AWS

AWS Zero-to-Hero

A five-tier mastery path — Foundation to Specialist — across every AWS domain, every core certification, and real job, troubleshooting and architecting skills.

Foundation → Intermediate → Advanced → Expert → Specialist ~220 hours 123 of 123 lessons ready CLF-C02 · SAA-C03 · SOA-C02 · DVA-C02 · SAP-C02 · DOP-C02 · ANS-C01 · SCS-C02 · DEA-C01 · MLA-C01
Start the course

A complete, job-oriented path through Amazon Web Services: cloud fundamentals, IAM, compute, storage, databases, networking, serverless, security, multi-account landing zones, the Well-Architected Framework, data, AI/ML, resilience and operations — built from production-grade lessons and capped with a Well-Architected capstone.

What you’ll be able to do

  • Navigate AWS confidently — accounts, Regions, IAM, the console and CLI
  • Run compute, storage, database and networking services in production
  • Build serverless and event-driven architectures with Lambda, EventBridge and Step Functions
  • Engineer security with IAM, Identity Center, KMS, SCPs and the data perimeter
  • Stand up a multi-account landing zone with Control Tower and the Well-Architected Framework
  • Operate, troubleshoot and recover workloads, and be certification- and interview-ready

Prerequisites

  • Basic IT literacy (files, networks, a terminal) — no prior cloud experience required
  • A free AWS account for the hands-on labs (Free Tier is enough)

Who it’s for

Career-changers and developers new to the cloud, engineers moving to AWS, and people preparing for AWS certifications or real AWS delivery work.

Curriculum

Tier 1 · Foundation — AWS Cloud Basics (CLF-C02)

Start at zero: what AWS is, the global infrastructure, the account model, IAM, and your first workloads.

  1. 1 AWS Cloud Fundamentals: Global Infrastructure, Account Model & Pricing Junior 24 min read
  2. 2 AWS IAM Fundamentals: Users, Groups, Roles, Policies & the Evaluation Logic Junior 22 min read
  3. 3 Understanding VPC Networking Fundamentals on AWS Junior 17 min read
  4. 4 Static Website Hosting with a CDN: AWS S3 and CloudFront Basics Junior 16 min read
  5. 5 Your First Highly Available Web App on AWS Junior 17 min read
  6. 6 AWS Hands-On First Steps: Console, CLI, CloudShell, SDKs & Access Keys Junior 26 min read

Tier 1 · Foundation — First Container & Cloud Adoption

Ship your first container and meet the Cloud Adoption Framework.

  1. 7 Your First Container Deployment: ECS Fargate Basics on AWS Junior 17 min read
  2. 8 AWS Cloud Adoption Framework: Overview & Transformation Phases — Purpose, the Four Transformation Domains, Envision–Align–Launch–Scale, and the Six Perspectives Advanced 24 min read

Tier 2 · Intermediate — Compute (SAA/DVA)

Run compute: EC2 & Auto Scaling, Spot, Graviton, ECS Fargate, and Lambda.

  1. 9 Advanced EC2 Auto Scaling: Warm Pools, Lifecycle Hooks, and Zero-Downtime Instance Refresh Advanced 17 min read
  2. 10 Production Spot at Scale: Mixed Instances Policies, Capacity-Optimized Allocation, and Interruption Handling Advanced 17 min read
  3. 11 Migrating to Graviton: arm64 Builds, Multi-Arch Pipelines, and Performance Benchmarking Advanced 18 min read
  4. 12 Production Amazon ECS on Fargate: Task Networking, Auto Scaling, and Safe Rolling Deployments Intermediate 16 min read
  5. 13 Optimizing AWS Lambda Performance: Cold Starts, Provisioned Concurrency, SnapStart, and Memory Tuning Advanced 16 min read
  6. 14 Amazon EC2, In Depth: Instance Types, AMIs, EBS, User Data, IMDS & Every Launch Option Intermediate 34 min read
  7. 15 EC2 Auto Scaling, In Depth: Launch Templates, ASGs, Scaling Policies & Lifecycle Hooks Intermediate 29 min read
  8. 16 AWS Lambda, In Depth: Runtimes, Triggers, Layers, Concurrency & Every Setting Intermediate 30 min read

Tier 2 · Intermediate — Storage & Content Delivery (SAA)

Store and serve data: S3 at scale, EBS/EFS performance, and CloudFront/Route 53 at the edge.

