AWS GovCloud Migration for DoD IT Professionals

Description

This three-day, instructor-led course prepares DoD IT professionals to plan, execute, and sustain migrations to AWS GovCloud US at Impact Level 4 (IL4) and IL5. Participants build directly on the AWS Solutions Architect Associate (SAA-C03) foundation — every module assumes that baseline knowledge and advances into GovCloud-specific architecture, compliance, and operational patterns that commercial AWS training does not cover. By the end of the course, participants can assess a DoD workload for GovCloud readiness, design a compliant architecture using DISA CC SRG and FedRAMP High controls, execute server and database migrations using AWS migration services, harden migrated workloads to DISA STIG requirements using EC2 Image Builder and Systems Manager, and implement the continuous monitoring posture required to sustain an Authority to Operate. NOTE: This course does not repeat content covered in LF-10150 (AWS Solutions Architect Associate — SAA-C03). Participants are expected to have passed or be preparing for the SAA-C03 exam. Core services (VPC, IAM, EC2, S3, RDS, Lambda, CloudFormation) are used but not re-taught — the focus is on how they behave differently in GovCloud and how to configure them to DoD compliance standards.

Who This Course Is For

• DoD IT professionals who have completed the AWS Solutions Architect Associate (LF-10150 or equivalent)
• Cloud engineers and system architects working on DoD cloud migration programs
• Information System Security Officers (ISSOs) and Information System Security Engineers (ISSEs) supporting ATO processes
• Cloud administrators supporting IL4 or IL5 GovCloud environments
• DoD IT contractors supporting migration and operations on behalf of a DoD agency

What You Will Learn

• Describe the architectural isolation, service availability constraints, and DISA Provisional Authorization model of AWS GovCloud US, and apply DISA CC SRG and FedRAMP High control responsibilities to workload classification at IL4 and IL5.
• Design a GovCloud identity and network architecture that integrates CAC/PIV authentication through SAML federation, enforces DISA STIG network segmentation requirements, and establishes TIC 3.0-compliant connectivity from DoD on-premises networks to GovCloud.
• Conduct a GovCloud migration readiness assessment using AWS discovery tools, apply 7R migration strategies to DoD workloads with compliance and ATO timeline as binding constraints, and produce a sequenced migration wave plan with rollback criteria.
• Execute server, database, and bulk data migrations using AWS migration services with FIPS 140-3 endpoint configuration applied, and validate migrated workloads against IL4/IL5 baseline controls prior to production cutover.
• Implement post-migration security hardening for GovCloud workloads using DISA STIG hardening components in EC2 Image Builder and Systems Manager, automate compliance baseline enforcement with Config conformance packs aligned to FedRAMP High and NIST SP 800-53, and configure GuardDuty for threat detection.
• Configure the mandatory logging, tagging, cost governance, continuous monitoring, and incident response capabilities required to sustain a FedRAMP-authorized GovCloud environment and support POA&M-based ATO maintenance.

Prerequisites

• AWS Certified Solutions Architect — Associate (SAA-C03) certification or documented equivalent experience
• Working knowledge of IAM, VPCs, EC2, S3, RDS, and CloudFormation from commercial AWS
• Basic familiarity with DoD IT concepts (classification levels, STIG, ATO) — course provides all required compliance context
• Access to a standard commercial AWS account with administrative IAM permissions for hands-on labs
• AWS CLI installed and configured before Day 1
• 💡 *Recommended:* We recommend the use of a personal laptop and dual screens when taking this hands-on course.

Delivery Options

• Live, instructor-led