AWS
IAM Guardrails for Multi-Account AWS
SCPs, permission boundaries, and delegated admin patterns explained with labs.
SCPs, permission boundaries, and delegated admin patterns explained with labs. Cohort includes sandbox accounts (where providers allow), architecture review templates, and bilingual glossaries for networking vocabulary. We publish prerequisites one week ahead so admins can prep VPN paths. This IAM Guardrails for Multi-Account AWS track does not include employer-sponsored certification vouchers—those stay between you and your procurement team.
What is included
- Weekly office hours with written follow-ups
- Architecture review worksheet pack (PDF + sheets)
- Cost-control checklist tied to each lab module
- Break-glass and rollback scripts you can adapt
- Peer code/config review rotation inside the cohort
- Capstone presentation with mentor feedback
- Office-hour recordings with chapter markers
Outcomes
- Ship a documented design for IAM Guardrails for scenarios
- Present trade-offs to a mock steering committee using our rubric
- Leave with a personal backlog ranked by risk and cost impact
Lead instructor
Khoa Dang
SRE background; teaches tracing pipelines without vendor lock-in.
FAQ
Do I need production access on day one?
No. Labs run in shared sandboxes; you mirror patterns locally or in a non-prod account you control.
What is intentionally out of scope?
We do not provide legal opinions on contracts or procurement. Vendor escalations must flow through your existing support agreements; we coach the technical narrative only.
How much async time should I budget?
Plan 4–6 hours weekly outside live sessions for readings, labs, and short write-ups.
Experience notes
“Mentor feedback on my AWS capstone referenced actual route tables, not generic praise.”
“Still wish we had one more office hour on AWS edge cases, yet templates are solid.”