Welcome to Skilled Inspirational Academy (sianets.

com)
Topic: AWS Certified Advanced Networking Speciality
Training by Hemu
Mobile: +919019232915/9817187997
Email: hemusianets@gmail.com

Basic to Advance AWS Certified Networking Training

We have designed this content in such a way. So, it can full fill the
current industry requirements. This content brings the pure production
environment. This Training is design for network and security
engineers, who want to support customers on aws networking projects
like Palo Alto, Checkpoint, F5, ASA, SDWAN Routers, SDWAN
Controllers Deployments along with IPSec Tunnel, Direct Connect,
Route53 implementation on AWS infra.

Prerequisite: Basic Knowledge of Networking

1. Introduction of Cloud
➢ Introduction to cloud computing
➢ Essential Characteristics of Cloud Computing
➢ Service Models in Cloud computing
➢ What are IAAS, PAAS & SAAS?
➢ What is Public Cloud, Private Cloud, Hybrid Cloud & On-Premise
DCs?
➢ What are the advantages of cloud?
➢ What is Amazon AWS?
 ➢ Amazon AWS Services?
➢ AWS History
➢ Why we should learn only AWS?
➢ How AWS is leading cloud market?
➢ AWS Certifications
➢ Gartner Magic Quadrant
➢ Creating Amazon AWS Account
➢ Fee tier limitations overview
➢ Multi Factor Authetication on AWS Account
➢ Creating a budget
➢ Introduction to Billing Dashboard & Cost Explorer
➢ Create the Production Account
➢ Identity and Access Management (IAM) Basics
➢ Adding an IAM Admin - GENERAL ACCOUNT
➢ Adding an IAM Admin User - PRODUCTION ACCOUNT
➢ IAM Access Keys
➢ Creating Access keys and setting up AWS CLI v2 tools
➢ AWS Organisations
➢ AWS CLI and Console
➢ Managing AWS Resources & Subscriptions
➢ AWS Global infrastructure (Region, AZ, PoP)
➢ What are Regions in AWS?
➢ What are Availability Zones in AWS?
➢ AWS Services Walkthrough-High-Level
➢ Service Level Agreement (SLA) of AWS over data and its security

2. AWS Networking &Infrastructure Security

➢ Networking in the Cloud
➢ Bandwidth and Latency
 ➢ IP Addressing Basics (IPv4)
➢ The OSI Model
➢ Routing and Switching
➢ Network Address Translation
➢ Firewalls
➢ On-Premise Network
➢ On-Premise Network Traffic Flow Lan to Wan
➢ Virtual Private Cloud (VPC) - Deep Dive
➢ VPC Component vs On-prim DC Devices
➢ Private and Public AWS Services
➢ VPC Structure & IP Plan
➢ Custom VPCs Overview
➢ VPC Subnets (Public and Private)
➢ Implementing a VPC & Subnet Design
➢ Implement multi-tier VPC subnets
➢ DHCP In a VPC
➢ VPC Router Deep Dive
➢ Stateful vs Stateless Firewalls
➢ Network Access Control Lists (NACL)
➢ Security Groups (SG)
➢ VPC Flow Logs
➢ IPv6 in AWS
➢ VPC Traffic Mirroring

3. VPC Public Networking - Deep Dive

➢ Internet Gateway (IGW) - IPv4 and IPv6
➢ Egress Only Internet Gateway
➢ Configuring public subnets and Jumpbox
 ➢ Bring your own IP
➢ Bastion Hosts & JUMPBOXAuthentication
➢ Port Forwarding
➢ NAT Instance in AWS
➢ NAT Gateway in AWS
➢ Implementing private internet access using NAT Gateways

4. VPC Endpoints - Deep Dive

➢ AWS Private link
➢ Gateway VPC Endpoint
➢ Interface VPC Endpoints
➢ VPC Endpoints - Gateway
➢ VPC Endpoints – Interface
➢ Egress-Only Internet Gateway
➢ Endpoint Policies

