Getting Started

0:00Well, hello and welcome. I'm Scott Pletcher and this is the AWS Certified Generative AI

0:05Developer Professional course. Wow, normally this is the part of the course where some talking head

0:11like me would regale you with their decades of experience in whatever topic is being taught.

0:17The reality is this stuff is pretty brand spanking new and that's certainly the case

0:22with many of the AWS Generative AI services. What I do have to offer is that somehow I've

0:28been able to amass enough knowledge, experience, and abilities to clear all the AI and AI adjacent

0:35AWS certifications and I wanted to help you do the same. I say somehow because there was a time

0:41when I was convinced that all this AI stuff just was too far out of my reach. About 10 years ago

0:48when I started my AI learning journey, I, like most people, sought out an online course. I picked

0:54one from a well-respected AI expert and settled in. Well, a few moments into that course, the

1:01instructor said something like, and it's easy to see how this works and then proceeds to scroll

1:06out a screen full of complex calculus equations with lots of lines and brackets and Greek symbols.

1:13Well, me not being a math person, it was certainly not easy to see how that worked

1:18and I just resigned myself to the fact that maybe I wasn't cut out for learning this stuff.

1:23Well, some time went by and I decided to give it another go. I took a different approach. Well,

1:29things started to click. I built a convolutional neural network in Excel to understand how image

1:35recognition worked. I created a potentially sadistic reinforcement learning environment

1:40where agents fought in cage matches. I trained a chat bot to be an expert on Nicolas Cage movies.

1:48The reason I share all this is to let you know that there are many learning paths and if one

1:53path doesn't fit, keep looking until you find one that does. What I hope to offer is a path

1:59that's approachable, effective, definitely not boring. So, if this sounds interesting,

2:05what are you waiting for? Let's go.

0:00So where I wanted to start is just an overview of the certification landscape, specifically that

0:05stuff around the AI space or AI adjacent space. And I wanted to lay out some expectations just

0:12so we know that you're coming into this course with a certain level of knowledge on AWS. So here

0:19we have the generative AI developer professional certification. It is a top level certification,

0:26meaning that generally people are going to go the foundational, then the associate,

0:31then the professional. And that is a flow I would definitely recommend. The AI practitioner is kind

0:37of more for non-technical people, maybe business people, project managers, stuff like that. But

0:43that's still going to help you out. Now, where you're really going to get the bulk of knowledge

0:47that you're going to need to know for the generative AI developer is in this space right

0:52here. And data engineer, well, we all know that machine learning thrives on data. So you need to

0:58know the tools and techniques that AWS has to put that data into a shape that we can use for generative

1:04AI purposes. Now, likewise, machine learning engineer here really goes in depth of supporting

1:12workloads and deploying workloads, machine learning workloads on the AWS infrastructure,

1:17and it dives heavily into SageMaker. Now you're not going to need to know a whole lot of SageMaker,

1:22but there are probably this little Venn diagram here. I would say that there's probably about 30%

1:28of the data engineer that is going to map well over here to the generative AI developer. And I

1:33would say the same over here, about 30% of this is going to map over. So if you have one or both of

1:39these certifications, or you've taken those courses, you are sitting in a very good position going into

1:46the generative AI developer. If you don't happen to have any of these particular certifications,

1:51then that's still okay. You can probably manage, but it's probably going to be much more work for

1:58you because I'm not going to step through the basics of AWS, setting up some of the general

2:04things that most AWS people would know if they've been using the platform for any amount of time.

2:11And of course, the next logical question is, well, how long is that amount of time? Well, AWS has in

2:18the certified generative AI developer blueprint, some rough guidelines. They say two years using

2:24AWS and machine learning, and one year with generative AI solutions. Take this with a grain

2:31of salt because I can be working in AWS for two years. Maybe all I do is upload a file to S3.

2:37That's the extent of my AWS experience. Well, that is not going to give you the basis that you need

2:42to come into that exam, nor to come into this course. Now, similarly, if you have done a lot

2:49of stuff, if you've basically been embedded in SageMaker and Bedrock and all these other generative

2:54AI services that AWS has for two years, then you're probably in a pretty good position. So it's very

3:02relative. What I like to do to help people kind of self-evaluate is just pose a sentence. Let's

3:09take this scenario right here. Hey, can you go set up a SageMaker domain with Canvas and SageMaker

3:13Studio? We're going to need to sync some Parquet data in an S3 bucket to the EFS share that that

3:20SageMaker domain uses. And we want to use DataSync to do that. So if this is completely nonsense,

3:27you don't understand anything that's going on here, then you're probably not ready to walk

3:32into this course. If on the other hand, you're already thinking about how you're going to do

3:38exactly this thing, then you're probably in a pretty good position. So this is the level of

3:43knowledge that I'm going to expect for folks stepping into this course. So we're not going

3:48to spend a whole lot of time on the basics. Those are things you should have developed when you were

3:54going through maybe this curriculum or this curriculum. And certainly down here in Cloud

3:59Practitioner, I think the different modes of S3 are covered in Cloud Practitioner. So we are not

4:04going to belabor any points with regard to some of those services. What is in the blueprint or what

4:11is expected of us before we go to sit this exam? Well, first and foremost, we should know how to

4:18analyze business objectives and make sure we're aligning them to proper AI approaches. And that's

4:25sometimes more difficult than it sounds because there are a bunch of different AI approaches.

4:31And you also have to know the limitations of those approaches. In other words, in certain situations,

4:38a particular algorithm may work well. In other situations, it may be totally inappropriate.