  1. 17 Locking Down S3 at Scale: Encryption, Access Controls, and a Data Perimeter Advanced 16 min read
  2. 18 S3 Access Points, Object Lambda, and Multi-Region Access Points for Shared Data at Scale Advanced 18 min read
  3. 19 Tuning Block and File Storage on AWS: EBS gp3/io2, EFS Throughput Modes, and Workload-Driven Sizing Advanced 18 min read
  4. 20 Global Edge Architecture with CloudFront and Route 53: Failover Routing, Origin Shielding, and WAF Protection Advanced 16 min read
  5. 21 Amazon S3, In Depth: Storage Classes, Versioning, Lifecycle, Encryption & Access Control Intermediate 34 min read
  6. 22 AWS Block & File Storage, In Depth: EBS, EFS, FSx & Instance Store Intermediate 29 min read
  7. 23 Amazon CloudFront, In Depth: Distributions, Origins, Caching, OAC & Edge Functions Intermediate 36 min read

Tier 2 · Intermediate — Databases (SAA/DVA)

Choose and run databases: RDS/Aurora and DynamoDB design.

  1. 24 Zero-Downtime RDS and Aurora Upgrades with Blue/Green Deployments Advanced 17 min read
  2. 25 Aurora for Production: Multi-AZ Failover, Global Database, and Zero-Downtime Operations Advanced 16 min read
  3. 26 RDS Proxy in Production: Connection Pooling, Failover Acceleration, and IAM Authentication Advanced 16 min read
  4. 27 DynamoDB Single-Table Design: Modeling Access Patterns, GSIs, and Hot Partition Avoidance Expert 17 min read
  5. 28 Change Data Capture with DynamoDB Streams: Lambda Triggers, EventBridge Pipes, and Exactly-Once Processing Advanced 16 min read
  6. 29 Amazon RDS & Aurora, In Depth: Engines, Multi-AZ, Read Replicas, Backups & Every Option Intermediate 32 min read
  7. 30 Amazon DynamoDB, In Depth: Tables, Keys, Capacity Modes, Indexes & Streams Intermediate 33 min read

Tier 2 · Intermediate — Networking (VPC)

Design VPCs: IP address management and hybrid DNS resolution.

  1. 31 Amazon VPC IPAM: Hierarchical CIDR Planning, Allocation, and BYOIP at Scale Advanced 16 min read
  2. 32 Route 53 Resolver at Scale: Inbound/Outbound Endpoints, Rules, and DNS Firewall Advanced 17 min read
  3. 33 Amazon VPC, In Depth: Subnets, Route Tables, IGW, NAT, Endpoints & Every Component Intermediate 30 min read
  4. 34 AWS Security Groups vs Network ACLs, In Depth Intermediate 29 min read
  5. 35 AWS Elastic Load Balancing, In Depth: ALB, NLB, GWLB & Target Groups Intermediate 32 min read
  6. 36 Amazon Route 53, In Depth: Hosted Zones, Records, Routing Policies & Health Checks Intermediate 31 min read

Tier 2 · Intermediate — Production Readiness (Well-Architected)

What makes a workload production-ready: the reliability, operational-excellence and performance pillars.

  1. 37 AWS Well-Architected: Reliability — Foundations, Change & Failure Management, and DR Advanced 26 min read
  2. 38 AWS Well-Architected: Operational Excellence — Organization, Prepare, Operate & Evolve, Plus Telemetry, Runbooks, Operations as Code & the Review Process Advanced 28 min read
  3. 39 AWS Well-Architected: Performance Efficiency — Architecture Selection (Compute, Storage, Database, Network), Performance Review, Monitoring, and Trade-offs Advanced 27 min read

Tier 3 · Advanced — Serverless & Event-Driven (DVA)

Build decoupled systems: EventBridge, SQS/SNS, Step Functions, and serverless APIs.

  1. 40 Designing Event-Driven Architectures with Amazon EventBridge: Buses, Rules, Schemas, and Archive/Replay Advanced 16 min read
  2. 41 Resilient Messaging with SQS and SNS: Fan-Out, FIFO Ordering, DLQs, and Poison-Message Handling Advanced 17 min read
  3. 42 AWS Step Functions in Production: Express vs Standard, Distributed Map, and Resilient Error Handling Advanced 17 min read
  4. 43 AWS Enterprise Architecture: Event-Driven Serverless Advanced 27 min read
  5. 44 AWS Enterprise Architecture: Serverless REST/GraphQL API Advanced 27 min read
  6. 45 Amazon API Gateway, In Depth: REST vs HTTP vs WebSocket APIs, Integrations & Authorizers Intermediate 32 min read
  7. 46 AWS Messaging Fundamentals: SQS, SNS & EventBridge — When to Use Which Intermediate 32 min read

Tier 3 · Advanced — Networking Engineering (ANS)

Connect at scale: Transit Gateway, PrivateLink, VPC Lattice, Network Firewall, and hybrid connectivity.