5. EC2 - The Backbone of AWS

➢ Introduction of EC2
➢ Scaling features of EC2
➢ Limitations of EC2
➢ New Console Orientation - EC2
➢ Launch EC2 Instance Hands-on
➢ Types of Operating systems
➢ Windows and its versions
➢ Unix and its flavors
➢ Linux and its flavors
➢ Cisco Devices in AWS
➢ Palo Alto Networks Devices in AWS
➢ Instance types
➢ Free tire limitations of EC2
➢ What is EBS (Elastic Block Store)?
➢ Types of Storages
➢ Difference between Object and Block stores
➢ Launching Windows Server
➢ Launching Linux Server
➢ System Ports & Security groups
➢ Key pairs (PEM & PPK)
➢ Connect to EC2 Instance
➢ Putty Tool installation and configuration
➢ Putty Gen Tool installation and configuration
➢ Stopping & Terminating EC2 Instances
➢ User data
➢ Instance Status Checks
➢ Instance Status Checks
➢ Protection from Accidental Termination
➢ Encryption of EBS Volumes
➢ Delete on Termination of EBS Volumes
➢ Pricing models of EC2 Instances
➢ Types of EBS Volumes
➢ Difference between SSD & HDD
➢ Upgrading EBS volumes
➢ Converting the type of EBS Volumes
➢ Attaching & Detaching EBS volumes to EC2 instances
➢ Amazon Machine Images (AMIs)
➢ Snapshots
➢ Creating our own Amazon Machine Images (AMIs)
 ➢ Deletion sequence as per dependencies
➢ Instance Metadata
➢ Instance User Data
➢ Status Checks and Monitoring
➢ Public Private and Elastic IP addresses overview
➢ Private IP Addresses
➢ Public IP Addresses
➢ Elastic IP Addresses and Elastic Network Interfaces
➢ Private Subnets and Bastion Hosts
➢ Connect from Windows with Agent Forwarding
➢ NAT Instances and NAT Gateways Overview
➢ Private Subnet with NAT Gateway
➢ Private Subnet with NAT Instance

6. Introduction to AWS Storage and File System Preview

➢ Storage Services - Introduction
➢ Pricing - S3 Storage
➢ S3 Bucket Creation
➢ S3 File Upload
➢ S3 Versioning
➢ S3 Replication
➢ S3 Lifecycle Management
➢ S3 Security and Encryption
➢ S3 Security and Encryption - Lab
➢ S3 Bucket Sharing
➢ S3 Lifecycle Policies
➢ S3 Glacier
➢ S3 oneZoneIA
 ➢ S3 Storage Classes
➢ AWS EBS Introduction
➢ Elastic Block Storage (EBS)
➢ Elastic File System (EFS)
➢ Create EBS volumes
➢ Attach and detach EBS volumes
➢ Mounting and unmounting EBS volume
➢ EBS vs Instance Store
➢ EBS Volume Types
➢ Launch Instance with Multiple EBS Volumes
➢ Attach volume to running Instance
➢ Create Volume from Snapshot in Another AZ
➢ Working with AMIs
➢ Working with Snapshots
➢ EBS Copying Sharing and Encryption
➢ Cleaning Up EBS
➢ EBS Performance

7. EC2/VPC Networking - Deep Dive

➢ EC2 Network Architecture
➢ Enhanced Networking (SR-IOV)
➢ Elastic Fabric Adaptor (EFA)
➢ Placement Groups (Cluster, Spread & Partition)
➢ Instance Metadata
8. VPC Peering - Deep Dive
➢ VPC Peering Fundamentals
➢ Peering VPCs
➢ VPC Peering Same-Region vs Cross-region
➢ VPC Peering btw Different Accounts
➢ VPC Peering Overlapping CIDRs & Unsupported Configurations

9. VPC Hybrid Networking (Virtual) - Deep Dive

➢ IPSec VPN Fundamentals
➢ Virtual Private Gateway Deep Dive (VGW)
➢ AWS Site-to-Site VPN
➢ BGP
➢ BGP Path Selection
➢ Local Preference and Multi Exit Discriminator (MED)
➢ Global Accelerator
➢ Accelerated VPN
➢ Transit Gateway
➢ Transit Gateway Deep Dive
➢ Advanced Site-to-Site VPN with Other AWS Account
➢ Advanced Site-to-Site VPN with Palo Alto Firewall
➢ Advanced Site-to-Site VPN with Cisco ASA Firewall
➢ Advanced Site-to-Site VPN with Cisco Router
➢ Client VPN Overview -AWS Remote Access VPN
➢ Client VPN -SETUP
➢ Client VPN -Directory
➢ Client VPN -Certificates
➢ Client VPN -Create Client VPN Endpoint
➢ Client VPN -Configure Client VPN Endpoint
 ➢ Client VPN -Install and test client
➢ Client VPN -Cleanup
➢ AWS Routing Priority
➢ CloudFront - Architecture
➢ AWS Certificate Manager (ACM)
➢ CloudFront - SSL/TLS & SNI
➢ CloudFront - Security - OAI & Custom Origins
➢ CloudFront - Georestrictions
➢ CloudFront - Private Behaviours, Signed URL & Cookies
➢ CloudFront - Field Level Encryption
➢ DDOS
➢ AWS Shield
➢ AWS Network Firewall

