Learn how CI/CD pipelines automate building, testing, approving, and deploying code from git to staging and production, with continuous integration, delivery, and deployment in real-world DevOps workflows.

Learn how to automate software builds with AWS CodeBuild, a fully managed build service that fetches code, compiles it, runs tests, and stores ready-to-deploy binaries as artifacts in S3.

Designs a practical AWS CodeBuild workflow that fetches code from GitHub, compiles it with gcc, and stores the hello world binary in an S3 bucket via a buildspec.

Troubleshoot CodePipeline stage failures by verifying source access to GitHub, correct buildspec.yml and artifacts in S3, and valid appspec YAML with a healthy EC2 CodeDeploy agent, logging to CloudWatch.

Elastic Beanstalk uses rolling with additional batch to deploy a newer version by launching a new EC2 batch, adding it to the load balancer, then updating existing instances.

Explore how A/B testing splits traffic between two web page variations to compare conversions, monitor metrics, and use Route 53 weighted records to gradually roll out a newer interface.

Set up a PR validation pipeline with CloudFormation templates, CodeCommit, CodeBuild, Lambda functions, and CloudWatch events to automatically validate pull requests and post status updates.

Explore CodeDeploy deployment configuration to control rollout across EC2, Lambda, and ECS; EC2 options all at once, half, one at a time; Lambda/ECS canary, linear, and all at once.

Explain the CodePipeline service role, how to attach a rule with required permissions for CodeCommit and CodeDeploy, and how to tailor IAM policies and JSON policies for secure pipelines.

Explore AWS CodePipeline stage actions, enabling serial action groups or parallel actions within stages, and master run order concepts and manual approvals for pipeline workflows.

Explore Session Manager in AWS Systems Manager, enabling browser-based or CLI access to EC2 instances without open ports or SSH keys, with RBAC and audit logging to CloudWatch or S3.

Explore how to execute a Systems Manager automation runbook to stop an EC2 instance, understand the workflow, and review status and results.

Discover how AWS Systems Manager compliance scans patch and configuration across managed instances, flags non-compliant resources, and integrates with Security Hub and Chef Inspec for audits.

Explore hybrid activation by comparing standard and advanced instance tiers, highlighting session manager availability, per-region limits, and suitability for small to medium versus large environments.

Explore how the depends on attribute in CloudFormation ensures correct resource creation order, making the RDS database deploy before EC2 instance and handling stack deletion so EC2 is terminated first.

Discover how the AWS Service Catalog securely provisions development environments using CloudFormation templates or Terraform, reduces overprovisioning, and enables cross-account portfolio sharing for governed IT resources.

Explore how RDS read replicas offload read traffic from the primary database, enable multi-region replication, and support scalable analytics while keeping writes on the primary.

Explain multi-az deployment types in RDS, detailing the older multi-az instance with one standby and the newer multi-az cluster with writer and two readers across separate availability zones.

Explore Amazon Aurora, a MySQL and PostgreSQL compatible relational database built for the cloud, delivering enterprise performance with open source efficiency and scalable storage with cluster, reader, and instance endpoints.

Explore capacity modes in DynamoDB, including provision mode and on-demand mode, and learn how auto scaling adjusts read and write capacity units to prevent throttling.

Learn how the DynamoDB accelerator (DAX) provides a managed in-memory cache that delivers up to ten times faster reads by serving frequently accessed data from a DAX cluster.

Understand how Route 53 failover routing redirects traffic to a healthy primary EC2 and, if unhealthy, to a secondary maintenance page hosted on S3, guided by health checks.

Explore latency-based routing in Route 53, directing user requests to the region with the lowest latency and illustrating with a practical demo and multi-region setup.

Discover how application load balancers operate at the application layer by inspecting http headers. Learn to use host header and user agent header for path-based and host-based routing effectively together.

Set up a nginx-backed EC2 instance and an application load balancer with an http listener, create a target group, test traffic, and ensure port 80 is open.

Learn how network load balancers operate at the transport layer to support non-http protocols like TCP, UDP, SSH, DNS, and FTP, while handling millions of requests per second.

