Explore how AWS cloud is global, with regions and availability zones, data centers, edge locations, and points of presence; learn how region choices affect latency, compliance, services, and pricing.

Explore the AWS console's new UI with bright white backgrounds and rounded blue buttons, while the underlying usability remains the same as the legacy design.

Learn to navigate the AWS console, choose a nearby region to reduce latency, and distinguish global versus regional services like Route 53 and EC2.

Create users and groups in IAM, assign json policies to grant access to services like EC2, elastic load balancing, and CloudWatch, and follow the least privilege principle.

Create IAM users and groups in AWS, assign administrator access via an admin group, sign in as IAM users, and use an account alias to simplify access.

Enable multi-session sign-in to use two AWS accounts in the same browser, switching between account IDs as you work in EC2 and EBS contexts.

Explore how IAM policies attach to groups and users, including inline policies, and learn the core policy structure with version, id, statement, effect, principal, action, and resource.

Explore how IAM policies grant, restrict, and manage permissions by attaching admin and read-only policies to users and groups, with hands-on policy creation via JSON and a visual editor.

Strengthen AWS security with a password policy and multi-factor authentication, using virtual MFA devices (Google Authenticator, Authy) and U2F hardware keys.

Explore configuring IAM password policies and enabling multi-factor authentication for the root account, including authenticator apps, QR code setup, and managing multiple MFA devices for secure AWS access.

Learn to access AWS using the management console, the cli with access keys, and the sdk, including key generation, security, and language-specific libraries.

Install the aws cli version 2 on Windows using the MSI installer, verify with aws --version, and upgrade by re-running the installer for future updates.

Install and verify the AWS CLI version 2 on macOS by downloading the pkg, running the graphical installer for all users, and confirming with aws --version.

Install the AWS CLI on Linux by downloading the version 2 zip, unzipping it, and running the installer with sudo to verify the version.

Configure the AWS CLI with access key and secret key, set your region, and run AWS IAM list-users to compare console and CLI permissions.

Use AWS cloud shell to run CLI commands in the cloud, with a persistent file repository, region-aware defaults, and support for uploading, downloading, and multi-tab terminals.

Create and assign IAM roles to enable AWS services to act on your behalf, granting permissions to EC2 instances, Lambda functions, and CloudFormation for specific actions.

Create an IAM role for an EC2 instance, attach the IAM Read Only Access policy, and name it DemoRoleForEC2, defining EC2 as the trusted service.

Explore IAM security tools like credentials report and access advisor to review account-level credentials and user-level permissions, supporting the principle of least privilege.

Generate a credentials report to review root and user details, password rotation, MFA, and access keys, then use IAM Access Advisor to evaluate services used for granular permissions.

Follow IAM best practices by avoiding the root account for daily tasks, creating separate user accounts, assigning users to groups, enforcing MFA, and using roles for service permissions.

Explore iam users, groups, policies, and roles, with mfa and password policies, managed via cli or sdk, and audited by credentials report and access advisor.

Set up a zero spend or monthly cost budget with email alerts in the AWS billing console, and enable IAM billing access to review bills and free tier usage.

Learn EC2 basics, renting EC2 instances with Linux, Windows, or macOS, choosing CPU, RAM, and EBS or EFS storage, and using EC2 User Data to bootstrap on first launch.

Launch your first EC2 instance with the Amazon Linux 2 AMI, apply user data to install a web server, and manage its start, stop, and termination.

Explore EC2 instance types, from general purpose to storage optimized, understanding naming conventions like m5.2xlarge and how size, vCPU, and memory match workloads.

Security groups act as firewalls around EC2 instances, controlling inbound and outbound traffic with rules that reference IP ranges or security groups, including ports 22, 80, 443, and 3389.

Learn how security groups control EC2 access with inbound and outbound rules, including SSH 22 and HTTP 80, and how timeouts signal misconfigured rules.

Learn to securely connect to Linux and Windows EC2 instances using SSH, Putty, or EC2 Instance Connect, choose based on your OS, and troubleshoot common SSH issues.

Learners set up ssh access to an ec2 instance from linux or mac using a pem file and the ec2-user account. Configure port 22 in the security group.

