AWS Networking Masterclass - Amazon VPC & Hybrid Cloud 2026

Set up two AWS accounts in the free tier, configure billing alarms and security settings, and use AWS organizations to connect a second account for hands-on, real-world practice.

Create an AWS free tier management account for AWS organizations, set up identities, and enable billing alarms, while learning dynamic email aliases, verification steps, and signing into the management console.

Configure your AWS account with a sign-in alias, enable IAM access to billing, and set up a CloudWatch billing alarm with an SNS notification in US East (North Virginia).

Install and configure essential tools for the course by downloading the AWS CLI and Visual Studio Code, with OS-specific steps for Windows, Mac OS, and Linux.

Explore core networking concepts such as bandwidth, latency, routing and switching, the OSI model, NAT, and firewalls, laying a solid foundation for AWS network topics.

Explore cloud networking fundamentals by connecting clients to cloud services, understanding HTTP and other protocols, and planning site-to-site, VPN, and direct connect connectivity for AWS data centers.

Bandwidth is the data transfer rate, while latency depends on distance; distance shapes latency, impacting microsecond latency for data centers and high-frequency trading, and voice over IP.

Master IPv4 addressing, DNS lookup, subnet masks, and CIDR notation, and explore classful ranges and private RFC 1918 addresses within AWS cloud networks.

Explore the osi model, a conceptual framework of seven layers from physical to application. Learn how tcp/ip maps onto these layers and review example protocols like http, dns, ftp, ssh.

Explore routing and switching to move data across networks, from layer two switches using mac addresses to layer three routers using route tables to reach different ip networks.

Explore how network address translation enables private internal networks to reach the public internet by translating private addresses to a public IP, allowing return traffic to reach internal devices.

Apply defense in depth with firewalls that filter traffic, allow port 80 and 443 to the web tier, and deny everything else, using security groups and network ACLs in AWS.

Explore Amazon VPC, a logically isolated portion of the AWS cloud where you define IPv4 and IPv6 ranges, create subnets across availability zones, and route traffic with tables and gateways.

Navigate the AWS VPC console to explore the default VPC across regions, including VPCs, subnets, route tables, and internet gateways, with regional CIDR and public IP behavior.

Explore the differences between public and private subnets in a VPC, including public IP assignment, Internet gateway routes, and NAT gateway use for Internet access.

Defining VPC CIDR blocks, this lecture explains CIDR sizing, subnet masks, and non-overlapping ranges, using 10.0.0.0/16 with /20 subnets to ensure hosts and reserved addresses are accounted for.

Create a custom VPC in a selected region, using 10.0.0.0/16 and six subnets—three public and three private—across availability zones. Prepare route tables and an internet gateway for public subnets later.

Attach an internet gateway and route 0.0.0.0/0 for public subnets, then create a private route table with only local routes for private subnets, planning a future NAT gateway.

Explore how security groups and network ACLs control traffic in a VPC, highlighting stateful versus stateless filtering, instance-level versus subnet-level rules, and practical best-practice configurations.

Launch Amazon Linux 2 EC2 instances in public and private subnets to validate the VPC, test SSH with key pairs, and explore jump host access and NAT gateway.

Learn how NAT gateways and NAT instances provide internet access for private subnets. NAT gateways are AWS managed in public subnets with elastic IPs; NAT instances require manual OS management.

Set up a NAT gateway in a public subnet to grant internet access to a private subnet by routing 0.0.0.0/0 and updating the private route table.

Discover how to enable IPv6 in a VPC, configure a /56 IPv6 range with /64 subnets, and route IPv6 to the Internet gateway via an egress-only internet gateway.

Configure IPv6 in a custom VPC by adding an Amazon provided IPv6 CIDR (/56), enable IPv6 on public subnets, and test connectivity using ping6 and IPv6 ICMP rules.

Learn to enable DNS hostnames and DNS resolution in a VPC, customize DHCP option sets, and launch an EC2 in a public subnet using DNS or IP for connectivity.

Explore Amazon EC2 networking basics, including elastic network interfaces, elastic network adapters, and elastic fabric adapters, with public, private, and IPv6 addresses in VPC contexts.

Learn how EC2 instances use elastic network interfaces ENI and high-performance adapters ENA and EFA across subnets in the same availability zone, with private and public IPs.

Learn to manage elastic network interfaces (ENIs) in AWS, including creating, attaching, and detaching ENIs to an EC2 Linux instance in a VPC across subnets within the same availability zone.

Understand public, private, and elastic IP addresses in AWS VPC: public IPs are dynamic, private IPs are retained, and elastic IPs are static and movable between instances.

Explore how the internet gateway uses one-to-one NAT to map a private EC2 IP to a public address and back. Understand that the instance does not see the public IP.

Explore EC2 IP addresses by detaching a network interface, stopping vs rebooting behavior, and allocating and re-associating an elastic IP to an ENI or another instance.

Explore advanced VPC connectivity options, including cross-account VPC pairing via AWS Organizations, private IP routing across regions, VPC endpoints for private access to AWS services, and Route 53 routing policies.

Create and manage a new AWS account within an organization using AWS Organizations, then verify the email and switch roles to access the new account.

Explore vpc peering to connect resources across vpcs using private ipv4 or ipv6 addresses. Understand non overlapping cidr blocks, non-transitive routing, and configuring routes and security groups for cross-vpc communication.

