[NEW] AWS Certified Solutions Architect - Associate 2026

Explore the fundamentals of cloud computing, including on-demand IT resources, pay-as-you-go pricing, and the role of cloud service providers like AWS in scalable, reliable storage.

Cloud computing exploded in popularity by enabling on-demand provisioning and scalable server resources, with data centers and cloud providers handling power, cooling, and networking; launch and resize instances instantly.

Explore the three cloud computing models—software as a service, platform as a service, and infrastructure as a service—and compare on-demand software, browser access, and provider-managed environments.

Explore the three cloud computing characteristics—on-demand and self-service, elasticity, and measured service—through practical examples with DigitalOcean and AWS pricing, illustrating scalable, pay-as-you-go resources.

Learn the basics of Amazon Web Services, the Gartner Magic Quadrant leaders, and AWS regions. Explore the pay-as-you-go model and per hour or per second billing in the console.

Discover how AWS global infrastructure uses regions and availability zones to design highly available, fault-tolerant systems, with data centers connected by high-speed private links.

Understand the AWS account signup process: select free or paid plans, provide email and password, verify phone, enter contact and payment details, and grasp $200 credits and verification steps.

Create a new AWS account through the management console, verify the root user email, enter billing details and identity proof, and understand credits and plan options.

Sign in to an AWS account using the root user email, complete verification with a code, and learn MFA options like an authenticator app, a hardware token, or a passkey.

Learn how to secure your AWS account with multi-factor authentication, using authenticator apps, hardware totp tokens, or passkeys to protect root credentials and prevent costly unauthorized access.

Set up AWS multi-factor authentication for the root user using an authenticator app, scan a QR code, enter codes, and verify by signing in.

Compare password-based authentication with Keybase authentication and show how public and private keys enable login without passwords, enhancing server security.

Create an aws ec2 key pair in a region using rsa private key in pem format, download it to your laptop, and store the public key on the Linux server.

Launch your first EC2 instance in AWS, select CPU and memory, pick Amazon Linux, and use a key pair and security group to enable secure access.

Explore how to connect to servers after launch using RDP for Windows, SSH for Linux, and browser-based SSH, with practical demonstrations on AWS and other providers.

Connect to your first EC2 instance using the browser based SSH method. Use it as a backup when a traditional SSH client isn’t working.

Learn how to set up and verify an SSH client on macOS and Windows, enable it or use MobaXterm, and connect to an EC2 instance using SSH.

Connect to an EC2 instance with SSH using your private key (ec2-key.pem), set proper permissions, and log in as ec2-user with the instance's public IP.

Launch your first website on an EC2 instance by installing Nginx, starting it, and opening port 80 in the security group, then view the welcome to Nginx page and index.html.

Master EC2 pricing with per-second billing and understand storage charges for stopped instances. Learn to stop idle instances to save costs, note IP changes on restart, and free-tier storage implications.

Terminate your EC2 instance after completing practicals to permanently remove the instance and its storage, avoiding ongoing charges. Note that you cannot restart a terminated instance.

Explore how ports define service endpoints (such as 22 for SSH and 80 for HTTP) and how AWS security groups function as virtual firewalls to control inbound and outbound traffic.

Learn how to create a security group from scratch in AWS and attach it to an EC2 instance. Define inbound and outbound rules, including SSH on port 22 and ICMP for ping, and use 0.0.0.0/0 to control traffic.

Understand that Amazon Machine Image (AMI) defines operating system for your EC2 instance, with options like Amazon Linux and Windows, and you can use custom hardened AMIs shared across regions.

Learn to create a security hardened AMI from a secured base EC2 instance and apply enterprise security rules. Launch instances from the AMI and deregister it when finished.

Set up a budget in the billing console to monitor forecasted and actual costs, view top cost services, and receive email alerts when spend approaches or exceeds the limit.

Set up a custom AWS budget in the billing dashboard with monthly cost budgets and alerts for forecasted and actual spend, and stay under the free tier with email notifications.

