWS, well, that’s when you can start running them out of certain classes of instances, or software, or resources in general. So, if you don’t need to have a preference on which actual availability zone that this resource will be created in within Amazon, well, then don’t set a preference. Yeah, don’t get aggressive with that kind of stuff.
All right, what’s the IPv4 CIDR block going to be? All right, well, let’s go ahead and do a subnet of our overall CIDR space, right? So I’ll say how about 10.1.1.0/24 as the space that we are going to utilize. So, notice we’re gonna come up with our IPv4 CIDR block and then we are going to have our name tag in place. Notice, you’re typically gonna be creating many subnets. So, there is a handy new subnet button.
And I just realized, obviously, you need to be in the scope of your overall CIDR address. And I went out of that scope. We said we were gonna be in the 10.0.0.0/24. So in order to go outside of that, I’m gonna have to do a little subnetting, right? So, we’ll do 10.0.0.5/26. This will be fine. So, you can come up with a nice subnetting scheme that you are gonna do in your overall IPv4 CIDR block.
And then go ahead and choose create subnet. And there is your subnet created for you. And notice that is associated, of course, with the virtual private cloud that we created a moment ago. And notice here, I have navigated back to the main subnets view. And right there at the very bottom, we can confirm that we have our cloud_plus_subnet1 created properly. This is excellent.
All right. Now what about additional components that might be needed here? Well, I can think of one. What if whatever we place inside of this subnet needs to reach the internet? Well, that’s what we have an internet gateway for.
So let’s create an internet gateway. I will say this is my cloud_plus_igw. And notice that’s all we need to do. Just go ahead and then create it. And once we have our cloud_plus_igw, we’re gonna go ahead and attach to a VPC. And so we are gonna select a VPC. There’s our cloud_plus_vpc and we are going to attach that internet gateway. Fantastic!
So notice, while it is kind of laborious building these components of the virtual network inside of AWS step by step, one of the beautiful things is we can appreciate and we can control to a fine degree every element of each one of these components. And we know exactly what is done from a configuration and even component naming standpoint.
So, what else might we need as part of a virtual network like this inside of AWS? Well, certainly one of the things we would now need would be the appropriate routing table instructions to make this network function properly. So, notice I can go in and create a new route table. I’ll call this cloud_plus_rt. And notice we’re gonna associate this, of course, with our cloud_plus_vpc, and it gets its name tag. We go ahead and create that route table.
Now, notice for subnet associations, we can go and associate the subnet that we created moments ago together with that route table. So now if we look in the route table, we can edit the routes and we can say, ‘Look, sure, it’s fine to keep everything in 10.0.0.0/24 local, but how about stuff that’s destined for any other address?’ Well, we wanna send that to our internet gateway and there is our internet gateway. So we’ll save these changes to the routing table and now we have done it.
That’s right. We have created the ingredients that would make a virtual network inside of AWS a reality. To review what components we created there and in what order, we first created a virtual private cloud and the virtual private cloud was defined, very simple to define this inside of AWS. And then we went inside that VPC, if you will, and we created a subnet. So, we created a subnet inside of the VPC. So that this subnet would be able to reach the internet, we added and associated with the VPC an internet gateway. And then finally, we wrapped it up with the creation of a route table. A route table that will do two things – keep local traffic local and then will send non-local internet traffic to the internet gateway that we created. Again, creating structures like this, practicing with this inside of AWS is an excellent habit to get into. Thanks so much for watching.
25. Testing a Virtual Network in AWS
You’ve probably heard the expression, ‘There are no shortcuts in life.’ And I think this is true. Well, there are some exceptions to that. But I know one thing, when it comes to testing your virtual network in AWS, yeah, there’s no shortcuts. We’re probably gonna wanna spin up a resource in that virtual network and make sure it functions properly. Let’s do that together in this video.
So, I’m sure, as you remember in the previous video we created a brand new virtual private cloud. This was our own cloud inside of AWS. So, if I go into the VPC dashboard I’ll see my cloud_plus_vpc right there.
