
Prepare for AWS advanced networking specialty by exploring core concepts, four domains, and services like cloud front, API gateway, Elastic Load Balancing, Route 53, VPN, PLS, and Kubernetes service.
Learn the basics of VPC endpoints and how they enable private, internet-free communication with AWS services like S3, using gateway, interface, or gateway load balancer endpoints.
Explore how gateway VPC endpoints route private subnet traffic to S3 and DynamoDB using route tables and prefix lists, with AWS automatically managing CIDR updates.
Explore practical steps to implement gateway VPC endpoints, enabling a private subnet EC2 to access S3 via a gateway endpoint, with a public and private subnet setup and IAM roles.
Demonstrates implementing a gateway VPC endpoint for S3 by configuring a private subnet, an IAM role, and a gateway endpoint, enabling private EC2s to reach S3 in the same region.
Gateway VPC endpoint policies grant granular access to S3 buckets; by default, everything is allowed in the region, but a deny at the endpoint level blocks access.
Explore how interface endpoints use elastic network interfaces with private IP addresses in a subnet to reach AWS services. See how security groups and on-premise connectivity enhance this architecture.
Implement an interface endpoint in a VPC by creating a demo endpoint, selecting subnets, attaching a security group, and validating traffic through the endpoint instead of public IPs.
Demonstrate how VPC endpoint services connect consumer and service provider VPCs via interface endpoints and a network load balancer, enabling private data transfer with Data Dog and New Relic.
Implement VPC endpoint services across a consumer and provider AWS setup to connect a network load balancer through an interface endpoint, enabling private, DNS-driven traffic.
Detach the interface endpoint on the consumer side, delete the endpoint service on the provider side, then terminate the load balancer, instances, and optionally the target group to clean up.
Demonstrates how Amazon SQS creates a highly available, reliable queue to decouple an image gathering publisher from an image enhancer consumer, ensuring messages flow even if components fail.
Use a VPC interface endpoint to connect to SQS privately, enabling HTTPS and private DNS without public IPs.
Explore aws elastic load balancing, including application, network, gateway, and classic load balancers, and learn when to use http/https, tcp/udp, or virtual appliances for scalable, secure traffic distribution.
Explore how the OSI model maps to load balancers, detailing layer 7 application load balancers versus layer 4 network load balancers and how HTTP headers guide routing.
Explore the classic load balancer, the original AWS elastic load balancing option, and its limitations (no http2, no path-based or header-based routing, no IP address targets) versus modern load balancers.
Learn how application load balancers operate at the application layer by inspecting HTTP headers, enabling path-based and host-based routing, and applying user agent header rules.
Learn how load balancer listeners and target groups route HTTP and HTTPS traffic, apply rules, and perform actions like forward, redirect, or fixed responses to EC2 instances or Lambda targets.
Demonstrates deploying a web app on an EC2 instance with nginx, configuring an application load balancer with an HTTP listener and target group, and validating traffic flow.
Explore how network load balancers operate at the transport layer (layer 4), supporting TCP, UDP and TLS for non-HTTP protocols, and why they handle millions of requests per second.
Set up a network load balancer with a tcp listener and tcp target group to forward ssh traffic (port 22) from the internet to an EC2 instance.
Register the load balancer with the correct availability zones to route traffic to all targets, and enable any disabled zones to ensure healthy traffic flow to the EC2 instances.
Compare cross zone load balancing modes in AWS elb, covering application, network, and gateway load balancers. See how traffic distributes across availability zones and targets, with defaults and enablement options.
Explore ELB access logs that capture details like IP, URI, and user agent, and their delivery to an S3 bucket every five minutes for Splunk or ELK analysis.
Enable ELB access logs by configuring an S3 bucket with the correct policy, ensure the bucket is in the same region, and view logs as gz archives containing events.
Explore load balancer IP address types in AWS—IPv4, dual stack, and dual stack without public IPv4—and understand DNS behavior, IPv6 requirements, draining, and migration cautions in VPCs.
Explore sticky sessions in AWS load balancers, binding a user’s session to a target with cookies, enabling routing for ALB and classic load balancers, plus benefits and trade-offs.
Learn how connection draining in ELB lets existing connections complete before deregistering an EC2 instance, with a default 300-second timeout to preserve user experience during updates.