4:44For example, the difference between a regression problem versus a binary classifier. Those are two

4:50different types of problems. Now, I'm going to expect that you know at least a little bit about

4:55the different problem types that we would want to approach with AI. And that's going to help us get

5:01started in this business objective and alignment bullet point here. Next, we're going to have to

5:08know some stuff about vector stores, rags, knowledge bases, and model data prep. In other words, how do

5:15we get some raw data into a form that we can feed into a generative AI process and maybe create a

5:23customized or a specifically tailored model for our use? And we are going to cover these things

5:29in this course. We're also going to cover prompt engineering and we're going to build some agents

5:34and we're going to build these agents to do our bidding. Well, actually, we're just going to build

5:39agents to do stuff because agentic AI is one of the big focuses of AWS. And the idea being that

5:48they want to create a whole ecosystem and a whole toolkit that will allow us to agentify, I guess is

5:55the right term. Maybe it's the wrong term, but we can agentify these AI tools and then have them

6:02do work for us. Now, it's not enough just to build a gen AI model and throw it out there because most

6:07often there's some tuning or performance improvements because if our gen AI model is

6:13costing a thousand bucks a month to run and our competitor has the same model is doing in essence

6:18the same thing for a hundred bucks a month, well, that's putting us at a disadvantage. So we're

6:24going to need to know how to tune those things, make them more accurate, make them more performant

6:29and also reduce the cost as well. Now, a very important focus of most organizations that are

6:37dabbling in the AI space is to be sure that they do their AI development in a safe and ethical

6:43manner. So we are going to explore guardrails and some of the safety concerns and AWS has a

6:49set of tools that will help us do this. And then we also need to be able to test our models to see

6:56if they're behaving the way we think they need to behave. And that's one of the things with

7:01especially like large language models, oftentimes, or at least in the beginning, they were very much

7:07black box things. So we would put an input in and stuff would happen. And in some cases, we weren't

7:13exactly sure how that stuff was happening and then it would spit out some results. And we didn't

7:19really know how that happened. Well, in the past few years, this has really been a point of focus

7:25for some of the AI vendors and they have developed quite a bit of tools around this area to help us

7:31with explainability and bias detection and drift and that sort of thing. And we are going to explore

7:36all that stuff as well. So what is out? It's just as important to know what is out of scope versus

7:43what is in because we don't want to waste our time focusing on stuff that is not part of that exam.

7:48But that said, you can't really ignore it because some of it is just part of doing business on

7:54AWS. So first up, software development. Software development is a whole separate discipline,

8:00and we are not going to dive into that. There's really not going to be very much

8:04in the way of programming and where there is programming. I'm going to provide you the code

8:08that you can pretty much just copy and paste. But about the only thing that is still in scope is

8:15the software development lifecycle and some of the flows there. So for example, if we were

8:20developing an AI model and we check in some code to our repository, well, then we can trigger a

8:26build process, a test process, and then a deploy process. And that sort of CI-CD workflow is

8:33definitely in scope for the generative AI exam. And for the most part, network design is out of

8:40scope. I mean, we have some things that we're going to talk about that's about network isolation and

8:45being able to protect our workloads. We do have some VPCs set up that we're going to have to do,

8:51and we also have some endpoints that we are going to cover as well. And these are kind of in the

8:57networking realm. Now, general compute with EC2 is pretty much out of scope, but serverless and

9:04containers are very much in scope. Not necessarily using them specifically, but these are very useful

9:13things when we're talking about AI workloads on AWS. For example, containers are really the

9:20backbone of how SageMaker works. So we are going to need to know some about how we can deploy

9:25containers. And especially when we get into MCPs, we are going to need to know about Lambda, and that

9:32brings us into the serverless world. For the most part, analytics are out of scope, so we're not

9:38going to have to analyze data for certain patterns and stuff like that. We're probably not going to

9:42use QuickSight or anything like that, but I would encourage you to, if you have not used QuickSight or

9:47you don't know about it, then do explore it a little bit because it could come up in some exam

9:53questions. And also out of scope is some really deep security and IAM stuff. That's not part,

10:00really part of this certification. I mean, yes, we do have some stuff where we're going to need to

10:05protect our resources from other people getting access to them, but that's not really deep IAM

10:12stuff. And my favorite part of the blueprint, AWS says right up front that they reserve the right

10:20to change their mind. So this list is non-exhaustive, and it is subject to change. One of the

10:27questions I get all the time is, hey, this new service just came out last week, is it going to

10:32be on the exam? Well, AWS has an internal rule that they say that a service has to be GA for

10:40six months. And that just means generally available for six months. So anything in preview or beta or

10:46something like that is not eligible to be a scored question on the exam. You may get questions on your

10:53exam for services that were introduced last week, for example, and that's generally a question that

11:00they are testing. They're just beta testing that question to see if it's too hard or awkwardly

11:05worded or something like that. And chances are it is not going to affect your score. So as a

11:10matter of fact, let's look at what the exam entails. We have some multiple choice, multiple response,

11:15ordering, matching, those types of things. This is all standard AWS exam fare. And if you have not

11:23taken an AWS exam before, I would really encourage you to take some other exam other than the

11:29generative AI developer as your very first exam. And that goes for any professional level exam.

11:35They should be something you work up to and not something that you start with because they are

11:40comprehensive, they are exhaustive, and they are exhausting to take. Now, this particular exam has

11:4665 scored questions and we're advised that there's probably going to be maybe 10 unscored questions.

