This lab is currently in Beta, content may be updated as we refine the material
LABADVANCED

Multi-Account Landing Zone Governance

Simulate enterprise governance using IAM policies, resource tagging, S3 bucket policies, and AWS Config rules to enforce compliance controls within a single AWS account.

45 minutes
cloud/aws
Multi-Account Landing Zone Governance - Platform Engineering Hands-On Lab Icon
Share this Lab

Lab Overview

Enterprise governance is critical for the SAP-C02 exam. This lab lets you practice governance patterns available within a single account. Design a standardized tagging strategy and query tagged resources. Create customer-managed IAM policies that enforce tag-on-create and restrict actions based on resource tags. Implement S3 governance with bucket policies enforcing encryption and TLS, plus access logging. Build a compliance dashboard with AWS Config rules, CloudWatch dashboards with custom metrics, and SNS alarms for low compliance thresholds.

What You'll Learn

Design and implement a resource tagging strategy with Resource Groups and Tag Editor

Create and test IAM policies that enforce tag-on-create and attribute-based access control

Implement S3 governance controls including bucket policies, encryption enforcement, and access logging

Build a compliance dashboard with AWS Config rules, CloudWatch dashboards, and SNS alarms

Prerequisites

Understanding of IAM policies, S3 bucket policies, and AWS tagging

Familiarity with CloudWatch metrics, dashboards, and AWS Config concepts

Technologies Covered

awssap-c02governanceiamconfigs3taggingcompliancecloudwatch

Choose your plan

Simple, Transparent Pricing

Unlock full access to TeKanAid courses, labs, and bootcamps

Buying for a team? Private corporate training is available for up to 15 learners.View team training
MonthlyQuarterly
Try Premium free for 7 days →

Just exploring? Start free below. Want the full experience? Try Premium free for 7 days (card required, $0 today).

Pro

All courses, with lab scripts to run on your own machine

$59/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Full access to all courses
  • Lab scripts to download and run on your own machine (hosted labs not included)
  • Progress tracking
  • Certificate of completion
  • Community access
  • Bootcamp participation
  • New content access
Recommended

Premium

Full access, including unlimited hosted labs

$99/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Everything in Pro
  • Unlimited hands-on labs, fully hosted on TeKanAid Academy (nothing to set up)
  • Lab AI Assistant
  • Accelerator bootcamps with live office hours
  • Priority support
Get Access Now

Prefer a single course?

Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.

Browse Courses

Just exploring? Start free, no account needed

Three free ways to start. All bridge into the paid Premium catalog when you're ready.

▶ Start with free courses and labs🧩 Solve your first free puzzle📧 Get the free email crash course

Not ready to commit? The crash course is email-only. No academy account required.

Ready to Get Started?

Start this hands-on lab and build real-world Platform Engineering skills

Get Access Now