To enhance your experience and ensure the functionality of our website, we use certain technologies that require your consent. Please review the following and choose your preferred level of consent: Privacy Policy, Terms of Services, Disclaimer and License. This website optionally uses IP anonymized Google Analytics and may display Google AdSense ads to support the site's operation. We retain Log Data for 30 days.

I consent to all data gathering activities, Privacy Policy, Terms of Services, Disclaimer, and License.

I consent to only required data gathering activities, Privacy Policy, Terms of Services, Disclaimer, and License.

Public Cloud Solution Architect

Practical IaC Deployment

As part of Public Cloud Solution Architect training technically adept learners can expand their Cloud Resource Management and Deployment Skills and Experience by practicing deploying infrastructure and application to AWS Cloud by using Infrastructure as Code (IaC) principle. Default technologies suggested for this excercise are AWS Academy Sandbox (or AWS Learner Labs) and CloudFormation IaC Template technology. If learners have familiarity and access to Azure, Google Cloud or Oracle Cloud Infrastructure then from point of view of the learning objectives of this course it does not matter which IaC Technology (CloudFormation, ARM, Bicep, Terraform, ASD, CDK 2.0, Pulumi) and which Cloud Service Provider (AWS, Azure, Google, OCI) is used for the excercise.

Learners are expected to work through ten Project Prep Tasks, which incrementally build IaC templating that can be used to deploy Cloud Resources. End point of each Project Prep Task acts as a starting point for the next Project Prep Task. This way learner will have 8 working Iac template versions, which are on proof of concept level and the requirement for basic grade (1). Learners can keep working on created IaC templating to complete Basic Infrastructure-as-Code Deployment for average grade (3) or Full Infrastructure-as-Code Deployment for higher graders (4-5). There are 2 Project Prep Tasks that are more documentative than IaC related.

All Practical IaC Deployment tasks and the project are to be submitted via Git repository.

Project Prep Tasks

1) Task 1: Networking

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to create IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
  • Decide on Cloud Service Provider (AWS, Azure, GCP, OCI) to use (default AWS Academy Lab Sandbox).
  • Create CloudFormation, ARM, Bicep or Terraform IaC template (default to CloudFormation).
  • Tag all created Cloud Resources (Course, Implementation, Task, Student, Deployment Type)
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • Decide resource naming convention
  • Decide IP segmentation
    • Virtual Network
    • Public Subnet AZ1
    • Public Subnet AZ2
    • Private Subnet AZ1
    • Private Subnet AZ2

2) Task 2: Firewall

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • Public Subnet firewall: allow 22, 80, 443 from the Internet
  • Private Subnet firewall: allow 22, 80, 443 from Public Subnet

3) Task 3: VM

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • Create Key Pair
  • Create Linux VM
  • Launch Linux VM to Public Subnet (requires Public IP Address)
  • Tag Created Resources (Course, Implementation, Task, Student, Deployment Type)
  • SSH to VM
  • Read VM metadata with curl on VM and inlude screenshot to task README.txt

4) Task 4: Object Storage

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • Create and configure Public Object Storage container
  • Create and configure Protected Object Storage container
  • Upload test files to Public container by using CLI
  • Upload test files to Protected container by using CLI
  • Include screenshots about Public and Protected containers with test files to task README.txt

5) Task 5: IAM

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • Create credential management managed service secret like dummy username + password
  • Create IAM/RBAC Permissions that allow to read secret
  • Attach Permissions to VM (through Role in AWS)
  • SSH to VM
  • Test Permissions by reading secret from cloud management CLI on VM and inlude screenshot to task README.txt

6) Task 6: Custom VM Image

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• README.md contains instructions how to setup VM that is used to create VM Image.
• Task goals:
  • Find some application that can be tested with http protocol (80, no TLS).
  • Some possible apps: Apache, Nginx, Lighttpd
  • Prepare CLI commands to install application on VM
  • Test public Internet access to prepared VM and include screenshot about passing test to task README.txt
  • Create VM Image when setup is verified to work.
  • Create VM from VM Image
  • Test public Internet access to image based VM and include screenshot about passing test to task README.txt

7) Task 7: VM Provisioning

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • Use CLI commands to install application on VM from previous task
  • Update VM creation script, to run app install CLI commands as user data
  • Test public Internet access to VM and include screenshot about passing test to task README.txt

8) Task 8: Backup and Restore

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • setup VM automated backups and lifecycle rules

9) Task 9: NAT Gateway

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Aim is to take IaC template (or templates) from previous task and expand the configurations.
• Aim is to continue to develop IaC template (or templates) that handles the requirements of this task.
• Setup IaC templating to be parameterized with defaults.
• README.md contains instructions how to deploy IaC templating.
• Task goals:
  • You need to have Public Subnet and Private Subnet
  • Setup NAT Gateway to Public Subnet (Route Tables for Public and Private Subnets are important)
  • Create VM to Private Subnet and run app install CLI commands as user data
  • Application is downloaded from Internet even if VM is in Private Subnet
  • Application install must succeed
  • You need to find a way to access VM in Private Subnet
  • Run cli commands locally on VM in Private Submet to verify install succeeded
  • Include screenshot about succesfull CLI test on VM to README.txt

10) Task 10: Draw and Annotate Architecture Task and Estimate Costs Task

• Prepare task specific folder in your repository. Put all files pertinent to this task in that folder.
• Task goals:
  • Draw solution architecture diagram about your deployment.
  • Diagram must be complete as possible as if it was for production usage.
  • Note that your actual IaC deployment does not need to be production ready (no custom Domain etc.).
  • Include as annotations all DNS, IP, TLS, Port and other critical details.
  • Use diagram tool like: draw.io, Lucidchart, etc.
  • Use AWS/Azure calculator to estimate costs.

Assignment Evaluation and Feedback

Practical IaC Deployment assignment will be evaluated by the the trainer according to following assessment criteria:

• Inadequate quality submissions will result in failed evaluation.
  • Submission is missing or generally unnacceptable quality.
• 50% maximum score: Artifacts produced are basic quality.
  • Complete 10 Prep Tasks with basic quality
• 75% maximum score: design and documentation is ok.
  • Complete 10 Prep Tasks with average quality.
  • Basic mostly working Infrastructure-as-Code Deployment
• 100% maximum score: Artifacts produced are excellent quality.
  • Complete 10 Prep Tasks with excellent quality.
  • Fully working Infrastructure-as-Code Deployment.

Assignment Submissions

Learner will submit their practical IaC deployment to Practical IaC Deployments folder in Files section of course implementation’s Teams channel.

Deadline for Cloud Architecture Design is the last scheduled session for the course. Trainer may require a demonstration about Prep Tasks or about IaC Deployment!

There are no late submissions and there are no optional methods of completion for this assignment.