11:53Now, importantly, if you happen to be taking this exam as a beta exam, as I did, well, these rules

12:00don't apply because maybe most of the questions might be beta questions. That's the whole idea

12:05behind a beta exam is they're testing these questions. So the passing score is 750 out of a

12:11total possible points of 1000 points. You get no points for unanswered questions. So even if you

12:19have to guess at an answer, then definitely guess at an answer because that's better than no points.

12:24And the exam is scored on a scaled basis. What does that mean? Well, there is this giant database

12:30of questions. And I won't say that no two tests are exactly the same, but they will pick questions

12:37out of that giant database of many different questions. And so what that means is that each

12:43test taker gets a slightly different exam experience. And some of those questions could

12:49be harder than others. Some could be easier. And so AWS has some logic behind the scenes where they

12:55will take your results and scale it based on what sort of questions you got. And I would also try to

13:02avoid comparing your score to your colleague's score and somehow deciding that, yeah, you knew

13:09more than your colleague because you scored higher. That is really not the case. There is a

13:13passing score. And if you passed, you met the criteria that AWS has set that says, hey, you're

13:20worthy of having this certification. You have enough knowledge that we're confident in giving

13:26you this certification. It does not mean that you are better than your colleague at Generative AI.

13:32So that is just a quick overview of the certification and some of my expectations.

13:37In the next video, I wanted to share some of my

13:40learning philosophy and how we're going to go about learning some of this stuff.

0:00So I wanted to take a moment just to acknowledge the fact

0:03that people are coming to this course

0:05from different backgrounds

0:07and they have different learning journeys.

0:09And I've tried very hard to make sure

0:12that depending on where you are in your learning journey,

0:16that this course is going to be accessible.

0:18So there may be cases in here

0:20where I'm going over something

0:22that you've been using for the past five years

0:24and you're like, why is he covering this?

0:25Well, it's because some of the people coming to this course

0:28maybe had a different background.

0:29So you can just skip over that stuff

0:31if you already know it.

0:32And if you don't know it, definitely dive in

0:34and don't be afraid to seek out other resources

0:37because I'm not going to do a deep dive

0:39in some of these things

0:40that as I mentioned in the last video,

0:42I kind of expect you to already have.

0:44The first case that I've seen very commonly

0:47is people just have a love of learning.

0:50They wanna learn all the things.

0:52And I can definitely sympathize with that

0:54because I consider myself a lifelong learner.

0:58Maybe you're seeking career advancement.

1:00Maybe you wanna figure out

1:02how to get into this generative AI space,

1:05or maybe you've been into the generative AI space

1:07or just the AI space in general,

1:09and you wanna get a certification to put on your resume

1:12or help you get a promotion or something like that.

1:15That is definitely admirable.

1:17And one of the things in designing this course

1:19that I wanted to do,

1:20and we'll talk about it in a second here,

1:22but I want you to come away from this course

1:25with stuff in hand that you can show to a potential employer

1:30as evidence of your abilities,

1:32not just the certification hanging on the wall,

1:34but actual projects.

1:36Now, maybe you're curious or maybe you're skeptical.

1:39Maybe you're coming to this course saying,

1:42hey, what's this generative AI stuff about?

1:44Or, hey, I've heard a lot of stuff

1:46about some of the bad things that can happen

1:49with generative AI models,

1:50and I wanna know how to prevent that

1:53or get in front of those things.

1:55And we are definitely going to go down

1:57those rabbit holes as well.

2:00And one of the things you'll quickly pick up

2:02is that I am not the typical generative AI cheerleader

2:06saying, hey, it's the greatest thing since canned beer.

2:09No, that is not me.

2:10I am just as skeptical as all the rest.

2:13And those lousy chatbots out there frustrate me

2:17just like they frustrate you.

2:18So we want to try to create chatbots that don't suck.

2:23So don't feel like you're an outsider here

2:24if you happen to be skeptical or curious.

2:27I'm kind of the same way, to be honest.

2:28And then there is the subset of folks

2:30who maybe have been voluntold.

2:33They have been told that,

2:35hey, you need to sign up for this course

2:37because you need to learn generative AI.

2:39And I completely understand that as well,

2:41and I empathize with that as well.

2:43Hopefully this is going to be an enjoyable course.

2:46If you've taken any of my other courses,

2:48you know that it's not the standard boring examples

2:53where I use some pretty interesting

2:54and maybe sometimes eyebrow raising examples

2:58and sample data.

2:59And that is no different in this course.

3:01We have some pretty interesting sample data

3:03that we are going to use as we build our gen AI models.

3:07So I did want to talk a little bit about

3:09what the focus of this course is going to be.

3:13And to do that,

3:13I often use something called Bloom's Taxonomy.

3:17And it's just a hierarchy of showing

3:19the different levels of learning,

3:21the different levels of understanding

3:23and mastery of a particular topic.

3:25Down here, we have understand and remember.

3:28That's just memorization and recall and stuff like that.

3:31And then we get into apply, analyze, evaluate, and create.

3:35If you're talking about an employer,

3:37this stuff down here is table stakes.

3:39The employer expects you to have that stuff.

3:42Never in an interview process in my entire career

3:45was I asked to recall EC2 instance types, never.

3:49And the reason for that is because that stuff

3:52is not valuable to an employer.

3:54It's what we can do with our knowledge.

3:56Can we apply it?

3:57Can we analyze problems and figure out the best way

4:00to use that technology to address that problem?

