- AWS Account (Free Tier eligible)
- AWS CLI installed and configured
- Basic knowledge of Git, Docker, and Linux
- Text editor or IDE
- Time required: 3-4 hours
Create a CloudFormation template that deploys a complete VPC infrastructure.
Create a CloudFormation template (vpc-infrastructure.yaml) that provisions:
- VPC with CIDR block 10.0.0.0/16
- Two public subnets in different AZs (10.0.1.0/24, 10.0.2.0/24)
- Two private subnets in different AZs (10.0.10.0/24, 10.0.20.0/24)
- Internet Gateway attached to VPC
- NAT Gateway in one public subnet
- Route tables properly configured:
- Public route table with route to Internet Gateway
- Private route table with route to NAT Gateway
- Outputs for VPC ID, subnet IDs, and route table IDs
- CloudFormation YAML file
- Screenshot of successfully created stack
- Export the stack outputs
aws cloudformation create-stack \
--stack-name devops-vpc-stack \
--template-body file://vpc-infrastructure.yaml
aws cloudformation describe-stacks \
--stack-name devops-vpc-stack \
--query 'Stacks[0].Outputs'Deploy an auto-scaling web application behind an Application Load Balancer.
-
Launch Template:
- Amazon Linux 2023 AMI
- t2.micro instance type
- User data script that installs and starts nginx
- Security group allowing HTTP (80) and SSH (22)
-
Auto Scaling Group:
- Min: 2, Max: 4, Desired: 2
- Use the VPC from Task 1 (private subnets)
- Health check grace period: 300 seconds
- Scaling policies:
- Scale out when CPU > 70% for 2 minutes
- Scale in when CPU < 30% for 5 minutes
-
Application Load Balancer:
- Internet-facing
- In public subnets from Task 1
- Target group with health checks on port 80
- Listener on port 80
- Launch template configuration (CLI commands or console screenshots)
- Auto Scaling group configuration
- Load balancer DNS name
- Screenshot showing 2 healthy instances in target group
Access the load balancer DNS name in browser - should show nginx welcome page.
# Get ALB DNS name
aws elbv2 describe-load-balancers \
--query 'LoadBalancers[*].DNSName' \
--output text
# Test with curl
curl http://<ALB-DNS-NAME>Build a complete CI/CD pipeline using AWS native services.
- Create a simple Node.js application:
app.js:
const express = require('express');
const app = express();
const port = 3000;
app.get('/', (req, res) => {
res.json({
message: 'DevOps Test App',
version: '1.0',
timestamp: new Date().toISOString()
});
});
app.get('/health', (req, res) => {
res.status(200).json({ status: 'healthy' });
});
app.listen(port, () => {
console.log(`App listening on port ${port}`);
});package.json:
{
"name": "devops-test-app",
"version": "1.0.0",
"scripts": {
"start": "node app.js",
"test": "echo 'Tests passed'"
},
"dependencies": {
"express": "^4.18.0"
}
}- Create CodeBuild buildspec.yml:
version: 0.2
phases:
install:
runtime-versions:
nodejs: 18
pre_build:
commands:
- echo Installing dependencies...
- npm install
build:
commands:
- echo Build started on `date`
- npm test
- echo Building deployment package...
post_build:
commands:
- echo Build completed on `date`
artifacts:
files:
- '**/*'- Create CodeDeploy appspec.yml:
version: 0.0
os: linux
files:
- source: /
destination: /var/www/devops-app
hooks:
ApplicationStop:
- location: scripts/stop_server.sh
timeout: 300
AfterInstall:
- location: scripts/install_dependencies.sh
timeout: 300
ApplicationStart:
- location: scripts/start_server.sh
timeout: 300-
Create deployment scripts in
scripts/folder -
Push to CodeCommit repository
Create a CodePipeline with:
-
Source Stage:
- CodeCommit repository
- Branch: main
- Trigger on commit
-
Build Stage:
- CodeBuild project
- Environment: Amazon Linux 2
- Build specifications from buildspec.yml
-
Deploy Stage:
- CodeDeploy
- Deployment group targeting Auto Scaling group from Task 2
- Deployment configuration: CodeDeployDefault.OneAtATime
- Git repository URL (CodeCommit)
- Pipeline name and execution screenshot
- Application accessible through ALB
- Evidence of successful deployment after code push
# Push a change and watch pipeline execute
git add .
git commit -m "Update version to 1.1"
git push origin main
# Check pipeline status
aws codepipeline get-pipeline-state \
--name devops-test-pipelineContainerize the application and deploy it on ECS with Fargate.