Create a custom VPC in a second account with 10.1.0.0/16, enable public subnets and IPv4 addresses, attach an internet gateway, and configure routes for cross-account VPC peering.

Create a cross-account, cross-region vpc peering between vpcs in us east north virginia and us east ohio, update routes and security groups to enable icmp ping between private ip addresses.

Discover how VPC endpoints enable private access to AWS services, using interface endpoints (ENI, PrivateLink) or gateway endpoints for S3, with route tables, DNS, and endpoint policies.

Learn to create a gateway endpoint in your VPC for S3, place an EC2 in a private subnet, and access S3 via the endpoint from a public subnet.

Explore how Amazon Route 53 functions as a DNS server, using hosted zones and records, and apply routing policies—simple, weighted, latency, failover, geolocation, and multivalue—to direct users.

See how Amazon Route 53 Resolver connects on-premises DNS with Route 53, using outbound and inbound endpoints to resolve records across hosted zones and internal DNS.

Explore hybrid connectivity between on-premises data centers and AWS, including client VPN, site-to-site VPN, VPN cloud hub, direct connect, direct connect gateway, and transit gateway in hands-on labs.

Discover how AWS client VPN connects a user device to a VPC via an encrypted SSL/TLS VPN endpoint, enabling private IP access to subnets and VPC resources.

deploy an AWS client VPN with certificate-based mutual authentication, generate certificates, configure a VPN endpoint, associate a subnet, and test connectivity to a private subnet instance via OpenVPN.

Connect a customer data center to AWS via a site-to-site VPN, enabling an encrypted tunnel over the internet with a VGW and a customer gateway, using static routes or BGP.

Explore the cloudhub pattern for linking multiple on-prem offices to a single AWS VPC using site-to-site IPsec VPN, VGW, per-office BGP ASNs, in a hub-and-spoke topology.

AWS Direct Connect provides a private, reliable link from your data center to AWS, enabling private and public virtual interfaces, predictable latency, and potential cost savings.

Learn to create an AWS direct connect connection in the console, obtain a letter of authorization, coordinate with a data center provider, and configure private or public virtual interfaces.

Discover how AWS direct connect gateway simplifies global connectivity by linking a single corporate office to multiple regions via a DX Gateway, private VIFs, and the AWS backbone.

Explore elastic load balancing on AWS, directing traffic to multiple EC2 targets for high availability and performance; compare application and network load balancers with AWS Global Accelerator hands-on demos.

Elastic Load Balancing distributes connections across EC2, Lambda, or IP targets to improve availability. It covers classic, application, network, and gateway load balancers, with health checks and Route 53 integration.

Create an EC2 auto scaling group to support application and network load balancers, deploying a launch template with t2.micro instances across four subnets in four AZs, monitored by CloudWatch.

Create an application load balancer with two target groups and host-based routing. Use a host header to direct traffic to TG1-ALB or TG2-ALB and validate health checks.

Launch a network load balancer, configure two TCP target groups on port 80 with HTTP health checks, register instances, and test routing, including a 8080 listener and Route 53 alias.

Use AWS Global Accelerator to route users via the AWS global network, using static anycast IPs and edge locations to reach the nearest healthy region with improved latency and bandwidth.

Launch a two-region AWS Global Accelerator with ALBs and EC2 instances, configure endpoint groups in us-east-1 and ap-southeast-2, then test failover and DNS routing.

Explore AWS monitoring and auditing tools to troubleshoot and log network activity, including CloudWatch, CloudTrail, VPC flow logs, traffic mirroring, and Reachability Analyzer.

Explore how Amazon CloudWatch monitors performance, collects logs and metrics from EC2, VPC, ALB, NLB, and VPN tunnels, and creates dashboards, alarms, and custom metrics for effective monitoring and alerting.

Discover how AWS CloudTrail audits API actions across AWS services, identifies who performed each action, and delivers logs to S3 or CloudWatch for analysis with Athena.

Discover how VPC flow logs capture network traffic to and from interfaces within a VPC, export to Amazon S3 and CloudWatch Logs, and attach to a subnet, VPC, or ENI.

Learn to create and configure AWS VPC flow logs for EC2 and subnets, log to an S3 bucket, filter traffic, and analyze data with Amazon Athena.

Copy traffic from an EC2 instance's ENI to security appliances. Mirror sources and targets in the same or peer VPC, and apply a traffic mirror filter with VXLAN encapsulation.

Use AWS Reachability Analyzer to map network paths between VPC resources, verify whether traffic is reachable or blocked, and understand how security groups, ACLs, and gateways affect connectivity.

Configure the AWS CLI with IAM user credentials and securely handle access keys. Run AWS configure to enter the access key id, secret, and region, then verify with S3 ls.

Create a VPC with subnets using the AWS CLI and CIDR blocks. Attach an Internet gateway, configure a route table for 0.0.0.0/0, and enable public IPs on launch.

Define your AWS infrastructure with code using CloudFormation, an AWS native tool that builds VPC configurations from JSON or YAML templates, including subnets, route tables, NAT gateways, and security groups.

Learn to build an Amazon VPC with CloudFormation using a YAML template, defining environment name, VPC CIDR, public and private subnets across two AZs, internet gateway, and NAT gateways.