Explore the AWS global infrastructure, including regions and availability zones, and understand how data centers in specific regions, like Europe, improve latency for users.

Explore how a VPC and EC2 provide an isolated, region-mapped network in AWS, where you can host EC2 instances and create multiple VPCs across regions.

Explore IP addressing, CIDR blocks, and routing concepts in AWS, including private vs public IPs, NICs and ENIs on EC2 instances, to enable internet connectivity and inter-server communication.

Explore cidr blocks in AWS virtual private cloud contexts, understanding network id and host counts, with a /24 example showing 254 hosts and private IPv4 assignment plus reserved AWS ranges.

Learn the basics of routing in AWS VPC: how traffic moves from source to destination using a router, intra-VPC routes, and internet gateway with route tables.

Learn how a vpc defines a cidr block and subnets to allocate ip addresses for ec2 instances, enabling inter-service communication and a three-tier web and database separation.

Explore how availability zones map to one or more data centers within an AWS region and how VPC subnets align with AZs to keep EC2 instances available.

Explore the components of a VPC, including subnets, EC2 instances, and the internet gateway with a public IP, and how route tables, 0.0.0.0/0, and the default VPC enable internet access.

Explore the default vpc in AWS regions, with cidr 172.31.0.0/16 and three subnets across availability zones, plus internet gateway, route table, security groups, and network ACLs for testing virtual servers.

Explore the elastic compute cloud (ec2) by building your ec2 instance, selecting ami, instance type, configuring volumes and tags, and securing access with a private key and security groups.

Launch and configure an ec2 instance in your chosen region, selecting the emi type, instance type, vpc, storage, tags, and a security group, then log in with a key pair.

Use key pairs to securely log into an EC2 instance: public key on the server, private key on your side; convert dot pem with puttygen to dot ppk.

Connect to an AWS EC2 instance using a generated private key and SSH. Use the public DNS or IP and the correct username to log in from Windows to Linux.

Learn to manage an EC2 instance in the running state by stopping, starting, rebooting, or terminating it, and review system logs, boot diagnostics, and monitoring.

Explore AWS EC2 instance types across general purpose, compute optimized, memory optimized, accelerated computing, and storage optimized categories, and match workloads like web servers, databases, and caching.

Upgrade your virtual server by stopping the instance, then change the instance type to a higher capacity and restart to meet workload demands.

Explore the elastic network interface, a virtual network card attached to an EC2 instance with private and public IPs. Learn to view and attach additional ENIs for multiple interfaces.

Explore security groups as the EC2 firewall, denying by default and permitting traffic through rules for ports like 22, 80, and 3389, with source CIDR and ENI context.

Discover how security groups enforce default deny and use inbound rules to expose an EC2 web server on port 80 by adding a port 80 TCP rule.

Understand network access control lists as a subnet firewall that allows or denies inbound and outbound traffic, contrasting them with security groups and applying source-based deny rules.

Learn how network access control lists attach to subnets and the VPC, default allow traffic, and how inbound and outbound rules and rule order protect multiple EC2 instances.

Establish communication between EC2 instances across subnets in a VPC by enabling ICMP ping in security groups and using private IPs, with route tables directing intra-vpc traffic via local router.

Create a custom VPC from scratch with a CIDR block, DNS settings, a subnet, an internet gateway, and adjusted route tables, then launch an EC2 instance.

Explore private and public subnets in a VPC, using route tables and an internet gateway to control internet access, with a web server public and the database private.

Add a private subnet to the VPC by creating a new custom route table with the internet gateway and associating the public subnet to it.

Explore secure internal communication between EC2 instances in private and public subnets, and learn to manage private servers via a bastion host with security groups restricting access from your workstation.

Explore bastion hosts as jump servers in a public subnet to securely access private subnet instances via a public EC2, using private key files and correct permissions.

Discover how network address translation enables private subnet resources to reach the internet via a nat instance or nat gateway, with public subnet placement, route tables, and security groups.

