AWS Advanced Networking – Specialty Certification Preparation

AVG Duration24h


Please note: this learning path has been replaced with an updated version for the ANS-C01 exam. Please find the new learning path here.

This learning path prepares you for the AWS Network Specialty certification exam. The combination of practical courses, labs, and quizzes deepens your knowledge and expertise in building and connecting AWS services and solutions. We cover content under the six domains outlined in the AWS exam guide. This study guide helps to ensure you are well prepared for the AWS Certified Advanced Networking – Specialty Exam.

What you will learn

This learning path covers the six major domains necessary to help you get to grips with advanced networking.

Domain 1.0: Design and implement hybrid IT network architectures at scale

In this domain, we learn how to define network architectures on AWS and how to derive an appropriate architecture, and how to evaluate and optimize for performance and cost. We then explore the procedural concepts for the implementation of hybrid IT architecture connectivity. We examine hybrid IT architecture connectivity solutions using BGP, VPN, and AWS Direct Connect.

Technical expertise in cloud computing, using AWS, is in high demand, and the AWS certification shows employers that you have the knowledge and skills needed to deliver practical, forward-looking cloud-based solutions.

VPN and advanced subnetting - understand VPC Subnet configurations and VPC routing to ensure you architect your solution correctly and efficiently. The Subnets and Routing course looks and VPC Subnets and VPC Routing in detail, providing examples of both across different configurations and solutions and how to best implement your network design. In this domain we explore:

  • VPC Subnets
  • VPC CIDR Blocks - The effect of subnetting your VPC CIDR Block
  • VPC Subnets - Public & Private Subnets
  • VPC Peering: Subnet Considerations - considerations when architecting your subnets in different VPC Peering configurations
  • Flow Logs: VPC Subnets
  • VPC Routing - Routing Fundamentals & Route Tables
  • Routing Priorities
  • Routing: VPC Peering - Routing: VPN Connection via a Virtual Private Gateway
  • Routing: Internet Gateways & NAT Gateways 
  • Routing: VPC Endpoints - This lecture looks at the automatic routing configuration when creating a VPC Endpoint
  •  VPC IPsec VPNs. We explain the IPsec security protocol, highlighting key components - providing explanations of what it is and why and where it is useful

We describe in detail the individual parts of IPsec protocol suite, such as Authentication Headers and Encapsulating Security Payloads.

We review the triple AAA of security - Authentication, Access, and Authorization. We then explore Security Associations and Key negotiation phases such as IKE phase 1 and phase2. We will finish our IPsec theory with an explanation of the differences between the different network transportation modes, Transport mode, and Tunnel mode. We examine where and how AWS uses and implements IPsec, introducing you to the VPC components Virtual Private Gateway, Customer Gateway, and VPN Connection. This section includes two VPC IPsec demonstrations. First, we will create a Statically routed IPsec VPN between 2 VPCs. Then create a Dynamically routed IPsec VPN between 2 VPCs. We work with BGP to perform route advertisements and route propagation.

Domain 2.0: Design and implement AWS networks

In this domain, we extend our knowledge of AWS networking concepts including:

  • OSI and TCP/IP networking models. We ensure you have an understanding of both models, useful for learning, architecting, and/or operating large scale networks. To start with, we will review the Open System Interconnection model, which is a 7 layer reference model used to aid both learning, building, and troubleshooting of networks. Next, we will review the TCP/IP model, a more simplified 4 layer model that is used in the implementation of real-world networks such as the Internet and/or private networks such as corporate LANs.
  • Jumbo Frames We provide a detailed overview of Ethernet frames and how and what effect Jumbo Frames have when configured. Jumbo frames allow more than 1500 bytes of data by increasing the payload size per packet. We will review use cases and scenarios where Jumbo Frames are useful. We create a complete working demonstration - configuring a Jumbo Frame enabled network between 2 VPCs. We deploy an EC2 instance within each VPC, each instance will be configured with a pair of ENIs. We will establish policy-based routing such that we end up with 2 network paths between the instances - the 1st network path will have a 1500 MTU - utilizing ethernet standard frames, and the second network path will have a 9000 MTU - utilizing Ethernet jumbo frames. 

Domain 3.0: Automate AWS tasks

For domain 3 we examine and explore automation use cases including security and environment monitoring. 

