Trainer’s Handbook -> AWS Basics

AWS Basics Hands‑On (20 Hours) — S3 • DynamoDB • Lambda • Step Functions • HTTP API

Format: 5 weeks × 4 hrs/week × 1 hr/day Approach: 95% Hands‑On Audience: Cloud beginners / devs

Week 1 · Foundations & Amazon S3

Set up accounts, IAM, CLI; master S3 storage, versioning, policies and lifecycle.

Outcome: bucket with versioning + lifecycleArtifacts: CLI logs, bucket policy JSON
Day 1 AWS Account, IAM & CLI
  • Hands‑on Lab: Create a dedicated admin IAM user, generate access keys, configure CLI for Admin and Sandbox profiles (aws configure --profile admin).
  • Verify with aws sts get-caller-identity and aws s3 ls.
  • Checkpoint: Team can switch profiles and list S3.
Enforce MFA on IAM users. Store credentials with AWS SSO or credential process when possible.
Day 2 S3 Buckets & Object Basics
  • Make a unique bucket name; set Block Public Access default ON.
  • Upload objects via console & CLI (aws s3 cp file.txt s3://<bucket>/).
  • Add object metadata and enable server‑side encryption (SSE‑S3).
  • Mini‑Lab: Static website: upload index.html, set policy for read‑only.
  • Checkpoint: Public object reachable (or website URL loads).
Day 3 Versioning, Replication & Event Notifications
  • Enable Versioning; upload v1/v2; restore previous version.
  • Create a second bucket; set Cross‑Region Replication (use IAM role).
  • Configure EventBridge (or S3 event) on ObjectCreated to log events.
  • Checkpoint: Deleted object recovered & replicated copy exists.
Day 4 Lifecycle, Policies & Cost Guardrails
  • Attach a bucket policy for read‑only to a specific IAM role.
  • Create lifecycle rules: transition to Standard‑IA, then Glacier Instant Retrieval, expire after N days.
  • Enable server access logging to a logs bucket; tag resources for cost.
  • Checkpoint: Policy validated by attempted writes; lifecycle shows in console.

Week 2 · Amazon DynamoDB

Design schemas, perform CRUD, use GSIs, and manage capacity/TTL.

Outcome: table + GSI + TTLArtifacts: CLI scripts, JSON examples
Day 5 Table Design & Basics
  • Create a table (PK=pk, SK=sk or single‑key). On‑demand capacity for labs.
  • Put/Get items via CLI (aws dynamodb put-item ...).
  • Mini‑Lab: Single‑table design for Notes app (entity types in SK).
  • Checkpoint: Query returns expected items.
Day 6 CRUD & Query Patterns
  • Batch Write/Get; conditional writes; optimistic locking attribute.
  • Query by begins_with on SK; pagination with LastEvaluatedKey.
  • Checkpoint: Batch write + conditional update demonstrated.
Day 7 Global Secondary Indexes
  • Add a GSI (e.g., gsi1_pk, gsi1_sk) to support alternate access.
  • Migrate sample data to populate index; run filtered queries.
  • Checkpoint: GSI query path matches design doc.
Day 8 Capacity, TTL & Backups
  • Switch between on‑demand and provisioned; set auto scaling.
  • Add TTL attribute and observe expiry (simulate with near‑future timestamp).
  • Enable point‑in‑time recovery (PITR) and take an on‑demand backup.
  • Checkpoint: Expired items removed; backup visible.

Week 3 · AWS Lambda

Author functions, wire S3 & DynamoDB triggers, use layers and logging.

Outcome: 3 functions + triggersArtifacts: function code, logs, ARNs
Day 9 Hello, Lambda
  • Create basic function (Python/Node) with least‑privilege role.
  • Invoke via console & CLI (aws lambda invoke ...); view logs in CloudWatch.
  • Checkpoint: Execution succeeds; logs show request ID.
Day 10 S3 → Lambda Trigger
  • Configure S3 event on ObjectCreated to invoke Lambda; grant permissions.
  • Upload a file; function reads metadata and writes a log record.
  • Checkpoint: New object → Lambda log contains key/size.
Day 11 DynamoDB Streams → Lambda
  • Enable stream on table; subscribe Lambda with NewImage view.
  • Insert items; function stores a derived record to another table.
  • Checkpoint: Stream batch processed; DLQ configured for failures.
Day 12 Packaging, Layers & Env Vars
  • Create a Lambda Layer (e.g., uuid/requests); attach to function.
  • Add environment variables; use AWS SDK; emit structured logs (JSON).
  • Checkpoint: Cold vs warm start time observed; env var read in logs.