Launch and configure a NAT instance in a public subnet, disable source/destination checks, and route private subnet traffic through the NAT to reach the internet using security groups.

Learn to deploy a NAT gateway in a public subnet with an elastic IP and route table updates, and understand that security groups are not applied to the gateway.

Explore VPC peering as a networking option for hybrid connectivity to enable cross-vpc communication by establishing connections between VPCs, including use cases for staging and production and cross-region scenarios.

VPC peering enables communication between isolated VPCs across regions and accounts by updating routing tables and security groups; transitive routing is not possible, and peering cannot reach VPN.

Create and accept a VPC peering connection between two VPCs in the same region, update route tables, and ensure security groups allow cross-VPC traffic.

Explore hybrid connectivity between on-premise data centers and AWS, detailing virtual private connections and AWS Direct Connect to link your VPC and EC2 workloads with encryption and latency considerations.

Explore AWS EC2 pricing models, including on-demand, spot, and reserved instances, plus dedicated instances and dedicated hosts, with guidance on when to use each for cost optimization.

Recaps networking basics, VPC creation, subnets, Internet Gateway, and NAT as core building blocks for AWS solution architect prep; introduces the well-architected framework across sections.

Explore AWS well-architected framework and its five pillars—operational excellence, security, reliability, performance efficiency, and cost optimization—and learn to design for failure, implement operations as code, and leverage serverless architectures.

Explore fault tolerance and high availability within the AWS Well-Architected framework, designing resilient architectures with multi-AZ setups, standby instances, and recovery strategies.

Explore high availability and fault tolerance by using AMIs to quickly launch a preconfigured EC2 instance, reducing downtime and avoiding ongoing backup costs.

Create an Amazon machine image (AMI) from a running EC2 instance to preserve Apache, then launch new instances from the AMI for fault tolerance, high availability, and disaster recovery.

Learn disaster recovery basics for complete regional outages and how to recover by provisioning a new VPC and subnet in a different region and launching an EC2 instance there.

Explore AWS storage options, including EBS block storage for EC2 and S3 object storage with buckets, plus databases like MySQL, Oracle, Aurora, DynamoDB, and Redshift.

Explore elastic block storage with EBS volumes attached to EC2 instances, encryption, and detach and attach capabilities, and compare general purpose SSD, provisioned IOPS, throughput optimized HDD, and cold HDD.

Learn how elastic block storage volumes attach to EC2 instances and how input/output operations and throughput impact database performance, guiding you to the right EBS choices.

Choose the right EBS volume type for your EC2 workload. Use provision IOPs for database I/O, throughput optimized HDD for large data transfers, and cold HDD for archive data.

Explore creating and attaching an EBS volume to an EC2 instance, mounting it as a data disk, and detaching to attach to another instance in the same availability zone.

Explore how data at rest on EBS volumes attached to EC2 is encrypted before storage and decrypted on access. AWS manages the encryption and decryption process behind the scenes.

Learn to use EBS snapshots to back up, restore volumes, and copy snapshots across availability zones and regions in a hands-on AWS demo.

Explore how the simple storage service enables object storage with buckets, uploading files and generating public URLs, while learning basic permissions and access in the AWS console.

Explore S3 features such as versioning (cannot disable, only suspend), encryption, server access logging, and cross-region replication to protect, track, and replicate objects.

Understand how simple storage service uses key-value pairs to identify objects by file names in buckets, and how random key prefixes improve distribution across partitions for get and put throughput.

Discover how the simple storage service achieves high availability by replicating objects across data centers. Understand read-after-write for new objects and eventual consistency for overwrites.

Learn to host a static website with AWS S3 by enabling static website hosting on a bucket, setting the demo.html index, uploading the file, and making it public.

Learn how S3 pre signed URLs let users get or put objects without credentials, using a bucket, object key, method, and expiration.

Explore Amazon Glacier and lifecycle policies to move data from standard storage to Glacier for archive storage and cost savings. Understand Glacier retrieval, including standard 3–5 hour and expedited options.