4:04And then ultimately, can we create new stuff ourself

4:07that our employer finds value in?

4:09So throughout this course,

4:11we are not gonna spend any time

4:13on this understand and memorize.

4:15We're gonna focus on the apply.

4:17And to do that, we are going to have a series of projects

4:21that we are going to do over the course of this course

4:24that is hopefully going to help you develop

4:26these apply, analyze, and evaluate skills.

4:29Once you have that certification,

4:31that means you know the stuff, right?

4:34Well, no.

4:35Is a certification proof of knowledge?

4:38I'm sure we know many people who are absolutely brilliant,

4:41but in an exam environment, they just crumble.

4:45Maybe you're like that too.

4:46Now, conversely, I've met some people

4:48who have loads of credentials,

4:50but in a practical setting,

4:52they couldn't find their way out of a wet paper bag.

4:55So just so we're on the same page,

4:57I want you to think of this course

4:59as a framework for learning,

5:01not necessarily a path to earning that certification.

5:05Now, certification is a happy side effect

5:08that I definitely hope you reach.

5:10But the main goal of earning certifications

5:13is not to earn the piece of paper,

5:15but to develop the knowledge.

5:17And I like to think of these courses

5:19as just a framework for learning.

5:21The certification is not necessarily the destination.

5:24It's the journey that has the value.

5:27Here are some goals for this course that I have.

5:31First, I want you to be able to understand,

5:33apply, and analyze rather than just simply recall.

5:37That's back on Bloom's Taxonomy

5:39about that higher level understanding

5:42is going to have more value for you and your employer.

5:45And I want you to get to a point

5:47where you're comfortable enough

5:48with the AWS services that you can improvise.

5:52I don't want you to just replicate what I'm doing

5:55or what somebody else is doing.

5:56I want you to be able to create your own stuff.

5:59And kind of an example of this is if you're a music fan,

6:03there are some artists out there

6:05who can sit down in a jam session

6:07and just improvise a song with other folks.

6:10And that's just not pure dumb luck.

6:12That comes after many, many years of doing the simple stuff.

6:17And being able to improvise

6:19is a form of mastering that particular skill.

6:23If all you're doing is following step-by-step instructions

6:26and replicating what somebody else is doing,

6:28well, guess what?

6:30AI can do that.

6:31So that's not really going to have very much value

6:34now or in the future.

6:35So I want you to really try to go

6:37into the improvisational area.

6:40And that means whenever we're doing activities,

6:42don't be afraid to color outside the lines.

6:44Do your own thing.

6:45Use your own data source.

6:46Recreate it using a different data source

6:48or a different technique.

6:49That's where the real learning is going to happen.

6:51So one of the things that makes AI

6:53kind of intimidating to a lot of people

6:56is because in some cases we just marvel at it

6:59like it's this magical black box

7:01and we don't understand what's going on in there.

7:03And so it's just magic to us.

7:05Well, I want to change that.

7:07I want to be sure that you understand

7:09what these models are doing inside,

7:11how they work conceptually,

7:13not only so you understand it,

7:15but you can explain that to other business users,

7:18for example, so that we can be sure

7:20that we are applying the right AI to the right problems.

7:25Now here's something else that a lot of folks

7:26sometimes get tripped up by,

7:28and I call it the practitioner's curse.

7:31Now, an example of this is let's say

7:33you're working in the industry for many, many years

7:35and you know how things are done in business

7:40and you know the best practices and stuff like that.

7:42Well, when you walk into an AWS exam,

7:45you have to leave all of that knowledge

7:47about all these other things at the door

7:50because that exam happens in an AWS walled garden,

7:54meaning that it is a perfect world within the AWS ecosystem.

7:59And that's what that exam is testing.

8:01So a lot of times what I hear from other folks

8:04who have been in the industry for a while

8:07is maybe they'll overthink some of the questions

8:09that are asked on the exam,

8:11and that leads them to a lot of doubt

8:12and sometimes missing the question.

8:14So that's why I call it the practitioner's curse,

8:17kind of almost the more you know,

8:18the more difficult it is to answer these simple questions

8:22because you tend to overthink

8:23and you tend to insert a lot of other stuff

8:25that you know from your experience

8:26is a definite requirement,

8:28but with regard to AWS, it's not so much.

8:32So I wanted you to be aware of that.

8:34And I'm going to try to call those things out

8:36when we come across them,

8:37where something maybe in industry is done a certain way,

8:40but inside the AWS ecosystem,

8:43it's done this way, that sort of thing.

8:44Okay, stepping back a bit to this conceptual knowledge

8:48versus this black box,

8:50I'm going to reference back to my intro monologue

8:52where I talked about my original attempt to learn AI.

8:56And then I had to put that on the shelf

8:57and I came back and tried to approach it a different way.

9:00Well, here's what I mean by conceptual knowledge.

9:03That does not mean that to be successful

9:06in this course or this exam

9:07that you need to be a PhD in mathematics.

9:10So let me explain.

9:11So here we have our business users here.

9:14They want the latest and greatest technology.

9:16And I've been around in the industry for about,

9:18I guess, 35, 40 years, something like that.

9:20And it doesn't matter what technology it is.

9:23First was enterprise data warehouses.

9:25Then serverless was a thing that was really hot.

9:28Then data analytics,

9:30then enterprise resource planning systems,

9:32then CRM, then this, then that, and so forth and so on.

9:36So the latest darling is of course, generative AI.

