AWS Certified Solutions Architect Associate (SAA-C03): Core Services

Course Description

This course provides a comprehensive deep dive into AWS core services essential for building cloud solutions. Learners will begin with identity and access management (IAM), understanding users, roles, policies, and security best practices.

The course covers networking concepts using Amazon VPC, including subnets, routing, gateways, and advanced connectivity options like VPC peering, PrivateLink, VPNs, and Direct Connect. Learners will gain hands-on experience designing secure and scalable network architectures.

Compute services are explored in detail, including Amazon EC2, instance types, storage options (EBS, instance store), and performance optimization techniques. Storage solutions such as Amazon S3 and EFS are covered extensively, including lifecycle management, security, and performance tuning.

The course also dives into DNS and routing using Amazon Route 53, including routing policies, health checks, and hybrid DNS solutions. Advanced topics such as IAM Identity Center, directory services, and complex IAM policies are also included.

Through hands-on demos and real-world scenarios, learners will gain the practical skills required to design, secure, and optimize AWS environments while preparing for the AWS Certified Solutions Architect – Associate (SAA-C03) exam.

Who is this course for

• AWS certification aspirants (Solutions Architect Associate)

• Cloud engineers and system administrators

• Developers building applications on AWS

• Beginners transitioning into cloud roles

• IT professionals working with AWS core services

Course Objectives

By the end of this course, learners will be able to:

• Manage identity and access using IAM users, roles, and policies

• Design and configure secure VPC networking architectures

• Deploy and manage EC2 instances and storage solutions

• Implement and optimize Amazon S3 for storage and data management

• Configure DNS and routing using Amazon Route 53

• Implement secure connectivity using VPN and Direct Connect

• Optimize cost and performance for compute resources

• Apply best practices for cloud security and architecture

• Prepare effectively for the SAA-C03 certification exam

Prerequisites

• Basic understanding of cloud computing concepts

• Familiarity with IT infrastructure (networking, servers, storage)

• Completion of AWS fundamentals or Certification Essentials (recommended)

• No advanced AWS experience required

Course outline

Section 1: AWS Identity and Access Management (IAM) Overview

• What Is IAM?

• Demo: Securing the AWS Root Account

• Module Summary and Exam Tips

Section 2: AWS Identity and Access Management (IAM) Overview

• AWS IAM Users and Groups

• Demo: Creating an Admin IAM User and Group

• IAM Policies

• Exploring an IAM Policy

• Demo: Creating an IAM Policy

• Demo: Creating an IAM Inline Policy

• Understanding AWS IAM Access Keys

• Demo: Creating Access Keys

• AWS IAM Credential Reports

• Demo: Creating an AWS IAM Credential Report

• Module Summary and Exam Tips

Section 3: IAM Roles

• What Are IAM Roles?

• IAM Role Trust Policies

• Demo: Creating an IAM Role and Trust Policy

• Demo: Creating a Cross-account IAM Role

• EC2 Instance Profiles

• Demo: Creating an EC2 Instance Profile

• Module Summary and Exam Tips

Section 4: AWS CloudShell

• What Is AWS CloudShell?

• Demo: Using AWS CloudShell

• Module Summary and Exam Tips

Section 5: Amazon Virtual Private Cloud (VPC) Overview and CIDRs

• Amazon VPC Overview

• Demo: Exploring the Default VPC

• Demo: Creating a Custom VPC

• Module Summary and Exam Tips

Section 6: VPCs: Subnets, Routing, NACLs, and Security Groups

• VPC Internet Gateways

• VPC Subnets

• VPC Route Tables

• Demo: VPC Route Tables and Subnets

• Network Access Control Lists (NACLs)

• Security Groups

• Demo: Creating NACLs and Security Groups

• DHCP Option Sets

• Demo: Creating a DHCP Option Set

• Module Summary and Exam Tips

Section 7: VPC Peering, Network Gateways, Endpoints, and AWS PrivateLink

• VPC Peering

• Demo: Peering VPCs

• Public NAT Gateways

• Demo: Deploying a NAT Gateway

• Transit VPCs

• VPC Endpoints and AWS PrivateLink

• Gateway Endpoints

• Demo: Gateway Endpoints

• Interface Endpoints

• Demo: Interface Endpoints

• Module Summary and Exam Tips

Section 8: Amazon Elastic Compute Cloud (EC2) Overview

• Amazon EC2 and AMIs

• Amazon EC2 Sizes and Instance Types

• Demo: Launching an EC2 Instance and Creating an AMI

• Amazon EC2 User Data

• Demo: Passing in EC2 User Data

• EC2 Hibernate

• Demo: Hibernating an EC2 Instance

• Module Summary and Exam Tips

Section 9: EC2 and Amazon Elastic Store (EBS)