Learn to select and customize cipher suites in AWS services like Elastic Load Balancing and CloudFront, balancing security with client compatibility using custom security policies and TLS protocol options.
Network Load Balancer provides a static IP per availability zone and optional elastic IPs. You can place an Application Load Balancer behind an NLB for a static front-end IP.
Learn how to capture the real client IP behind AWS load balancers by using X-Forwarded-For with application load balancer and configuring preserve client IP on target groups.
Explain how dhcp assigns ip addresses via the dora process—discover, offer, request, ack—across networks with multiple servers. Demonstrate with packet captures and ipconfig renew/release examples.
Configure dhcp option sets in AWS VPC to supply DNS servers, domain names, and NTP to EC2 instances, including creating custom sets and applying them to the VPC.
Learn encapsulation with a letter analogy, illustrating how data is wrapped in envelopes and headers. Observe how tcp/ip and ethernet headers add overhead to the frame in transmission.
Explore the transmission control protocol and its three-way handshake (SYN, SYN-ACK, ACK) that establish reliable client-server connections, support DNS resolution, and guarantee data delivery in order.
Explore the maximum transmission unit (MTU) and jumbo frames, detailing 1500-byte standard, fragmentation, and how private networks like AWS VPC enable 9000-byte MTU for improved performance.
Learn how the maximum segment size is derived from mtu minus ip and tcp headers, with 1460 on 1500 mtu and 8961 on jumbo frames via the tcp handshake.
Explore how IP fragmentation handles packets larger than the MTU, compare fragmentation with ICMP 'packet too big' responses, and understand the don't fragment bit and ICMP sinkhole concepts.
Explore how humans moved from single-symbol counting to base 10 decimal and base 2 binary systems, using 0 and 1 to represent values, and conversion methods underpin computing devices.
Convert decimals to binary and apply it to IP addressing and subnetting. Explore practical steps, binary representations, and octet-level conversion with examples like 50 and 95.
Explore the IPv4 addressing scheme as a 32-bit number in dot-decimal notation of four octets, each from 0 to 255, defined by RFC.
Explore IPv6's 128-bit address space, cleaner headers, and extension header efficiency, contrasted with IPv4. See a practical EC2 IPv6 setup with SSH, ping6, and ICMPv6.
Learn to enable IPv6 in an AWS VPC by creating a demo VPC with IPv4 and IPv6 CIDRs, configuring subnets, routes, an internet gateway, and launching dual-stack instances.
Learn to integrate IPv6 with a VPC by launching EC2 instances, configuring IPv6 routes, and enabling ICMPv6 and SSH access from an IPv6 client.
Explore egress-only internet gateways in IPv6-enabled VPCs, understanding how they enable internet access like a NAT gateway while preventing inbound connections from the internet.
Explain IP address reservation in AWS VPC, including IPv4 CIDR blocks, netmasks from /16 to /28, and the five reserved addresses, while avoiding overlapping subnets.
Explore Amazon WorkSpaces, a managed secure cloud desktop service accessible from Windows, Mac, iPad, Chromebook, or web, with quick or advanced setup and flexible pay options.
Configure Amazon WorkSpaces with network interfaces—one in your customer VPC and one in the AWS managed VPC—and use a compatible CIDR like 172.31.0.0/16 while enabling directory service and security groups.
Learn how Lambda@Edge runs code at four points: viewer request, origin request, origin response, and viewer response to customize CloudFront content, modify requests and responses, manage authentication, and handle errors.
Explore a practical Lambda@Edge demo integrated with CloudFront, showing origin request handling, URI rewriting, and a/b experiment routing via cookies, with logs in CloudWatch.
Learn how Lambda connects to the internet and VPC resources, attach to a VPC with subnets and security groups, enable VPC endpoints, NAT gateways, and required IAM roles.
Explore how AppStream 2.0 centrally manages Windows applications and streams them securely to any browser, enabling trials, demos, and trainings without downloads or installations.
Explore cross origin resource sharing (cors) and how browsers enforce the same-origin policy, using origin headers to permit requests across domains and S3 configurations.
Explore how MPLS replaces IP-based routing with label-based forwarding, enabling faster decisions in an ingress–egress domain using assigned labels.
