Master AWS, Docker, Kubernetes, Terraform, Jenkins, and the full DevOps toolchain. The role that every tech company urgently needs — and pays top salary for.
Every software company today runs on the cloud — and they need engineers who can build, deploy, scale, and monitor systems reliably. Cloud & DevOps engineers bridge the gap between development and operations, using automation to replace slow, error-prone manual processes with fast, repeatable pipelines.
This programme covers the full modern DevOps stack: Linux, AWS, Docker, Kubernetes, Terraform (Infrastructure as Code), Jenkins & GitHub Actions (CI/CD), Ansible (configuration management), Prometheus & Grafana (monitoring), and ELK Stack (logging). You'll work on real cloud infrastructure — not simulations — from day one.
By graduation you'll hold hands-on experience equivalent to 1–2 years on the job, and be fully prepared for AWS Solutions Architect Associate, AWS DevOps Professional, and CKA (Kubernetes Administrator) certifications.
Structured across 5 progressive phases — from Linux basics to running production Kubernetes clusters on AWS. Every module includes hands-on labs in real cloud environments, not sandboxes.
File system hierarchy (/etc, /var, /opt, /usr). Essential commands: grep, awk, sed, find, xargs, curl, wget, tar, chmod, chown, ps, top, htop, netstat, ss. Shell scripting with Bash — variables, loops, conditionals, functions, cron jobs, exit codes, piping & redirection. Systemd service management. User & group permissions model. SSH keys & secure remote access.
TCP/IP model, DNS resolution, HTTP/HTTPS, TLS certificates (Let's Encrypt, ACM). IP addressing, subnets, CIDR notation. Load balancers (L4 vs L7), reverse proxies. Nginx and Apache configuration — virtual hosts, SSL termination, rate limiting, upstream servers. Firewall rules with UFW and iptables. VPNs and private networking concepts.
Git internals (objects, refs, commits, trees). Advanced Git: interactive rebase, cherry-pick, bisect, stash, reflog, worktrees. Branching strategies: GitFlow, trunk-based development, GitHub Flow. Monorepo vs polyrepo. Conventional commits, semantic versioning, CHANGELOG automation. GitHub — pull requests, branch protection rules, CODEOWNERS, merge queues.
Container vs VM differences. Docker Engine, containerd, runc. Images vs containers. Dockerfile — FROM, RUN, COPY, ADD, ENV, ARG, EXPOSE, ENTRYPOINT vs CMD, HEALTHCHECK, multi-stage builds. Docker image layers & caching strategy. .dockerignore. Building small, secure images. Running, stopping, removing containers. Port mapping, volume mounts, environment variables.
docker-compose.yml — services, networks, volumes, depends_on, healthchecks, environment files. Composing a full stack: React app + Node API + PostgreSQL + Redis + Nginx. Compose profiles for dev vs prod. Override files. Named volumes vs bind mounts. Container networking — bridge, host, overlay networks. Docker secrets management.
Docker Hub — public/private repositories, automated builds. Amazon ECR — push/pull with IAM roles, image scanning, lifecycle policies. GitHub Container Registry (GHCR). Image tagging strategies (latest, semantic, SHA-based). Trivy & Snyk for image vulnerability scanning. Signing images with Cosign & Notary. Image promotion pipelines (dev → staging → prod).
Non-root container users. Read-only file systems. Seccomp & AppArmor profiles. Capabilities — dropping unnecessary Linux capabilities. Resource limits (--memory, --cpus). Docker Bench for Security. Secrets management — avoiding ENV variables for secrets, using Docker secrets & mounted secret files. Distroless & Scratch base images.
AWS global infrastructure — Regions, AZs, Edge Locations. Shared Responsibility Model. IAM — users, groups, roles, policies (identity-based, resource-based). Least-privilege principle. IAM policy simulator. MFA & hardware tokens. AWS Organizations & SCPs. AWS CLI configuration — profiles, named profiles, environment variables. AWS CloudShell.
EC2 instance types & pricing (on-demand, reserved, spot, savings plans). AMIs — creating, sharing, marketplace. User data scripts & instance metadata. Launch Templates & Auto Scaling Groups — scaling policies (step, target tracking, scheduled). ELB — ALB, NLB, Gateway LB — target groups, health checks, HTTPS listeners. AWS Lambda — runtime, handlers, layers, environment variables, VPC integration, cold starts, provisioned concurrency.
VPC architecture — subnets (public/private), route tables, Internet Gateway, NAT Gateway, VPC peering, Transit Gateway. Security Groups vs NACLs. VPC Endpoints (Interface & Gateway). Route 53 — hosted zones, routing policies (simple, weighted, latency, failover, geolocation). CloudFront — distributions, origins, behaviours, cache policies, origin access identity, custom error pages, edge functions.