Explore the virtual private cloud (vpc) concept with AWS, including subnets, route tables, and internet access, and learn how partitioning a vpc controls isolation and inter-subnet communication.

Create your first virtual private cloud (VPC) and learn how its private network enables EC2 instances to communicate using a defined CIDR block, including how defaults vary by region.

The VPC spans all availability zones in a region, while each EC2 instance launches in a single availability zone inside a subnet that subdivides the VPC into AZ-specific subnets.

Learn to create subnets within a VPC by dividing the CIDR range, assign IPv4 blocks, and configure subnet settings like the VPC ID, availability zone, and CIDR block.

Identify the lack of internet connectivity in the VPC that blocks SSH access to EC2 instances. Explore the VPC internet components and configure them to enable connectivity for EC2 instances.

Understand how an internet gateway connects a VPC to the internet, enabling inbound and outbound traffic for EC2 instances, with default VPCs automatically internet-enabled and custom VPCs requiring manual setup.

Configure the internet gateway for the VPC and attach it to enable internet connectivity. Establish subnet-level routing rules and verify access by SSH to the AC two instance.

Explore how route tables govern traffic in a VPC by mapping destinations to next hops, including local routes and internet gateway routes in a default VPC.

Configure the route table for a custom VPC by keeping a default local route for internal communication and adding a route to the internet gateway for internet access.

Explore public and private subnets, their internet gateway connections, and security implications; learn when to place web apps in public and databases in private, with communication via private ip addresses.

Configure public and private subnets in a VPC, attach an internet gateway, create and assign route tables, and verify connectivity between EC2 instances, including public-to-private SSH.

Understand how NAT gateways enable private subnet instances to initiate outbound internet access for updates while blocking inbound connections, with practical traffic flow examples.

Configure a NAT gateway in a public subnet, assign an elastic IP, and update the private subnet's route table to route 0.0.0.0/0 through the NAT gateway for internet access.

Terminate running instances, delete the net gateway, detach the internet gateway, then delete the VPC to avoid unexpected costs.

Explore the new VPC create experience that provisions a full VPC infrastructure with a few clicks, including subnets, route tables, and gateways, for testing or production.

VPC peering connects two VPCs to enable private IP communication between their instances, including cross-region and multi-account scenarios, while not acting as a transit VPC and requiring non-overlapping CIDR blocks.

Establish a cross-region VPC peering between North Virginia and Singapore, create two VPCs with nonoverlapping CIDR blocks, send and accept the peering request, configure routing, and verify connectivity.

Learn how network ACLs provide subnet-level firewalling in a VPC, using deny rules to block specific IPs, while security groups protect instance-level traffic.

Explore how launch templates store EC2 launch parameters to pre-select AMI, security groups, and key pairs, and how versioning enables consistent, organization-wide best practices.

Create a launch template named security template with AMI, instance type, key pair, subnet, and security group, then launch an EC2 instance from it and modify for new versions.

Explore EC2 pricing models—on demand, savings plans, reserved instances, spot instances, and dedicated hosts—and learn cost optimization strategies with practical tradeoffs and capacity considerations.

Explore the basics of service quotas, including per-service defaults, adjustable limits, and how quota increases prevent accidental provisioning and protect availability in EC2, elastic IPs, and other services.

Compare AWS support plans from basic to enterprise on ramp, focusing on technical support, response times, trusted advisor checks, and cost, to choose the right plan for production workloads.

Explore elastic block store (EBS) as scalable high-performance block storage for EC2, learn attach/detach, persistence after termination, volumes and availability zones, and how to create and attach multiple volumes.

Master EBS snapshots as point-in-time backups and create volumes from them with the same data. Copy snapshots across availability zones, regions, and accounts, then restore to attach to instances.

Learn how the delete on termination attribute affects EBS volumes attached to EC2 instances, and when a volume is deleted or kept after an instance terminates.