9:40And our business users are clamoring,

9:41hey, we need the generative AI stuff.

9:44We're not really sure what we're going to do with it,

9:45but we got to use it because somebody else is using it

9:49and maybe they're going to get a leg up on us or something.

9:51Then we have over here, the assorted propeller head types

9:55that seem to take pleasure in making things more difficult

10:00and challenging than it really is.

10:02And this is where I kind of hung myself up before

10:05I was listening to what these folks were saying

10:08and just taking it as face value.

10:11And because I didn't understand the vernacular,

10:13the words that they were using,

10:15it was very confusing to me and it kind of turned me off.

10:18And then in between here,

10:19we have all this complex mathematics.

10:21And I am not trying to downplay the importance of mathematics

10:25in generative AI or AI in general.

10:28That is the backbone of how this stuff works,

10:31but really it's not magic.

10:33It's just math underneath all that stuff.

10:36And when you're talking about math

10:37on the scale of billions and billions of parameters,

10:40for example, we can do some really fascinating things

10:44that look like magic,

10:46but really all they are is mathematics.

10:48And then, so here we are kind of caught in the middle here.

10:51One option we have is to resign ourselves

10:54to the fact that it's just beyond us

10:56and we need to call in an expert,

10:58that person right over here.

10:59And believe me, the expert likes things that are confusing

11:03because they can charge more for that expertise.

11:07I've seen it time and time and time again

11:09in the consulting industry over my career,

11:12where an expert will be very reluctant

11:14to train somebody in an organization

11:17because then that removes their value from that equation.

11:21Now, another option we have

11:23is that we can learn it well enough.

11:27And when I say well enough,

11:28we can learn it well enough

11:29to know how it works conceptually,

11:32but maybe we don't have to learn

11:34all these mathematical formulas

11:35because that's not what we're going to use day to day.

11:38And how can we do this?

11:39Well, let me give you an example.

11:41So I have one of these things.

11:43And when I put it on, I don't sit there and say,

11:46oh my gosh, this is some wondrous magic.

11:49How does it work?

11:50I did not need to read an academic paper

11:52on stereoscopic vision or memorize formulas

11:56on how stereoscopic vision works.

11:59When I was a kid, I had one of these things, a ViewMaster.

12:03And it's the same principle.

12:05It's two pictures here in each eye,

12:07but they're slightly off center.

12:09They're slightly, they're different in some way.

12:12And that is the same principle that the Oculus here uses.

12:16So that's what I'm talking about when I say

12:18that if we understand conceptually how things work,

12:22oftentimes that's good enough.

12:24And we don't have to mire ourselves

12:26in all the underlying mathematical formulas

12:29and Greek symbols and stuff like that

12:31to be able to make a decision as to whether that thing

12:34is going to be a good fit for our business problem at hand.

0:00I wanted to also mention very quickly, my learning philosophy.

0:03I very much have a crawl, walk, run approach.

0:06I see a lot of tutorials out there, especially from AWS,

0:10where they try to create the perfect reference architecture example through

0:14these big old long Python notebooks. I do not like those things.

0:18I like to start at the simplest possible stage and then embellish on that over

0:23and over. And you're going to see that reflected in this course.

0:26I also like origin stories.

0:28Now this is one thing that really helped me with my machine learning journey is

0:33I would see some sort of thing, for example,

0:35like a convolutional neural network.

0:38And if you look at it in its present day implementation,

0:41it's pretty complex.

0:43So what I did is I wanted to go back to earlier in history.

0:47And I think it dates back to maybe the fifties or the forties or something like

0:50that.

0:51And I wanted to see how that thing originally started and how it was thought

0:56up. And so I saw how it was thought up and it was pretty simple and it made

1:00sense in its very early stage.

1:03And I could see how over the years as computing power increased and we had more

1:08access to data, you can see how that thing evolved,

1:11but the underlying concept is still the same. So where appropriate,

1:16I'm going to use origin stories to kind of bring us back to the true basics and

1:20the underlying concepts.

1:22And then I also like to use something called analogical learning.

1:26And that's just a fancy way of saying, I like to use similes and metaphors.

1:30And then it's just a way to be able to compare something that you already know

1:35to something that you're just learning about.

1:38And all these things have kind of technical learning theory,

1:41backgrounds and stuff like that.

1:42But these are just three points that I like to incorporate in some of my

1:45training. So let's talk about the learning methods that we're going to use.

1:49We're going to, of course, have audio and visual.

1:51You're watching an audio visual representation of learning right now.

1:55We're going to have text. Now I will include text between the videos.

1:59Do not sleep on this text.

2:01A lot of times I will include stuff that you really need to know that's in the

2:05text, but it's not in the videos.

2:07AWS content is also a very valuable learning reference where appropriate.

2:13I'm going to maybe give you a link to a blog article or some sort of portion of

2:17the AWS documentation.

2:19We are also going to have a quiz questions.

2:22And for the most part, I'm going to try to design the quiz questions,

2:25at least the questions at the end of each skill,

2:28to be as close to exam questions as possible.

2:32There's some tricks and stuff that AWS likes to employ and walk through that.

2:37And I'll try to help give you some pointers on how to go through those questions

2:41and increase your likelihood of answering them properly.

2:44And then we're also going to have hands-on exercises. Now, this whole thing,

2:48this whole thesis of you being able to learn this stuff does not work unless

2:53you roll up your sleeves and do the stuff. You have to do the work.

2:57It's not enough just to watch me do the work.