Explore how an EC2 auto scaling group uses a launch template, security groups, and health checks to automatically launch or terminate instances, including manual scaling and scaling policies.

Explore the simple scaling policy in AWS auto scaling, driven by CloudWatch alarms and CPU utilization thresholds to scale out or in, with a cooldown to stabilize the system.

Schedule scaling policy automatically adjusts an auto scaling group's desired capacity at times to handle traffic spikes and save costs, increasing before 9 a.m. daily and decreasing after 6 p.m.

Learn the basics of application programming interfaces and how an api acts as a secure intermediary to access backend data, with a weather data use case.

Explore api keys to control access through api gateway using the x api key header. Learn how usage plans pair with keys to set throttling and quotas.

Master API gateway logging by examining execution and access logs, tracing request flow from client to Lambda, and using CloudWatch metrics for errors, latency, and geolocation insights.

Implement canary deployment at the API gateway level by shifting traffic between base and canary stages. Configure stage distribution options like 50/50 or 90/10 and monitor logs and latencies.

Learn how elastic container registry acts as a fully managed central repository for Docker images, supporting private and public repositories and seamless AWS integration with EC2.

Compare ECS and EKS for container orchestration on AWS, outlining open source status, complexity, and community support; choose ECS for simple AWS integration or Kubernetes for multi-platform deployment.

Explore how to create an ECS cluster, define tasks, and deploy an nginx service on EC2 with port mappings, security groups, and revision updates.

Explore the essential steps to create an ECS cluster using the AWS console, including configuring the cluster service role, Kubernetes version, and node group with IAM and ECR permissions.

Deploy and configure a Kubernetes cluster on AWS by creating an ECS cluster, setting up IAM roles, VPC, subnets, security groups, a node group, and kubectl, then deploy nginx.

Explore how FSx provides a simple, fully managed, secure file system platform with Lustre, Openzfs, Windows file server, and NetApp ONTAP, integrating with S3 and KMS.

Explore how transit gateways centralize vpc connectivity, replacing complex vpc peering. Attach multiple vpcs and on-prem networks such as Direct Connect and site-to-site vpn to enable cross-vpc communication.

Learn to safely terminate endpoint services resources by detaching the interface endpoint, deleting the endpoint service, and then terminating the load balancer, instances, and target group to avoid AWS costs.

Explore the basics of EC2 pricing including on-demand, reserved instances, savings plans, spot instances, and dedicated hosts, and learn cost optimization strategies with the pricing calculator.

Reserve EC2 capacity in a specific availability zone with on-demand capacity reservations, without long-term commitments.

Learn how EC2 fleet combines spot and on‑demand instances across types and availability zones, using target capacity and weighted capacity to meet your 16 vcpu needs cost‑effectively.

Explore how AWS Health delivers service event notifications, distinguishes account-specific from public events, and enables automations with Eventbridge, Lambda, and Slack notifications to respond to issues.

Explore OpenSearch storage tiers, including hot data nodes with EBS or instance store for fast indexing and searching, and ultrawarm and cold storage backed by S3 for cost-effective queries.

Configure the unified Cloudwatch agent on ec2 to send metrics and logs to Cloudwatch, by creating an iam role, installing, running the configuration wizard, and starting the agent.

learn how AWS X-Ray enables debugging and monitoring of microservice apps through request tracing, showing root causes, performance insights, and visualization of traces.

Explore Amazon Kinesis capabilities, including data stream, data firehose, data analytics, and video stream, to capture, deliver, transform, and analyze streaming data in real time.

Configure the AWS config aggregator across two accounts by enabling config, creating the aggregator, and authorizing the sandbox account in the Singapore region to collect cross-account resource inventories.

integrate AWS config rules with SSM automation to remediate non-compliant resources, such as encrypting S3 buckets and closing open port 22 on security groups, with change manager approval.

Configure a system status check alarm to auto recover the EC2 instance by stopping and starting it. Instance auto recovery does not apply to instance status checks.

Replicate secrets across AWS regions to support high availability and disaster recovery. Learn how Secrets Manager replicas, promotion to standalone, and rotation ensure credential continuity for cross-regional apps.

