Skip to main content
thanhpham.site

Pham Van Thanh

Cloud Solutions Architect&SRE

Cloud Solutions Architect specialising in AWS and hybrid cloud environments — designing secure, scalable architectures that span on-premise and cloud workloads. Expert in CI/CD pipelines, Infrastructure as Code, and container orchestration with a track record of executing zero-downtime production migrations. Adept at optimizing cloud economics and driving infrastructure cost efficiency through right-sizing, reserved capacity strategies, and automated scaling.

View CVContact me
Pham Van Thanh
Pham Van ThanhOn site
AWS Certified Solutions Architect – Associate

AWS Solutions Architect

Verified
Associate · Issued by AWS
Credential ID · AWS-SAA-C03Verify on Credly
LocationHo Chi Minh, VN
CompanyLionGarden Inc.
Experience4+ years
LanguagesVI · EN
Honours

Achievements & Certifications

Industry-recognized cloud expertise and academic distinctions earned along the way.

Certifications

Cloud Certifications

Verified industry credentials. More on the way.

Verify on Credly
In Prep
On the Roadmap

More AWS certifications in progress

SysOps · Developer · SA Pro

Targeting AWS SysOps Administrator and Developer Associate next, then moving toward Solutions Architect Professional.

Planned 2025
In Preparation
2021 — 2023

Academic Distinctions

Recognition earned during my undergraduate years.

Toolbox

Technical Skills

The full technical stack — cloud platform, containers, IaC, CI/CD, observability and the system layer underneath.

Cloud Platform

Cloud — AWS

Hands-on AWS practitioner across compute, networking, data and security — architecting hybrid cloud and driving cost optimisation as primary day-job.

Featured · Cloud Platform
Compute
  • EC2EC2
  • LambdaLambda
  • ECSECS
  • EKSEKS
  • FargateFargate
  • BeanstalkBeanstalk
Storage
  • S3S3
  • EBSEBS
  • EFSEFS
  • FSxFSx
  • Storage GatewayStorage Gateway
  • BackupBackup
Database
  • RDSRDS
  • AuroraAurora
  • DynamoDBDynamoDB
  • ElastiCacheElastiCache
  • DocumentDBDocumentDB
  • NeptuneNeptune
Networking & CDN
  • VPCVPC
  • Route 53Route 53
  • CloudFrontCloudFront
  • ELBELB
  • API GatewayAPI Gateway
  • Direct ConnectDirect Connect
  • Global AcceleratorGlobal Accelerator
Machine Learning & AI
  • SageMakerSageMaker
  • RekognitionRekognition
  • ComprehendComprehend
  • PollyPolly
  • TranslateTranslate
  • LexLex
Analytics
  • AthenaAthena
  • RedshiftRedshift
  • EMREMR
  • KinesisKinesis
  • GlueGlue
  • QuickSightQuickSight
Security & Identity
  • IAMIAM
  • KMSKMS
  • Secrets ManagerSecrets Manager
  • ShieldShield
  • WAFWAF
  • GuardDutyGuardDuty
  • CognitoCognito
Management & Governance
  • CloudWatchCloudWatch
  • CloudFormationCloudFormation
  • CloudTrailCloudTrail
  • ConfigConfig
  • Systems ManagerSystems Manager
  • OrganizationsOrganizations
  • Trusted AdvisorTrusted Advisor
Application Integration
  • SQSSQS
  • SNSSNS
  • EventBridgeEventBridge
  • Step FunctionsStep Functions
  • MQMQ
Toolchain

DevOps Toolchain

The day-to-day stack — containers, IaC, pipelines, observability and the system layer underneath.

  • Containers & Orchestration
    • KubernetesKubernetes
    • DockerDocker
  • Infrastructure as Code
    • TerraformTerraform
    • AnsibleAnsible
    • AWS CDKAWS CDK
    • CloudFormationCloudFormation
  • CI/CD
    • GitHub ActionsGitHub Actions
    • JenkinsJenkins
    • GitLab CIGitLab CI
  • Monitoring & Logging
    • PrometheusPrometheus
    • GrafanaGrafana
    • ElasticsearchElasticsearch
    • LogstashLogstash
    • KibanaKibana
    • CloudWatchCloudWatch
    • FirehoseFirehose
    • AthenaAthena
    • GlueGlue
  • System & Communication
    • LinuxLinux
    • BashBash
    • Shell scripting
    • English
Career · 2022 → Present

Experience

From mobile engineer to cloud solutions architect — the path across mobile, fullstack, backend and AWS infrastructure.

  1. Cloud Solutions Architect & SRE

    Current

    LionGarden Inc.