Learn to SSH into an EC2 instance from Windows using PuTTY and PuTTYgen, converting PEM to PPK and authenticating as the EC2-user on Amazon Linux 2.

Learn to SSH into an EC2 instance from Windows 10 using PowerShell or command prompt, locate and use the PEM file, open port 22, and fix permissions.

Use EC2 instance connect for browser-based SSH, with a temporary key and the default username EC2 user, and ensure port 22 is open for IPv4 and IPv6 in security rules.

Attach an IAM role to an EC2 instance to provide credentials securely, avoid AWS credentials via configure, and verify access with IAM permissions using aws iam list users.

Explore EC2 instance purchasing options to optimize cost and capacity, including on-demand, reserved, convertible reserved, savings plans, spot, dedicated hosts, dedicated instances, and capacity reservations.

Explore EC2 spot instances and spot fleets to cut costs up to 90% by managing a max spot price, price variability, a two-minute grace period, and diverse launch pools.

Explore launching EC2 instances with spot requests and spot fleets, tune parameters, pricing, and interruption behavior, and compare reserved instances, savings plans, dedicated hosts, and capacity reservations for optimized costs.

Explore the differences between private and public IPs, IPv4 basics, NAT, and internet gateways, and learn why elastic IPs are often avoided in favor of DNS and load balancers.

Learn how public IPv4 enables SSH access from the internet and why private IPs require a private network. Use elastic IPs to keep a fixed address through stop and start.

understand EC2 placement groups to control instance placement for performance. cluster groups offer low latency in a single availability zone; spread and partition groups balance risk and scale.

Create and configure EC2 placement groups to optimize performance and distribution, using cluster, spread, and partition strategies (rack default), and launch instances in the selected group.

Explore elastic network interfaces (ENI) as virtual network cards in a VPC that give EC2 connectivity, private and public IPs, security groups, and availability-zone bound failover.

Launch and manage EC2 instances and elastic network interfaces (ENIs), attach a secondary private IPv4, and perform quick failover by moving ENIs between instances to understand advanced networking.

Discover how EC2 Hibernate preserves RAM state for a faster boot by writing memory to an encrypted root EBS volume, supporting Linux and Windows across instance types.

Enable EC2 hibernation on a t2.micro instance with an encrypted root EBS volume. Verify that uptime reflects the RAM saved to disk after hibernation using EC2 Instance Connect.

Discover elastic block store (EBS) volumes, network drives that persist data after termination and can be detached and reattached within an availability zone. Explore provisioning and delete-on-termination settings.

Manage AWS EBS volumes for EC2 instances by creating, attaching, and detaching GP2 volumes across AZs. Learn root volume delete-on-termination behavior and how termination detaches or deletes volumes across AZs.

Discover how ebs snapshots back up volumes at a point in time, copy across availability zones and regions, and use archive tier, recycle bin, and fast snapshot restore features.

Create and manage GP2 EBS snapshots from a 2 gb volume, copy across regions for disaster recovery, and recover volumes across AZs from snapshots, using Recycle Bin retention.

Customize an AMI, the Amazon machine image, to prepackage operating system and software for EC2 boot. Launch from public, marketplace, or your own AMIs, and copy across regions.

Launch an Amazon Linux 2 instance, configure httpd via user data, create a demo ami, and launch new instances from that ami for faster boot-up.

Explore EC2 instance store, a hardware disk on the server delivering high I/O for buffers, caches, and scratch data. It is ephemeral, so back up and use EBS for storage.

Explore the EBS volume types—gp2, gp3, io1, io2, st1, and sc1—and see which can be boot volumes, plus how IOPS and throughput differ across general purpose and provisioned options.

Use multi-attach on io1/io2 volumes to attach to multiple EC2 instances in the same availability zone with concurrent read and write, up to 16 instances, requiring a cluster-aware file system.

Encrypt EBS volumes using AES-256 with KMS, securing data at rest and in flight between instance and volume, plus encrypted snapshots and volumes created from them.

Explore Amazon EFS, a managed NFS network file system that can be mounted by EC2 instances across availability zones, with auto scaling, pay-per-use pricing, and throughput and storage class options.