Explore elastic block store volume types, including general purpose and provisioned IOPS SSDs, plus throughput and cold HDD options, and learn how IOPS shape performance and cost.

Explains disk level encryption and how EBS encryption uses CMS keys to secure data at rest, data in transit, and volumes and encrypted snapshots.

Explore instance store volumes in AWS as ultra fast temporary storage attached to the host, contrasting with EBS persistence, performance, cost, and limitations across instance types.

Explore the basics of AWS S3, including bucket and object concepts, global uniqueness, and regional storage. Learn to create buckets, upload files, organize with folders, and manage permissions and durability.

Explore AWS S3 storage classes, including S3 standard, S3 standard infrequent access, and S3 Glacier, and learn how durability, availability, and retrieval costs shape data storage and archiving decisions.

Use AWS S3 intelligent-tiering to automatically move data between frequent and infrequent access tiers based on 30-day patterns, optimizing costs with per-object monthly fees.

Explore the new S3 one zone infrequent access, storing data in a single availability zone at about 20% less cost than standard infrequent access, suitable for secondary backups.

Compare S3 Glacier and Glacier Deep Archive for long-term data archival, focusing on access options and retrieval times from minutes to hours. Highlight the cost differences that influence storage choices.

Learn how S3 versioning protects objects by preserving multiple versions, using version IDs, deletion markers, and the difference between delete and permanent delete, with enabling and suspending bucket versioning.

Configure S3 lifecycle rules to automatically move data from standard to standard infrequent access after 30 days, and to Glacier after 60 days. Use expirations and versioning to delete data.

Leverage S3 storage class analysis to study access patterns, noting that objects older than 30 days are infrequently accessed, guiding transitions to storage class and lifecycle tuning for cost efficiency.

Enable S3 cross-region replication by turning on versioning on both the source and destination buckets, then create a replication rule from Mumbai to Singapore and verify by uploading an object.

Learn how to host static websites on S3 with the static website hosting feature, delivering cost-efficient, serverless hosting via publicly accessible buckets for HTML, CSS, and client-side JavaScript.

Enable static website hosting on S3 by configuring a publicly accessible bucket, enabling the feature, applying a GetObject policy, uploading an index.html, then test the endpoint.

Enable time-limited access to private S3 objects with pre-signed URLs, allowing customers to download purchased files via a shareable link, with expiry configurable in GUI or CLI.

Learn how S3 object lock uses the worm model to prevent deletion or overwriting through governance and compliance retention, with versioning, deletion markers, and ransomware protection.

discover how s3 requester pays shifts data transfer costs to the requester while bucket owners keep storage costs, and how to enable and use it with aws s3 cp.

Explore aws storage gateway and its file, volume, and tape gateway types that let on premise apps use s3 via standard protocols without code changes.

Set up S3 file gateway in storage gateway service using EC2, activate it, create a file share linked to an S3 bucket, and mount it on Linux server to test.

Explore the elastic file system (EFS), a scalable, fully managed AWS storage that automatically grows or shrinks, enables shared storage across EC2, Lambda, and ECS via NFS, with pay-as-you-use pricing.

Learn how to create the Elastic File System, mount it to two EC2 instances via NFS, configure the VPC and mount targets, verify shared storage, and clean up resources.

Learn how the AWS Snowball family accelerates offline data transfer to S3 and enables edge computing with snow cone, snowball edge, snow mobile, and gpu options.

Configure centralized backups with the AWS backup service to automate daily and monthly backups and manage lifecycle and retention across regions, accounts, and on-premises resources.

Configure AWS backup plans, define retention and schedules, enable on-demand backups, and assign resources like Aurora, DynamoDB, EBS, and S3 with wildcards.

Discover Amazon FSx and its file systems—Lustre, Open ZFS, Windows File Server, and ONTAP—and how they integrate with S3, SageMaker, and EC2 to simplify provisioning and backups.

Learn how high availability design ensures service remains up despite component failures, using load balancers, redundant servers, service level agreements, and uptime monitoring.