• Amazon EC2 Storage

• Amazon Elastic Store (EBS)

• EBS Volume Types

• Encryption of EBS volumes

• Amazon EBS Snapshots

• Demo: Creating an EBS Volume and Snapshot

• Demo: Copying Snapshots Between AWS Regions

• Demo: Creating Encrypted Version of Unencrypted EBS Snapshots

• EC2 Instance Stores

• Demo: Creating an EC2 Instance Store

• Module Summary and Exam Tips

Section 10: EC2 Security Features

• Connecting to EC2 Instances with Bastion Hosts

• Demo: Connect to EC2 Using SSH

• Demo: Connect to EC2 Using RDP

• Demo: Using EC2 Instance Connect

• Demo: Deploying and Using a Bastion Host

• Connecting to EC2 via Session Manager (SSM)

• Demo: Connect to EC2 via Session Manager in Console

• Demo: Connect to EC2 via Session Manager via CLI

• Using the Instance Metadata Service Version 2 (IMDSv2)

• Demo: Exploring the IMDSv2 Information

• Module Summary and Exam Tips

Section 11: EC2 Networking and Performance Scenarios

• Configuring an Elastic Network Interface (ENI)

• Assigning Static IPv4 with Elastic IP Addresses (EIPs)

• Demo: Associating an EIP

• Dual-home EC2 Instances

• Demo: Creating a Dual-home EC2 Instance

• Increasing Performance with EC2 Placement Groups

• Demo: Launching EC2 Instances in a Placement Group

• AWS Outposts for Localized Compute

• Enhanced Networking for EC2

• Module Summary and Exam Tips

Section 12: EC2 Price Optimizations

• Reserved Instances and Capacity Reservations

• Savings Plans

• Dedicated Hosts and Instances

• Purchasing Spot Instances

• Demo: Creating a Spot Instance

• Reducing Spend Using AWS Compute Optimizer

• Module Summary and Exam Tips

Section 13: Network Storage and Elastic File Systems

• What Is Amazon Elastic File System (EFS)?

• EFS Performance

• EFS Storage Classes

• Demo: Deploying an Elastic File System for EC2

• Amazon FSx for Windows

• Amazon FSx for Lustre

• Amazon FSx for NetApp ONTAP

• Amazon FSx for OpenZFS

• Module Summary and Exam Tips

Section 14: Amazon Simple Storage Service (S3) Overview

• What Is Amazon Simple Storage Service (S3)?

