DEV Community: Ikoh Sylva

AltSchool Of Engineering Tinyuka’24 Month 12 Week 5

Ikoh Sylva — Sun, 22 Feb 2026 11:06:45 +0000

You shouldn’t be missing the previous session’s but if you did, here it is. I would love to use this medium to say a big Congratulations!!! to everyone who has supported this journey thus far Thank you.

A Heartfelt Thank You & A New Beginning

I would love to take a moment to say a huge congratulations to everyone who has supported this journey in one way or another the cheers, the encouragement, the motivation to keep going even when it wasn’t getting easier, and those subtle pushes at the right moments. Every message, comment, and show of support truly mattered. Thank you.

This marks the official end of my time at AltSchool, where I committed myself to the journey of becoming a world-class cloud engineer.

Over the past one year 52 weeks to be precise, I have shared knowledge consistently every single week, breaking down concepts taught in class and documenting the learning process in real time. If you’ve been following closely throughout this journey, then a huge congratulations to you as well you now have a solid foundation and the tools required to succeed as a cloud engineer.

This wasn’t just about completing a program. It was about building discipline, consistency, and clarity in a field that often feels overwhelming. And together, we showed up.

Next Steps: Moving Forward Together

“This is not the end, it’s a transition.”
As a community, I’d love for us to stick around as I move into the next phase: building real-world cloud engineering projects from basic to advanced. I’ll be sharing everything along the way: the wins, the challenges, the lessons learned, and the decisions made.

You can expect:

Hands-on cloud projects
Real-world scenarios and implementations
Practical insights and “nuggets of wisdom”
Lessons learned from each build
Consistent posts (about 2–3 times a month, depending on project complexity)
I’m also thinking of incorporating AI and AI Agents as it relates to cloud

Over time, my goal is for us to build an archive of meaningful, practical cloud projects something truly valuable and worthy of recognition.

The Bigger Picture

The ultimate goal is simple: to help as many people as possible break into tech and cloud engineering in particular without the confusion that comes from information overload.

If you show up consistently, do the work that needs to be done, and follow the guided path being laid out here, you’ll be well-equipped to thrive in whatever cloud role you find yourself in.

Once again, thank you for being part of this journey. Here’s to growth, clarity, and the exciting road ahead.

I encourage you to dive deeper into the concepts we've discussed over time and continue practicing to refine your skills. A Huge Congratulations! to you as this marks the end of our cloud journey with AltSchool Africa. If you also found this interesting and would love to take the next steps in the application process do use my referral link below;

Apply here or use this Code: W2jBG8 during the registration process and by so doing, you will be supporting me and also getting a discount!

Special Offer: By signing up through the link and using the code shared, you’ll receive a 10% discount!

Don’t miss out on this opportunity to transform your future and also save while doing it! Let’s grow together in the tech space. Also feel free to reach out if you need assistance or clarity regarding the program.

I would love to hear your feedback and insights. Please leave a comment below to join the conversation!

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.
For those who may not be familiar, Sanjeev Kumar brings over 20 years of hands-on experience across multiple domains and every phase of product delivery. He is known for his strong architectural mindset, with a deep focus on Automation, DevOps, Cloud, and Security.

Sanjeev has extensive expertise in technology assessment, working closely with senior leadership, architects, and diverse software delivery teams to build scalable and secure systems. Beyond industry practice, he is also an active educator, running a YouTube channel dedicated to helping professionals successfully transition into DevOps and Cloud careers.

This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.
Do refer below for the link with a dedicated discount automatically applied at checkout;

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 12 Week 4

Ikoh Sylva — Sat, 14 Feb 2026 15:31:22 +0000

If you missed our previous session, you can always catch up here. This week, we went hands on again. This time more intermediate level with Highly Available Web Application on AWS. Let’s get to it, shall we?

Highly Available Web Application on AWS

Project Overview

In this project, you will design and deploy a highly available, scalable web application architecture on AWS using managed services and Infrastructure-as-Code principles.

You will:

Build a custom VPC
Deploy EC2 instances across multiple Availability Zones
Use an Application Load Balancer
Implement Auto Scaling
Apply security best practices
Monitor the system using CloudWatch

This mirrors how production web applications are deployed in the cloud.

Skills You Will Gain

AWS networking (VPC, subnets, routing)
High availability design
Load balancing and auto scaling
Security groups & IAM roles
Basic monitoring and alerting
Infrastructure design thinking

Architecture Overview

Internet
   |
Application Load Balancer
   |
-----------------------------
|                           |
EC2 (AZ-1)              EC2 (AZ-2)
   |                       |
Auto Scaling Group (ASG)
   |
CloudWatch Monitoring

Prerequisites

AWS account
Basic Linux knowledge
Familiarity with EC2 and VPC concepts
SSH key pair
AWS Free Tier (mostly)

Project Components

Custom VPC
2 public subnets (different AZs)
Internet Gateway
Route Table
Security Groups
Launch Template
Auto Scaling Group
Application Load Balancer
CloudWatch alarms

Step 1: Create a Custom VPC

CIDR block: 10.0.0.0/16
Enable DNS resolution

Why?

Network isolation
Full control over routing

Step 2: Create Subnets

Public Subnet 1: 10.0.1.0/24 (AZ-1)
Public Subnet 2: 10.0.2.0/24 (AZ-2)

These allow traffic from the internet.

Step 3: Internet Gateway & Routing

Attach Internet Gateway to VPC
Route 0.0.0.0/0 → Internet Gateway

This enables public access.

Step 4: Security Groups

Load Balancer SG

Allow HTTP (80) from anywhere
EC2 SG
Allow HTTP (80) from Load Balancer SG only
Allow SSH (22) from your IP

This limits exposure.

Step 5: Launch Template

Amazon Linux 2
Instance type: t2.micro
User data installs and starts Nginx:

#!/bin/bash
yum update -y
yum install nginx -y
systemctl start nginx
systemctl enable nginx
echo "<h1>Server running in $(hostname)</h1>" > /usr/share/nginx/html/index.html

Step 6: Auto Scaling Group

Minimum: 2 instances
Desired: 2
Maximum: 4
Attach to public subnets

This ensures high availability.

Step 7: Application Load Balancer

Internet-facing
Listener on port 80
Forward traffic to ASG

Test by opening the ALB DNS name.

Step 8: CloudWatch Monitoring

Monitor EC2 CPU utilization
Create alarm:
Scale out if CPU > 70%
Scale in if CPU < 30%

This adds automatic scaling logic.

Expected Outcome

Web app accessible via Load Balancer
Instances spread across AZs
Auto scaling responds to load
Fault tolerance if one instance fails

Why This Is an Intermediate-Level Project

✔ Uses multiple AWS services
✔ Implements real architecture patterns
✔ Introduces scaling & monitoring
✔ Teaches cloud design principles
✔ Not overly complex

Clean-Up (Important!)

After testing:

Delete Auto Scaling Group
Delete Load Balancer
Terminate EC2 instances
Delete VPC

Avoid unnecessary costs.

Optional Enhancements (If You Want More)

Add HTTPS (ACM)
Add private subnets + NAT Gateway
Use Terraform instead of Console
Store logs in CloudWatch Logs
Add S3 for static assets

I encourage you to dive deeper into the concepts we've discussed over time and continue practicing to refine your skills. If you have read all the way to this point thank you So much! And a Huge Congratulations! to you as this marks the end of our cloud journey with AltSchool Africa. I appreciate the effort. If you also found this interesting and would love to take the next steps in the application process do use my referral link below;

Apply here or use this Code: W2jBG8 during the registration process and by so doing, you will be supporting me and also getting a discount!