S3 — bucket policies, ACLs, versioning, lifecycle rules, replication (CRR/SRR), S3 Select, event notifications, presigned URLs. S3 static website hosting. EBS volume types & snapshots. EFS — NFS for Lambda & EC2. RDS — Multi-AZ, read replicas, parameter groups, option groups, automated backups, RDS Proxy. Aurora Serverless v2. DynamoDB — partition keys, sort keys, LSI/GSI, streams, DAX, TTL, transactions, on-demand vs provisioned capacity.
CloudWatch Metrics — namespaces, dimensions, statistics, math expressions. Custom metrics from applications. CloudWatch Logs — log groups, log streams, metric filters, Logs Insights queries. CloudWatch Alarms — composite alarms, SNS notifications. AWS X-Ray — traces, segments, subsegments, service map, sampling. AWS Cost Explorer, Budgets & Cost Allocation Tags. Trusted Advisor & AWS Compute Optimizer.
K8s architecture — API server, etcd, scheduler, controller manager, kubelet, kube-proxy. Pods, ReplicaSets, Deployments, StatefulSets, DaemonSets, Jobs, CronJobs. Services (ClusterIP, NodePort, LoadBalancer, ExternalName) & Ingress (nginx-ingress, AWS ALB Ingress). ConfigMaps & Secrets. Persistent Volumes & PVCs. Resource requests & limits. HPA & VPA. Rolling updates & rollbacks. Namespaces & RBAC. EKS — managed node groups, Fargate profiles, cluster autoscaler, IRSA.
HCL syntax — resources, data sources, variables, outputs, locals, modules. Terraform state — local vs remote (S3 + DynamoDB locking). Workspaces for environment separation. Terraform Cloud & Atlantis for GitOps. Provisioners. Import existing resources. Refactoring with moved blocks. Terragrunt for DRY configurations. Checkov & tfsec for security scanning. Building reusable modules. Complete AWS VPC + EKS cluster with Terraform from scratch.
Jenkins — Master/agent architecture, Jenkinsfile (declarative & scripted pipelines), shared libraries, multibranch pipelines, Blue Ocean UI, plugins ecosystem (SonarQube, Nexus, Slack notifications). GitHub Actions — workflows, jobs, steps, runners (hosted & self-hosted), matrix builds, reusable workflows, environments & protection rules, OIDC with AWS. Complete pipeline: code push → lint → test → build Docker image → scan → push to ECR → deploy to EKS → smoke test → notify.
Ansible architecture — control node, managed nodes, inventory (static & dynamic). Playbooks, tasks, handlers, variables, templates (Jinja2). Roles — galaxy, directory structure, dependencies. Ansible Vault for secrets. Dynamic inventory with AWS EC2 plugin. Idempotency principles. Configuring 10-node clusters automatically. AWX (open-source Ansible Tower) for enterprise workflows. Comparison with Chef, Puppet, SaltStack.
Prometheus — architecture, scrape configs, PromQL (counters, gauges, histograms, summaries), alerting rules, Alertmanager (routes, receivers, inhibitions, silences). Node Exporter, Blackbox Exporter, custom application metrics. Grafana — dashboards, panels, variables, alerts, provisioning. Loki for log aggregation with Promtail. ELK Stack — Elasticsearch indexing & querying, Logstash pipelines & filters, Kibana dashboards & visualisations. OpenTelemetry for distributed tracing.
DevSecOps — shifting security left. SAST with SonarQube & Semgrep. Dependency scanning with Dependabot & Snyk. DAST with OWASP ZAP. Secrets scanning with GitLeaks & TruffleHog. AWS Security Hub, GuardDuty, Config. SRE principles — SLIs, SLOs, SLAs, error budgets, toil reduction. Chaos engineering with Chaos Monkey. Capstone: design, provision, deploy, monitor, and present a full production-grade microservices architecture on AWS EKS with complete CI/CD, IaC (Terraform), and observability stack.
Every project runs on real AWS — no sandbox simulators. Your AWS bills are covered during training.
Containerise a 4-service application (frontend, API, DB, cache) with Docker Compose, health checks, and Nginx reverse proxy.
DockerBuild a highly available web app: ALB → EC2 Auto Scaling → RDS Multi-AZ — with VPC, security groups, Route53, and CloudFront CDN.
AWSProvision a complete VPC, EKS cluster, RDS, S3, and IAM roles using modular Terraform — stored in remote state with S3 + DynamoDB.
TerraformGitHub Actions pipeline: test → SonarQube scan → Docker build → ECR push → Helm deploy to EKS → Slack notification.
CI/CDDeploy Prometheus + Grafana + Loki + Alertmanager on Kubernetes. Build dashboards, alerts, and runbooks for a production app.
MonitoringEnd-to-end: microservices on EKS, Terraform IaC, GitHub Actions CI/CD, monitoring, autoscaling, and security scanning — all documented.
CapstoneLimited seats per batch. Includes a free 30-min career counselling session.