Well, let’s go ahead and do this. Let’s go and create a new virtual machine resource, and let’s put this virtual machine resource in that cloud, that we created for ourselves in that virtual network. And that way, we’ll be able to test that virtual network. So, I’m gonna go up and launch instance on the EC2 dashboard. I’ll say this is mytest, and I will go ahead and grab, oh, how about an AWS Linux instance? That’s fine, we’ll keep it free tier eligible on the t2.micro. And I will use, oh, I have this Ansible_KP. I’ll just go ahead and use that key pair. I’m gonna allow SSH traffic from anywhere. So, I’m just gonna quickly launch this instance.
Now, wait a minute, did I launch it in the correct virtual private cloud? That’s what I want to check though. So, let me go to instances here and let’s refresh. We should see that new instance that we created get fired up. Any moment here, there is the mytest system. Look at that. And what virtual private cloud is it located in? Well, let’s check that under networking. It’s certainly gonna list our VPC, and look at that. It went in the default VPC. So, this is something to be aware of that AWS is gonna give us a default virtual private cloud and that resources will go into that default virtual private cloud by default.
Let’s go ahead and terminate this instance then. And that’s great practice at how we would delete a virtual machine that we have created.
Okay, I’m gonna go and try this again with ‘Launch instance.’ I’ll say mytest2. And this time we will once again, go ahead and launch the t2.micro type image. We’ll do the Amazon Linux, AWS, and this time we’re gonna be very careful under the network settings. Notice we are gonna choose ‘Edit.’ And we are going to drop this into our cloud_plus_vpc. All right, and notice, I want to go ahead and automatically assign a public IP address to this resource. We’re gonna allow SSH from anywhere, with a new security group called the launch-wizard-4.
All right, I’m thinking this instance is going to go into our new network that we created and we’ll be able to test with this instance. Notice, I did have to select a key pair there.
All right, so I’m gonna choose the ‘View all instances’ button. Let’s go ahead and refresh this window. We can see that this mytest right here has been terminated and that will get cleaned up from the console over time. So, AWS does what’s called a garbage collection process, and they will go through and they will eventually clean up any of these kind of droppings, if you will, of systems that we may have deleted.
There’s the mytest2 system. And let’s go ahead and select that, and as soon as it is fully initialized, and there we go. It just reached that point. We’re gonna choose the ‘Connect’ button.
And of course, this reminds us of the SSH syntax that we are gonna use to connect to this resource. Now remember, why are we doing this? Well, we put this resource in the VPC that we created in the previous video. So, I do believe if we can access this virtual machine, we just did a great job of testing our virtual network that the virtual machine lives in.
Now, I am gonna switch to my OneDrive folder because guess what? I have an AWS Keys folder in there and that is where that Ansible key pair is located. So, I’m gonna SSH from that location. I’m gonna say, ‘Yes, I’m sure I want to connect to this device,’ and look at that. There is our EC2 Linux instance, and it is nestled right inside of the virtual network that we created in AWS. So, I’ll just do a sample command there. I’ll do a change directory back to the route and then I’ll list all of the folders, and then I’ll go ahead and exit from that virtual machine.
So, there is no better way than to test your virtual network in my opinion, then by spinning up a resource in it and making sure you can properly access that resource.
Now, in the next video I’m gonna walk you through how you can clean up successfully after building something like this. Maybe, you are doing laboratory testing, getting ready for a cloud plus certification exam. And now you want to clean up all these resources to ensure that you’re not charged for them. I’m gonna walk you through just how easy that is to do, in the next video. Thanks so much for watching.
26. Deleting Virtual Resources
Thanks to the flexibility, the agility that we get with the cloud and our ability to quickly test new solutions and technologies, it’s inevitable that you’re gonna have a whole bunch of resources in the cloud that you don’t need, that you need to clean up, that you need to delete. While we have just that situation in our AWS environment right now. Let’s walk through some best practices when it comes to cleaning up resources, and this goes for whatever clouds you’re working with.
So, here we are in the EC2 dashboard of AWS and one of the things I like to do right away is always to make sure to refresh so you can see the current state of your virtual machines. Now notice I have mytest image here or I should say virtual machine, and this has been terminated. So, this has been deleted and that will eventually be cleaned up from my display.