Special Offer: By signing up through the link and using the code shared, you’ll receive a 10% discount!

I would love to hear your feedback and insights. Please leave a comment below to join the conversation!

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

For those who may not be familiar, Sanjeev Kumar brings over 20 years of hands-on experience across multiple domains and every phase of product delivery. He is known for his strong architectural mindset, with a deep focus on Automation, DevOps, Cloud, and Security.

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 12 Week 3

Ikoh Sylva — Sun, 08 Feb 2026 12:10:18 +0000

If you missed our previous session, you can always catch up here. This week, we are going hands on with Automated Web Server Setup with Security Hardening. Let’s get to it, shall we?

Automated Web Server Setup with Security Hardening

Project Overview

In this project, you will use Ansible to automatically:

Provision and configure multiple web servers
Use roles for clean project structure
Install and configure Nginx
Deploy a dynamic HTML page using Jinja2
Secure the server with UFW
Enable HTTPS (TLS/SSL) using Certbot
Restart services automatically using handlers
Make the setup cloud-ready (AWS EC2 compatible)

This mirrors how DevOps teams actually automate servers in production.

What You Will Learn

By completing this project, you will understand:

Ansible inventory management
Playbooks and tasks
Modules (apt, user, copy, service, ufw)
Idempotency
Basic security automation
Running Ansible against multiple hosts

This introduces;

Ansible Roles
Handlers
Jinja2 Templates
HTTPS with Certbot (Let’s Encrypt)
Cloud-ready structure (AWS EC2 compatible)

Project Architecture

Control Node (Ansible)
        |
        |--- SSH
        |
-------------------------
|       |       |       |
Web1   Web2   (Optional) Web3

Prerequisites

1 Ansible control node (Linux)
2 Linux servers (Ubuntu recommended)
SSH access between control node and servers
Basic Linux knowledge

Project Structure (Industry Standard)

ansible-web-project/
├── inventory
├── playbook.yml
├── group_vars/
│   └── webservers.yml
└── roles/
    └── webserver/
        ├── tasks/
        │   └── main.yml
        ├── handlers/
        │   └── main.yml
        ├── templates/
        │   └── index.html.j2
        └── files/

Step 1: Inventory (Cloud-Ready)

[webservers]
web1 ansible_host=18.210.12.10
web2 ansible_host=3.92.55.23

[all:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/aws-key.pem

Works locally
Works on AWS EC2
No changes needed later

Step 2: Variables (group_vars)

Create group_vars/webservers.yml:

app_user: appuser
http_port: 80
domain_name: example.com
email: admin@example.com
Variables make the project flexible and reusable.

Step 3: Main Playbook

playbook.yml:

- name: Configure Production Web Servers
  hosts: webservers
  become: yes

  roles:
    - webserver

Clean. Simple. Scalable.

Step 4: Role Tasks

roles/webserver/tasks/main.yml

- name: Update system packages
  apt:
    update_cache: yes

- name: Install required packages
  apt:
    name:
      - nginx
      - ufw
      - certbot
      - python3-certbot-nginx
    state: present

- name: Create application user
  user:
    name: "{{ app_user }}"
    shell: /bin/bash

- name: Allow HTTP and HTTPS
  ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - "80"
    - "443"

- name: Enable firewall
  ufw:
    state: enabled

- name: Deploy website template
  template:
    src: index.html.j2
    dest: /var/www/html/index.html
  notify: Restart Nginx

- name: Ensure Nginx is running
  service:
    name: nginx
    state: started
    enabled: yes

Step 5: Handlers (Automatic Restarts)

roles/webserver/handlers/main.yml

- name: Restart Nginx
  service:
    name: nginx
    state: restarted

Handlers only run when changes occur → efficient & safe.

Step 6: Jinja2 Template (Dynamic Website)

roles/webserver/templates/index.html.j2

<!DOCTYPE html>
<html>
<head>
  <title>{{ inventory_hostname }}</title>
</head>
<body>
  <h1>🚀 Deployed with Ansible</h1>
  <p>Server: {{ inventory_hostname }}</p>
  <p>Managed by Ansible automation</p>
</body>
</html>

Each server now shows its own hostname (proof of automation).

Step 7: Enable HTTPS (Certbot)

Add to tasks/main.yml (after Nginx setup):

- name: Obtain SSL certificate
  command: >
    certbot --nginx
    -d {{ domain_name }}
    --non-interactive
    --agree-tos
    -m {{ email }}
  notify: Restart Nginx

This:

Secures your site
Enables HTTPS automatically
Matches production setups

⚠️ Requires a real domain pointing to the server IP.

Step 8: Run the Project

ansible-playbook -i inventory playbook.yml

Final Outcome

✔ Web servers configured consistently
✔ Nginx installed and secured
✔ Firewall enabled
✔ HTTPS enabled
✔ Dynamic content deployed
✔ Fully automated
✔ Cloud-ready

You now have a real DevOps-grade automation project.

AWS EC2 Compatibility (Important)

This project works unchanged on AWS EC2 if:

Instances allow ports 80 & 443
Security groups are configured
SSH key is set in inventory

This makes it perfect for:

AWS labs
Portfolio projects
Interview demos

Why This Project Is Portfolio-Worthy

This demonstrates:

Configuration management
Security automation
Infrastructure as Code principles
Production thinking
Clean Ansible design

Many junior DevOps roles expect exactly this level.

Next Possible Upgrades (Optional)

If you want to go even further later:

Integrate Terraform + Ansible
Add monitoring with CloudWatch/Prometheus
Add CI/CD pipeline
Add Ansible Vault
Add Load Balancer (ALB/Nginx)

I encourage you to dive deeper into the concepts we've discussed and continue practicing to refine your skills. If you have read all the way to this point thank you So much! I appreciate the effort. If you also found this interesting and would love to take the next steps in the application process do use my referral link below;

Apply here or use this Code: W2jBG8 during the registration process and by so doing, you will be supporting me and also getting a discount!

Special Offer: By signing up through the link and using the code shared, you’ll receive a 10% discount!

I would love to hear your feedback and insights. Please leave a comment below to join the conversation!

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 12 Week 2

Ikoh Sylva — Sun, 01 Feb 2026 07:31:19 +0000

If you missed our previous session, you can always catch up here. This week, we took an even deeper dive into Monitoring, Observability, Release Management, and Incident Management Explained. Let’s continue, shall we?

Monitoring, Observability, Release Management, and Incident Management Explained

Modern software systems are no longer simple, single-server applications. Today’s platforms are distributed, cloud-native, and constantly evolving. To keep these systems reliable, secure, and performant, engineering teams rely on four critical operational pillars:

Monitoring
Observability
Release Management
Incident Management

Together, these practices form the backbone of reliable system operations and DevOps maturity. This article explores each concept in depth, explains how they differ, and shows how they work together to keep systems healthy in production.

Monitoring: Knowing When Something Is Wrong

What Is Monitoring?
Monitoring is the practice of collecting, tracking, and alerting on predefined system metrics to detect issues as they happen.

Monitoring answers the question:
“Is the system working as expected?”
Key Monitoring Metrics

CPU and memory usage
Disk and network I/O
Request latency
Error rates
Service uptime

Monitoring Tools

Amazon CloudWatch
Prometheus
Datadog
Grafana
New Relic

Real-World Example
An e-commerce website monitors:

CPU usage of web servers
Database connection counts
HTTP error rates

If CPU usage exceeds 80% for five minutes, an alert is triggered and engineers are notified before customers experience downtime.