Learn to create a regional Amazon EFS file system, enable backups, apply lifecycle and elastic throughput, and mount it across two EC2 instances in different AZs.

Compare ebs and efs: ebs attaches to one instance per az (with io1/io2 multi-attach), while efs is a network file system across azs with shared mounts and posix support.

Clean up a security-conscious AWS environment by terminating running EC2 instances, deleting EBS volumes, EFS file systems, snapshots, and non-default security groups to avoid ongoing costs.

Clarify the concepts of scalability and high availability with a call center example, detailing vertical and horizontal scaling and how multi-AZ or scale-out strategies enable resilient applications.

Explore elastic load balancing on AWS, using a load balancer to distribute traffic across multiple EC2 backends with health checks, SSL termination, and security controls across ALB, NLB, and GWLB.

route http traffic to multiple target groups with a layer seven application load balancer, supporting http/2, websockets, path and host routing, and health checks.

Launch two EC2 instances, configure an application load balancer with a target group, and route HTTP traffic to both healthy instances to demonstrate dynamic load balancing.

tighten network security by restricting inbound ec2 traffic to the load balancer's security group, then create alb listener rules to route or return a 404 for the /error path.

Explore network load balancer, a layer 4 solution for tcp and udp, with millions of requests per second, static IPs per az, and health checks for tcp, http, and https.

Create a network load balancer for an internet-facing AWS setup with IPv4, a VPC, and AZ subnets, attach a security group, and configure TCP health checks on port 80.

Explore how the gateway load balancer routes all network traffic through third-party appliances for inspection at layer 3, using Geneve protocol on port 6081 with EC2 or private IP targets.

Explore elastic load balancer sticky sessions, including session affinity with cookies, using ALB, CLB, or NLB to keep a user on the same backend instance.

Explore cross zone load balancing across availability zones. See how ALB enables it by default and how other balancers may incur inter AZ charges.

Explore how SSL/TLS certificates secure in-flight traffic between clients and load balancers, with SNI enabling multiple certificates for ALB and NLB, and ACM-managed certificates for AWS deployments.

Configure ssl certificates on alb and nlb by adding https listeners on port 443, forwarding to target groups, and importing certificates from acm or iam.

Learn how connection draining (deregistration delay) lets inflight requests complete as an instance deregisters, with 1–3600 seconds (default 300; 0 disables).

Explore auto scaling groups (ASG) in AWS, learn to scale out and scale in with min, desired, and max capacity, and use load balancers, CloudWatch alarms, and scaling policies.

Explore auto scaling groups by creating a group with a launch template, launching Amazon Linux 2 t2 micro EC2 instances, and linking them to a load balancer with health checks.

Explore auto scaling groups and scaling policies, including target tracking, simple or step scaling, scheduled scaling, and predictive scaling, with metrics like CPU utilization and request counts per target.

Explore autoscaling for an auto scaling group, covering scheduled actions, predictive scaling, and dynamic policies. Learn target tracking with CPU utilization and CloudWatch alarms to scale in and out.

Explore Amazon RDS, a managed relational database that supports engines like PostgreSQL, MySQL, Oracle, SQL Server, IBM Db2, and Aurora, with automated provisioning, backups, point-in-time restore, and storage auto scaling.

Understand RDS read replicas for scaling reads with asynchronous replication, their promotion to standalone databases, and Multi-AZ for disaster recovery with synchronous replication and automatic failover.

Create a MySQL RDS database in the AWS console using the free tier and single AZ with public access. Connect, create tables, and explore snapshots, read replicas, and deletion options.

RDS Custom for Oracle and Microsoft SQL Server gives access to the underlying OS and database for full customization, with SSH or SSM access, while deactivating automation and taking snapshots.

Amazon Aurora is a proprietary, cloud-optimized database compatible with PostgreSQL and MySQL, featuring auto-expanding storage, instantaneous failover, and high availability.

Explore hands-on creation of an Amazon Aurora database, choosing MySQL compatibility, production template, instance class, replicas, VPC access, and read replica auto-scaling to show Aurora's power.

Master Aurora concepts, including replica auto-scaling, custom endpoints, serverless, global Aurora for disaster recovery; explore Aurora machine learning integration and babelfish for PostgreSQL, plus migration with AWS SCT and DMS.