    Nov 2023 — PresentHo Chi Minh City, Vietnam · Hybrid

    Spearheading the company's cloud strategy and site reliability, taking end-to-end ownership of AWS infrastructure, deployment lifecycles, and system observability.

    • Solution Architecture: Design and implement highly available, secure, and cost-optimized cloud-native architectures on AWS to support mission-critical applications.
    • Infrastructure as Code (IaC): Provision and manage hybrid cloud infrastructure end-to-end using Terraform, ensuring scalable, reproducible, and compliant environments.
    • CI/CD & Automation: Architect and maintain robust CI/CD pipelines, automating deployment workflows to accelerate delivery and reduce manual overhead.
    • Site Reliability & Observability: Establish comprehensive monitoring, logging, and incident response practices to guarantee system health, performance, and uptime.
    AWSTerraformKubernetesDockerCI/CDObservability

  2. Fullstack & Mobile Application Developer

    Past

    Softworld VietNam Ltd

    Dec 2022 — Jun 2023Ho Chi Minh City, Vietnam · Hybrid

    Built a strong foundation in backend architecture, system integrations, and early cloud service deployments.

    • Developed full-stack applications utilizing React Native and Django REST Framework.
    • Architected and maintained RESTful APIs, ensuring secure and efficient client-server communication for production environments.
    React NativeDjango RESTPythonJavaScript

  3. React Native Developer

    Past

    Online Music Education JSC

    Apr 2022 — Jul 2022Ho Chi Minh City, Vietnam · Hybrid

    Gained foundational insights into client-server data flow, API consumption, and application performance optimization.

    • Engineered cross-platform applications, focusing on efficient state management and robust backend integrations for an interactive platform.
    React NativeMobile DevelopmentJavaScript

Start of career

Selected Work

Things I Worked On

A curated selection of cloud-native architectures, reliability engineering initiatives, and scalable infrastructure solutions.

Hybrid Private-Cloud Enterprise Platform

Infrastructure Architect, SRE & Observability Lead

Private-cloud AWS platform for a regulated enterprise customer with on-premise core data. ECS Fargate workloads run in a no-public-ingress VPC, bridged via Site-to-Site VPN to on-prem systems; operators reach the platform only through a Client VPN endpoint. A purpose-built serverless observability stack gives years-deep visibility across every workload.

Key Responsibilities
  • Architected a fully private VPC with zero public ingress: ECS Fargate behind internal ALBs, Client VPN for end-user access, Site-to-Site VPN to on-premise systems, and Private CA + ACM for internal service certs.
  • Operated CodeDeploy blue/green rollouts gated by ALB health alarms across three isolated environments, with ECS auto-scaling and ElastiCache Serverless (Valkey) for hot session state.
  • Built a cross-account, contract-driven observability stack: Kinesis Firehose → Lambda → S3 Parquet cold log lake (Athena, lifecycle to Glacier Deep Archive), enriched Slack Block Kit alerts with log context + deep links, and a DynamoDB alarm-history store powering the operator SPA.
  • Impact: A fully internal, resilient platform with no public-internet exposure — paired with a near-realtime alarm pipeline running at a fraction of typical observability cost (serverless ingest + tiered S3 storage), surfacing real errors to operators within seconds of occurrence.
Tech Stack
Site-to-Site VPNClient VPNPrivate CA / ACMOn-premise Hybrid NetworkingTerraformAWS ECS FargateKinesis Firehose + Athena

AI Document Capture Platform

Cloud Infrastructure Architect

Microservices platform that extracts structured data from document images via an event-driven AI pipeline. ECS Fargate API behind a blue/green ALB paired with a serverless S3 → Lambda → SQS → Lambda chain, with API Gateway WebSocket for realtime client updates.

Key Responsibilities
  • Architected a hybrid microservices topology mixing ECS Fargate (API + WebSocket) with an event-driven Lambda pipeline (S3 → SQS → LLM-based OCR → relational DB).
  • Engineered for graceful failure: SQS-decoupled Lambda stages with retry isolation, ECS auto-scaling, and CodeDeploy blue/green releases.
  • Operated full-stack observability: CloudWatch alarms on ECS, ALB and log-error patterns → SNS → AWS Chatbot, routing incidents to dedicated Slack notice / alert channels.
  • Impact: Zero-downtime deployments across three reproducible environments — currently rolling out to the first enterprise customer with minutes-to-spin-up new environments.
Tech Stack
TerraformAWS ECS FargateAWS LambdaSQSDynamoDBAPI Gateway WebSocketCognitoCodeDeployCloudFrontALBCloudWatchAWS ChatbotSecrets ManagerGitHub Actions