  • We evaluate automation alternatives within AWS for network deployments
  • Evaluate tool-based alternatives within AWS for network operations and management

Domain 4.0: Configure network integration with application services

  • Evaluate DNS solutions in a hybrid IT architecture
  • Leverage the capabilities of Route 53
  • Determine the appropriate configuration of DHCP within AWS
  • Determine a content-distribution strategy to optimize for performance using Amazon CloudFront

 Domain 5.0: Design and implement for security and compliance

  • Evaluate design requirements for alignment with security and compliance objectives.
  • Evaluate monitoring strategies in support of security and compliance objectives

Domain 6.0: Manage, optimize, and troubleshoot the network

  • We explore the tools and steps you can implement to troubleshoot and resolve network issues using hands-on labs and a preparation exam. 


  • We recommend having a solid foundation of AWS and the services it has to offer before engaging with this learning path. 


April 9, 2018 - Added Certification Preparation Exam


What is AWS Advanced Networking?

The AWS Advanced Networking Specialty is designed for people who create and execute complex networking tasks. The exam focuses on advanced skills in planning and applying AWS and hybrid IT network architectures.

What is the purpose of VPN?

Virtual Private Networks (VPN) provides the strongest security for remote, private networks to connect to the Internet. VPNs are exceptional at allowing users to work from home yet still have the same access as if they were in the office.

What is VPC in AWS?

Virtual Private Cloud (VPC) provides a launching point for AWS resources into a virtual network. By using AWS with the VPC, users can access their own data center with the scalable infrastructure provided by AWS.

How many VPC can be created in AWS?

A VPC can handle any number of Amazon EC2 instances, so long as it has enough space for each IP address. There is a limit of 20 Amazon EC2 instances that can be launched to start, with a maximum of over 65,000 IP addresses. 

What are the components of an Amazon VPC?

An Amazon VPC consists of eight separate objects:

  • Virtual Private Cloud
  • Subnet
  • Internet Gateway
  • NAT Gateway
  • Virtual Private Gateway
  • Peering Connection
  • VPC Endpoints
  • Egress-only Internet Gateway

What is the difference between a VPN, VPS, and VPC?

A VPN is a secure network of systems that are accessible through public access such as the internet. Users can exchange information across a public network, though they are linked directly to a private one. A virtual private server (VPS) allows users to share computer resources on a single data center. The data center is partitioned to create instances (another term for VPS) that function independently. A VPC is similar to the VPS except that instead of using one data center, the VPC uses a cloud of servers to provide the necessary space requirements.