Week 4 · AWS Step Functions

Model workflows; add retries, catches, parallelism and maps.

Outcome: 1–2 state machinesArtifacts: ASL JSON, execution history
Day 13 State Machine 101
  • Author minimal ASL: Pass → Succeed; run an execution.
  • Add a Task state that calls a Lambda; pass input/output via paths.
  • Checkpoint: Input → Output path mapping verified.
Day 14 Lambda Chain (S3 → Process → DynamoDB)
  • Three Task states: list S3 keys → process → write to DynamoDB.
  • Use ResultSelector & Parameters for clean payloads.
  • Checkpoint: Item written with correlation ID.
Day 15 Retry, Catch, Fallback
  • Add Retry with backoff; Catch failures → invoke fallback Lambda.
  • Emit execution metrics to CloudWatch (custom namespace).
  • Checkpoint: Forced error takes catch path; metrics visible.
Day 16 Parallel & Map
  • Use Parallel to fan‑out to two processing branches.
  • Use Map to iterate S3 keys; set MaxConcurrency.
  • Checkpoint: Parallel branches join; map processed N items.

Week 5 · HTTP API (API Gateway) & Capstone

Expose Lambdas over HTTP; build a small serverless application end‑to‑end.

Outcome: working CRUD APIArtifacts: Postman collection, execution logs
Day 17 HTTP API → Lambda
  • Create an HTTP API, integrate a Lambda, set routes: GET /health, GET /items.
  • Test with curl; enable CORS for localhost origin.
  • Checkpoint: 200 OK from /health; logs show request context.
Day 18 POST → DynamoDB
  • Add POST /items to insert item into DynamoDB; validate JSON schema.
  • Return 201 with location header; write an integration test script.
  • Checkpoint: API call creates record retrievable by GET.
Day 19 Querying & Auth
  • Add GET /items?customerId= using GSI; support pagination.
  • Secure with IAM or JWT authorizer (Cognito user pool).
  • Checkpoint: Unauthorized request denied; authorized succeeds.
Day 20 Capstone: Serverless Notes App
  • Build: Upload attachments to S3 → metadata in DynamoDB → orchestrate processing with Step Functions → expose CRUD via HTTP API.
  • Deliverables: README with deploy steps, IaC template (SAM/CDK optional), Postman collection, sample events, CloudWatch dashboard.
  • Demo Checklist: Create note, attach file, list/search, view execution, show logs/metrics, run cleanup script.

Prep & Requirements

  • AWS accounts with sandbox OUs; learners get personal sandbox role with least‑privilege.
  • AWS CLI v2, jq, and VS Code. Region: us-east-1 (or your default).
  • Provide starter JSON/CSV files and skeleton Lambda function folders.
  • Shared S3 bucket for class artifacts (logs, exports, screenshots).
Tip: Pre‑create an IAM policy boundary to prevent costly services. Enable budgets + cost alerts.

Assessment & Rubric

Pass

  • S3 bucket with versioning + lifecycle; policy tested.
  • DynamoDB table with at least one GSI; CRUD + TTL shown.
  • Three Lambdas with S3 and Stream triggers; logs & DLQ.
  • Step Functions workflow with retry/catch and parallel or map.
  • HTTP API with GET/POST; DynamoDB integration; basic auth.
  • Capstone runs end‑to‑end with README + demo checklist.

Stretch

  • IaC with AWS SAM/CDK; CI using GitHub Actions.
  • Observability: custom metrics + dashboard.
  • Security: KMS‑CMK encryption, fine‑grained IAM, WAF.

Resources

  • AWS Docs: S3, DynamoDB, Lambda, Step Functions, API Gateway HTTP API.
  • Workshops: Amazon Qwiklabs/Skill Builder labs on serverless.
  • Reference architectures: Serverless patterns collection.

All activities are ~95% hands‑on. Keep theory under 5 minutes per hour; prioritize lab time and debriefs.