Limitations of Monitoring
Monitoring tells you that something is wrong, but not always why it happened. This is where observability comes in.

Understanding Why It Happened

What Is Observability?
Observability is the ability to understand the internal state of a system by examining its outputs logs, metrics, and traces.

Observability answers the question:
“Why is the system behaving this way?”

The Three Pillars of Observability
1. Metrics
Numerical data over time (CPU, memory, request counts).
2. Logs
Detailed event records.
Example:

ERROR: Database connection timeout for order_id=98213

3. Traces
End-to-end request paths across services.

Real-World Example
A microservices-based application experiences slow response times. Observability tools reveal:

Requests slow down at the payment service
Database query latency spikes
A recent configuration change caused inefficient queries

This insight would be impossible with monitoring alone.

Observability Tools

OpenTelemetry
Jaeger
Zipkin
Elastic Stack
Datadog APM

Delivering Changes Safely
What Is Release Management?
Release management ensures that software changes are delivered to production in a controlled, predictable, and low-risk manner.

Common Release Strategies

Blue-Green Deployments Two identical environments (blue and green). Traffic switches only when the new version is verified.
Canary Releases Release changes to a small group of users first.
Rolling Deployments Gradually replace old instances with new ones.

Real-World Example
A SaaS platform rolls out a new feature to 5% of users. Monitoring and observability confirm system stability before expanding to 100%.
Why Release Management Matters

Reduces deployment risks
Enables fast rollback
Supports continuous delivery
Protects user experience

Responding When Things Go Wrong

What Is Incident Management?
Incident management is the process of detecting, responding to, resolving, and learning from system failures.

Incident Lifecycle

Detection - Alerts from monitoring tools
Response - On-call engineers investigate
Mitigation - Rollback, scale resources, or apply fixes
Resolution - Root cause fixed
Post-Incident Review - Lessons learned documented

Real-World Example
A production outage occurs due to an expired SSL certificate. Incident management ensures:

Rapid detection via monitoring
Clear communication to stakeholders
Certificate renewal
Postmortem to prevent recurrence

Common Incident Management Tools

PagerDuty
Opsgenie
ServiceNow
Jira
Statuspage

Why These Concepts Matter for Engineers

Mastering these disciplines enables teams to:

Reduce downtime
Improve system reliability
Ship features faster
Learn from failures
Build trust with users

They are essential skills for DevOps engineers, SREs, platform engineers, and cloud professionals.

Modern systems demand more than just deployment and uptime. Monitoring, observability, release management, and incident management work together to ensure systems are reliable, understandable, and resilient even under failure.

Teams that invest in these practices don’t just fix problems faster they prevent them, learn from them, and continuously improve.

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 12 Week 1

Ikoh Sylva — Sat, 17 Jan 2026 15:45:34 +0000

If you missed our previous session, you can always catch up here. This week, we took a dive into Modern Automation and Configuration Management. Let’s get to it, shall we?

Modern Automation and Configuration Management

As IT systems grow in scale and complexity, manually configuring servers and managing infrastructure quickly becomes error-prone, slow, and unsustainable. Modern teams need automation tools that are simple, reliable, scalable, and easy to adopt.

This is where Ansible shines.

Ansible is one of the most popular configuration management and automation tools used by DevOps engineers, cloud engineers, system administrators, and platform teams. It enables teams to automate infrastructure provisioning, application deployment, configuration management, and operational tasks without agents and with minimal complexity.

What Is Ansible?

Ansible is an open-source automation tool developed by Red Hat that allows you to manage systems using simple, human-readable YAML files.

With Ansible, you can:

Configure servers
Install and update software
Deploy applications
Enforce security policies
Orchestrate complex workflows

All from a single control machine.

Why Ansible Is So Popular

Ansible stands out for several key reasons:

1. Agentless Architecture
Unlike other tools, Ansible does not require agents on managed nodes. It uses SSH (Linux) and WinRM (Windows).

Benefit:
Faster setup, fewer security concerns, and easier maintenance.

2. Simple, Human-Readable Syntax
Ansible uses YAML, which is easy to read and write.

- name: Install Nginx
  apt:
    name: nginx
    state: present

Even beginners can understand what this does.

3. Idempotency
Running the same playbook multiple times will not cause unintended changes.

Example:
If Nginx is already installed, Ansible will skip the task.

4. Powerful Yet Lightweight
Ansible scales from managing one server to thousands with minimal overhead.

Core Ansible Components

Understanding Ansible’s building blocks is key to using it effectively.

1. Control Node
The machine where Ansible is installed and from which commands are run.

2. Managed Nodes
The servers or devices Ansible manages.

3. Inventory
A list of managed nodes.

[webservers]
server1
server2

4. Modules
Reusable units of work (e.g., install packages, manage files, start services).

Examples:

apt
yum
service
copy
user

5. Playbooks
YAML files that define automation workflows.

- hosts: webservers
  tasks:
    - name: Start Nginx
      service:
        name: nginx
        state: started

6. Roles
A structured way to organize playbooks for reuse and scalability.
Example directory structure:

roles/
  web/
    tasks/
    handlers/
    templates/

How Ansible Works (Step by Step)

You write a playbook
Ansible connects to target nodes via SSH
Modules are executed remotely
System state is enforced
Results are reported back

No agents. No databases. No daemons.

Configuring a Web Server

Imagine provisioning a web server from scratch.

Tasks Ansible Can Automate

Install Nginx
Open firewall ports
Deploy HTML files
Start the service

All with one command:

ansible-playbook webserver.yml

This replaces hours of manual work with seconds of automation.

Ansible for Security and Compliance

Ansible is widely used for security hardening and compliance automation.
Examples

Enforcing CIS benchmarks
Rotating SSH keys
Disabling unused services
Auditing system configurations

Security policies become code, repeatable and auditable.

Ansible in the Cloud

Ansible integrates seamlessly with cloud platforms like:

AWS
Azure
GCP
DigitalOcean

Use Cases

Provision cloud instances
Configure load balancers
Deploy applications
Manage autoscaling environments

Ansible can even work alongside Terraform Terraform builds infrastructure, Ansible configures it.

Who Should Learn Ansible?

Ansible is ideal for:

DevOps Engineers
Cloud Engineers
Linux System Administrators
Platform Engineers
SREs
Anyone managing infrastructure at scale

Ansible has become a cornerstone of modern infrastructure automation because it is simple, powerful, scalable, and accessible. By treating infrastructure as code, teams reduce errors, improve consistency, and move faster with confidence.

Whether you are automating a single server or managing thousands across cloud environments, Ansible gives you the tools to do it efficiently and reliably.

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.

Do refer below for the link with a dedicated discount automatically applied at checkout;

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 11 Week 4

Ikoh Sylva — Sat, 17 Jan 2026 14:26:54 +0000

If you missed our previous session, you can always catch up here. This week, we took a deeper dive into AWS Fundamentals picking up where we left off. Let’s continue, shall we?

AWS Essentials Explained

Amazon Web Services (AWS) provides the building blocks that modern businesses use to design scalable, secure, and cost-effective cloud solutions. From running applications to storing data, monitoring systems, and controlling costs, AWS offers services that work together seamlessly to support workloads of all sizes.

Compute Service Overview

Compute services provide the processing power required to run applications and workloads in the cloud. AWS offers multiple compute models to suit different use cases.

1. Amazon EC2 (Elastic Compute Cloud)
EC2 provides resizable virtual servers in the cloud.

Use Case Example:
A startup launches EC2 instances to host its backend API and scales up during peak traffic hours using Auto Scaling.