Explore how VPC peering enables private IP communication between two VPCs, including cross-region setups, while noting it is not a transit VPC and requires non overlapping CIDR blocks.
Establish a VPC peering between two VPCs in North Virginia and Singapore with non overlapping CIDR blocks (10.77.0.0/16 and 172.31.0.0/16) and configure routing and security rules to verify connectivity.
Explore resizing a VPC in AWS by adding non overlapping IPv4 CIDR ranges, respecting private blocks, peer VPC overlaps, quotas, and IPv6 /56 configuration.
Discover how AWS Global Accelerator routes traffic over a congestion-free AWS global network, performs health checks to route to healthy nearest endpoints, and supports diverse endpoints to boost application performance.
create a global accelerator from scratch, configure cross-region endpoints on EC2 instances in Virginia and ap-southeast-1, set health checks, test failover via DNS and curl, and delete after use.
Explore the endpoints for standard accelerators in AWS Global Accelerator, including ALB and NLB endpoints, dual‑stack support, regional constraints, and EC2 instance limitations.
Explore how global accelerator secures vpc connectivity to internal load balancers or EC2 endpoints in private subnets, with an attached internet gateway, while routes may be optional.
Explore AWS traffic mirroring in VPC, copying traffic from an elastic network interface to a centralized monitoring tool for scalable network analysis, without installing per-instance agents.
Configure traffic mirroring in VPC by establishing the three core components—target, filters, and sessions—to capture traffic such as http on port 80 to a monitoring instance, and validate with tcpdump.
Explore AWS Outposts, a fully managed service that brings the same AWS infrastructure, services, and APIs to on-premises data centers, enabling low-latency apps and data residency.
Learn the basics of IPAM in AWS, including automated IP address tracking, VPC integration, overlap detection, IP usage, and CIDR management across regions.
Configure AWS IPAM by selecting regions, using private and public scopes, creating pools with CIDR ranges, and tagging VPCs; monitor allocations and pricing.
Demonstrate how to use the VPC Reachability Analyzer to test connectivity between source and destination resources in a VPC. Identify blocking factors like security group rules and understand its cost.
Discover how the AWS network access analyzer verifies connectivity between resources, surfaces findings against your organization's network requirements, and demonstrates identifying internet access or subnet-level policy breaches.
Explore how the resource access manager securely shares AWS resources across accounts, including subnets and prefix lists, and walk through creating a share and accepting invitations.
Discover how AWS VPC sharing via the Resource Access Manager lets you share a custom subnet across accounts in your organization, and learn setup and connectivity testing.
Explore bring your own IP in AWS, addressing IP reputation and migration from on-premise to cloud, with IPv4 /24 and IPv6 /48 /56 ranges and elastic IP options.
Learn how web application firewalls analyze request payloads to block malicious content, complementing network firewalls, with examples of modsecurity and managed services like AWS WAF and Cloudflare.
Explore how AWS WAF provides a managed web application firewall integrated with AWS services like application load balancers, enabling custom and managed rules, geolocation blocking, and exploit protection.
Explore the three AWS WAF components—rules, rule groups, and web ACL—and how rule statements and actions like allow, block, count, and captcha work, including managed and third-party rule groups.
Configure a regional AWS WAF web ACL, add a geo location rule to block India, and integrate with an application load balancer for an end-to-end test.
Explore how https extends http with TLS encryption to secure client–server communications using certificates, public–private keys, and a temporary symmetric key negotiated during the handshake.
Explore how AWS Certificate Manager (ACM) issues domain certificates and manages private keys, integrates with load balancers for HTTPS, and handles expiry and renewal.
Learn to issue a public certificate with AWS Certificate Manager using DNS validation via a CNAME record and apply it to CloudFront, ELB, or API Gateway.
Understand the basics of VPC flow logs, capturing source and destination IP traffic to and from VPC interfaces, stored in CloudWatch for security monitoring and dashboards.
Explore VPC flow logs at the interface level, with options to log whole VPC or individual interfaces. Understand the high-level format, including ip addresses, ports, protocol, and action.
Understand bastion hosts (jump boxes) as proxy gateways to private subnets and use ssh agent forwarding to authenticate to private EC2s from your workstation without transferring keys.