But notice I’ve got mytest2 that’s currently running. I’ve got the cloud_plus_test, and that is currently stopped. Can I select both of these devices, go up to instant state, and terminate them? And the answer is yes, you certainly can. And notice we’re gonna be deleting the underlying elastic block store resources, the volumes that are hosting these particular operating systems. So notice, look at that, there’s been the successful termination of one of those instances. Lemme refresh.
And yes, look at this. We have now both of them listed as the shutting down but look at that, one’s already terminated. And if we refresh enough times, we’re gonna see the mytest2 box will also indicate that it is in a terminated status. And there is that transition to the terminated status.
Now, here’s the thing that I want you to always be thinking about. While you just successfully deleted those two virtual machines, did you delete all of the ingredients that were once associated with those virtual machines? Well, I’m guessing the answer to that is a resounding no. Look at this security group right here that was done with the launch-wizard-4. This was a security group that was associated with one of those virtual machines that we just deleted. Notice, if I choose delete security group and then delete, and it successfully deletes as it just did, well, this is a real good indication that that security group you just deleted was associated with one of those virtual machines, because if you try and delete a security group that is associated with an existing resource, it won’t delete. So, that’s a key best practice that I need you to keep in mind big time. So, we need to remember when we try and delete a virtualized cloud-based resource and there is some other resource associated with that, sure enough, we are not going to be able to delete that resource.
Look at the network interfaces that exist. Certainly some of these network interfaces, I bet, were associated with some of those cloud resources that we spun up. And of course, these network interfaces could be deleted as well.
How about your key pairs? Sure, your key pairs are for downloading the security credentials that you’re gonna use to access these devices. And it would be part of the best practices to clean up those key pairs that you are no longer using.
The underlying EBS volumes. There’s one hanging around that I can go ahead and select, go up to actions, and delete the volume. Notice, I’m able to delete that volume easily because that volume was not associated with anything. And here’s a volume, right, that could potentially be deleted as well.
So, very-very methodical is the way to go through this, taking a look at the various resources you may have created.
Now, what about the virtual network itself? Well, let’s go to the VPC area. And what you would do here is you would delete the internal most components, right? So, one of the things that we know is kind of internal is the routing tables and the internet gateways. So, you can delete these.
First, go into the subnet associations, and go ahead, and edit the subnet associations. And notice what you can do is you can clear these subnet associations. Once you’ve cleared the subnet associations, you’ll be able to go up and delete your routing table. Notice I just have to click ‘Delete’ or rather type delete to confirm that, and now the routing table is gone.
The internet gateway that I created earlier was part of the route table config. But now that the route table is gone, notice, I can detach my internet gateway from the VPC, and then I can select my internet gateway, and I can delete my internet gateway.
So, do you notice the best practices here? We’re going in and we are deleting the internal most components, if you will, inside of our virtualized environment. And notice we are disassociating or unregistering, you know, we’re going through those steps to free up the resource so that it can be deleted.
Well, I do believe that inside of our VPC we built a subnet, did we not? And that subnet would be part of, let’s see the names of the VPCs right here, there it is, the cloud_plus_subnet. Let’s go ahead and select that. And we are gonna go ahead and delete that subnet. I’m gonna say ‘Delete,’ and delete, and we see the green status indication up at the top of the screen, we just deleted that subnet.
And now I think you would agree that this cloud_plus_vpc that we so carefully built, and verified, and tested, it’s now very much empty and we will go ahead and delete that VPC. If there is anything else inside that VPC, it just got deleted. For instance, I can think of one thing that was living inside that VPC still, and that would be a network access control list, and that nackle gets swept up now that that VPC is deleted.
So, we’re gonna carefully go in as you saw me do and clean up resources, and you would wanna do this periodically in AWS.
One of the great things, as you know that I love about the new default AWS Console homepage is that, notice, I’m getting my spending on AWS now right in front of me, front and center. And so you can definitely see that I am decreasing costs from a previous month by going in periodically now, and doing a great job of cleaning up those tests or laboratory resources that we no longer need. Thanks so much for watching.