2:59You have to do the work and internalize it.

3:01And also if you want to take away these portfolio projects and put them on your

3:05portfolio, you're going to need to create those artifacts as well.

3:10So by the end of this course,

3:11I want you to be comfortable with the current crop of Gen AI tools.

3:16And I say current crop because they're coming out with new tools basically every

3:20week and every month.

3:21So the best we can do is just go through what is available out there now and

3:25then start building that intuition whenever we see new services,

3:29considering how AWS would implement that new service and use that experience to

3:34our benefit.

3:35I also want you to know something about the AWS best practices and some of the

3:39potential danger zones inside AWS.

3:43And by danger zones, I mean potential for exposing customer data,

3:48potential for racking up a really high bill potential for accidentally deleting

3:53some data that you really didn't want to delete. Of course,

3:56I also want you to smash the AWS certified Gen AI developer exam.

4:02And I want to send you away with some very portfolio worthy projects that you

4:07can use to showcase your knowledge. So what are those projects? Well,

4:12here they are.

4:13The first project we're going to do is an enterprise rag system using a vector

4:18search.

4:19We're going to create some autonomous AI agents with a custom MCP integration.

4:25We are going to create a production scale Gen AI API deployment workflow.

4:29If you remember, I was talking a little bit about that CICD workflow.

4:32That's where we're going to cover that stuff.

4:34And we are also going to cover some security and governance frameworks and we

4:38are going to implement monitoring and compliance controls,

4:42which are very important,

4:43especially if you are in a regulated industry and happen to be using Gen AI.

4:49All these things sound very stuffy. Well, they sound very stuffy.

4:54Yes, but they are not going to be very stuffy.

4:57We have some pretty interesting datasets that we're going to be using to make

5:02these things pretty fun and enjoyable. So by the end of this course,

5:06I would expect you to have these four projects that you can upload into your

5:09website or blog article or GitHub repo or stuff like that,

5:13where you can put that link on a resume or show your colleagues or show a

5:17hiring manager and use that as demonstration of your abilities versus just

5:22kind of waving a certificate in their face.

0:00First up, we need to do some stuff.

0:02For starters, I am going to assume that you have enough AWS experience

0:06to know how to create your own Sandbox account.

0:09You can do it.

0:10Now, once you've created that Sandbox account,

0:12you must enable MFA for that root account.

0:16I want you to do these first two things all by yourself.

0:20Then I am going to pick up with you, with your brand new Shiny account,

0:25we are going to enable CloudTrail,

0:26we are going to set up IAM Identity Center.

0:30Now, I do have a little asterisk here for IAM Identity Center.

0:33If you are using IAM Identity Center already in your organization

0:38and you had somebody provision you a Sandbox account,

0:41well, this doesn't really apply.

0:43But what I really mean here is that you should not be using

0:47an IAM regular account anymore. That's not a best practice.

0:52AWS wants us to use the IAM Identity Center

0:55with either that as an identity provider

0:57or maybe some other federated identity provider.

1:01And that is what we are going to set up.

1:03I also want to be sure that you have root-ish permissions in your account.

1:08So, again, this applies if somebody else created an account for you.

1:12Maybe your organization uses Control Tower or AWS organizations.

1:17One thing to look out for is there is something called SCPs,

1:21and that is something that maybe your organization

1:23has applied to Sandbox accounts that they maybe create.

1:27And those are guardrails that prevents you from doing certain things.

1:31You want to be sure that you have enough permissions

1:34to basically roam around and do whatever you need to do in the VPC space,

1:39in the SageMaker space, in the Data Wrangler,

1:42Data Glue, that sort of thing.

1:43And just to make it a little bit easy,

1:45because this should be a Sandbox account,

1:48just ask for admin access.

1:50And that is going to give you most everything that you need.

1:53There are a few things that only the root account can do,

1:56but once we get past those initial things here,

1:59we are done with the root account.

2:01We're not going to come back and use that root account

2:03anywhere in this course.

2:04After we're sure we have root-ish permissions,

2:07we are definitely going to set up a budget alert.

2:10This is something that everybody should do to make sure

2:13that they don't end up with this crazy AWS bill at the end of the month

2:17because they forgot and left the service running.

2:20And unfortunately, there are some services in this course,

2:24especially if your account is not in the free tier,

2:28that could end up costing you a lot of money.

2:31So we want to be aware of those things as well.

2:34So let's get started.

2:36All right, now I am going to assume that you have created your AWS account,

2:40you've logged in using your root user,

2:43you've set up MFA on that root user.

2:46I use AWS Organizations and Control Tower to set up my accounts.

2:52And yes, this is my account number right here.

2:54Oh no, he's showing his account number.

2:57That's going to allow his account to be hacked.

2:59Well, no, just because you have my account number

3:03doesn't mean you can hack my account,

3:05especially if you do the right things.

3:08And to take it further, because I use Control Tower,

3:12AWS accounts are pretty disposable to me.

3:15So by the time this video gets published publicly,

3:19this account is going to be long gone and deleted.

3:22So you may see my account numbers in here.

3:25I don't sweat it.

3:26And in fact, AWS doesn't consider them to be confidential or sensitive.

3:31But I also understand that some organizations

3:34don't like to have any additional information out there

3:37than they really need to.

3:38So if you want to obscure this on your own notes or screenshots,

3:43then you can do that as well.

3:45So we are going to set up CloudTrail first.

3:48I'm going to go out to S3, and I'm going to create a bucket.