• Amazon S3 Buckets

• Amazon S3 Objects

• Demo: Creating an Amazon S3 Bucket

• Amazon S3 Storage Classes

• Demo: Create a Bucket with S3 One Zone-IA Storage Class

• Amazon S3 Versioning

• Demo: Enabling S3 Versioning and Recovering a Deleted File

• Amazon S3 Object Lifecycles

• Demo: Transitioning Objects Using Lifecycle Policies

• Amazon S3 Bucket Replication

• Demo: Implement Cross-region Replication in S3

• Module Summary and Exam Tips

Section 15: S3: Important Features

• Performing Batch Operations with Amazon S3

• Filter Objects Using S3 Select and S3 Glacier Select

• Demo: Filtering Objects Using S3 Select

• Analyzing Data Using S3 Storage Lens

• Receiving Event Notifications from Amazon S3

• Demo: Trigger a Lambda Function Using Event Notifications

• Faster Content Transfer with S3 Transfer Acceleration

• Demo: Testing Amazon S3 Transfer Acceleration

• Offloading Costs Using S3 Requester Pays

• Serving Websites from S3 with Website Endpoints

• Demo: Host a Website in Amazon S3

• Optimizing S3 Performance

• Module Summary and Exam Tips

Section 16: S3 Security

• Controlling S3 Access with Bucket Policies

• Breaking Down an S3 Bucket Policy

• Demo: Implement a S3 Bucket Policy

• Bucket and Object Access Control Lists in S3

• Demo: ing Public Access to Your Amazon S3 Bucket

• Encrypting Data at Rest in Amazon S3: Overview

• Encrypting Data at Rest in Amazon S3: SSE-S3

• Encrypting Data at Rest in Amazon S3: SSE-KMS

• Encrypting Data at Rest in Amazon S3: SSE-C

• Encrypting Data at Rest in Amazon S3: Client-side

• Optimizing S3 Encryption Using Bucket Keys

• Demo: Enabling SSE-KMS S3 Bucket Key Encryption

• Amazon S3 Encryption in Transit

• Preventing Accidental Deletions with MFA Delete

• Logging Interactions Using S3 Access Logs

• Demo: Turning on Access Logging in S3

• Granting Access to Objects with S3 Presigned URLs

• Demo: Sharing an S3 Presigned URL

• Fine-grained Access Control with S3 Access Points

• Transforming S3 Objects with Object Lambdas

• Using S3s to Meet Compliance Requirements

• Module Summary and Exam Tips

Section 17: Amazon Route 53: Zones, Records, Policies, and Health Checks

• Global DNS with Amazon Route 53

• Managing Domains with Route 53 Hosted Zones

• Demo: Viewing Public Hosted Zones

• Demo: Creating a Private Hosted Zone

• Amazon Route 53 Records

• Demo: Creating an “A” Route 53 Record

• Demo: Creating an “Alias” Route 53 Record

• Demo: Viewing “NS” Route 53 Records

• Amazon Route 53 Routing Policies

• Additional Amazon Route 53 Routing Policies

• Demo: Creating a Simple Routing Policy

• Demo: Creating a Weighted Routing Policy

• Demo: Creating a Failover Routing Policy

• Demo: Creating a Geolocation Routing Policy

• Demo: Using Traffic Flow and Geoproximity Routing

• Demo: Creating a Latency Routing Policy

• Demo: Creating a Multivalue Routing Policy

• Demo: Registering Your Domains in Route 53

• Health Checking Route 53 Resources

• Demo: Setting up Endpoint Health Checks

• Demo: Setting up Calculated Health Checks

• Demo: Setting up Private Hosted Zone Health Checks

• Module Summary and Exam Tips

Section 18: Amazon Route 53: Resolvers

• Hybrid DNS Overview

• Defining Hybrid DNS Rules with Route 53 Endpoints

• Protecting DNS Traffic with Resolver DNS Firewall

• Module Summary and Exam Tips

Section 19: Advanced VPC: Virtual Private Networks (VPNs)

• Protecting VPC Networking with VPNs

• Site-to-Site (S2S) VPNs

• AWS Client VPN

• AWS VPN CloudHub

• Implementing a Third-party VPN

• Module Summary and Exam Tips

Section 20: Advanced VPC: Direct Connections, Direct Connect Gateways, and Transit Gateways

• Exploring Direct Connections

• Choosing the Correct Direct Connect Type

• Centralizing Management with Direct Connect Gateways

• Encrypting Network Traffic with VPN over Direct Connect

• Centralized Traffic with AWS Transit Gateways

• Attaching Transit Gateways

• Module Summary and Exam Tips

Section 21: Advanced VPC: Miscellaneous Features and Scenarios

• Demo: ing Bad IPs Quickly via NACLs

• Logging VPC Traffic with VPC Flow Logs

• Demo: Setting up VPC Flow Logs

• Capturing Traffic with VPC Traffic Mirroring

• IPv6 Egress-only Internet Gateways

• Module Summary and Exam Tips

Section 22: Advanced IAM: AWS IAM Identity Center and AWS Directory Services

• Using AWS Directory Services

• Single-sign On with AWS IAM Identity Center

• Module Summary and Exam Tips

Section 23: Advanced IAM: Complex IAM Policies and Conditions

• Troubleshooting Overlapping IAM Policies

• Custom Conditions and Statements in IAM Policies

• Demo: Using SourceIP in IAM Policies

• Demo: Requiring an ExternalID for Assuming Roles

• Module Summary and Exam Tips