Learn the basics of virtual private networks, where a middle proxy server hides client IPs, enabling encryption and geo-restriction bypass for personal and corporate use.
Explore AWS Client VPN basics, contrast EC2-based OpenVPN deployments with a fully managed, pay-as-you-go solution, and decide when to use AWS Client VPN for internal server access.
Discover the AWS client VPN architecture and authentication options, including Active Directory, mutual certificate-based authentication, and SAML-based single sign-on, with practical setup using OpenVPN clients and the AWS VPN Client.
Implement AWS client VPN with mutual authentication, from certificate generation to connectivity, using CA, server, and client certs, ACM integration, endpoint setup, and OpenVPN client testing.
Enable split tunneling on AWS client VPN endpoints to route internal traffic via the VPN while internet traffic bypasses it, boosting speed and reducing data transfer costs.
Learn how to safely terminate an AWS client VPN lab: de-associate target networks, disconnect clients, delete the endpoint and certificate, and terminate the EC2 instance to avoid extra costs.
Explore client vpn endpoint architectures, including subnet-restricted vpc access, peered vpc access, site-to-site connections to on-prem networks, internet gateway access, and client-to-client connectivity.
Understand site-to-site VPN tunnels that securely connect two networks over the internet, and how virtual private gateway and customer gateway provide high availability with dual tunnels.
Establish an on-premise to AWS VPN by creating a customer gateway and a virtual private gateway, attaching the latter to the VPC, and configuring a static VPN connection.
Explore AWS VPN performance, focusing on the two endpoints, the virtual private gateway's 1.25 gbps throughput limit, and why ECMP is not supported on the latest VPN.
Explore improving NAT gateway performance with a dual architecture by distributing traffic across multiple NAT gateways in private subnets, achieving up to 30 GBs burst while noting NAT gateway reliability.
Explore static routing through route table entries and route-add commands that direct packets to gateways, like google.com. Understand its drawbacks: human error, limited fault tolerance, and administrative overhead.
Explore dynamic routing and adaptive path selection, contrasting it with static routing. Learn how protocols like RIP, OSPF, and BGP govern interior and exterior gateway routing, enabling reliable internet paths.
Understand how the Border Gateway Protocol, an exterior dynamic routing protocol, exchanges routing information among routers to dynamically update paths and reach internet destinations without manual route configuration.
Understand how autonomous systems form the internet and how IBGP and EBGP enable routing, with BGP for inter-AS paths. Learn ASN, IANA, and 16- and 32-bit ranges.
Learn how BGP path selection uses a shortest AS path, illustrated by a Google map analogy, and how AS path prepending, weight, local preference, and MED influence the route.
Discover how AWS Direct Connect provides a dedicated private link from your data center to your VPC, bypassing the internet for consistent performance and reduced bandwidth costs.
Learn to configure AWS Direct Connect virtual interfaces—private for VPC resources and public for public services—and navigate the letter of authorization (LOA), router configuration, and gateway options.
Explore the physical process of setting up an AWS Direct Connect connection, including LOA documents, cross connects, single-mode fiber, 802.11Q trunk, and public and private interfaces.
Discover how to set up a partner direct connect, where the cross connect is managed and shared by the partner, and hosted connections provide a single vlan per hosted connection.
Examine dual direct connect architectures on AWS, enabling high availability via multiple connections and cross connects, with active-active or active-passive configurations using BGP multipath and AS path prepending.
Explore the Direct Connect gateway and Virtual Private gateway, enabling private connections to multiple VPCs across regions, cross-account access, and transit gateway integration.
Explore high availability strategies for Direct Connect, including backup VPN over the internet and dual connection architectures across single and dual locations to ensure resilient connectivity.
Explore mac security (macsec) for aws direct connect, encrypting data at the physical layer with layer 2 confidentiality and integrity, requiring both ends to support macsec on 10/100 gbps links.
Monitor a direct connect with cloudwatch to collect metrics and build dashboards for connection and interface performance, including bps and pps, and note you cannot change port speed after creation.
Explore AWS CloudHub's virtual gateway that re-advertises routes learned via BGP between location A and location B, enabling scalable, highly available connectivity through multiple endpoints.