2. AWS Lambda
A serverless compute service that runs code in response to events.

Use Case Example:
An e-commerce platform uses Lambda to process image uploads without managing servers.

3. Amazon ECS & EKS
Managed container orchestration services.

Use Case Example:
A fintech company deploys microservices using Docker containers orchestrated with Amazon EKS (Kubernetes).

4. AWS Elastic Beanstalk
A platform-as-a-service (PaaS) that handles deployment and scaling automatically.

Use Case Example:
Developers deploy a web application without worrying about infrastructure management.

AWS Storage Solutions

AWS storage services are designed for durability, scalability, and high availability.

1. Amazon S3 (Simple Storage Service)
Object storage for files, backups, and static content.

Example:
A media company stores images and videos in S3 and serves them globally using CloudFront.

2. Amazon EBS (Elastic Block Store)
Block storage for EC2 instances.

Example:
A database server uses EBS volumes for fast and reliable disk storage.

3. Amazon EFS (Elastic File System)
Managed file storage for shared access.

Example:
Multiple EC2 instances access the same shared filesystem for application logs.

4. Amazon Glacier
Low-cost archival storage.

Example:
Compliance data stored for long-term retention at minimal cost.

AWS Database Offerings

AWS provides managed databases for virtually every workload.

1. Amazon RDS
Managed relational databases (MySQL, PostgreSQL, SQL Server).

Example:
A transactional application uses Amazon RDS for reliable, automated backups.

2. Amazon Aurora
High-performance relational database compatible with MySQL and PostgreSQL.

Example:
An enterprise application migrates to Aurora for better performance and scalability.

3. DynamoDB
Serverless NoSQL key-value database.

Example:
A gaming application stores player session data in DynamoDB for low-latency access.

4. Amazon Redshift
Data warehousing and analytics.

Example:
Business intelligence teams analyze large datasets for reporting.

CloudWatch Monitoring Essentials

Amazon CloudWatch is AWS’s primary monitoring and observability service.
Key Capabilities

Collect metrics and logs
Set alarms
Visualize performance
Trigger automated actions

CloudWatch Metrics
Tracks CPU usage, memory, disk I/O, and network traffic.

Example:
Trigger an alert if CPU utilization exceeds 80%.

CloudWatch Logs
Centralized log storage for applications and services.

Example:
Developers troubleshoot errors using application logs stored in CloudWatch.

CloudWatch Alarms
Automate responses to issues.

Example:
Automatically scale EC2 instances when traffic increases.

AWS Cost Management Strategies

Managing AWS costs is as important as building scalable systems.

1. Pay-As-You-Go Pricing
Only pay for what you use.

2. Right-Sizing Resources
Reduce over-provisioned services.

Example:
Downsize EC2 instances with consistently low utilization.

3. Reserved Instances & Savings Plans
Lower costs for predictable workloads.

4. Use Auto Scaling
Scale resources dynamically based on demand.

5. Spot Instances
Use unused AWS capacity at steep discounts.

6. Monitor with Cost Explorer & Budgets
Track and forecast spending.

Example:
Set alerts when monthly spend exceeds a threshold.

7. Serverless Adoption
Reduce idle costs with AWS Lambda.

Why These AWS Essentials Matter
Understanding compute, storage, databases, monitoring, and cost control helps teams:

Build reliable cloud architectures
Scale efficiently
Reduce operational overhead
Maintain system visibility
Control cloud spending

These services form the foundation of most AWS-based solutions.

AWS provides a rich ecosystem that enables businesses to innovate rapidly while maintaining control over performance and cost. By mastering AWS compute models, storage options, database services, monitoring tools, and cost management strategies, cloud professionals can design systems that are both powerful and sustainable.

From my next article onward, we’ll be going fully hands-on with AWS, working through a range of beginner-friendly to intermediate projects designed to build real-world cloud skills.

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.

Do refer below for the link with a dedicated discount automatically applied at checkout;

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 11 Week 3

Ikoh Sylva — Sat, 17 Jan 2026 13:28:15 +0000

If you missed our previous session, you can catch up here.
This week, we continued with the AWS Fundamentals where we left off. All with the sole aim of strengthening the foundations. Let’s dive in, shall we?

Understanding AWS Core Services

Amazon Web Services (AWS) offers a vast ecosystem of cloud services that power everything from simple websites to complex, globally distributed enterprise systems. While the number of services can feel overwhelming to beginners, AWS is built around clear service categories, strong identity and access controls, and a robust networking foundation centered on the Virtual Private Cloud (VPC).

AWS Core Service Categories

AWS organizes its services into logical categories to make it easier for users to design, deploy, and manage cloud architectures.

1. Compute
Services that provide processing power:

Amazon EC2 (virtual servers)
AWS Lambda (serverless compute)
Amazon ECS/EKS (container orchestration)

Example:
A startup runs its backend API on EC2 while using Lambda for event-driven tasks like sending emails.

2. Storage
Durable and scalable data storage:

Amazon S3 (object storage)
Amazon EBS (block storage)
Amazon EFS (file storage)

Example:
A media company stores videos in S3 and attaches EBS volumes to EC2 for database storage.

3. Databases
Managed databases for different workloads:

Amazon RDS (relational)
DynamoDB (NoSQL)
Aurora (high-performance relational)

Example:
An e-commerce platform uses RDS for transactions and DynamoDB for session management.

4. Networking & Content Delivery
Connectivity and traffic management:

Amazon VPC
Elastic Load Balancer (ELB)
Amazon Route 53
Amazon CloudFront

5. Security, Identity & Compliance
Protecting resources and managing access:

AWS IAM
AWS KMS
AWS Shield
AWS WAF

6. Management & Governance
Monitoring, auditing, and automation:

Amazon CloudWatch
AWS CloudTrail
AWS Config

The Security Backbone of AWS

AWS Identity and Access Management (IAM) is the service that controls who can access AWS resources and what they are allowed to do.

IAM follows the principle of least privilege, meaning users should only have permissions necessary to perform their tasks nothing more.

Why IAM Is Critical
Without proper IAM controls:

Resources can be accidentally deleted
Security breaches become more likely
Compliance requirements may be violated

IAM ensures AWS environments remain secure, auditable, and well-governed.

IAM Components Explained

1. IAM Users
Represents a person or application that interacts with AWS.

Example:
A developer is given an IAM user with permissions to manage EC2 instances but not billing.

2. IAM Groups
Collections of users with shared permissions.

Example:
A “DevOps” group has permissions to deploy infrastructure, while a “ReadOnly” group can only view resources.

3. IAM Roles
Temporary permissions assumed by users or services.

Example:
An EC2 instance assumes a role that allows it to read from S3 without storing credentials.

4. IAM Policies

JSON documents defining permissions.

{
  "Effect": "Allow",
  "Action": "s3:GetObject",
  "Resource": "arn:aws:s3:::example-bucket/*"
}

This policy allows reading objects from a specific S3 bucket.

5. Multi-Factor Authentication (MFA)
Adds an extra layer of security using time-based codes.

IAM Components and How They Interact

IAM works through relationships:

Users belong to groups
Groups have policies attached
Roles are assumed temporarily
Policies define allowed or denied actions

Real-World Example:
A CI/CD pipeline uses an IAM role to deploy applications. The role has permissions only to update EC2 and ECS services nothing else.

This approach:

Improves security
Eliminates long-term credentials
Simplifies access control

AWS Networking Essentials

Networking in AWS defines how resources communicate with each other and with the internet. At the center of AWS networking is the Virtual Private Cloud (VPC).