3:52Now I could let CloudTrail create a bucket for me,

3:55but I'm just going to call this GenAI CloudTrail.

4:02Now, if you've never used CloudTrail,

4:04CloudTrail is kind of the eye in the sky.

4:07It is going to log everything.

4:09And everything that we do from an API standpoint,

4:12in other words, logging in, calling this service,

4:15interacting with this thing, is going to be logged via CloudTrail.

4:19And it's a good practice to get into

4:20because if you have some sort of problem with your account,

4:23or maybe you have a security breach,

4:24you can come in here and analyze these logs

4:27and kind of replay what happened.

4:29Now, I did that pretty quick.

4:30I'm not going to step through creating an S3 bucket.

4:33I'm going to assume that you know how to do that.

4:35But I do want to point out something right here that has bit me before.

4:39And so if we scroll down here, where is it?

4:43There it is, default encryption.

4:45So, bucket key, using a bucket key.

4:49This is something that you probably should enable,

4:51and it's enabled by default.

4:53And what it does is S3 can use a KMS key to encrypt things.

5:00And so by default, it has the server-side encryption turned on.

5:03It's using the built-in S3 managed keys,

5:07or you can use customer managed keys if you wanted to.

5:10But encryption is good.

5:11We always want to encrypt our data.

5:13But one of the things that I had to figure out the hard way

5:17is that whenever any of these things are written or readed,

5:20readed, readed,

5:22any time something is written or read from the bucket,

5:27then it's going to make a call out to the KMS API.

5:31And that can be a lot of calls.

5:33And you can easily surpass your free layer

5:36or the allotted amount per month

5:39and start having to pay for these things.

5:41So AWS saw that as a problem as well.

5:44So they invented something called a bucket key.

5:46And this bucket key is basically just a local cache of that encryption key,

5:51so that we don't have to go out and call the KMS API,

5:54and it just works much easier.

5:57Especially when we're talking about CloudTrail,

5:59because there's going to be a lot of traffic coming in,

6:01being written to this bucket.

6:03We want to enable that.

6:04We want to make sure that is enabled.

6:05So it's enabled by default, which helps us out there.

6:08Okay, so we have our bucket configured.

6:10Get out of here.

6:12We have our bucket configured.

6:13Now we can go out to CloudTrail.

6:15We're going to go out, and I already have a trail set up.

6:19That is because I use Control Tower.

6:21And Control Tower is just a way to set up a list

6:24of pre-configured requirements whenever we create a new account.

6:28It's going to pre-populate that account with some best practices.

6:31And that is how I choose to create my accounts,

6:34because I go through accounts very frequently.

6:36So it already has a CloudTrail set up,

6:39and this is streaming to my management account.

6:43So I have one place where I can see all the activity

6:45across all my accounts.

6:47But if you have created an account from scratch,

6:50then you will not have that here.

6:52And maybe your organization just uses AWS Organization,

6:56and it doesn't use Control Tower to implement some of these things,

7:00then you may not have a CloudTrail enabled here.

7:03So I'm going to click on Create Trail,

7:05and I'm just going to call this Management Events.

7:09And I'm going to use an existing bucket.

7:11We could have had it create a bucket here,

7:13but I don't really like the name format that it does.

7:16It's kind of an eyesore to me.

7:17So I'm going to select the bucket that we created.

7:21And I don't want to log my CloudWatch logs.

7:24Click on Next.

7:26And here we have the option to choose which events we want to log.

7:30Management events, data events,

7:32I would really caution you to think carefully

7:35before checking data events.

7:37And that's stuff like every single read

7:39and write to an RDS instance, a database or something like that.

7:43That's a lot of stuff. Now, AWS can absolutely handle that.

7:47And if you need that layer of detail, then definitely do that.

7:51But this is probably not something we're going to need

7:53in our sandbox account.

7:55And down here we have management events.

7:58That's what we're really after, the reads and the writes.

8:01And we can also exclude KMS events.

8:04If you remember, I talked about there's a lot of KMS calls

8:07because KMS is that central place

8:10where our keys for encryption are stored.

8:13And so anything that uses encryption on AWS is going to use KMS.

8:18And because this is just a sandbox account,

8:20we're not going to have that much traffic.

8:22And I'm just going to leave that alone here.

8:25But if we are in a production account,

8:26I might want to check that because that's a lot of traffic.

8:30Click on next and create the trail.

8:34So here is our trail right down here.

8:38And we go back over here to our bucket.

8:41And we're saying, hey, where's our stuff?

8:43Well, it takes some time for CloudTrail to log things.

8:47It's not instantaneous.

8:49Usually, in my experience, it takes about five minutes or so

8:52for stuff to show up here in the log

8:55after you've actually done something.

8:57So if you want, let's go around, do some other stuff,

8:59and you can come back here and see what is logged.

0:00All right, so log out of whatever other account you're in, log back into the account in your

0:05sandbox that you're going to be using for this Generative AI course, and hopefully you're logging

0:11in using your IAM Identity Center account rather than your root account because we really don't

0:17need the root account anymore. So let's go over here and we're going to go down to Billing and

0:21Cost Management, and I'm going to go down here to Budgets right there. So we can create a budget.