10. Elastic Load Balancing (ELB) - Deep Dive

➢ Load Balancing Evolution
➢ Elastic Load Balancer Architecture
➢ Application Load balancing (ALB) vs Network Load Balancing (NLB)
➢ AWS Network Load Balancer (AWS NLB - L3 and L4)
➢ AWS Application Load Balancer (AWS ALB - L7)
➢ Amazon EC2 Auto Scaling Group
➢ Load Balancer Security Policies
➢ Gateway Load Balancer (GWLB)
➢ AWS Global Accelerator
➢ Elastic Load Balancing Concepts
➢ Network Load Balancer
➢ Application Load Balancer - Path-Based Routing
➢ Application Load Balancer - Host-Based Routing
 ➢ EC2 Auto Scaling Overview
➢ EC2 Auto Scaling Group with ALB
➢ ASG Scaling Policies
➢ Launch Configurations and Launch Templates
➢ Auto Scaling Health Checks
➢ Auto Scaling Termination Policies
➢ New Console Orientation - ASG
➢ Cross-Zone Load Balancing Overview and Setting up the Lab
➢ NLB Cross-Zone Load Balancing
➢ ALB Cross-Zone Load Balancing
➢ ELB Sticky Sessions
➢ ALB Listeners and SSL TLS
➢ Public ALB with Private Instances and Security Groups
➢ Multi-tier Web Application and Security Groups Concepts
➢ Proxy Protocol X-Forwarded-For and Logging
➢ ALB/NLB Server Access and Client Logs

11. Route53 (R53) Networking - Deep Dive

➢ Route53 Fundamentals
➢ What is DNS?
➢ Purpose of DNS?
➢ Registering a Domain
➢ DNS Record Types
➢ R53 Public Hosted Zones
➢ R53 Private Hosted Zones
➢ R53 Aliases
➢ Simple Routing
➢ R53 Health Checks
 ➢ Different Routing Policies
➢ Failover Routing
➢ Using R53 and Failover Routing
➢ Multi Value Routing
➢ Weighted Routing
➢ Latency Routing
➢ Geolocation Routing
➢ Geoproximity Routing
➢ R53 Interoperability
➢ Advanced Hybrid DNS Architectures
➢ Hybrid R53 and On-premises DNS
➢ Implementing DNSSEC using Route53

12. Network Content Delivery (CDN) in AWS

➢ CloudFront - Architecture
➢ TTL and Invalidations
➢ AWS Certificate Manager (ACM)
➢ CloudFront - SSL/TLS & SNI
➢ CloudFront (CF) - Adding a CDN to a static website
➢ CloudFront (CF) - Adding an Alternate CNAME and SSL
➢ CloudFront - Security - OAI & Custom Origins
➢ CloudFront (CF) - Using Origin Access Control (OAC) (new version
of OAI)
➢ CloudFront - Georestrictions
➢ CloudFront - Private Behaviours, Signed URL & Cookies
➢ CloudFront - Field Level Encryption
13. VPC Hybrid Networking (Physical) -Deep Dive (Only
Theory)
➢ AWS Direct Connect (DX) - Concepts
➢ AWS Direct Connect (DX) - Physical Connection Architecture
➢ AWS Direct Connect (DX) - Security (MACSec)
➢ AWS Direct Connect (DX) - Connection Process
➢ AWS Direct Connect (DX) - BGP Session + VLAN
➢ AWS Direct Connect (DX) - Private VIFs
➢ AWS Direct Connect (DX) - Public VIFs
➢ AWS Direct Connect (DX) - Public VIF + VPN (Encryption)
➢ AWS Direct Connect (DX) - Bidirectional Forwarding Detection
➢ AWS Direct Connect (DX) - BGP Communities
➢ AWS Direct Connect (DX) - Gateway
➢ AWS Direct Connect (DX) - Transit VIFs and TGW
➢ AWS Direct Connect (DX) - Resilience
➢ AWS Direct Connect (DX) - LAGs
➢ Advanced VPC Routing

14. Identity and Access Management (IAM)

➢ IAM Identity Policies
➢ IAM Users and ARNs
➢ IAM Groups
➢ IAM Roles - The Tech
➢ When to use IAM Roles
➢ Service-linked Roles and PassRole
➢ Security Token Service (STS)
 ➢ EC2 Instance Roles & Profile
➢ Revoking IAM Role Temporary Security Credentials
➢ Revoking Temporary Credentials
➢ AWS Organizations
➢ AWS Organizations
➢ Service Control Policies (SCP)
➢ Using Service Control Policies
➢ IAM Policy Variables
➢ Policy Interpretation
➢ AWS Permissions Evaluation
➢ IAM Permissions Boundaries and Delegation

15. Logging and Monitoring

➢ Cloud Watch Introduction
➢ Cloud Watch Logs Architecture
➢ Cloud Watch Events and EventBridge
➢ Cloud Watch Monitoring, Metrics and Analysis
➢ What is monitoring?
➢ Why we should monitor?
➢ What is the need of monitoring tool?
➢ Default Monitoring
➢ Detailed Monitoring
➢ Create Alarms
➢ Create Billing Alarms
➢ Cloud Watch graphs
➢ How to create Dash board?
➢ Line Graph
➢ stacked area Graph
 ➢ Number Graph
➢ Text Graph
➢ Monitoring EC2

16. Overview of Layer 7 Firewalls

➢ Understanding AWS WAF
➢ Application Layer (7) Firewalls
➢ Deploying AWS WAF
➢ Web Application Firewall (WAF), WEBACLs, Rule Groups and Rules
➢ Logging and Metrics with CW Agent