What Is a VPC?
A Virtual Private Cloud (VPC) is a logically isolated virtual network in AWS where you launch resources.

Think of it as your own private data center in the cloud.

VPC Key Components Explained

1. CIDR Block
Defines the IP address range for the VPC.

Example:
10.0.0.0/16 gives up to 65,536 private IP addresses.

2. Subnets
Smaller IP ranges within a VPC.

Public subnets → internet-facing resources
Private subnets → internal resources

Example:
Web servers in public subnets, databases in private subnets.

3. Internet Gateway (IGW)
Allows communication between the VPC and the internet.

4. Route Tables
Control how traffic flows within the VPC.

Example:
Traffic destined for 0.0.0.0/0 is routed through the Internet Gateway.

5. NAT Gateway
Allows private subnet resources to access the internet without being exposed.

6. Security Groups
Stateful firewalls controlling inbound and outbound traffic at the instance level.

Example:
Allow HTTP (80) and HTTPS (443) traffic only.

7. Network ACLs (NACLs)
Stateless firewalls applied at the subnet level.

Real-World Architecture Example
A production web application:

VPC with two Availability Zones
Public subnets for load balancers
Private subnets for application servers
Isolated subnets for databases
IAM roles for secure service access

This design ensures security, scalability, and high availability.

Why These Concepts Matter

Mastering AWS service categories, IAM, and VPC networking allows you to:

Build secure cloud architectures
Control access with confidence
Design scalable and resilient systems
Prepare for real-world cloud engineering roles

These are foundational skills used daily by cloud engineers, DevOps professionals, and architects.

AWS is powerful not because of individual services, but because of how those services work together. Understanding core service categories, IAM security models, and networking fundamentals is essential to building reliable, secure, and scalable cloud solutions.

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.

Do refer below for the link with a dedicated discount automatically applied at checkout;

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 11 Week 2

Ikoh Sylva — Fri, 02 Jan 2026 15:17:25 +0000

If you missed our previous session, you can catch up here. This week, we went back to AWS Fundamentals with the sole aim of strengthening the foundations and also we secured a special discount for the DevOps & Cloud Job Placement / Mentorship Program. Let’s jump in, shall we?

Amazon Web Services (AWS) Explained

Cloud computing has become the backbone of modern digital transformation, and at the heart of this revolution stands Amazon Web Services (AWS). From startups to governments and Fortune 500 companies, AWS powers millions of workloads worldwide. But beyond the brand name lies a powerful ecosystem built on global infrastructure, flexible pricing models, and tools that allow engineers to interact with the cloud efficiently and securely.

What Is AWS?

Amazon Web Services (AWS) is a cloud computing platform launched by Amazon in 2006. It provides on-demand access to computing power, storage, databases, networking, analytics, security, and machine learning services without the need to own or manage physical hardware.

Instead of buying servers upfront, organizations rent resources as needed, paying only for what they use.

Simple Example

A startup wants to build a web application:

Traditionally: Buy servers, networking gear, data center space
With AWS: Launch virtual servers (EC2), store files (S3), and use databases (RDS) in minutes

AWS removes the barrier to entry and allows innovation at scale.

The Backbone of the Cloud

AWS is built on one of the largest and most reliable global infrastructures in the world, designed for high availability, fault tolerance, and low latency.

Key Components of AWS Global Infrastructure

1. Regions
An AWS Region is a physical geographic location (e.g., us-east-1, eu-west-1) that contains multiple isolated data centers.

Each region is independent
Data residency and compliance can be controlled
Customers choose regions based on latency, cost, and regulatory needs

Example:
A fintech company operating in Europe may deploy workloads in the Frankfurt (eu-central-1) region to meet data residency requirements.

2. Availability Zones (AZs)
Each region contains multiple Availability Zones, which are physically separate data centers connected by high-speed fiber networks.

Benefits:

Fault isolation
High availability
Disaster recovery

Example:
A web application deployed across three AZs can continue running even if one data center fails.

3. Edge Locations & AWS Global Accelerator

AWS Edge Locations power services like:

Amazon CloudFront (CDN)
AWS Shield
Route 53

They bring content closer to users, reducing latency.

Example:
A user in Nigeria accessing a website hosted in the US receives cached content from a nearby edge location, improving speed.

AWS Global Infrastructure Explained Simply

Think of AWS like a global city network:

Regions → Cities
Availability Zones → Neighborhoods
Edge Locations → Local delivery hubs

This design ensures:

High availability
Low latency
Resilience against outages
Scalability for global applications

How Users Work with the Cloud

AWS provides multiple ways for users to interact with its services, depending on their role and technical level.

1. AWS Management Console
A web-based graphical interface.

Beginner-friendly
Ideal for exploration and learning
Visual dashboards and monitoring

Example:
Creating an EC2 instance using a step-by-step wizard.

2. AWS Command Line Interface (CLI)
A terminal-based tool for automation and scripting.
aws s3 ls

Faster for experienced users
Essential for DevOps and CI/CD
Scriptable and repeatable

3. AWS SDKs
Libraries for interacting with AWS programmatically using languages like:

Python (Boto3)
JavaScript
Java
Go

Example:
A Python app uploading files to S3 using Boto3.

4. Infrastructure as Code (IaC)

Automate infrastructure using:

AWS CloudFormation
Terraform

Example:
Deploying an entire AWS environment (VPC, EC2, Load Balancer) using code.

AWS Cost Management Strategies (Critical for Every Organization)

AWS offers flexibility but without proper management, costs can grow unexpectedly. Effective cost management ensures maximum value at minimal expense.

1. Pay-As-You-Go Model

You pay only for:

Compute hours
Storage used
Data transferred

This eliminates large upfront investments.

2. Right-Sizing Resources
Many workloads are over-provisioned.

Strategy:

Monitor CPU and memory usage
Downgrade underutilized instances

Example:
Replacing a large EC2 instance running at 10% utilization with a smaller one.

3. Use Reserved Instances & Savings Plans
Commit to usage over time for discounts up to 72%.

Best for:

Databases
Production workloads
Long-running services.

4. Leverage Auto Scaling
Automatically scale resources up or down based on demand.

Example:
E-commerce traffic spikes during sales events Auto Scaling ensures performance without overpaying during off-peak hours.

5. Use Spot Instances
Purchase unused AWS capacity at significant discounts.

Ideal for:

Batch jobs
CI/CD pipelines
Data processing workloads

6. Monitor with AWS Cost Explorer

AWS Cost Explorer helps:

Visualize spending
Identify trends
Forecast future costs

7. Set Budgets & Alerts
AWS Budgets notify teams when spending exceeds thresholds.

Example:
Trigger an alert when monthly costs exceed $500.

8. Use Serverless Where Possible
Services like AWS Lambda eliminate server costs.

You pay only when code runs.

Real-World AWS Cost Optimization Example

A SaaS company:

Migrated workloads to AWS
Used Auto Scaling for EC2
Shifted background jobs to Spot Instances
Adopted serverless for APIs
Set budgets and alerts

Result:
Reduced cloud costs by over 40% without sacrificing performance.

Why AWS Matters Today

AWS enables organizations to:

Innovate faster
Scale globally
Improve reliability
Reduce operational overhead
Optimize costs dynamically

From startups to enterprises, AWS has become the foundation of modern digital infrastructure.

AWS is more than a cloud provider it is a global platform for innovation, built on resilient infrastructure, flexible pricing, and powerful tools. Understanding AWS’s global architecture, interaction methods, and cost management strategies empowers organizations to build scalable, secure, and cost-effective solutions.