Understand BGP communities as prefix tags that steer routing, including internet, no advertise, and no export; AWS Direct Connect uses 7224:9100 for local region and 7224:9300 for global reach.
Learn how transit gateways serve as a central hub to connect VPCs and on-premise networks, eliminating complex peering through versatile attachments and a hands-on demo.
Explore base transit gateway concepts, including multiple attachments and inter-vpc communication. See how the transit gateway route table directs traffic between attachments with routes 172.31 and 192.168.
Deploy a transit gateway, attach vpcs with cidrs, and configure vpc route tables to route traffic via the gateway. Launch ec2 instances in both vpcs and verify connectivity with ping.
Explore how transit gateway routes propagate VPC CIDRs into the route table, how static routes and blackholes influence traffic, and the route evaluation order prioritizing static and more specific routes.
Design a shared service vpc appliance pattern where inter-vpc traffic via a transit gateway is inspected by a firewall or IDS/IPS before reaching the destination.
Learn how appliance mode in transit gateways redirects traffic to a single firewall appliance using a flow hash, enabling stateful inspection of cross-az traffic and correct return paths.
Explore how transit gateway route tables work at the attachment level, including default vs custom route tables, and how to create per-attachment routes to control cross-VPC traffic.
Attach a vpn to a transit gateway via ipsec over the internet, enabling encrypted traffic, and scale with 1.25 gbps tunnels using ecmp and dynamic routing via a customer gateway.
Learn how transit gateway connect attachments establish gre-tunneled, bgp-based connections to third-party appliances, enabling sd-wan connectivity over vpc or direct connect up to 20 gbps, no static routes.
Explore how transit gateways connect to Direct Connect via transit VIF attachments across regions and accounts. Learn to add IPSec VPN tunnels and connect attachments to segment SD-WAN traffic.
Learn how transit gateway sharing enables VPC interconnectivity across multiple accounts using a central transit gateway shared via the resource access manager, with account-specific attachments.
Explain multicast concepts and how a multicast-enabled transit gateway routes a single data stream from a sender in one VPC to receivers in other VPCs.
Explore multicast concepts in transit gateways, including enabling multicast, defining groups with sender and receivers via network interfaces, group ip address, and multicast domain, with nitro-based senders and non-nitro receivers.
Learn to configure multicast on a transit gateway, create a multicast domain, attach a vpc, define groups as sources and members, and test with ec2 and iperf.
Learn how transit gateway peering connects two gateways across regions, routes traffic between attached VPCs and peered gateways, and tests connectivity between regional EC2s while comparing to VPC peering.
Create two VPCs across us-east-1 and ap-south-1 and set up transit gateway peering between them. Attach the VPCs, configure static routes, and test connectivity with EC2 ping.
Centralize vpc endpoints in a service vpc with interface endpoints, connect spoke vpcs via peering or transit gateway, and implement private hosted zones and alias records for private dns resolution.
Discover how the transit gateway network manager provides a single global view of your private network, centralizing monitoring and events for vpn, direct-connect, and sd-wan connections.
Discover how a link aggregation group (lag) combines multiple Ethernet interfaces into a single high-throughput, redundant connection using lacp, applicable to direct connect with minimum-connection rules.
Explore how bidirectional forwarding detection (BFD) detects link failures in milliseconds to microseconds, using control packets to inform OSPF and trigger rapid rerouting.
Learn how VLANs provide logical isolation on a single switch to separate departments, guest networks, and security controls, preventing cross-communication and protecting PII and credit/debit card data.
Explore VLAN tagging with 802.1Q trunks, showing how switches insert and remove VLAN tags to forward frames between hosts across switches, while hosts remain unaware of VLANs.
Explain how Q-in-Q tunneling adds a second 802.1Q tag to existing VLAN frames, enabling multi-tenant VLANs by handling overlapping IDs at the service provider edge.
Explore prerequisites for AWS site-to-site VPN with VGW, CGW, IPsec, IKE, AES, SHA, Diffie-Hellman groups, note GRE is not supported, and consider EC2-based VPN as an alternative.
Learn high availability for EC2 VPN termination with two tunnels and automated route failover. Implement a monitoring script to switch routes to the standby EC2 and enable auto recovery.