Explore recovery time objective and recovery point objective (RTO and RPO) and their impact on high-availability design and cost. Learn backup strategies and regional failover considerations.

Explore elastic load balancing that distributes traffic across multiple instances to prevent downtime. Learn how AWS elastic load balancing is a managed service handling health checks, high availability, and performance.

Explore classic load balancers, the original elastic option; compare their limited features with application, network, and gateway balancers, and review health checks and port 80 routing on EC2.

Explore AWS elastic load balancing and its impact on high availability. Compare application, network, gateway, and classic load balancers and their HTTP, TCP, plus auto scaling and WAF integrations.

Explore how application load balancers read http headers, including host and user agent, to implement path based routing and host header rules that forward requests to the appropriate servers.

Network load balancers operate at layer four, the transport layer, enabling non http based protocols such as tcp, udp, and tls. They can handle millions of requests per second.

Discover how a web application firewall analyzes the request payload to block malicious content, contrasting it with network level firewalls and highlighting modsecurity, AWS WAF, and Cloudflare.

Explore how AWS WAF protects web applications with a managed firewall, using custom or managed rules, and integrates with application load balancers, API gateways, and CloudFront distributions.

Explore how auto scaling automatically adjusts computing resources in response to demand, performs scale up and scale down by CPU utilization, and enables cost efficiency and agility.

Explore how EC2 auto scaling automatically adjusts instances based on load, such as CPU utilization thresholds, dynamic, scheduled, manual, and predictive scaling with CloudWatch metrics.

Explore base concepts of EC2 auto scaling, including auto scaling groups, capacity management (minimum, desired, maximum), launch templates, health checks, and dynamic, predictive, and scheduled scaling policies.

Explore practical EC2 auto scaling by configuring launch templates and auto scaling groups, setting desired capacity and health checks, and understanding manual scaling versus policy-based scaling with a security group.

Discover how AWS Global Accelerator reduces internet congestion by routing traffic to healthy, congestion-free endpoints across regions, selecting the nearest healthy endpoint via health checks.

Configure a global accelerator with EC2 endpoints in Virginia and Singapore, set up health checks, test traffic routing with DNS and curl, and delete it after practice to avoid fees.

Explore how AWS Elastic Beanstalk simplifies deploying a hello world app to production by automatically provisioning infrastructure, selecting platform types, and managing presets like highly available or single instance.

Create an Elastic Beanstalk Docker web app environment, configure presets and roles, set a DNS domain, upload code, and monitor health with CloudWatch and logs before deleting.

Discover how VPC endpoints enable private subnet communication to AWS services like S3 over the AWS private network, avoiding the public internet, with gateway, interface, and gateway load balancer endpoint.

Explore how gateway VPC endpoints use route tables and prefix lists to divert traffic from private subnets' EC2 instances to S3 and DynamoDB, with AWS automatically managing CIDR ranges.

Explore how interface endpoints create elastic network interfaces in subnets to route traffic to supported AWS services, enabling secure, on-premises connectivity.

Understand how AWS VPC endpoint services use interface endpoints to connect consumer VPCs to a service provider's network load balancer over the private network, resolving CIDR overlap without VPC peering.

Discover how AWS direct connect creates a dedicated leased line from your data center to your VPC, reducing latency and cost in hybrid architectures.

discover how transit gateway centralizes VPC connectivity, replacing complex VPC peering with a hub that connects VPC attachments and on-premise networks via Direct Connect or site-to-site VPN.

Learn how placement groups co-locate EC2 instances for low latency and high network throughput, and how cluster, partition, and spread types influence rack and host placement for fault tolerance.

Explore identity and access management (IAM) basics, including how JSON policies grant or restrict permissions for users and groups to access AWS services like EC2 and S3.

Explore IAM policy types in AWS, including identity based, resource based, permission boundaries, service control policies, ACLs, and session policies, and see how they define permissions for entities and resources.

