AWS Certified Solutions Architect Associate (SAA-C03): Core Services
Field | Description / Template |
|---|---|
Purpose | This course provides in-depth knowledge of AWS core services required to design, deploy, and manage scalable and secure cloud architectures. It focuses on compute, storage, networking, identity, and DNS services, enabling learners to build strong architectural foundations and prepare effectively for the SAA-C03 certification exam. |
Audience | Beginners to intermediate learners, AWS certification aspirants, developers, system administrators, and cloud engineers working with AWS core services. |
Role | Solutions Architect, Cloud Engineer, System Administrator, DevOps Engineer, Developer. |
Domain | Cloud Computing, Cloud Architecture |
Skill Level | Beginner to Intermediate |
Style | Hands-on, demo-driven learning with detailed walkthroughs, real-world scenarios, and exam-focused explanations of AWS core services. |
Duration | 25–35 hours |
Related Technologies | AWS IAM, Amazon EC2, Amazon EBS, Amazon S3, Amazon VPC, AWS CloudShell, Amazon Route 53, AWS Direct Connect, AWS VPN, Amazon EFS, AWS FSx, AWS Compute Optimizer |
Course Description
This course provides a comprehensive deep dive into AWS core services essential for building cloud solutions. Learners will begin with identity and access management (IAM), understanding users, roles, policies, and security best practices.
The course covers networking concepts using Amazon VPC, including subnets, routing, gateways, and advanced connectivity options like VPC peering, PrivateLink, VPNs, and Direct Connect. Learners will gain hands-on experience designing secure and scalable network architectures.
Compute services are explored in detail, including Amazon EC2, instance types, storage options (EBS, instance store), and performance optimization techniques. Storage solutions such as Amazon S3 and EFS are covered extensively, including lifecycle management, security, and performance tuning.
The course also dives into DNS and routing using Amazon Route 53, including routing policies, health checks, and hybrid DNS solutions. Advanced topics such as IAM Identity Center, directory services, and complex IAM policies are also included.
Through hands-on demos and real-world scenarios, learners will gain the practical skills required to design, secure, and optimize AWS environments while preparing for the AWS Certified Solutions Architect – Associate (SAA-C03) exam.
Who is this course for
AWS certification aspirants (Solutions Architect Associate)
Cloud engineers and system administrators
Developers building applications on AWS
Beginners transitioning into cloud roles
IT professionals working with AWS core services
Course Objectives
By the end of this course, learners will be able to:
Manage identity and access using IAM users, roles, and policies
Design and configure secure VPC networking architectures
Deploy and manage EC2 instances and storage solutions
Implement and optimize Amazon S3 for storage and data management
Configure DNS and routing using Amazon Route 53
Implement secure connectivity using VPN and Direct Connect
Optimize cost and performance for compute resources
Apply best practices for cloud security and architecture
Prepare effectively for the SAA-C03 certification exam
Prerequisites
Basic understanding of cloud computing concepts
Familiarity with IT infrastructure (networking, servers, storage)
Completion of AWS fundamentals or Certification Essentials (recommended)
No advanced AWS experience required
Course outline
Section 1: AWS Identity and Access Management (IAM) Overview
What Is IAM?
Lab: Securing the AWS Root Account
Section 2: AWS Identity and Access Management (IAM) Overview
AWS IAM Users and Groups
Lab: Creating an Admin IAM User and Group
IAM Policies
Exploring an IAM Policy
Lab: Creating an IAM Policy
Lab: Creating an IAM Inline Policy
Understanding AWS IAM Access Keys
Lab: Creating Access Keys
AWS IAM Credential Reports
Lab: Creating an AWS IAM Credential Report
Section 3: IAM Roles
What Are IAM Roles?
IAM Role Trust Policies
Lab: Creating an IAM Role and Trust Policy
Lab: Creating a Cross-account IAM Role
EC2 Instance Profiles
Lab: Creating an EC2 Instance Profile
Section 4: AWS CloudShell
What Is AWS CloudShell?