Identify and troubleshoot VPN instability by verifying dead peer detection, DPD timeout and actions, idle timeout settings, and rekeying, including required UDP ports for AWS endpoints.
learn how aws placement groups optimize low latency and high network throughput by co-locating ec2 instances, and explore cluster, partition, and spread types for fault tolerance.
Learn how gateway load balancers enable scalable, highly available traffic inspection by routing internet-bound traffic through multiple network appliances behind ENIs, with Geneve protocol support.
Map the packet flow through the Gateway Load Balancer to network appliances over PrivateLink, using the 5-tuple, encapsulate with Geneve, decapsulate for inspection, and resume routing on the AWS network.
Explore gateway load balancer basics: operates at the network layer, forwards all ip packets to a target group via geneve 6081, and uses vpc endpoints for cross-vpc connectivity.
accelerated site-to-site vpns improve performance by routing traffic to the edge location and through the aws global backbone, using a transit gateway with acceleration enabled.
Learn how accelerated VPNs work with transit gateway, including default disabling, enabling on new attachments, separate tunnel IP pools, Global Accelerator routing, and compatibility rules.
Explore strategies for handling overlapping IP ranges in AWS, including renumbering, private link for service providers, transit gateway with non-overlapping subnets, and private NAT gateway, balancing cost and complexity.
Learn how content delivery networks cache content at edge servers to boost performance, shield origin servers with DDoS protection and WAF, and reduce bandwidth.
Explore Amazon CloudFront as a content delivery network, configure origins like S3 buckets and load balancers, and leverage edge locations with security integrations such as WAF, Shield, and ACM.
Create an S3-based CloudFront distribution, upload a sample image, deploy the distribution, and access the object via the distribution domain, while reviewing price class and delete steps by disabling first.
Understand origin access control versus origin access identity, and how CloudFront restricts S3 access to a specific distribution to prevent direct requests.
Implement CloudFront origin access control with an S3 bucket, configure a distribution, and verify getobject access from the OAC-enabled setup, noting the newer console automates OAC and bucket policy.
Explore how CloudFront signed URLs grant secure temporary access to private S3 content for paywalled downloads, using trusted signers, expiry, and the option of signed cookies for multi-file access.
Implement CloudFront signed URLs by configuring an S3 origin, CloudFront distribution, and a trusted signer with a public/private key pair using OpenSSL. Generate and test signed URLs using key group.
Explore end-to-end field level encryption in CloudFront, which encrypts PII data at the edge and stores only encrypted data, decrypting it only through a trusted service.
Compare AWS Global Accelerator and CloudFront, detailing static versus dynamic IP addresses, edge-location roles, protocol support, pricing models, and use cases such as gaming, VoIP, and IoT.
this video explains how the CloudWatch unified agent on EC2 captures disk and memory metrics and logs, replacing separate scripts and enabling centralized monitoring via CloudWatch log groups and metrics.
Configure the unified CloudWatch agent from scratch on an EC2 instance, including creating an IAM role, installing the agent, running the configuration wizard, and verifying logs and metrics.
Learn how Amazon Kinesis collects, processes, and analyzes real-time streaming data using producers, a stream store, and consumers for timely insights.
Amazon Kinesis services—data stream, data firehose, data analytics, and video stream—help you capture, route, analyze, and securely stream streaming data with real-time analytics.
Learn how Amazon OpenSearch ingests, searches, and visualizes data from logs, metrics, and documents, with dashboards and a quick setup from a fork of Elasticsearch.
Understand direct connect billing with port-hour pricing and data transfer charges, noting data transfer in is free, data transfer out is charged, and the account hosting the virtual interface pays.
Learn how aws data transfer charges apply across internet, region-to-region, availability zones, and vpc peering. Identify when data in is free and when data out costs apply.
Explore elastic load balancer billing in AWS, covering ALB, NLB, and classic LB. Learn how LCU, running hours, and data transfer drive costs, plus the impact of idle ELBs.
Explore how AWS Organizations centralizes multi-account management through the management account, enabling consolidated billing and policy enforcement with service control policies and tag policies, plus easy account creation.