I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.

Do refer below for the link with a dedicated discount automatically applied at checkout;

DevOps & Cloud Job Placement / Mentorship Program.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 11 Week 1

Ikoh Sylva — Fri, 26 Dec 2025 17:03:23 +0000

If you missed our previous session, you can catch up here. This week, we took a look at how Continuous Integration (CI), Change Management, and Shift-Left Security come together to form a modern, secure Software Development Lifecycle (SDLC). Let’s jump in, shall we?

Building Safer and Faster Software

Modern software delivery is no longer just about writing code it’s about how fast, how safely, and how reliably that code reaches users. As systems grow more complex and security threats increase, organizations must rethink how they integrate code, manage change, and secure applications from day one. This is where Continuous Integration (CI), Change Management, and Shift-Left Security come together to form a modern, secure Software Development Lifecycle (SDLC).

1. What Is Continuous Integration (CI)?

Continuous Integration is a DevOps practice where developers frequently merge code changes into a shared repository, triggering automated builds and tests.

Instead of waiting weeks or months to integrate code, CI ensures:

Code is validated early
Bugs are detected quickly
Integration issues are reduced
Teams move faster with confidence

Simple Example

A developer pushes code to GitHub.
Automatically:

Tests run
Code is built
Security checks are executed
Feedback is returned in minutes

If something breaks, the team knows immediately.

2. Popular Continuous Integration Platforms

Modern CI platforms automate the entire process of building, testing, and validating software.

1. GitHub Actions

Native CI/CD for GitHub repositories
YAML-based workflows
Tight GitHub integration

Example:

Running unit tests on every pull request.

2. GitLab CI/CD

Built-in CI/CD with GitLab
Strong security scanning features
End-to-end DevSecOps support

3. Jenkins

Open-source and highly customizable
Large plugin ecosystem
Widely used in enterprises

4. CircleCI

Cloud-native CI platform
Optimized for speed
Popular with startups and SaaS teams

5. Azure DevOps Pipelines

Deep integration with Microsoft ecosystems
Supports hybrid and cloud workloads

3. Why CI Is Critical in Modern Software Delivery

CI helps teams:

Detect bugs early
Maintain code quality
Prevent broken builds
Increase deployment frequency
Improve developer confidence

Without CI:
Issues accumulate and become expensive to fix.

With CI:
Problems are caught while changes are small and manageable.

4. Managing Change in DevOps Environments

Change is inevitable in software features evolve, bugs are fixed, and infrastructure scales. The challenge is managing change without breaking systems.

Traditional Change Management

Manual approvals
Long release cycles
Heavy documentation
Risk-averse processes

This model doesn’t scale in modern DevOps environments.

Modern Change Management (DevOps-Driven)

Modern teams manage change using:

Version control (Git)
Automated testing
Infrastructure as Code
CI/CD pipelines
Observability & monitoring

Example

A configuration change is made via Terraform:

Code reviewed via pull request
CI validates the change
Change is applied automatically
Rollback is easy if needed

Change becomes controlled, auditable, and safe.

5. Shift-Left Security: Securing Software Earlier

Shift-Left means moving security earlier in the SDLC instead of treating it as a final checkpoint.

Instead of:
“We’ll test security after development…”
We now say:
“Security starts when code is written.”

6. What Is a Secure SDLC?

A Secure Software Development Lifecycle (Secure SDLC) integrates security practices into every phase of development.

Key Phases with Security Built-In

1. Planning & Design

Threat modeling
Secure architecture reviews
Risk assessments

2. Development

Secure coding practices
Secrets management
Dependency scanning

Example:
Detecting vulnerable libraries before deployment.

3. CI/CD Pipelines

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
Secret scanning

4. Testing

Dynamic Application Security Testing (DAST)
API security testing
Penetration testing

5. Deployment & Monitoring

Runtime security
Logging and alerting
Vulnerability management

7. Tools That Enable Shift-Left Security

Snyk – Dependency scanning
SonarQube – Code quality & security
Trivy – Container & IaC scanning
OWASP ZAP – Dynamic security testing
Checkov – Terraform & IaC security
GitHub Advanced Security

These tools integrate directly into CI pipelines.

8. How CI, Change Management & Shift-Left Security Work Together

When combined:

CI validates code continuously
Change management ensures safe deployments
Shift-Left security prevents vulnerabilities early

Real-World Flow

Developer commits code
CI pipeline runs tests
Security scans execute
Changes are reviewed
Infrastructure is deployed safely
Monitoring ensures stability

This approach reduces risk, improves speed, and builds trust.

9. Why This Matters to Organizations

Companies adopting these practices:

Release faster
Reduce security incidents
Improve system stability
Lower operational risk
Build resilient software

This is why modern organizations prioritize DevSecOps over traditional models.

Continuous Integration, modern change management, and Shift-Left security are no longer optional they are foundational to building reliable, secure, and scalable software.

By integrating security early, automating change, and validating every commit, teams can move fast without compromising safety.

This is the future of software delivery and the standard for high-performing engineering teams.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 10 Week 4

Ikoh Sylva — Sat, 20 Dec 2025 09:00:28 +0000

If you missed our previous session, you can catch up here. This week, we took a deep dive into Docker exploring what it is, why it matters, and what makes it such a powerful tool in modern cloud engineering.

The Ultimate Deep Dive into Docker

Docker has transformed modern software development and deployment. It’s fast, lightweight, reproducible, and cloud-ready making it the backbone of DevOps, microservices, CI/CD, and cloud-native engineering.

But beyond the hype, what exactly makes Docker so powerful?
Why do developers depend on Docker images?
How does Docker networking allow apps to communicate like real machines?
And what’s happening “under the hood” when a container runs?

This article breaks down Docker from fundamentals to deeper inner workings in a simple, engaging, and deeply informative way.

1. What Is Docker? (The Simplest Explanation That Still Goes Deep)

Docker is an open-source platform for building, packaging, running, and shipping applications inside containers.

A container is a lightweight, isolated environment that behaves like a mini-computer but without the overhead of a full virtual machine.

Docker gives developers:

Consistency — “Runs on my machine” becomes reality
Speed — Containers launch in milliseconds
Portability — Run anywhere: Linux, Windows, macOS, cloud, on-prem
Isolation — Each app runs independently
Reproducibility — Build once, run everywhere
Cost savings — No need for multiple heavy VMs

Real Example
You package your Flask API + dependencies inside a Docker image.

That same image can run:

On your laptop
On your colleague’s machine
On AWS ECS
On Kubernetes
On Azure Container Apps
On DigitalOcean Droplets

And it behaves identically every time.

2. Docker Images (The Blueprint for Containers)

A Docker image is a read-only template used to create containers.

Think of it like:

A snapshot
A recipe
A blueprint
A packaged environment

Key characteristics of Docker images

Built in layers
Stored in a registry (Docker Hub, ECR, GCR, etc.)
Versioned via tags (e.g., python:3.10-slim)
Immutable
Lightweight

Dockerfile (How images are created)

Example:

FROM python:3.10-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "app.py"]

Each instruction above creates a layer, making builds faster and more cache-efficient.

3. Docker Containers (Running Instances of Images)

If a Docker image is the blueprint…
A container is the house built from the blueprint.

A running instance of an image.

When you run:

docker run nginx

Docker:

Pulls the image
Creates a container
Starts the NGINX web server
Exposes the page on port 80

Containers behave like lightweight virtual machines but they share the host OS kernel.

This is what makes them fast and efficient.