Lab: Using AWS CloudShell
Section 5: Amazon Virtual Private Cloud (VPC) Overview and CIDRs
Amazon VPC Overview
Lab: Exploring the Default VPC
Lab: Creating a Custom VPC
Section 6: VPCs: Subnets, Routing, NACLs, and Security Groups
VPC Internet Gateways
VPC Subnets
VPC Route Tables
Lab: VPC Route Tables and Subnets
Network Access Control Lists (NACLs)
Security Groups
Lab: Creating NACLs and Security Groups
DHCP Option Sets
Lab: Creating a DHCP Option Set
Section 7: VPC Peering, Network Gateways, Endpoints, and AWS PrivateLink
VPC Peering
Lab: Peering VPCs
Public NAT Gateways
Lab: Deploying a NAT Gateway
Transit VPCs
VPC Endpoints and AWS PrivateLink
Gateway Endpoints
Lab: Gateway Endpoints
Interface Endpoints
Lab: Interface Endpoints
Section 8: Amazon Elastic Compute Cloud (EC2) Overview
Amazon EC2 and AMIs
Amazon EC2 Sizes and Instance Types
Lab: Launching an EC2 Instance and Creating an AMI
Amazon EC2 User Data
Lab: Passing in EC2 User Data
EC2 Hibernate
Lab: Hibernating an EC2 Instance
Section 9: EC2 and Amazon Elastic Store (EBS)
Amazon EC2 Storage
Amazon Elastic Store (EBS)
EBS Volume Types
Encryption of EBS volumes
Amazon EBS Snapshots
Lab: Creating an EBS Volume and Snapshot
Lab: Copying Snapshots Between AWS Regions
Lab: Creating Encrypted Version of Unencrypted EBS Snapshots
EC2 Instance Stores
Lab: Creating an EC2 Instance Store
Section 10: EC2 Security Features
Connecting to EC2 Instances with Bastion Hosts
Lab: Connect to EC2 Using SSH
Lab: Connect to EC2 Using RDP
Lab: Using EC2 Instance Connect
Lab: Deploying and Using a Bastion Host
Connecting to EC2 via Session Manager (SSM)
Lab: Connect to EC2 via Session Manager in Console
Lab: Connect to EC2 via Session Manager via CLI
Using the Instance Metadata Service Version 2 (IMDSv2)
Lab: Exploring the IMDSv2 Information
Section 11: EC2 Networking and Performance Scenarios
Configuring an Elastic Network Interface (ENI)
Assigning Static IPv4 with Elastic IP Addresses (EIPs)
Lab: Associating an EIP
Dual-home EC2 Instances
Lab: Creating a Dual-home EC2 Instance
Increasing Performance with EC2 Placement Groups
Lab: Launching EC2 Instances in a Placement Group
AWS Outposts for Localized Compute
Enhanced Networking for EC2
Section 12: EC2 Price Optimizations
Reserved Instances and Capacity Reservations
Savings Plans
Dedicated Hosts and Instances
Purchasing Spot Instances
Lab: Creating a Spot Instance
Reducing Spend Using AWS Compute Optimizer
Section 13: Network Storage and Elastic File Systems
What Is Amazon Elastic File System (EFS)?
EFS Performance
EFS Storage Classes
Lab: Deploying an Elastic File System for EC2
Amazon FSx for Windows
Amazon FSx for Lustre
Amazon FSx for NetApp ONTAP
Amazon FSx for OpenZFS
Section 14: Amazon Simple Storage Service (S3) Overview
What Is Amazon Simple Storage Service (S3)?