0:30We can use a template or we can customize. Let's just use a template. Now here are the templates

0:34that are available. We have a zero spend budget. This means that if we exceed one penny, we're

0:40going to get notified, and that's pretty good if you're dealing with a free tier account. Now one

0:45thing to note is if you're using AWS Organizations and you have an account created underneath AWS

0:51Organizations, guess what? That's not necessarily considered a free tier account. You could end up

0:57having to pay for some of those services. So I am going to use monthly cost budget right here,

1:05and here's my monthly cost budget, and I'm going to set a threshold here. Let's just say $50,

1:11and I'm going to enter my email address that I want it to notify when I reach that threshold

1:17or when I'm trending to reach that threshold. We can scroll down here. You'll be notified

1:23if your actual spend reaches 85% or your actual spend reaches 100%

1:27or your forecasted spend. So that's the trend I was talking about right there.

1:32So we're going to click on Create Budget, and that's it. So we have just created a budget. We

1:37have created a notification that is going to email us whenever we reach that budgetary number or we're

1:44trending to that, and that is a very good thing. Quite literally, it will save your wallet. I have

1:51many stories of where I have failed to shut something down, and this notified me, and I

1:56went out there and avoided a very expensive AWS bill. So that's all there is to it. Very quick

2:02and easy to set up, but it is going to save you if you happen to leave something running accidentally.

0:00Okay, let us enable Identity Center. Now the old-school way of doing things was you'd go out

0:05to IAM and then you'd create a user here and then you'd log in using that user. Well, if we go

0:13through the process of setting this up, it's going to become fairly obvious that AWS doesn't want you

0:18to do this anymore. They want you to use other services and so that is IAM Identity Center.

0:25That's a pretty good service. It basically is an identity provider that we create and it can be

0:32reused several places across our account. Now, mine is a little bit different because I am in

0:39an account within an account that already has Identity Center set up. So, if your organization

0:47has implemented those SCPs, chances are they've probably turned off your ability to create

0:53an IAM Identity Center because that would be kind of weird if you have a top-level Identity Center

0:58and then an Identity Center somewhere down in a sandbox and that could get very confusing.

1:03But if this is a standalone account, you probably won't have that problem. So, I'm going to go as

1:08far as I can to show you the process. Again, this is not a tutorial on using Identity Center. I just

1:14wanted to call it out because it is a current best practice that AWS says we should do and it's very

1:20useful across AWS, certainly within SageMaker and some in Bedrock because some of those services

1:29are able to work with Identity Center nowadays. All right, so I am in another account here. I'm

1:35going to go under Identity Center and if you click enable, you're going to get something that looks

1:40like this. It has set up some stuff and it will set up an instance name, an instance Identity

1:46Center directory and it'll give you this URL here that you can customize if you wanted to.

1:51It's kind of like a little wizard. You got to step through the process there. You'll be able

1:55to figure it out. So, I'm going to go under user. We can create users. I would first recommend that

2:00you create a group here. First, if you don't already have a group, I already have a group.

2:05It's just real easy. You click on create group and it just lets you create a group. So, I'm going to

2:09go back over here to users, add a user and I'm just going to call this Bob and oddly enough, Bob's

2:16email address is similar to mine, but it has to be unique across accounts. So, I'm going to add

2:22that little plus trick. If you know, you know. I'm going to call this Bob Pletcher and click on next

2:31and I'm just going to check that little administrator group saying, hey, this person is

2:35part of that administrator group and click on next, add user. There we go. So, what has happened

2:42is an email was sent to Bob's email address, probably your email address if you're creating

2:49yourself an account and you have to click on that and enroll and set a password and stuff like that.

2:54The next thing that we want to do with IAM Identity Center is we need to set up a permission

2:59set and this is how we can define what permissions we are going to allocate to our users. So, you can

3:07see I already have one set up for administrator access. Let's just create another one here. We can

3:11use predefined or custom permissions. For our purposes, predefined is just fine. I would suggest

3:17you select this administrator access button right there and I'm also going to set up a billing

3:23permission set as well. So, let's just go down here. All that stuff looks good. This is kind of

3:30important here. This is a session duration. So, once you log into Identity Center via the provided

3:36URL, your permissions have an expiration time limit and that is a very good thing. You can set

3:42this to whatever you want, but I would recommend setting it to probably no bigger than eight hours.

3:48So, we'll just keep it at one hour here. Click on next, create. So, there we have a permission that's

3:55set for billing. All right. So, now we can go over here to accounts. Now, these are accounts that have

4:02been pulled in and I have my little hierarchy here. These are accounts, actually these are OUs,

4:08but within these folders, I have accounts that have been set up and I can assign users and groups

4:15to those accounts. And one of the things I want to do is I want to assign that billing

4:22ability to my account that I'm using for the Gen AI Pro here.

4:32There we go. Click that. And I want to say, hey, we can use billing and we can use administrator

4:39access. Submit. And now it is going out there and configuring that particular account to allow me to

4:46log into that account using a billing role or an administrative access role. So, once you log

4:54into the access portal from Identity Center, if you go back over here, you will see a little URL

5:00down here. You'll get something that looks like this. If you have multiple accounts, if you just

5:03have one account, it's just going to show one account there and you will be able to, if I

5:08refresh here, there we go. So, here's my role that I can click on that and that will enter that account

5:14using administrator access, or I can enter that count using billing. And it has my access keys

5:20right here. This is why this is a better way of doing this, because these access keys are

5:26time sensitive. They expire. Back when we were using IAM users, they did not necessarily expire.

5:34You had to manually go out there and rotate them. And that is the source of many AWS security

5:40breaches. It's not AWS's fault that people mishandled the keys. It's their own fault

5:45that they mishandled the keys. If we use Identity Center, that lessens that risk.