4. Docker Networking (How Containers Communicate)

Docker networking is one of its most powerful, misunderstood features.

It allows containers to communicate with:

Each other
The host machine
The internet

Docker provides three default networks:

1. Bridge Network (default & most common)
Used for communication between containers on the same host.

Example:

docker run --name webapp --network bridge nginx

Features:

Containers get private IP addresses
DNS-based service discovery
Great for multi-container apps

2. Host Network
The container uses the host machine’s network directly.

Example:

docker run --network host nginx

Use cases:

High-performance networking
Apps that need full access to host ports
Low-latency workloads

3. None Network
Container gets no network access.

Example:

docker run --network none nginx

Used for:

Security-sensitive workloads
Offline processing
Testing isolation

Custom Networks (Professional Usage)

You can create your own networks:

docker network create mynetwork

Run containers on it:

docker run --network mynetwork --name api flask-api
docker run --network mynetwork --name db mysql
This allows:

DNS auto-discovery
Scoped communication
Microservices separation

Example:
api can connect to db simply using hostname db.

5. Docker Compose (Multi-Container Management)

When your application includes:

Database
Backend
Frontend
Cache
Message queue

Docker Compose simplifies everything using a single docker-compose.yml file.

Example:

services:
  web:
    image: nginx
    ports:
      - "80:80"

  redis:
    image: redis

Run everything with:

docker compose up

6. Deep Dive (How Docker Works Under the Hood)

Docker is powerful because of its architecture, which includes:

A. Docker Daemon (dockerd)

Background process
Builds and runs containers
Manages images, storage, and networks

B. Docker CLI
Commands you run like:

docker run
docker build
docker ps
docker logs

The CLI talks to the daemon via REST API.

C. Docker Engine
The full system that includes:

Docker CLI
REST API
Docker Daemon
containerd runtime
runc low-level runtime

D. Namespaces & Cgroups (Isolation Engine)
Docker uses Linux kernel features to isolate processes:

1. Namespaces
Provide isolation for:

PIDs (processes)
Network
Mount points
Users
Hostnames

Each container sees its own isolated world.

2. cgroups
Controls:

Memory limits
CPU limits
Disk I/O limits

This ensures containers don’t overwhelm the host.

7. Real-World Use Cases of Docker

1. Microservices
Each service runs independently in its own container.

Example:

Authentication service
Payment service
Notification service
Analytics service

2. CI/CD Pipelines
Automated builds use Docker images to guarantee consistency.

Example:
GitHub Actions → Build → Test → Deploy → Kubernetes

3. Local Development
Developers avoid dependency conflicts by using containers.

4. Cloud Deployments
Docker is the foundation for:

Kubernetes
AWS ECS
Azure Container Apps
Google Cloud Run
DigitalOcean App Platform

Why Docker Truly Matters

Docker isn’t just a tool it’s a revolution in software engineering.

It provides:

Consistency
Isolation
Portability
Speed
Scalability

It has reshaped how applications are built and deployed powering everything from simple web apps to massive multi-cloud microservice systems.

Understanding Docker equips engineers with one of the most essential skills in today’s DevOps and cloud world.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 10 Week 3

Ikoh Sylva — Sat, 13 Dec 2025 20:46:54 +0000

If you missed our previous session, you can catch up here. This week, we took a deep dive into Terraform exploring what it is, why it matters, and what makes it such a powerful tool in modern cloud engineering.

Container Technology & Kubernetes Explained

In the last decade, container technology has completely transformed how software is built, packaged, shipped, and deployed. From small startups to global enterprises, containers and especially Kubernetes have become the backbone of modern cloud infrastructure. But how did we get here? Why are containers such a big deal? And how does Kubernetes orchestrate them like a world-class conductor of a digital orchestra?
Let’s break it down in a simple, well-structured, and captivating way.

1. What Are Containers? (And Why the Tech World Loves Them)

A container is a lightweight, self-contained package that includes everything an application needs to run:

The app code
Dependencies
Runtime environment
System libraries

Think of a container like a sealed food pack you can heat anywhere.

Whether you're in Lagos or London, the food tastes exactly the same.

Real example

If your Python app requires Python 3.10, Flask, and specific system libraries, a container ensures it runs exactly the same way:

On your laptop
On your team’s machines
In production
In the cloud

Gone are the days of “Works on my machine.”

2. Container Technologies (The Ecosystem That Makes It All Work)

Container technologies include several categories:

a) Container Engine / Runtime

This is the low-level component that actually runs the container.

Examples:

containerd (used by Docker and Kubernetes)
CRI-O (lightweight runtime used in many Kubernetes environments)
runc (executes containers according to OCI specs)

b) Container Client Tools

These are the tools developers interact with.

Examples:

Docker CLI → docker build, docker run
Podman → A daemonless alternative to Docker
Buildah → For building images
Skopeo → For managing container images in registries

c) Container Registries

A place to store and share container images.

Examples:

Docker Hub
GitHub Container Registry
AWS ECR
GCP Container Registry
Azure Container Registry

These registries function like “app stores,” but for infrastructure.

3. Container Runtimes (The Engine Under the Hood)

A container runtime manages:

Creating containers
Executing containers
Managing container lifecycle
Enforcing security isolation

One important detail:

Kubernetes no longer manages Docker directly.

It now uses the Container Runtime Interface (CRI) to communicate with:

containerd
CRI-O
Others that implement CRI

This makes Kubernetes more modular, faster, and cloud-agnostic.

4. Container Orchestration (Why We Need Something Bigger Than Docker)

Running one container is easy.

Running hundreds or thousands across multiple servers is not.

That’s where container orchestration comes in.

Orchestration tools handle:

Automated deployment
Scaling containers up/down
Rollouts and rollbacks
Load balancing
Self-healing containers
Monitoring container health

Leading container orchestration platforms:

Kubernetes (industry standard)
Docker Swarm
Nomad by HashiCorp

But Kubernetes reigns supreme.

5. Kubernetes (K8s): The Operating System of the Cloud

Kubernetes is the most popular orchestration system.

It treats containers like tiny workers and coordinates them intelligently.

It ensures apps always run smoothly, reliably, and scalably even under heavy traffic.

Why companies love Kubernetes

Highly scalable
Works in any cloud (AWS, GCP, Azure, DigitalOcean)
Self-healing
Automated deployments
High availability
Huge community & ecosystem

From Netflix to Spotify to banks and telecom providers Kubernetes powers mission-critical systems globally.

6. Kubernetes Cluster Components (How Kubernetes Actually Works)

A Kubernetes cluster is made up of two key groups of components:

A. Control Plane Components

This is the “brain” of Kubernetes that makes decisions.

1. API Server

Acts as the gateway for all Kubernetes operations
Every command (CLI, UI, automation) interacts with this server
Example: kubectl apply -f app.yaml first hits the API server

2. etcd

Key-value store that holds cluster state
Think of it as the “memory” of Kubernetes
Highly available and distributed

3. Scheduler

Assigns containers (pods) to appropriate worker nodes
Decides placements based on:
CPU
RAM
Node capacity
Affinity rules

4. Controller Manager

Controls long-running processes such as:

Node controller
Replication controller
Endpoint controller
Service account tokens

B. Worker Node Components

This is where containers actually run.
Each worker node includes:

1. Kubelet

Agent that runs on every worker node
Ensures containers are running as instructed
Talks directly to the container runtime

2. Kube-Proxy

Handles networking across nodes
Ensures routing between services and pods

3. Container Runtime

Actually launches containers (e.g., containerd)

7. How It All Works Together Example Workflow

Let’s say you deploy a containerized Flask app using Kubernetes:

You write a YAML file (deployment.yaml).
You run:

kubectl apply -f deployment.yaml

It goes to API Server.
Scheduler picks the best worker node.
Kubelet tells container runtime to start the container.
Kube-Proxy ensures networking & load balancing.
Controllers ensure the app maintains the desired replicas.
If a pod fails → Kubernetes automatically restarts it.

