Advanced AWS focus: Learn to design, package, secure and operate containerized apps with ECS, EKS and Lambda.
Hands-on labs cover registries, networking, IAM, observability and deployment trade‑offs.
Deep dive into Lambda containers with packaging, performance tuning and cost optimization.
Gain practical experience via ~70% hands‑on exercises in real AWS accounts.
How this course helps: clarity on ECS vs. EKS vs. Lambda choices and security‑first operations.
Who it’s for: designed for developers and platform engineers with AWS basics.
By the end, you’ll be confident deploying and managing containers serverlessly on AWS.
Curriculum
Day 1 – Images & Registries with ECR, then ECS foundations
- Recap: container build pipeline (multi-stage builds, minimal base images)
- Amazon ECR: repositories, lifecycle policies, image scanning, replication, immutable tags, encryption
- Signing & SBOMs (overview): cosign, Syft/Grype; provenance basics
- Hands-on: build, tag, scan and push to ECR; automate login with IAM
- Amazon ECS overview: clusters, tasks, services; Fargate vs. EC2 launch types
- Task definitions: CPU/memory, env vars, secrets, logs; execution vs. task role
- Networking models, service discovery, and load balancing (ALB + target groups)
- Hands-on: deploy a service on Fargate behind an ALB; rolling vs. blue/green (brief)
Day 2 – EKS essentials for app teams
- Amazon EKS control plane, node groups and Fargate profiles (when to use which)
- Cluster auth with IAM; IRSA (IAM Roles for Service Accounts)
- Ingress with ALB Ingress Controller or NGINX; Service types; DNS integration
- Config & security: Secrets, ConfigMaps, SecurityContext and Pod-level permissions
- Observability: Container Insights, CloudWatch, ADOT/OpenTelemetry (overview)
- Hands-on: create an EKS cluster, deploy a sample app, expose it via Ingress
Day 3 – Running containers on AWS Lambda (deep focus)
- Lambda container images: base images, runtime interface client (RIE), entrypoint/CMD expectations
- Image size and performance tips; multi-arch (x86_64/arm64); ephemeral storage and /tmp usage
- Packaging: environment variables, layers vs. images; including native deps
- Networking/VPC configuration, EFS mounts, and concurrency controls
- Event sources (API Gateway, SQS, EventBridge, Function URLs); retries and DLQs
- Observability and cost: CloudWatch Logs/Metrics, X-Ray traces, provisioned concurrency
- Hands-on: package a container for Lambda, push to ECR, deploy with SAM/CDK; test and profile
- Deployment strategies and rollbacks; versioning & aliases; gradual traffic shifting
Operations & cost (cross-cutting)
- CloudWatch dashboards/alarms, logs retention; tracing with X-Ray/ADOT (overview)
- Security and governance: IAM boundaries, Secrets Manager/Parameter Store, registry policies
- Cost levers: Fargate vs. EC2, ARM vs. x86, image sizes and data transfer considerations
Optional modules
Optional – Advanced patterns
- Blue/green and canary deployments with CodeDeploy (ECS) and weighted aliases (Lambda)
- GitOps (Argo CD/Flux) for EKS (read-only intro)
- Service mesh (App Mesh) – when and why
Course Day Structure
- Part 1: 09:00–10:30
- Break: 10:30–10:45
- Part 2: 10:45–12:15
- Lunch break: 12:15–13:15
- Part 3: 13:15–15:15
- Break: 15:15–15:30
- Part 4: 15:30–17:30