Enable AWS Organizations, create the organization, and note the management account. Add member accounts by creating new ones or inviting existing ones, then sign in via forgot password.
Explore the practical use of service control policies in AWS organizations by enabling SCPs, creating a deny S3 policy, attaching it to an account, and testing bucket creation.
Explore firewall manager, a security management service that centrally configures rules across multiple AWS accounts to protect load balancers with WAF, network firewall, DNS firewall, and other protections.
Automate infrastructure management with infrastructure as code to replace manual setups, using tools like CloudFormation or Terraform. Leverage repeatable deployments for faster, error-free provisioning with version control and collaboration.
Create a basic VPC with a YAML CloudFormation template, deploying a VPC resource using CIDR block 10.77.0.0/16 and tags, and explore the template structure and properties.
Master CloudFormation stack dependencies by using VPC and subnet references to automatically wire VPC IDs. Deploy templates so resources create in the correct order and update stacks smoothly.
Explore how CloudFormation uses the dependsOn attribute to order RDS before EC2, with an S3 bucket in the sample. See how stack deletion terminates the dependent resource first.
Learn to identify validation and semantic, post-API errors in CloudFormation, understand template mistakes, and control rollbacks with examples of cf-error.yml, S3 bucket creation, and VPC/subnet dependencies.
Learn how CloudFormation change sets preview delta changes before applying updates to production, acting like a dry run. They show replacements or deletions, helping prevent downtime.
Explore how CloudFormation parameters enable dynamic, user-specified values during stack creation and updates, such as choosing EC2 instance types and keys.
Learn how CloudFormation stack sets deploy stacks across multiple AWS accounts and regions from a single central location, simplifying governance and configuration across your AWS landscape.
Learn how to conduct penetration testing on AWS workloads, including required authorization via the AWS vulnerability penetration testing request form, supported resources, preauthorized scanners, and prohibited instance types.
Learn how AWS CloudTrail records account activity across users, roles, and services, enables search and filters of event history, and export options for security and compliance.
Create a new CloudTrail trail to overcome the default event history, enabling customized recording and storing logs in an S3 bucket with optional CloudWatch logs and multi-region support.
Explore CloudTrail event types: management, data, and insight, and how they log AWS activity, the costs of data events, and how insights identify unusual patterns and alert teams.
CloudTrail log file integrity validation checks if delivered logs were modified, deleted, or unchanged, using digest files and the validate logs command with trail ARN and start time.
Learn how AWS config records configuration changes and timeline for audit and compliance, using conformance packs and rules. Discover how CloudTrail and EventBridge enhance monitoring and alerting for non-compliant resources.
Practice AWS config by enabling one-click setup, adding AWS managed rules such as approved AMI by ID, and reviewing resource inventory and timelines to identify non-compliant EC2 instances.
Explore denial of service and distributed denial of service attacks, how attackers overwhelm servers with floods of traffic, and how CDNs and DDoS protection mitigate them.
Mitigate AWS DDoS by on-demand scaling, decoupled infrastructure, and distinguishing normal from abnormal traffic with CloudWatch metrics; plan defense using CloudFront, Route 53, autoscaling, WAF, and network controls.
Explore network access control lists in AWS VPC as a subnet-level firewall, contrast with security groups, and learn to block a specific IP via inbound and outbound deny rules.
Learn how network ACL rule ordering works, including how lowest numbered rules apply first, how inbound and outbound rules interact, and why ephemeral ports matter for connection success.
Learn how to reference security group IDs in inbound and outbound rules to support auto scaling web and application tiers, VPC peering, and cross-account access.
Explore stateful and stateless firewalls, AWS network ACLs and security groups, and how inbound/outbound rules and connection state shape network traffic.
Explore how the AWS Network Firewall provides stateful intrusion detection and prevention for VPC traffic, with domain and IP filtering, stateless options, and Suricata-compatible rules.
Explore deploying a network firewall in a VPC, configuring the firewall subnet and route tables to the internet gateway and VPC endpoint, and creating domain and IP filter rules.
Discover how Amazon GuardDuty provides one-click threat detection by analyzing CloudTrail, VPC flow logs, and DNS logs to identify breaches, malware, and high-risk activity across AWS resources.