Understand identity-based policies in AWS, including JSON documents, managed vs inline policies, attachment to users, groups, and roles, and their reuse and versioning.

Explore the JSON policy document structure used in AWS IAM policies, including version, statement, effect, action, resource, principal, and condition, to read and write policies effectively.

Learn to use the AWS CLI to automate tasks from the terminal, including describe instances across regions, and configure credentials with aws configure.

Install aws cli on linux and windows, upgrade from version 1 to 2, use curl and unzip for installation, and install windows via msi, then configure and verify with --version.

Learn to create a precise iam policy that lets a specific user start and stop a designated ec2 instance by its instance id, with console and cli validation.

Create an inline IAM policy from scratch to let Alice start and stop an EC2 instance in Mumbai via console and line interface, using its arn and enabling describe instances.

Learn how IAM roles grant permissions via attached policies when resources assume the role, avoiding hardcoded access keys and enabling EC2 to access S3 with a secure role.

Learn how AWS Organizations centralizes management with a single management account. Use consolidated billing and policy enforcement via service control policies and tag policies across many accounts.

Learn how S3 bucket policies control access to buckets and objects, complementing identity policies, with examples for public, https-only, and restricted access scenarios.

Explore how cryptography secures messages through encryption, secret keys, and cipher texts, from simple 1-to-1 mappings to symmetric key algorithms and secure web communication.

Explore how protocols act as common languages for computers, enabling tcp/ip, dns, sftp, and http exchanges, with a high-level view of the three-way handshake.

Compare plain text and encrypted protocols like ftp and sftp, showing how encryption prevents sniffing and the importance of key exchange and https in securing logins.

Understand disk level encryption and why it beats encrypting individual files. Learn how BitLocker and Linux tools secure whole drives with passwords, recovery keys, and boot protection.

Learn about cloud HSM, a cloud-based hardware security module that securely stores encryption keys for encryption, decryption, and authentication, with tamper resistance and FIPS 142 level three compliance.

Explore how aws kms encrypts and decrypts data using keys, demonstrated via a cli workflow with base64 decoding, and its integration with s3 and ebs.

Learn how AWS S3 encryption protects data at rest using server-side options (SSE-S3, SSE-KMS, SSE-C) and client-side encryption; manage CMKs in KMS and enable default encryption in buckets.

Discover guardduty's one-click threat detection that monitors aws resources with cloudtrail, vpc flow, and dns logs to surface high-severity findings across ec2, s3, rds, and iam.

Enable GuardDuty in your AWS account to analyze VPC flow, DNS, and CloudTrail logs with 30-day trial, view findings by severity, and explore EC2 details and export options.

Explore secrets management with AWS Secrets Manager, enabling encrypted storage, rotating credentials, audit trails, and fine-grained access, and compare its use to HashiCorp Vault for small teams versus large organizations.

Explore the basics of AWS Secrets Manager with a practical walkthrough to store, encrypt, and retrieve secrets such as API keys and credentials, and learn about secret rotation and permissions.

Learn how to reference security groups to control traffic between web and application tiers, including using security group IDs over IPs, scaling scenarios, VPC peering, cross-account and cross-region considerations.

Explore vulnerability, exploit, and payload through a clear house analogy, and learn how vulnerability scanning and patch management help the security engineer prevent breaches.

Explore Amazon Inspector, an automated vulnerability management service that scans EC2 instances, ECR Docker images, and Lambda functions for software vulnerabilities, shows criticalities, and provides remediation guidance.

Learn how Amazon Macie uses machine learning and pattern matching to discover and protect sensitive data in S3 backups, detect PII and credentials, and support PCI DSS compliance with findings.

Practice Amazon Macie by setting up an S3 bucket in North Virginia, enabling Macie, and running a one-time sensitive data discovery job to reveal high severity findings.

Learn to use Amazon Detective to investigate security events by analyzing cloud trail, VPC flow logs, and guard duty findings, identify root causes, and visualize data insights.

