Essentials in 3 days: Cover the most important AWS services through short theory and many labs.
Hands-on with IAM, VPC, EC2, EBS, S3, Route 53 and CloudFront.
Understand networking, security, compute, storage and CDN fundamentals.
Gain practical experience (~70%) by building a secure VPC, EC2 workloads and a static S3+CloudFront website.
How this course helps: confidence to start real AWS projects with best practices.
Who it’s for: designed for developers and IT pros new to AWS.
By the end, you’ll deploy secure workloads and static websites with confidence.
Curriculum
Day 1 – Foundations and IAM
- AWS global infrastructure: regions, AZs; shared responsibility model
- Accounts, Organizations (overview), multi-account basics and tagging strategy
- IAM essentials: users, groups, roles, policies; least privilege and managed vs. inline policies
- Policy structure: Effect, Action, Resource, Condition; policy evaluation logic
- Temporary credentials with STS; IAM Roles for EC2 and AWS service access
- Hands-on: create IAM users/roles, set MFA, rotate access keys; use AWS CLI
Day 1 – VPC networking basics
- VPC, subnets (public/private), route tables, Internet Gateway, NAT Gateway/Instance
- Security Groups vs. Network ACLs; stateful vs. stateless filtering
- VPC endpoints (Gateway/Interface) to access S3 and other services privately
- Hands-on: build a minimal VPC with one public and one private subnet
Day 2 – Compute (EC2) and block storage (EBS)
- EC2: instance types and families, AMIs, key pairs, user data, bootstrap patterns
- Placement, purchasing options (on-demand/reserved/spot) — essentials
- EBS: volume types (gp3, io1), sizing, performance, multi-attach (where supported), encryption by default
- Snapshots and restores; fast snapshot restore basics
- Hands-on: launch a secure EC2 instance in the private subnet via a bastion; attach and resize an EBS volume
Day 2 – Object storage (S3)
- Buckets and objects; storage classes; lifecycle rules and intelligent tiering (overview)
- S3 security: bucket policies vs. IAM, block public access, Access Points (overview)
- Encryption: SSE-S3 vs. SSE-KMS; basic KMS key policy awareness
- Static website hosting on S3 (when to use CloudFront)
- Hands-on: upload data, versioning, lifecycle, SSE-KMS
Day 3 – DNS (Route 53) and CDN (CloudFront)
- Route 53 hosted zones and records; simple/weighted/latency/failover routing (essentials)
- Health checks and DNS failover (developer view)
- CloudFront: distributions, origins (S3/ALB), behaviors, caching and invalidations
- Secure S3 origins with OAC/OAI; HTTPS and custom domains
- Hands-on: map a domain to CloudFront, front an S3 website; test cache behavior
Operations, monitoring and cost basics
- CloudWatch Logs/Metrics/Alarms for EC2 and S3 events (overview)
- Basic troubleshooting playbooks (connectivity, permissions, throttling)
- Cost Explorer and budgets; tags and allocation; KMS and data-transfer gotchas
- Wrap up and next steps toward the broader academy
Optional modules
Optional extensions (if time allows)
- Elastic Load Balancing and Auto Scaling (brief) with best practices
- S3 static website behind CloudFront with signed URLs/signed cookies
- VPC flow logs and CloudTrail basics
Course Day Structure
- Part 1: 09:00–10:30
- Break: 10:30–10:45
- Part 2: 10:45–12:15
- Lunch break: 12:15–13:15
- Part 3: 13:15–15:15
- Break: 15:15–15:30
- Part 4: 15:30–17:30