  1. 47 Designing Multi-Account VPC Connectivity with Transit Gateway and Centralized Egress Advanced 16 min read
  2. 48 Building Cross-Account Services with AWS PrivateLink: Endpoint Services, NLBs, and DNS Advanced 15 min read
  3. 49 Service-to-Service Connectivity with Amazon VPC Lattice: Service Networks, Auth Policies, and Mesh Without Sidecars Advanced 16 min read
  4. 50 Centralized Egress Inspection with AWS Network Firewall: Routing, Domain Filtering, and Suricata Rules Expert 16 min read
  5. 51 Validating VPC Connectivity with Reachability Analyzer and Network Access Analyzer Intermediate 14 min read
  6. 52 Resilient AWS Direct Connect: Transit Gateway, BGP, and the SiteLink Mesh Expert 16 min read
  7. 53 AWS Gateway Load Balancer: Transparent Inline Inspection with Third-Party Appliances Expert 16 min read
  8. 54 AWS Enterprise Architecture: Hybrid Connectivity at Scale Advanced 27 min read

Tier 3 · Advanced — Security Engineering (SCS)

Engineer security: IAM at depth, Identity Center, KMS, Secrets Manager, SCPs/RCPs, and tracing.

  1. 55 Engineering Least-Privilege IAM at Scale with Permission Boundaries and Access Analyzer Expert 16 min read
  2. 56 Secure Cross-Account Access: Assume-Role Patterns, External ID, Confused Deputy, and Session Policies Expert 17 min read
  3. 57 IAM Access Analyzer in Depth: Unused Access, Policy Generation, and Custom Policy Checks Advanced 15 min read
  4. 58 AWS IAM Identity Center at Scale: Permission Sets, ABAC, and Federated Multi-Account Access Advanced 16 min read
  5. 59 AWS KMS in Depth: Multi-Region Keys, Envelope Encryption, Key Policies, and Grants Expert 17 min read
  6. 60 Secrets Manager Rotation at Scale: Custom Rotation Lambdas, RDS Credentials, and Cross-Account Sharing Advanced 17 min read
  7. 61 Building a Data Perimeter with Resource Control Policies and Declarative Policies Expert 17 min read
  8. 62 Enforcing Org-Wide Guardrails with AWS Organizations, SCPs, and Delegated Administration Expert 16 min read
  9. 63 Distributed Tracing on AWS with X-Ray: Service Maps, Segments, and ADOT on EKS Advanced 18 min read
  10. 64 AWS KMS & Encryption, In Depth: Keys, Key Policies, Envelope Encryption, Grants & Rotation Intermediate 33 min read
  11. 65 AWS Secrets Manager vs SSM Parameter Store, In Depth: Secrets, Rotation & Config Intermediate 31 min read

Tier 3 · Advanced — Containers at Scale (ECS/EKS)

Run containers in production: ECS Service Connect and Amazon EKS at scale.

  1. 66 ECS Service Connect Deep Dive: Service Discovery, Traffic Resilience, and Migrating Off ALBs Advanced 16 min read
  2. 67 Running EKS at Scale: Pod Identity, Karpenter Autoscaling, and VPC CNI Networking Expert 17 min read
  3. 68 EKS Cluster Upgrades: Version Lifecycle, Add-on Compatibility, and Fleet Operations Advanced 16 min read
  4. 69 Solving EKS IP Exhaustion: VPC CNI Prefix Delegation, Custom Networking, and Security Groups for Pods Expert 18 min read
  5. 70 Migrating EKS Workloads from IRSA to EKS Pod Identity: Mechanics, Trust, and Rollout Expert 15 min read
  6. 71 AWS Enterprise Architecture: Production Microservices on EKS Advanced 27 min read
  7. 72 Amazon ECS & ECR, In Depth: Task Definitions, Services, Fargate vs EC2 & the Registry Intermediate 32 min read

Tier 3 · Advanced — Observability & SRE

See inside production: synthetic monitoring/SLOs and structured logging pipelines.