Explore a simple use case for when to store videos in S3 versus on an EBS volume on EC2, highlighting decoupling and object storage for large data.

Explore how the elastic file system (EFS) shares a file system across EC2 instances. Create elastic network interfaces in each availability zone and mount via NFS using IP or DNS.

Ensure high availability of EBS volumes with regular backups and cross-region snapshots. Encrypt volumes and their snapshots and automate snapshot lifecycles with the lifecycle manager for disaster recovery.

Explore the well-architected framework for the simple storage service, examining regional buckets with high availability and durability across availability zones, plus cross region replication and lifecycle policies to Amazon Glacier.

Explore AWS relational database service (RDS) to automatically provision infrastructure and database engines, supporting MySQL, Oracle, SQL Server, MariaDB, PostgreSQL, and Aurora, with automated backups and a 35-day retention.

Spin up an AWS relational database service instance, selecting the engine, hardware, storage, and security settings, then configure backups, encryption, CloudWatch monitoring, and connect via the endpoint.

Learn how AWS RDS uses multi-az to create a synchronous standby in a second availability zone, enabling automatic failover with DNS switchover for business-critical apps.

Connect to a read replica to offload read traffic from the primary database, as updates replicate automatically, enabling separate read and write workloads while preserving data consistency.

Modify a MySQL instance to enable multi-az for high availability, and learn to create read replicas in another region with cost implications.

Connect an EC2 ubuntu instance to a MySQL RDS database by installing the MySQL client. Update security groups to allow port 3306 from EC2 private IP and verify the connection.

Explore DynamoDB as a fully managed AWS NoSQL database with schemaless items and attributes. Scale automatically to handle high throughput for fast data access without server management.

Learn how DynamoDB uses tables, items, and attributes in a schema-less design, define a partition key (and optional sort key), and create items in the AWS console.

Explore DynamoDB design considerations from an architect's view, including read/write capacity and consistency. Learn auto scaling, DAX, encryption at rest, and weekly tables to optimize cost and performance.

Monitor DynamoDB throughput and provisioned capacity by simulating item writes to a DynamoDB table, observe write capacity consumption in metrics, and learn throttling behavior when limits are exceeded.

Explore Amazon Aurora, a fully managed relational engine compatible with MySQL and PostgreSQL. Learn how a primary instance with multi-AZ cluster storage and read replicas ensures high availability and durability.

demonstrates launching an amazon aurora database via the aws console, choosing mysql 5.7 compatibility, configuring a cluster, making it publicly accessible, connecting with a mysql client, and reviewing cloudwatch metrics.

Explore AWS CloudWatch to monitor resources with metrics and dashboards, create alarms for thresholds, and collect logs via CloudWatch Logs, including EC2 CPU utilization and billing alarms.

Explore elastic load balancer concepts in AWS, learn how to distribute user requests across multiple EC2 instances in different subnets and availability zones to achieve high availability.

Understand the three AWS elastic load balancer types—classic, application, and network—and how layer four and layer seven routing determine traffic distribution, including url-based routing for app workloads.

Explore how the elastic load balancer distributes requests to target EC2 instances, runs health checks, and uses public DNS with private backend IPs for high availability across subnets.

demonstrates configuring an application load balancer with a listener on port 80, health checks, and a target group to distribute traffic across two ubuntu apache servers via dns name.

Learn how AWS autoscaling automatically adds or removes EC2 instances to meet demand. See CPU thresholds trigger scaling up or down to optimize cost and performance.

Learn to create a launch configuration and an auto scaling group in the AWS console, then configure scaling policies with CloudWatch alarms and warm-up across availability zones.

Explore how Route 53, AWS's domain name system, translates DNS names to public IPs, maps records, and directs users from cloud portals to your EC2 web app.

Map a domain to an EC2 instance using Route 53 hosted zones and records. Configure external providers, like GoDaddy, to use Amazon DNS name servers for this routing.