This automation + intelligence is the reason Kubernetes is the backbone of cloud-native computing.

8. Why Containers + Kubernetes Matter Today

They help organizations:

Deploy faster
Reduce costs
Improve reliability
Scale effortlessly
Standardize development
Simplify multi-cloud strategies

Industries using containers + Kubernetes include:

FinTech
E-commerce
Banking
Telecom
Energy
Government
Healthcare

For anyone pursuing cloud engineering, DevOps, or platform engineering, understanding this ecosystem is essential.

Containers changed how we package applications.
Kubernetes changed how we run them at scale.

Together, they form the foundation of modern cloud infrastructure powering the apps we use every day.

This article gives a solid, deep, yet beginner-friendly guide to understanding containers, container runtimes, orchestration, and Kubernetes components. Mastering this knowledge opens the door to advanced cloud engineering roles and DevOps practices.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my content helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X

AltSchool Of Engineering Tinyuka’24 Month 10 Week 2

Ikoh Sylva — Sun, 07 Dec 2025 20:17:23 +0000

If you missed out on our previous session you can catch-up here. This week, we took a dive into Terraform and what makes it special.

A Comprehensive Deep Dive Into Terraform

In today’s cloud-driven world, engineers are moving away from manual provisioning and embracing automation at every layer of infrastructure. At the center of this revolution stands Terraform, one of the most powerful Infrastructure-as-Code (IaC) tools ever created. Terraform enables engineers to design, build, and manage infrastructure using code ensuring environments are consistent, repeatable, scalable, and automated.

This article provides a complete, beginner-friendly yet deep dive into Terraform:

What Terraform is
How the CLI works
Understanding Terraform State
Terraform’s core concepts and language
Real examples
A deeper dive into its architecture and workflow

If you want to step into DevOps, Cloud Engineering, or SRE Terraform is a skill you should master.

1. What Exactly Is Terraform?

Terraform is an open-source IaC tool created by HashiCorp. It lets you define your entire infrastructure using a simple, declarative language called HCL (HashiCorp Configuration Language).

Instead of clicking buttons on AWS, Azure, or GCP dashboards, you write code that describes the infrastructure, then Terraform creates it for you.

Example

Instead of manually creating an AWS EC2 instance through the console, you can write:

resource "aws_instance" "web" {
  ami           = "ami-12345"
  instance_type = "t2.micro"
}

Then run:

terraform apply

Terraform reads the code → talks to AWS → creates the server.

Key Benefits

✔️ Infrastructure consistency
✔️ Faster deployments
✔️ Version-controlled infrastructure
✔️ Automated changes
✔️ Works across multiple clouds
✔️ Predictable workflows

Terraform doesn’t just build infrastructure it models complex architectures in a clean, human-readable way.

2. Terraform CLI (Command-Line Interface)

The Terraform CLI is how engineers interact with Terraform. It’s simple, consistent, and predictable.

Here are the most essential commands:

terraform init

Initializes your project, downloads providers, sets up plugins.

Think of it as: “Preparing the environment.”

terraform plan

Shows what Terraform wants to create, modify, or destroy.

Think of this as a preview or dry run.

terraform apply

Actually builds the infrastructure.

Once you confirm, Terraform makes everything real.

terraform destroy

Tears everything down.

Useful when testing, learning, or cleaning up environments.

terraform fmt

Formats your Terraform code automatically.

terraform validate

Checks your configuration for errors.

These commands form the backbone of Terraform usage every engineer uses them daily.

3. Terraform State (One of the Most Important Concepts)

Terraform manages infrastructure using a state file (terraform.tfstate).

This file is the single source of truth about what Terraform has created.

Why Is State Important?

Terraform compares:

What you want (your code)
What exists (state file)

Then it decides what changes to make.

Example

If your code says:
"Create 1 server,"

and your state file already has that server,
Terraform will do nothing.

If your code says:
"Create 3 servers,"

Terraform checks the state and adds 2 more.
Types of State Storage

Local State – default, saved on your machine
Remote State – stored in S3, GCS, Azure Blob, Terraform Cloud
(recommended for teams)

Real-World Example

In an AWS project, storing state in S3 ensures:

Multiple engineers can collaborate
The state is backed up
Changes are tracked securely
You avoid conflicting infrastructure changes

State files are the backbone of Terraform automation. Without state, Terraform wouldn’t know what to update.

4. Terraform Language & Core Terms

Terraform uses HCL, a clean, easy-to-read declarative language.

Below are the most important building blocks.

4.1 Providers

Providers allow Terraform to talk to cloud platforms.

Examples:

aws
google
azure
digitalocean
docker

A provider acts like a plugin that knows how to create resources in that platform.

provider "aws" {
  region = "us-east-1"
}

4.2 Resources

Resources are the actual things Terraform creates:

servers
buckets
networks
containers
firewalls

Example:

resource "aws_s3_bucket" "logs" {
  bucket = "my-log-bucket"
}

4.3 Variables

Variables make your Terraform reusable.

variable "region" {
  default = "us-east-1"
}

4.4 Outputs

Outputs display results after deployment.

output "public_ip" {
  value = aws_instance.web.public_ip
}

4.5 Modules

Modules are reusable Terraform packages.

Example: A module that sets up:

VPC
Subnets
Routing
Security groups

Modules allow you to reuse architecture patterns across projects essential for scaling infrastructure.

5. Deep Dive Into Terraform (How Terraform Actually Works)

Terraform runs in a four-step lifecycle every time you apply changes:

5.1 Initialization

Terraform downloads providers and ensures your workspace is ready.

5.2 Dependency Graph

Terraform automatically builds a graph of resources.

Example:

If you create:

VPC
Subnets
EC2 inside subnet

Terraform knows:

Create VPC
Then subnets
Then EC2 instance

It figures out the order, you don’t tell it.

5.3 Execution Plan

Terraform compares:

your desired infrastructure (your code)
your current infrastructure (state file)

Then shows what it will change.

5.4 Apply

Terraform then:

creates new resources
modifies existing ones
deletes unused ones

All changes are recorded in the state file.

Real-World Example: Terraform in a Company

For instance, if a company wants to deploy:

3 AWS EC2 instances
1 RDS database
1 load balancer
1 S3 bucket

In the old days, this could take hours manually.

With Terraform:

Write the configuration once
Commit it to Git
Run terraform apply

In seconds, everything is deployed.

If the team wants to scale EC2 from 3 → 6:

Change a number in code
Apply again

Terraform automatically adds 3 more servers without breaking anything.

This is why big companies like Uber, Spotify, Coinbase, Airbnb, and Stripe use Terraform heavily.

Terraform revolutionizes how infrastructure is managed. It shifts teams from manual, error-prone tasks to automated, repeatable, scalable workflows.

Learning Terraform opens doors to roles in DevOps, SRE, Platform Engineering, Cloud Architecture, and Automation.

Understanding the CLI, state, providers, resources, modules, and deeper Terraform processes gives every beginner the power to build production-grade infrastructure with confidence.

Terraform is truly the language of modern cloud engineering.

I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.

If you find my content helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.

Let’s connect on social media. I’d love to engage and exchange ideas with you!

LinkedIn Facebook X