  1. 73 End-User and Synthetic Monitoring on AWS: CloudWatch RUM and Synthetics Canaries Advanced 17 min read
  2. 74 A Structured Logging Pipeline on AWS: JSON Logs, CloudWatch Metric Filters, and Firehose to OpenSearch Intermediate 16 min read
  3. 75 AWS Observability, In Depth: CloudWatch, CloudTrail, Config & EventBridge Intermediate 32 min read

Tier 4 · Expert — Well-Architected, Security & Cost

Architect to the framework: the security, cost-optimisation and sustainability pillars.

  1. 76 AWS Well-Architected: Security — Foundations, IAM, Detection, Infrastructure & Data Protection, Incident Response, and AppSec Advanced 26 min read
  2. 77 AWS Well-Architected: Cost Optimization — Cloud Financial Management, Usage Awareness, Cost-Effective Resources, Demand & Supply, and Optimizing Over Time Advanced 27 min read
  3. 78 AWS Well-Architected: Sustainability — Region Selection, Demand, Software, Data, Hardware, and Deployment Patterns Advanced 27 min read

Tier 4 · Expert — Multi-Account Landing Zones (Control Tower)

Build the enterprise platform: Control Tower, Organizations, account factory, OUs, identity, network and guardrails.

  1. 79 Building a Multi-Account AWS Landing Zone with Control Tower and Account Factory Advanced 17 min read
  2. 80 Account Factory for Terraform (AFT): Pipeline-Driven Account Vending and Customizations at Scale Advanced 18 min read
  3. 81 AWS Landing Zone: AWS Control Tower — the Landing Zone, Account Factory, the Controls Library, and Customization with CfCT and AFT Advanced 29 min read
  4. 82 AWS Landing Zone: Multi-Account & AWS Organizations — the Management, Log Archive & Audit Accounts and Account Vending Advanced 28 min read
  5. 83 AWS Landing Zone: OU Structure & Account Baselines — Security/Infrastructure/Workloads/Sandbox OUs, Account Factory Baselines & Environment Separation Advanced 27 min read
  6. 84 AWS Landing Zone: Identity & Access (IAM Identity Center) — SSO, Permission Sets, External IdP Federation, Cross-Account Access, and ABAC Advanced 30 min read
  7. 85 AWS Landing Zone: Network Architecture — Transit Gateway, the Shared Services & Network Account, Centralized Egress/Ingress, Inspection, Direct Connect & IPAM Advanced 27 min read
  8. 86 AWS Landing Zone: Guardrails (SCPs & Controls) — Preventive SCPs, Detective Config Rules, Proactive Hooks & the Mandatory/Recommended/Elective Catalog Advanced 29 min read
  9. 87 AWS Enterprise Architecture: Multi-Account Landing Zone Advanced 26 min read

Tier 4 · Expert — Resilience, DR & Migration

Design for failure and change: cross-region backup, DR strategies, multi-region and migration.

  1. 88 Centralized AWS Backup with Organizations: Vault Lock, Cross-Account Copy, and Recovery Runbooks Advanced 18 min read
  2. 89 AWS Enterprise Architecture: Disaster Recovery Strategies Advanced 28 min read
  3. 90 AWS Enterprise Architecture: Active-Active Multi-Region Advanced 27 min read
  4. 91 AWS Enterprise Architecture: Migration to AWS Advanced 28 min read
  5. 92 Configure AWS Elastic Disaster Recovery (DRS) for Cross-Region Server Failover and Failback Advanced 18 min read

Tier 4 · Expert — Cloud Adoption Framework (CAF)

Lead the organisational journey: the six CAF perspectives.

  1. 93 AWS Cloud Adoption Framework: Business Perspective — Strategy, Portfolio, Innovation, Product, Partnership, Insights, and Data Monetization Advanced 23 min read
  2. 94 AWS Cloud Adoption Framework: People Perspective — Culture Evolution, Transformational Leadership, Cloud Fluency, and Workforce Transformation Advanced 23 min read
  3. 95 AWS Cloud Adoption Framework: Governance Perspective — Program & Project Management, Benefits & Risk Management, Cloud Financial Management (FinOps), Application Portfolio Management, and Data Governance & Curation Advanced 27 min read
  4. 96 AWS Cloud Adoption Framework: Platform Perspective — Platform & Data Architecture, Platform & Data Engineering, Provisioning, Modern Apps, and CI/CD Advanced 27 min read
  5. 97 AWS Cloud Adoption Framework: Security Perspective — Governance & Assurance, IAM, Threat Detection, Vulnerability Management, Infrastructure & Data Protection, AppSec, and Incident Response Advanced 27 min read
  6. 98 AWS Cloud Adoption Framework: Operations Perspective — Observability, AIOps Event Management, Incident/Problem, Change/Release/Config, Performance/Capacity, Availability/Continuity, and Patch Management Advanced 26 min read

Tier 4 · Expert — Enterprise Reference Architectures

Study complete designs: three-tier, multi-tenant SaaS, peak-surge e-commerce, and FinOps.