Explore Route 53 routing policies, including simple, weighted, failover, latency, and geographic options, and see how blue-green deployment and health checks enable failover.

Create a Route 53 hosted zone and a simple routing policy to map cloud hub learning.com to your EC2 Apache server, updating GoDaddy name servers and TTL 60 IPv4 record.

Configure Route 53 failover routing with health checks to redirect traffic from the primary Apache on EC2 to the secondary Azure IIS when unhealthy.

Demonstrates configuring Route 53 weighted routing to split traffic 50/50 between an AWS Apache server and an Azure Windows server, with no health checks, and testing the distribution.

Explore Route 53 alias records and how they map a domain to AWS resources, including S3 website hosting, ELB, or CloudFront, via a domain-named S3 bucket.

Discover how the simple queue service decouples systems by storing and retrieving messages, with visibility timeouts and FIFO versus standard queues.

Learn how the Simple Notification Service uses a push model to publish messages to endpoints via topics, with topic creation and subscriptions to email, HTTP, Simple Queue Service, or Lambda.

Explore how AWS CloudFront delivers web content globally through edge locations, caching content near users to reduce latency and offload web servers from origins like EC2, S3, or on-prem.

Learn how to place a static website hosted in an S3 bucket behind a CloudFront distribution to deliver content globally with edge locations and Route 53 domain mapping.

Learn how to use VPC endpoints to let private subnet instances access S3 and DynamoDB without internet. Create and attach a VPC endpoint and update private subnet route tables.

Discover AWS CloudFormation, an infrastructure-as-code service that provisions VPCs, subnets, and EC2 instances from JSON or YAML templates, using the resources section to define mandatory properties such as image ID.

Explore how CloudFormation uses templates to deploy resources, including an EC2 instance, via JSON or YAML, with validation and stack creation in the Oregon region.

Explore how Elastic Beanstalk automatically provisions web environments on AWS, spinning up EC2 instances, configuring auto scaling and load balancing, and registering a Route 53 DNS name.

Learn how to use elastic beanstalk to create applications and multiple environments (development, staging, production), deploy java applications with tomcat, and perform blue-green deployments with swap environment URLs.

Explore serverless architecture on AWS by comparing traditional EC2 hosting with fully managed services like DynamoDB, Lambda, and S3, which remove virtual server maintenance and enable code-driven deployment.

Discover AWS Lambda, a managed compute service that runs your code, auto scales, patches security, and integrates with API Gateway for event-driven use with Node.js, Java, C#, Go, and Python.

Create your first AWS Lambda function from the console, select a runtime, and set an execution role for CloudWatch logs and metrics.

Explore how containers provide portable, self-contained application components and how Docker, Kubernetes, and Elastic Container Service simplify orchestration and deployment on virtual machines.

Explore how Elastic Container Service orchestrates Docker containers by using task definitions and service definitions to run, monitor, and auto-recover containers in a cluster, demonstrated with Nginx and Apache tasks.

Explore how the API gateway service mediates requests between clients and backend resources, defines resources and methods, deploys to stages, and routes to endpoints.

Create a lambda function and expose it through api gateway, add a customer resource with a get method, test the http endpoint, and return json data in a serverless setup.

Explore how API gateway, Lambda, and DynamoDB work together in a serverless end-to-end workflow, including creating a DynamoDB table, retrieving items by id, and deploying with stages.

Discover how to securely access AWS resources using IAM: create users, apply password policies and MFA, and manage permissions with policies and groups, including programmatic access via access keys.

Learn how IAM policies, JSON-based documents, grant or deny access to AWS resources by specifying actions, resources, effects, and optional conditions for users or groups.

Create an s3 bucket, then craft a fine-grained IAM policy to allow read-only access to objects, using the visual editor and attach it to a user.

Learn how to implement S3 bucket policies and resource-based policies, separating IAM permissions from bucket-level object access, using a policy generator to grant get object access and list buckets.