Your certificate for this learning path

Training Content

Course - Intermediate - 5m
Networking Specialty Learning Path - Introduction
This course introduces the AWS Advanced Networking – Specialty Certification Preparation learning path.
Course - Beginner - 1h 17m
Working with AWS Networking and Amazon VPC
This course gives you an overview of the AWS Virtual Private Cloud and its associated networking components.
Course - Advanced - 1h 19m
AWS Virtual Private Cloud: Subnets and Routing
This course looks at how to design your AWS Virtual Private Cloud through the use of different VPC Subnet and Routing configurations.
Exam - 35m
Knowledge Check: Working with AWS Networking and Amazon VPC
Knowledge Check: Working with AWS Networking and Amazon VPC
Hands-on Lab - Beginner - 2h 35m
Securing your VPC using Public and Private Subnets
Learn how to increment the network security creating a public and private subnet on VPC and filter traffic using network ACL
Course - Advanced - 1h 6m
Amazon VPC IPSec VPNs- Understanding, Building and Configuring
In this course, you'll be introduced to the IPsec security protocol and understand what it is and why and where it is useful.
Hands-on Lab - Advanced - 2h
Set Up VPC Peering between Amazon Virtual Private Clouds (VPCs)
Set up VPC peering between Amazon Virtual Private Clouds, leverage Amazon Route 53 private hosted zones, and diagnose network issues with VPC flow logs in this Lab
Hands-on Lab - Advanced - 2h 15m
VPN Connections with an Amazon VPC Using Dynamic Routing
Set Up VPN Connections with an Amazon Virtual Private Cloud using dynamic routing (BGP), and manage traffic using multi-homed routers
Course - Advanced - 23m
OSI and TCP/IP Networking Models
In this course, you'll gain an understanding of both OSI and TCP/IP networking models, architecting, and operating large scale networks.
Course - Advanced - 32m
Jumbo Frames - Understanding, Building and Configuring
In this course, you'll be introduced to Jumbo Frames, the effect Jumbo Frames have when configured, and their use cases.
Course - Advanced - 34m
IPv4 - Internet Protocol version 4 - In-depth Review
This course performs an in-depth review of the IPv4 protocol including general IPv4 networking concepts and detailed explanations of its key parts.
Quiz - Intermediate - 9m
Course - Beginner - 23m
Using Amazon Route 53 to Route End Users to Internet Applications
In this course, you will be introduced to Amazon Route 53 and learn how it helps you register a domain name and manage it worldwide.
Course - Intermediate - 32m
Working with Amazon CloudFront
This course explains the various features and use cases of Amazon CloudFront and includes a walkthrough of how to create a Web Distribution.
Hands-on Lab - Beginner - 1h 15m
Configuring a Static Website With S3 And CloudFront
In this lab, you'll learn how to configure static website hosting on Amazon S3 and configure static websites to work with CloudFront distributions.
Hands-on Lab - Beginner - 1h 30m
Serve your files using the CloudFront CDN
Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments.
Course - Intermediate - 9m
The Difference Between Authentication, Authorization, and Access Control in AWS
This course explores the differences between authentication, authorization, and access control in order to control access to your cloud resources effectively and with the appropriate level of security.
Course - Intermediate - 30m
Authorization Controls in AWS
This course looks at some of the different methods that AWS implements to authorize access within your AWS account.
Course - Intermediate - 25m
AWS Authentication Mechanisms
In this course, we shall be looking at how AWS provides many different means of authentication.
Quiz - Intermediate - 9m
Authentication, Authorization & Accounting
Authentication, Authorization & Accounting
Course - Beginner - 1h 5m
Using Elastic Load Balancing & EC2 Auto Scaling to Support AWS Workloads
This course explains how to implement both ELB and EC2 Auto Scaling and how they work together.
Course - Intermediate - 1h 9m
AWS CloudTrail: An Introduction
This course provides an introduction to the AWS CloudTrail service, looking at all its features and components.
Quiz - Intermediate - 9m
AWS CloudTrail Intermediate
AWS CloudTrail Intermediate
Course - Intermediate - 1h 12m
AWS Config: An Introduction
In this course, you'll learn how AWS Config allows you to have visibility of your entire AWS infrastructure from a configuration perspective.
Quiz - Intermediate - 9m
AWS Config Intermediate
AWS Config Intermediate
Course - Intermediate - 38m
Intrusion Detection and Prevention on Amazon Web Services
This course covers the fundamentals of intrusion detection and prevention on Amazon Web Services.
Course - Intermediate - 54m
Amazon Inspector
In this course, you'll learn about Amazon Inspector and its components, as well as watch a demonstration on how to configure it.
Course - Advanced - 1h 10m
Advanced Techniques for AWS Monitoring, Metrics and Logging
This course teaches advanced techniques for logging on AWS, going beyond the basic uses of CloudWatch Metrics, CloudWatch Logs, and health monitoring systems.
Course - Advanced - 39m
Using AWS X-Ray to monitor a Node.js App Deployed with Docker Containers
This course demonstrates how to implement a locally hosted Microservices based Node.js application using Docker containers.
Hands-on Lab - Intermediate - 1h
Governing AWS Accounts with AWS Config and AWS CloudTrail
Learn about the basic techniques and technologies for the governance of enterprise AWS accounts. This Lab covers how to use AWS Config Rules, IAM monitoring techniques, AWS CloudTrails, and core reporting tools.
Hands-on Lab Challenge - Intermediate - 1h
Implement Amazon VPC High Availability Best Practices
In this lab challenge, you will be assessing your practical ability to design for high availability and identify single points of failure in a production-like AWS environment.
Hands-on Lab Challenge - Advanced - 1h 15m
Code Red: Repair an AWS Environment with a Linux Bastion Host
In this lab, you will be assessing your ability to troubleshoot AWS networking and security issues in a production-like environment.
Course - Intermediate - 1h 15m
Managing Cloud Networking at Scale - Chalk Talk with Aviatrix
In this course, you'll learn how you can solve some of the common issues that can occur when running cloud networking at scale.
Course - Intermediate - 5m
Networking Specialty Learning Path - Conclusion
This course concludes the AWS Advanced Networking – Specialty Certification Preparation learning path.
Exam - 3h
Cert Prep: Certified Advanced Networking - Specialty for AWS
Cert Prep: Certified Advanced Networking - Specialty for AWS
About the Author
Learning paths172

Andrew is fanatical about helping business teams gain the maximum ROI possible from adopting, using, and optimizing Public Cloud Services. Having built  70+ Cloud Academy courses, Andrew has helped over 50,000 students master cloud computing by sharing the skills and experiences he gained during 20+  years leading digital teams in code and consulting. Before joining Cloud Academy, Andrew worked for AWS and for AWS technology partners Ooyala and Adobe.