- Dockerfile:
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
EXPOSE 3000
CMD ["npm", "start"]-
Build and Push to ECR:
- Create ECR repository
- Build Docker image
- Push to ECR
-
ECS Cluster:
- Create ECS cluster (Fargate)
- Create task definition:
- 0.5 vCPU, 1GB memory
- Container port 3000
- CloudWatch Logs enabled
-
ECS Service:
- Desired count: 2
- Application Load Balancer integration
- Auto-scaling based on CPU (target 70%)
- Deployment type: Rolling update
- ECR repository URI
- Task definition JSON
- Service name and status
- Load balancer endpoint serving containerized app
# Login to ECR
aws ecr get-login-password --region us-east-1 | \
docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com
# Build and push
docker build -t devops-test-app .
docker tag devops-test-app:latest <ecr-uri>:latest
docker push <ecr-uri>:latest
# Describe service
aws ecs describe-services \
--cluster devops-cluster \
--services devops-serviceSet up comprehensive monitoring and alerting.
-
CloudWatch Dashboard:
- ALB request count
- ALB target response time
- ECS service CPU and memory utilization
- Auto Scaling group metrics
-
CloudWatch Alarms:
- ALB unhealthy target count > 0
- ECS service CPU utilization > 80%
- Auto Scaling group instance count < 2
-
SNS Topic:
- Create SNS topic for alerts
- Subscribe your email
- Configure alarms to send to SNS
-
CloudWatch Logs Insights:
- Write query to find all error logs from last hour
- Write query to count requests per minute
- Dashboard name and screenshot
- List of alarms with thresholds
- Screenshot of email alert (trigger test alarm)
- CloudWatch Logs Insights queries
Implement security best practices.
-
IAM Roles:
- EC2 role for Auto Scaling instances (SSM, CloudWatch)
- CodeBuild service role
- ECS task execution role
- ECS task role
-
Security Groups:
- ALB security group (allow HTTP from internet)
- Application security group (allow traffic only from ALB)
- Document all rules
-
S3 Bucket for Artifacts:
- Encrypted at rest
- Versioning enabled
- Block public access
- Lifecycle policy to delete after 30 days
-
Secrets Manager:
- Store a database password
- Reference it in ECS task definition
- IAM role policies (JSON)
- Security group rules documentation
- S3 bucket configuration
- Secret ARN
Implement and test backup and recovery procedures.
-
Create RDS Database:
- MySQL or PostgreSQL
- Multi-AZ deployment
- Automated backups enabled (7-day retention)
- In private subnets from Task 1
-
Backup Strategy:
- Take manual snapshot
- Configure automated backup window
- Copy snapshot to another region
-
Recovery Test:
- Restore database from snapshot to new instance
- Document recovery time
- Verify data integrity
-
AMI Backup:
- Create AMI from one Auto Scaling instance
- Copy to another region
- Launch instance from AMI in new region
- RDS instance identifier
- Snapshot ARNs (original and cross-region)
- Recovery documentation with timestamps
- AMI IDs in both regions
Analyze and optimize AWS costs.
-
Cost Explorer Analysis:
- Enable Cost Explorer
- Identify top 5 services by cost
- Screenshot of cost breakdown
-
Resource Tagging:
- Tag all resources with:
- Environment: dev
- Project: devops-test
- Owner: [your-name]
- Tag all resources with:
-
Right-Sizing Recommendations:
- Use AWS Compute Optimizer
- Document recommendations for EC2 instances
-
Budget and Alerts:
- Create budget for $10/month
- Set alert at 80% threshold
- Cost report screenshot
- List of all tagged resources
- Right-sizing recommendations document
- Budget configuration screenshot
Recreate Task 1 (VPC infrastructure) using Terraform instead of CloudFormation.
main.tfwith VPC, subnets, gatewaysvariables.tffor configurable parametersoutputs.tffor resource IDsterraform.tfvarswith values- Successfully apply and destroy
Create a GitHub Actions workflow that:
- Runs on push to main branch
- Builds Docker image
- Pushes to ECR
- Updates ECS service
Create a document with:
- Architecture diagram showing all components
- Commands executed for each task
- Screenshots proving completion
- Code files (CloudFormation, scripts, Dockerfiles)
- Lessons learned and challenges faced
- Cost report of resources used
IMPORTANT: Delete all resources to avoid charges:
# Delete ECS service and cluster
aws ecs delete-service --cluster devops-cluster --service devops-service --force
aws ecs delete-cluster --cluster devops-cluster
# Delete Auto Scaling group
aws autoscaling delete-auto-scaling-group \
--auto-scaling-group-name devops-asg --force-delete
# Delete Load Balancer
aws elbv2 delete-load-balancer --load-balancer-arn <arn>
# Delete CloudFormation stack
aws cloudformation delete-stack --stack-name devops-vpc-stack
# Delete RDS instance
aws rds delete-db-instance \
--db-instance-identifier devops-db \
--skip-final-snapshot
# Empty and delete S3 buckets
aws s3 rb s3://your-bucket-name --force
# Delete ECR repository
aws ecr delete-repository --repository-name devops-test-app --force- Functionality: Does it work as specified? (40%)
- Best Practices: Follows AWS Well-Architected Framework? (25%)
- Security: Proper IAM, encryption, network isolation? (20%)
- Documentation: Clear, complete, reproducible? (15%)
Total Points: 190 (+ 25 bonus)
Good luck! This test will give you real, practical DevOps experience.