  1. 99 AWS Enterprise Architecture: Resilient Three-Tier Web App Advanced 20 min read
  2. 100 AWS Enterprise Architecture: SaaS Multi-Tenant Platform Advanced 27 min read
  3. 101 Black Friday-Ready E-Commerce Platform on AWS with Surge Autoscaling Advanced 18 min read
  4. 102 FinOps Showback and Chargeback Platform on AWS Intermediate 17 min read

Tier 5 · Specialist — Data & Analytics (DEA)

Build the data platform: lakehouse, big data, data mesh, real-time streaming and open table formats.

  1. 103 AWS Enterprise Architecture: Data Lakehouse Advanced 23 min read
  2. 104 AWS Enterprise Architecture: Big Data Processing Advanced 27 min read
  3. 105 AWS Enterprise Architecture: Data Mesh Advanced 21 min read
  4. 106 AWS Enterprise Architecture: Real-Time Streaming Advanced 26 min read
  5. 107 Deploy Apache Iceberg Tables on S3 with AWS Glue Catalog, Compaction, and Snapshot Expiry Advanced 18 min read

Tier 5 · Specialist — AI/ML & Generative AI

Serve AI in production: Amazon Bedrock RAG, GenAI architectures, and GPU inference platforms.

  1. 108 Shipping a Production RAG Application on Amazon Bedrock with Knowledge Bases and Guardrails Advanced 16 min read
  2. 109 AWS Enterprise Architecture: Generative-AI / RAG on Bedrock Advanced 26 min read
  3. 110 GPU Inference Platform for LLMs on AWS EKS with Karpenter Advanced 18 min read

Tier 5 · Specialist — Streaming & Integration

Event backbones and integration patterns: Kafka on AWS and the saga pattern.

  1. 111 Confluent Cloud Kafka as the Enterprise Event Backbone on AWS Advanced 18 min read
  2. 112 Event-Driven Order Processing with the Saga Pattern on AWS Intermediate 17 min read

Tier 5 · Specialist — Industry, Edge & End-User Solutions

Domain solutions: contact centre, IoT/cold-chain, media VOD, and regulated VDI.

  1. 113 Cloud-Native Contact Center on AWS Connect with CRM and Analytics Intermediate 17 min read
  2. 114 Cold-Chain Monitoring for Pharma Distribution on AWS IoT Intermediate 17 min read
  3. 115 AWS Enterprise Architecture: IoT Analytics Advanced 21 min read
  4. 116 AWS Enterprise Architecture: Media Streaming / VOD Advanced 27 min read
  5. 117 AWS WorkSpaces VDI for a Regulated Contact Center Intermediate 17 min read

Track · Troubleshooting (Easy → Complex)

Diagnose anything: a method and per-service playbooks, then complex multi-service incident RCA.

  1. 118 AWS Troubleshooting Playbooks: EC2, VPC, IAM, S3 & Lambda Intermediate 20 min read
  2. 119 Advanced AWS Troubleshooting: Complex Multi-Service Incidents & Root-Cause Analysis Advanced 24 min read

Track · Architecting (Easy → Complex)

Turn requirements into designs: a six-rung ladder from a static site to multi-region active-active.

  1. 120 The AWS Architecting Ladder: From a Static Site to Multi-Region Active-Active Advanced 37 min read

Track · Certification Center

Pass the exams: the CLF/SAA/SOA/DVA/SAP/DOP prep kit with checklists, practice questions and cheat sheets.

  1. 121 AWS Certification Prep Kit: CLF, SAA, SOA, DVA, SAP & DOP — Checklists, Practice Questions & Tips Advanced 32 min read

Track · Job-Ready — Projects & Capstone

Get hired: a six-project portfolio ladder and a Well-Architected landing-zone capstone.

  1. 122 Real-World AWS Portfolio Projects: From a Static Site to a Multi-Account Landing Zone Advanced 24 min read
  2. 123 AWS Capstone: Build a Well-Architected Multi-Account Landing Zone + 3-Tier App Advanced 30 min read
All courses Browse all AWS articles