
Enable service control policies in AWS organizations, create a deny policy for S3 actions, and attach it to a sandbox account to observe permission restrictions.
Explore the two policy categories in AWS organizations—authorization policies that deny actions and management policies that govern resources and tag enforcement across accounts, including service control policies.
Learn how organizational units group AWS accounts by environment and apply service control policies at the OU level, including nested structures and root-level options.
Understand how IAM permission boundaries cap the maximum permissions from an identity-based policy, and how the boundary, policy, and SCP determine effective AWS access.
Explore how the AWS security token service enables assume role to grant temporary credentials (access key, secret key, and session token) bounded by role policies and trust relationships.
Learn how attribute-based access control (abac) uses tags to grant access based on user and resource attributes, reducing policies and enabling scalable, environment-specific permissions in AWS.
Explore how external ID strengthens cross-account access in IAM by requiring a unique external ID with the role ARN, preventing the confused deputy in third-party integrations.
Set up a cross-account IAM role with external ID between a security corp and client account, verify the trust policy, and assume the role via the CLI.
Explore how the AWS License Manager tracks and enforces licenses across AWS and on premise, blocking overprovisioning with vcpu, sockets, and instance-based policies.
Explore how AWS service catalog standardizes and secures resource provisioning by offering approved cloud products, driven by CloudFormation templates, and enables cost control through shared portfolios.
Explore how AWS service catalog uses product blueprints linked to CloudFormation or Terraform within portfolios to control end-user access, launch constraints, and automated provisioning of development or production environments.
Learn how deny policies and IP address restrictions can lock you out of an S3 bucket, and how to regain access by removing the bucket policy as the root user.
Practical guide to CloudFormation stacksets, creating administration and execution IAM roles and permissions, deploying an SNS topic across multiple regions, verifying stack instances, and deleting the stackset.
Explore VPC traffic mirroring by configuring a target, filters, and sessions to copy specified traffic to a monitoring instance, including HTTP and DNS rules and CIDR-based filtering.
Discover the basics of VPC endpoints, enabling private network communication between private subnets and AWS services without internet, using gateway, interface, and gateway load balancer endpoints.
Explore the architecture of interface endpoints, where an elastic network interface with private IPs in a subnet serves as the entry point to supported AWS services via a VPC endpoint.
Explore cross zone load balancing in ELB, comparing disabled and enabled setups, and learn traffic distribution across availability zones for application, network, and gateway load balancers.
Explore the three load balancer ip address types—ipv4, dual stack, and dual stack without public ipv4—and understand dns behavior, ipv6 availability, and the draining period when migrating.
Explore how sticky sessions bind a user’s session to a specific target in application and classic load balancers, using cookies to maintain session state and improve responsiveness.
Learn how read replicas offload read and analytics traffic from a primary database through replication, directing reads to replicas and writes to the primary, including cross-region setups.
Compare RDS multi-az deployment types, including multi-az instance deployment and multi-az cluster deployment, and learn their failover speeds, read/write endpoints, and cost implications.
Explore how Aurora Global Database spans multiple regions with asynchronous replication, delivering fast local reads and disaster recovery by promoting a read replica to master when needed.
Explore how DynamoDB replicates data across availability zones for high availability and durability, and compare eventual versus strong reads, including setting consistency for get item, query, and scan.
Learn how Amazon SQS uses dead letter queues to move messages that fail processing after a max receives, preserving timestamps for troubleshooting and enforcing retention best practices.
Compare standard queue and the other queue type in SQS, highlighting throughput, delivery (with duplicates vs once), and ordering.
Using a message queue to decouple database transactions handles load spikes during alternate month promotions, avoiding downtime and cost, while ECS workers process queued updates with a small delay.
Configure a step function workflow to coordinate two lambda functions, Terraform and AWS, using a code-based state machine named course selector and test with AWS input.
Explore placement groups in AWS to co-locate EC2 instances for low latency and high network throughput. Learn cluster, partition, and spread strategies, including availability zones, rack awareness, and fault tolerance.
Learn how to implement AWS Client VPN with mutual authentication, from certificate generation (CA, server, client) to provisioning the client VPN endpoint, ACM integration, and OpenVPN client setup.
Explore how transit gateway routes propagate automatically from VPC attachments, manage static routes and black holes, and learn the route evaluation order and priority.
Implement attachment-level routing on a transit gateway by using custom attachment route tables to control inter-VPC communication, replacing defaults and blocking traffic between specific VPCs.
Learn how transit gateway sharing enables VPCs across multiple accounts to interconnect via a region-specific central transit gateway, using RAM shares and attachments to establish end-to-end connectivity.
Learn how to create a customer managed key (CMK) in AWS KMS, assign admin and user permissions, and perform encryption and decryption using the AWS CLI.
Centralize all GuardDuty findings across multiple accounts into a single administrator account, inviting member accounts and viewing consolidated results from a single dashboard.
Learn to issue a public certificate with the AWS certificate management service using DNS validation and apply the issued certificate to Cloud Front ILB and EPA Gateway.
Learn how to rotate secrets with secrets manager using a lambda function on a schedule to update both the secret and the database, with templates for common use cases.
Identify resources shared with external entities across accounts using the IAM access analyzer. Validate IAM policies against grammar and best practices, and generate policies from CloudTrail activity.
Explore configuring a practical simple scaling policy with a CloudWatch alarm tied to an auto scaling group, demonstrating scale-out on CPU utilization and steps toward scale-in.
Use the schedule scaling policy to automatically adjust an auto scaling group's desired capacity at set times, increasing or decreasing EC2 instances for predictable traffic and cost savings through recurrence.
Explore how EC2 auto scaling lifecycle hooks enable custom actions before an instance is terminated or launched, including pending and terminating waits, deregistering from antivirus, and log backups to S3.
Explore how to set up AWS Config with one-click setup, apply AWS managed rules such as approved AMI by ID, and view resource inventory, timelines, and compliance.
Learn to set up an AWS config aggregator across multiple accounts, authorize the aggregator, and verify resource inventories from different regions in a practical walkthrough.
Upload your code to elastic beanstalk and choose a preset platform to auto-provision resources, load balancing, autoscaling, and monitoring with logs via the central console.
Learn how to implement blue/green deployment in AWS Elastic Beanstalk by creating blue and green environments, swapping CNAMEs, and validating traffic routing.
VPC flow logs act as a visitor register for your AWS environment, capturing IP traffic to and from network interfaces and helping you monitor security events in CloudWatch.
This course is specifically designed for the aspirants who intend to give the "AWS Solutions Architect - Professional (SAP-C02)" level certification as well as for those who intend to gain a deeper understanding related to AWS.
One of the pre-requisite for the course is the candidate's prior understanding of the core AWS services. We generally recommend completing the AWS Solutions Architect - Associate video course (knowledge-wise) before starting with the AWS Solutions Architect - Professional. However, this requirement can be ignored if a candidate has working experience on AWS.
There are five primary sections in this course, each section is directly aligned with the official exam blueprint. This course also has an exam preparation section with practice tests to verify if the candidate is ready to give the official certification exams.
Keeping the standards high similar to other best-seller courses of Zeal, this course has a perfect balance and the things are explained in a simplified way with practical scenarios.
With tons of quizzes, great lectures, and fantastic support from the Instructor, this course is all you need to gain a deeper understanding of AWS and master the AWS Solutions Architect Professional certification.
With this interesting set of learnings and practicals, I look forward to seeing you in this course.