Explore how AWS Security Hub aggregates findings from GuardDuty, Inspector, AWS Config, and tools into a dashboard, enabling CSPM checks against CIS, PCI DSS, and NIST standards to prioritize issues.

Discover how web application firewalls inspect HTTP requests and bodies to block malicious content, compare ModSecurity with managed AWS and Cloudflare WAFs, and use rule builders and managed rules.

Explore how AWS WAF protects web applications by blocking exploits with geolocation and custom or managed rules, including third-party rule groups, integrated with application load balancers, API gateway, and CloudFront.

Explore identity account architecture to centralize IAM users in an identity account and enable cross-account login via cross-account roles, with its advantages, disadvantages, and alternatives like Identity Center.

Design and test cross-account IAM roles by creating a user in the identity account, a trusted role in the destination account, and enabling role switching.

Compare deny list and allow list strategies for service control policies, starting from default full access to explicit denies. Understand benefits, limitations, and practical demos at root and account levels.

Learn how AWS secure token service (STS) issues temporary credentials for IAM users and federated identities, enabling role assumption, cross-account access, and short-lived access keys and session tokens.

Explore attribute based access control (abac) as a scalable alternative to rbac, using tags and attributes to grant permissions with a single policy across red and green environments.

Explore how Amazon Cognito handles authentication, authorization, and user management for web and mobile apps, including sign up, social sign-in, email verification, and multifactor authentication, and account recovery.

Firewall manager centrally configures rules across AWS accounts, enabling consistent security for applications with WAF, VPC security groups, and Route 53 DNS firewall.

Enable GuardDuty in your AWS account and explore the findings dashboard, including severity levels and EC2 details, with generated sample findings during a 30-day trial.

Discover how Amazon Macie uses machine learning and pattern matching to detect sensitive data in S3 backups, identify PII and credentials, and generate actionable findings for remediation.

Practice setting up and enabling Amazon Macie to scan an S3 bucket in the North Virginia region, run a one-time job, review high-severity findings, and note potential trial charges.

Configure AWS Inspector vulnerability scans to assess EC2 and Docker images, using SSM agent, IAM policies, and Inspector console, with a hands-on walkthrough of two instances.

Discover how AWS key management service enables encryption and decryption with keys, via a practical plaintext to ciphertext workflow, base64 decoding, and integration with S3 and EBS.

Create a CMK and define an administrator and a key user to enable encryption and decryption, then use IAM and CLI workflows to manage keys.

Schedule key deletion introduces a seven to thirty-day waiting period to prevent irreversible data loss, while disabling a key blocks encryption and decryption until it is re-enabled, safeguarding production data.

Explore IAM access analyzer to identify resources shared with external entities, validate policies against policy grammar and best practices, and generate IAM policies from CloudTrail activity.

Learn to use AWS IAM access analyzer to verify findings, create analyzers, identify cross-account access via bucket policies and roles, and manage findings by archiving and re-scanning.

Understand how S3 encryption protects data with server-side encryption options (SSE-S3, SSE-KMS, SSE-C) and client-side encryption.

Learn how canned ACL enables cross-account S3 access by applying bucket owner full control to objects, ensuring both accounts can read and manage logs in a central S3 bucket.

Set up server access logging for an S3 bucket with a separate target bucket, enabling automatic policy updates and later query the logs with Athena for insights.

Explore how the resource access manager securely shares AWS resources across accounts, enabling cross-account subnet and prefix list sharing, invitations, and permissions management.

Explore how AWS certificate manager simplifies issuing and renewing trusted certificates for domains, integrates with load balancers for https, and secures private keys to prevent leakage.

Explore how virtual private networks create a middle proxy to route client traffic, enabling encryption, anonymity, and geo bypass, with both personal and corporate use cases.

Explore AWS client VPN, a fully managed remote access VPN, enabling access to internal servers in private subnets via OpenVPN protocol with pay-as-you-go, elastic scaling.

Explore AWS Client VPN authentication options, including Active Directory, mutual certificate, and SAML-based single sign-on, and understand certificate-based mutual authentication with client and server certificates.

Learn how the EC2 image builder automates creating golden or hardened AMIs by applying CIS benchmark hardening, build and test components, and distributing secure images across regions.