Amazon S3 Buckets
Amazon S3 Objects
Lab: Creating an Amazon S3 Bucket
Amazon S3 Storage Classes
Lab: Create a Bucket with S3 One Zone-IA Storage Class
Amazon S3 Versioning
Lab: Enabling S3 Versioning and Recovering a Deleted File
Amazon S3 Object Lifecycles
Lab: Transitioning Objects Using Lifecycle Policies
Amazon S3 Bucket Replication
Lab: Implement Cross-region Replication in S3
Section 15: S3: Important Features
Performing Batch Operations with Amazon S3
Filter Objects Using S3 Select and S3 Glacier Select
Lab: Filtering Objects Using S3 Select
Analyzing Data Using S3 Storage Lens
Receiving Event Notifications from Amazon S3
Lab: Trigger a Lambda Function Using Event Notifications
Faster Content Transfer with S3 Transfer Acceleration
Lab: Testing Amazon S3 Transfer Acceleration
Offloading Costs Using S3 Requester Pays
Serving Websites from S3 with Website Endpoints
Lab: Host a Website in Amazon S3
Optimizing S3 Performance
Section 16: S3 Security
Controlling S3 Access with Bucket Policies
Breaking Down an S3 Bucket Policy
Lab: Implement a S3 Bucket Policy
Bucket and Object Access Control Lists in S3
Lab: ing Public Access to Your Amazon S3 Bucket
Encrypting Data at Rest in Amazon S3: Overview
Encrypting Data at Rest in Amazon S3: SSE-S3
Encrypting Data at Rest in Amazon S3: SSE-KMS
Encrypting Data at Rest in Amazon S3: SSE-C
Encrypting Data at Rest in Amazon S3: Client-side
Optimizing S3 Encryption Using Bucket Keys
Lab: Enabling SSE-KMS S3 Bucket Key Encryption
Amazon S3 Encryption in Transit
Preventing Accidental Deletions with MFA Delete
Logging Interactions Using S3 Access Logs
Lab: Turning on Access Logging in S3
Granting Access to Objects with S3 Presigned URLs
Lab: Sharing an S3 Presigned URL
Fine-grained Access Control with S3 Access Points
Transforming S3 Objects with Object Lambdas
Using S3s to Meet Compliance Requirements
Section 17: Amazon Route 53: Zones, Records, Policies, and Health Checks
Global DNS with Amazon Route 53
Managing Domains with Route 53 Hosted Zones
Lab: Viewing Public Hosted Zones
Lab: Creating a Private Hosted Zone
Amazon Route 53 Records
Lab: Creating an “A” Route 53 Record
Lab: Creating an “Alias” Route 53 Record
Lab: Viewing “NS” Route 53 Records
Amazon Route 53 Routing Policies
Additional Amazon Route 53 Routing Policies
Lab: Creating a Simple Routing Policy
Lab: Creating a Weighted Routing Policy
Lab: Creating a Failover Routing Policy
Lab: Creating a Geolocation Routing Policy
Lab: Using Traffic Flow and Geoproximity Routing
Lab: Creating a Latency Routing Policy
Lab: Creating a Multivalue Routing Policy
Lab: Registering Your Domains in Route 53
Health Checking Route 53 Resources
Lab: Setting up Endpoint Health Checks
Lab: Setting up Calculated Health Checks
Lab: Setting up Private Hosted Zone Health Checks
Section 18: Amazon Route 53: Resolvers
Hybrid DNS Overview
Defining Hybrid DNS Rules with Route 53 Endpoints
Protecting DNS Traffic with Resolver DNS Firewall
Section 19: Advanced VPC: Virtual Private Networks (VPNs)
Protecting VPC Networking with VPNs
Site-to-Site (S2S) VPNs
AWS Client VPN
AWS VPN CloudHub
Implementing a Third-party VPN
Section 20: Advanced VPC: Direct Connections, Direct Connect Gateways, and Transit Gateways
Exploring Direct Connections
Choosing the Correct Direct Connect Type
Centralizing Management with Direct Connect Gateways
Encrypting Network Traffic with VPN over Direct Connect
Centralized Traffic with AWS Transit Gateways
Attaching Transit Gateways
Section 21: Advanced VPC: Miscellaneous Features and Scenarios
Lab: ing Bad IPs Quickly via NACLs
Logging VPC Traffic with VPC Flow Logs
Lab: Setting up VPC Flow Logs
Capturing Traffic with VPC Traffic Mirroring
IPv6 Egress-only Internet Gateways
Section 22: Advanced IAM: AWS IAM Identity Center and AWS Directory Services
Using AWS Directory Services
Single-sign On with AWS IAM Identity Center
Section 23: Advanced IAM: Complex IAM Policies and Conditions
Troubleshooting Overlapping IAM Policies
Custom Conditions and Statements in IAM Policies
Lab: Using SourceIP in IAM Policies
Lab: Requiring an ExternalID for Assuming Roles