Explore RDS and Aurora backups, including automated daily backups with five-minute transaction logs and point-in-time recovery, manual snapshots, and restore to new databases via S3 or cloning for fast staging.

Encrypt rds and aurora data at-rest with kms at launch, securing master and replicas. Enable in-flight tls with aws root certificates and security groups; authenticate with iam roles or username/password.

Explore how Amazon RDS Proxy pools connections to your RDS database across availability zones, reducing open connections and timeouts while enabling serverless auto scaling and IAM authentication via Secrets Manager.

Explore Amazon ElastiCache as a managed in-memory cache for Redis or Memcached that reduces database load by serving read-heavy queries from the cache and addressing cache hits, misses, and invalidation.

Explore Amazon ElastiCache by configuring a Redis node-based cluster, adjusting options like backups, encryption, security groups, and maintenance, then review details and delete.

Explore ElastiCache security options, including Redis IAM authentication, Redis AUTH with password and token, SSL in flight, Memcached SASL, and ttl-based session stores with lazy loading and write-through.

Explore how the domain name system translates hostnames into IP addresses. Learn key DNS concepts, from registrars, records, and name servers to the hierarchical structure and recursive resolution.

Discover Amazon Route 53, a highly available, scalable, and authoritative DNS you control via hosted zones and records like A, AAAA, CNAME, and NS, with TTL and health checks.

Register a domain with Route 53, set auto-renew and privacy protection, and review NS and SOA records in a hosted zone for DNS management.

Create your first Route 53 records in a hosted zone by adding an A record for test.stephanetheteacher.com to a sample IPv4 address, TTL 300, and verify with nslookup or dig.

Launch three EC2 instances across regions and set up application load balancer. Configure security groups for http and ssh, bootstrap with a user data script, and verify Route 53 routing.

Explore how time to live drives DNS caching in Route 53, with A records, TTL values from 60 seconds to 24 hours, and strategies for updating records while minimizing traffic.

Compare CNAME and Route 53 alias records, map AWS resources to domains including apex domains, and learn alias benefits like no TTL and built-in health checks.

Learn how the simple routing policy in Route 53 responds to DNS queries by returning multiple A record IPs and letting clients choose an endpoint, with TTL considerations.

Learn how weighted routing in Route 53 distributes traffic across multiple resources using relative weights. See 70/20/10 examples, how zero weights stop traffic and weights need not sum to 100.

Discover how latency-based routing redirects users to the closest AWS region to minimize connection time, using Route 53 and health checks across us-east-1, ap-southeast-1, and eu-central-1.

Discover route 53 health checks for public and private resources, enabling automated dns failover across regions with endpoint, calculated, and cloudwatch alarm checks.

Explore how to set up Route 53 health checks for EC2 endpoints, configure IP, port 80, and root path, and create calculated and CloudWatch linked checks.

Learn how to implement Route 53 failover routing with primary and secondary EC2 instances, using health checks to automatically switch DNS responses during outages.

Explore routing policy geolocation that directs users by continent, country, or state. Use a default record, localization for content, and optional health checks to support load balancing.

Explore geoproximity routing to shift traffic using a bias between AWS regions like us-west-1 and us-east-1, or on-premises, via latitude and longitude and advanced Route 53 traffic flow.

Define IP-based routing in Route 53 by mapping client CIDR ranges to specific endpoints, directing traffic to 1.2.3.4 or 5.6.7.8. Use cases include optimizing performance and reducing network costs.

Explore the multi-value routing policy in Route 53, returning up to eight healthy records linked to health checks for client-side load balancing, not a substitute for an ELB.

Learn how to separate domain registrar from DNS service, using any registrar while managing DNS with Route 53 by creating a public hosted zone and updating NS at the registrar.

Establish hybrid DNS by configuring Route 53 resolver inbound and outbound endpoints to connect AWS Cloud DNS via VPN or Direct Connect, enabling bidirectional resolution.

Delete unused hosted zones in Route 53 after emptying records to save domain renewal costs. Terminate EC2 instances across Frankfurt, us-east-1, ap-southeast-1 and remove load balancer and its target group.