Implement a stateful network firewall and intrusion detection and prevention service for your VPC, applying domain-based and IP-based rules to block or allow traffic.

Enable AWS config to record resource changes, build a timeline for audit and compliance, and use conformance packs with PCI, DSS, HIPAA templates to monitor non-compliant resources.

Set up the AWS config service with one-click setup, explore AWS managed rules like approved Ami by id, and review resource inventory, timelines, and EC2 non-compliant status.

Explore how Firewall Manager centralizes security rule configuration across multiple AWS accounts, enforcing consistent web application firewall, VPC security groups, Route 53, and other services with IaC-driven deployments.

Protect workloads from DDoS with AWS Shield, featuring standard and advanced tiers. Enable near real time visibility and 24/7 DART support with the advanced tier.

Learn the basics of vpn, where a middle server proxies requests, encrypts traffic, and enables personal geo-restriction bypass and secure corporate access to internal networks.

Explore the basics of AWS client VPN, its fully managed remote access, and how it contrasts with EC2-based OpenVPN setups. Learn about high availability, patching, upgrades, and performance considerations.

Explore how AWS Control Tower streamlines multi-account governance with single sign-on, centralized logging, and guardrails. See how stack sets and account factory automate provisioning and security across accounts.

Learn bastion host architecture as a jump box proxy enabling access to private subnets from public networks using ssh agent forwarding, with secure key handling in mind.

Explore how Amazon Cognito delivers authentication, authorization, and user management for web and mobile apps using user pools and identity pools, with sign-up, social logins, email verification, and MFA.

Discover how EC2 instance metadata and the metadata service expose details like ami id and instance type, enabling dynamic applications to adjust resources automatically.

Access and manage EC2 instance metadata via curl, toggle its availability, and note that v1 token is optional while v2 requires a token.

Centralize security findings from AWS services such as Inspector, GuardDuty, AWS Config, and Firewall Manager, then prioritize issues with CSPM standards like CIS, PCI DSS, and NIST.

Audit Manager automates continual evidence collection across PCI DSS and frameworks using AWS Config, CloudTrail, and Security Hub, replacing manual screenshots with continuous evaluation and a centralized assessment report.

Learn how AWS Lambda enables serverless compute by deploying code without provisioning servers, with flexible runtimes and function URL options.

Explore how application programming interfaces enable secure access to backend systems with authentication and throttling, and see how the Open Weather Map API fetches city weather data.

Learn how API Gateway acts as the front door to backend systems, providing secure, scalable access with authentication, caching, and throttling for Lambda-backed APIs.

Create a simple HTTP API in API gateway that invokes a Lambda function and returns the hello from Lambda response, using the Node.js runtime and an invoke URL.

Learn the api gateway endpoint types, edge optimized, regional, and private, and how they route traffic for global, same-region, and vpc-based clients using cloud front.

Explore how AWS DataSync automates secure data transfers between on-premises and cloud storage. This service supports NFS, SMB, HDFS, and various object stores with end-to-end encryption and integrated validation.

Analyze cloud trail logs and other log data with Amazon Athena by writing standard SQL queries against data in S3, delivering fast insights without building full monitoring systems like Splunk.

Amazon AppFlow, a fully managed integration service, transfers data between SaaS apps like Salesforce and Slack and destinations such as S3 or Redshift, demonstrated with a GitHub to S3 flow.

Learn to visualize and manage your AWS costs using Cost Explorer, exploring monthly and daily spend, regional and instance-type costs, and downloadable CSV reports.

Discover how the AWS Transfer Family securely connects legacy applications using FTP and SFTP to S3 or FS, replacing dedicated FTP servers with a scalable, centralized transfer service.

Discover how AWS SES enables sending and receiving emails from your own addresses and domains, using verified identities, with formatted or raw formats, plus dashboards for bounces and complaints.

Explore how to set up and verify an identity in SES, send a test email, understand sandbox limits, and request production access for reliable email delivery.