Learn how IAM roles grant permissions to services and users, using temporary credentials instead of access keys, with use cases for EC2, S3, and Lambda.

Explore iam roles by wiring a lambda function to a DynamoDB table, using a read-only policy and a dedicated lambda role for secure access.

Learn to manage multiple AWS accounts with AWS organizations and consolidate billing. Organize accounts into organizational units and apply service control policies that deny root access and S3 usage.

Understand AWS Cognito as an identity provider and user account manager that enables sign up and sign in with credentials or external providers like Facebook and Google.

Explore AWS CloudTrail to govern and audit your account by recording all calls; configure trails to deliver to S3 or CloudWatch with KMS encryption and separate control from data events.

Explore how CloudTrail records API calls in a 90-day event history with region, source, time, and user details, and how to create trails sending logs to S3 or CloudWatch.

Revisit encryption basics by explaining data at rest, plaintext, ciphertext, and the roles of keys and algorithms, with a focus on key management in AWS.

Explore the key management service: create and manage customer master keys to generate data keys for encryption, understand key lifecycle, and distinguish AWS managed keys from user-defined keys across regions.

Explore enabling bucket encryption with KMS or server-side options, apply object-level encryption, and note that existing objects remain unencrypted; avoid deleting keys.

Learn how to capture IP traffic with VPC flow logs and send it to CloudWatch, and understand the fields that reveal accepted or rejected traffic.

Discover how AWS config delivers a detailed view of resources, records configuration changes with a timeline, and supports security monitoring by tracking global resources and compliance rules.

Explore how Kinesis enables real-time data ingestion from IoT devices, log files, and user clicks, focusing on data streams, Firehose, and ingestion to s3.

Explore AWS Kinesis data streams via API, CLI, and dotnet demos: put records, read with shard iterators (latest, oldest, last), and manage shard and sequence IDs.

Discover how AWS Redshift uses column-based storage for petabyte-scale data warehousing and analytics, and when to use bulk inserts via staging table over MySQL.

Launch and configure an Amazon Redshift cluster, selecting dense compute or dense storage nodes. Load data from S3 using an IAM role and COPY commands, then connect with SQL Workbench.

Explore AWS Athena, a serverless, interactive query service for data in S3 using standard SQL. Create a database and tables with serde, then run CSV, JSON, or Parquet queries.

Explore AWS QuickSight, a visualization tool for ad hoc and business intelligence reports from CSV, SQL, MySQL, and S3 sources. Sign up and select standard or enterprise to build visuals.

Explore the AWS data pipeline service to move and transform data, using a DynamoDB export to S3 template and EMR processing for analytics.

Learn how EBS volumes in an availability zone handle durability; use snapshots and cross-region copies for disaster recovery, and compare general purpose SSD, provisioned IOPs, throughput optimized HDD, and cold.

Explore AWS database options, including RDS engines Oracle, SQL Server, MySQL, PostgreSQL, MariaDB, Aurora, DynamoDB, and Redshift, with focus on high availability, multi-az, read replicas, and cross-region backups.

Apply general security practices with CloudTrail across all regions, enforce least-privilege IAM with MFA and strong passwords, use bucket policies and pre-signed URLs, and leverage VPC endpoints for secure access.

Enable encryption for EBS volumes, RDS, DynamoDB, and simple storage service using KMS or CMKs. Use server-side and client-side options, AWS managed keys, or CloudHSM, with key lifecycle control.

Design for operational excellence by prioritizing ease of use and automation across AWS, using ECS for microservices with auto scaling, Elastic Beanstalk for rapid dev environments, and CloudFormation for provisioning.

Explore DynamoDB acceleration as an in-memory cache to reduce latency for high-volume requests, S3 performance with partitioned keys and random prefixes, and networking options like enhanced networking and placement groups.

Build confidence to take the AWS Certified Solution Architect Associate exam by engaging with hands-on demos and labs, using practice questions, and embracing risk to pass.