Enable GuardDuty to analyze VPC flow, DNS, and CloudTrail logs with a 30-day free trial, and review findings by severity on the console.
Centralize GuardDuty findings from member accounts into the administrator account to simplify monitoring, investigation, and management using invitations, filters, and organization support.
Explore how to centralize GuardDuty findings by enabling GuardDuty on admin and member accounts, sending and accepting invitations, and filtering findings by account id.
Explore how Active Directory centralizes authentication across applications and enables single login via a domain controller that authenticates and authorizes users.
Discover AWS Directory Service as a managed cloud alternative to on-prem Active Directory, featuring Microsoft Active Directory, Simple AD, and AD Connector for cloud and on-prem authentication.
Create a Simple AD directory and join an Amazon Linux 2 EC2 instance to Simple AD, enabling login with administrator@example.com via realm join and proper DNS setup.
Group CIDR blocks into a prefix list to simplify security group and route references. Compare AWS managed and customer managed prefix lists, and update changes in a single list.
Discover how EC2 instance metadata provides data about your instance, such as AMI ID, instance ID, hostname, and instance type, via the metadata service for automating dynamic applications.
Explore how to access EC2 instance metadata using curl to 169254169254, and manage enabling or disabling metadata with version 1 (token optional) and version 2 (token required).
Compare the instance metadata service (imds) version 1 and version 2. Learn how token-based session authentication secures access to EC2 instance metadata via the 169.254 URL.
Explore AWS KMS, the key management service, encrypting and decrypting data via a command line interface, showing cipher text, base64 plaintext, and S3/EBS integration.
Explore how AWS S3 encryption protects data with server-side options (SSE-S3 AES-256, SSE-KMS with CMK) and SSE-C, plus client-side encryption for secure storage.
Understand how S3 bucket policies provide resource-based access control for buckets and objects, beyond IAM identity policies. See practical use cases like public access and https-only access.
Regain access to a locked S3 bucket by deleting misconfigured bucket policy as the root user. Learn how a deny by IP address can lock out admins and be resolved.
Explore AWS trusted advisor, a global service that inspects resources and provides recommendations across six categories, including cost optimization and security.
Master federation by connecting a central identity store such as Active Directory or LDAP to service providers like AWS, Jenkins, and HR apps via a trusted identity broker.
Understand how SAML enables single sign-on by using an identity provider and a service provider, exchanging a SAML assertion to grant secure, temporary access to applications.
Discover IAM Identity Center, the successor to AWS Single Sign-On, enabling centralized access to multiple AWS accounts and applications via a single access portal and pre-integrated apps.
Explore how AWS Systems Manager serves as a central command center to manage hundreds of EC2 instances, offering run command, inventory, patching, and direct console access via the SSM agent.
Explore how AWS Systems Manager automation codifies tasks like memory dump, quarantining EC2 instances, and creating images across EC2, S3, and RDS, enabling scalable, error-free operations.
Discover how AWS Config rules detect non-compliant resources and trigger SSM automation to remediate issues such as unencrypted S3 buckets or open security groups, using automation documents and IAM roles.
Demonstrate remediating non-compliant resources by integrating AWS Config rules with SSM automation—setting up a demo insecure security group for SSH and enabling automated remediation.
With more and more organizations moving to Cloud-based infrastructure, one of the demanding requirements is to find skilled networking engineers who can handle the networking aspect in AWS and hybrid deployments. Due to this reason, AWS has officially released the AWS Certified Advanced Networking certification.
This certification is intended for individuals who perform complex networking tasks.
This course is specifically designed for the aspirants who intend to give the "AWS Certified Advanced Networking - Specialty" certification as well as for individuals who intend to gain a deeper understanding related to the networking aspects of AWS.
Keeping the standards high similar to other best-seller courses of Zeal, this course has a perfect balance between theory and practicals, and the topics are explained in a simplified way for everyone to understand.
Since this is an "Advanced Specialty" level certification, there are certain important pre-requisites that are expected from the candidates. The primary ones include basic hands-on experience on AWS and strong prior networking knowledge.
With tons of quizzes, great lectures, and support from the Instructor, this course is all you need to master the AWS Certified Advanced Networking Specialty certification.
I look forward to seeing you join us in this exciting journey on the Networking side of AWS.