Session 016 — ECS: Capacity Providers and Application Auto Scaling
Capacity Providers for Fargate and Fargate Spot with weights, Application Auto Scaling with custom metrics, backlog per task for SQS, and Spot cost savings calculation.
Session 015 — ECS Fargate: networking, security groups and IAM Roles for Tasks
Fargate awsvpc model with ENI per task, granular security groups, Task Role vs Execution Role, VPC endpoints for private subnets, and ECS Exec for debugging.
Session 014 — ECS: Services, service discovery and ALB Target Group integration
ECS Service with ALB Target Group, health checks with grace period, AWS Cloud Map for service-to-service discovery, and when to use each approach.
Session 013 — ECS: Task Definitions — containers, volumes, logging and resource limits
Complete task definition with multiple containers (sidecar pattern), awslogs driver for CloudWatch, EFS volumes, and CPU/memory limits per task vs per container.
Session 012 — CDK: Context, feature flags and production-grade cdk.json
Cached context lookups in cdk.context.json, feature flags to control migration behaviors, and cdk.json structure for teams with reproducible CI.
Session 011 — CDK: CustomResources and Aspects
CustomResource with Provider and AwsCustomResource to provision resources not natively supported, and Aspects to traverse and validate all constructs in a stack automatically.
Session 010 — CDK Pipelines: Custom Stages, ShellSteps and self-mutation in action
Sequential and parallel stages with Wave, validation ShellSteps between stages, envFromCfnOutputs, self-mutation in action, and debugging asset publishing failures.
Session 009 — CDK Pipelines: cross-account bootstrap, OIDC connection and pipeline structure
Cross-account bootstrap with --trust, CodeStar Connections with GitHub via OIDC, CDK Pipeline with Source + Build + UpdatePipeline, and self-mutation.
Session 008 — CDK: Testing with assertions — fine-grained and snapshot tests
Infrastructure unit tests with aws-cdk-lib/assertions, hasResourceProperties, matchers, Capture, snapshot tests and combined testing strategy.
Session 007 — CDK: Assets — Lambda bundling, Docker images and local files
Lambda deploy with bundled dependencies via NodejsFunction and PythonFunction, DockerImageFunction, and how assets are staged to S3/ECR by CDK.
Session 006 — CDK: Stacks, environments and multi-account patterns
Multiple stacks with distinct environments, Stage for multi-account, cross-stack references, and when to use stack per account vs nested stacks.
Session 005 — CDK: Constructs L1, L2, L3 — what they are and how to choose
Distinction between L1 (CfnBucket), L2 (Bucket) and L3 (patterns) constructs, escape hatches, Construct Hub, and when each level is appropriate.
Session 004 — CDK v2: setup, bootstrap and project structure
CDK v2 project initialization in TypeScript/Python, cdk bootstrap, construct structure, and cdk synth, cdk diff and cdk deploy commands.
Session 003 — CloudFormation: changesets, drift detection and stack policies
Changesets to review changes before applying, drift detection to find divergences, and stack policies to protect critical resources from accidental replacement.
Session 002 — CloudFormation: stacks, templates, parameters, outputs, Ref/GetAtt
Complete YAML template with typed Parameters, Resources with Ref and Fn::GetAtt, Outputs exported across stacks, and deploy via aws cloudformation deploy with changesets.
Session 001 — Advanced AWS CLI: SSO, profiles, assume-role and pagination
SSO profile configuration with IAM Identity Center, assume-role for cross-account context switching, pagination with --page-size and --max-items, and filtering with --query and JMESPath.
Amazon ECS Managed Daemons: independent agent control in your cluster
Deep dive into Amazon ECS Managed Daemons, a new feature that lets you manage monitoring, logging and security agents independently from applications on ECS Managed Instances.
SQS Admin Panel: a serverless panel to manage SQS queues
Meet SQS Admin Panel, a 100% serverless web panel to manage Amazon SQS queues with dashboard, DLQ redrive, export/import and one-command deploy.
Arch CLI: the Swiss Army Knife for Architecture, SRE and DevOps Teams on AWS
Deep dive into Arch CLI, an open source tool that centralizes AWS account management with security auditing, FinOps, containers, monitoring and AI-powered analysis.
AWS IAM Policy Autopilot: creating IAM policies straight from Kiro
Deep dive into AWS IAM Policy Autopilot, an open source tool that now works as a Kiro Power to automatically generate IAM policies from your code.
Using Sub Agents with Kiro CLI
Deep dive into sub agents in Kiro CLI: how they work, when to use them, orchestration patterns and practical examples to speed up your workflow.
The biggest lesson from AWS re:Invent 2025
A reflection on the purpose of technology and the Renaissance Developer concept presented by Werner Vogels at AWS re:Invent 2025.
Exploring Amazon GuardDuty ETD in Practice
Understand GuardDuty Extended Threat Detection (ETD), see examples of AttackSequence findings, and implement automated responses with EventBridge + Lambda.
Mastering DevSecOps in AWS: Policies-as-Code, SAST and Integrated Observability
Complete guide on DevSecOps in AWS: Policies-as-Code with CloudFormation Guard and OPA, SAST with Amazon Inspector Code, and observability with CloudWatch and X-Ray.
Amazon Inspector Code Security: Shift Left and Native SAST on AWS
Learn how the new Amazon Inspector code analysis feature lets you detect vulnerabilities directly in your repository, using SAST techniques integrated into AWS DevSecOps.
How to mitigate attacks on code agents in AWS
Strategies to prevent, detect and respond to attacks like Rules File Backdoor affecting Copilot/Cursor
How to Mitigate Ransomware Attacks on AWS
Comprehensive strategies to prevent, detect, and respond to ransomware attacks in AWS environments
Strategies to Mitigate Exfiltration Attacks on Amazon S3
Complete guide to protecting S3 data against exfiltration attacks using only AWS services
Amazon Inspector: Basic Concepts
Complete guide on Amazon Inspector: configuration, findings management, and best practices
AWS IAM Identity Center: From Basics to Advanced
Complete guide on AWS IAM Identity Center (SSO): configuration, IdP integration, and best practices
Getting to Know Prowler Open Source
Complete guide on Prowler: an open source tool for security auditing and compliance in AWS
Key Security Points for Provisioning an Application on Amazon ECS and Amazon EKS
Complete container security guide: comparison between ECS and EKS with best practices
Open Source Software to Strengthen Security on AWS
Complete guide to open source tools for reinforcing security in AWS environments: IDS/IPS, containers, SIEM and more
Amazon GuardDuty DeepDive: Advanced Threat Detection on AWS
Complete guide on Amazon GuardDuty: advanced features, multi-account integration, and response automation
Amazon ECS Details
Advanced guide on Amazon ECS: clusters, task definitions, security, observability, and high availability
AWS - Support Repository
Collaborative repository with practical examples and configurations for AWS
Top Security Announcements at AWS re:Invent 2024
Summary of the top security announcements at AWS re:Invent 2024