Advanced Cloud Services Labs

Master serverless computing, container orchestration, and load balancing with hands-on labs covering AWS Lambda, Kubernetes, and multi-cloud architectures.

Cloud Services Labs - Module 2

Explore advanced cloud services including serverless functions, container orchestration, and high-availability architectures.

Lab 4: Serverless API with AWS Lambda
AWS / Advanced
Scenario: Serverless E-commerce Backend
BuildFast Corp needs a scalable, cost-effective backend for their e-commerce platform. Design and implement a serverless architecture using AWS Lambda, API Gateway, DynamoDB, and S3. Create RESTful APIs for product catalog, shopping cart, and order processing. Implement authentication with Cognito, set up CloudWatch monitoring, and configure auto-scaling for peak traffic periods.

Learning Objectives:

  • Serverless Architecture: Design Lambda functions for business logic
  • API Gateway: Create RESTful APIs with request/response mapping
  • DynamoDB Integration: Implement NoSQL data persistence
  • Security: Configure Cognito authentication and authorization

Step-by-Step Instructions:

  1. Create Three Lambda Functions
    You will create three Lambda functions for e-commerce: product-service, cart-service, and order-service.

    1. Click the orange "Create function" button in the top-right of the console.

    2. Select "Author from scratch" option.

    3. In the "Function name" field, type exactly: product-service

    4. For "Runtime", select Node.js 18.x from the dropdown.

    5. Expand "Change default execution role" and select "Create a new role with basic Lambda permissions".

    6. Click the orange "Create function" button at the bottom.

    7. Repeat steps 1-6 for cart-service and order-service.

    Tip: Function names must be exact (case-sensitive). You need all 3 functions before proceeding.
  2. Configure API Gateway Resources
    Create a REST API with three endpoints: /products, /cart, /orders.

    1. Click the "Configuration" tab, then scroll to find "API Gateway" section.

    2. Click "Add trigger" button.

    3. From the dropdown, select "API Gateway".

    4. For "API type", select "REST API".

    5. In "API Name" field, enter: ecommerce-api

    6. For "Resource Path", enter: /products

    7. Check the "CORS" checkbox to enable cross-origin requests.

    8. Click "Add" to create the trigger.

    9. Add resources for /cart and /orders by repeating the process.

    Tip: CORS must be enabled for web apps to call your API. All 3 resources are required.
  3. Set Up DynamoDB Tables
    Create three DynamoDB tables: Products, Carts, and Orders.

    1. Click the "DynamoDB Tables" tab in the console above.

    2. Click the "Create Table" button.

    3. In "Table name", enter: Products

    4. In "Partition key", enter: id (leave type as String).

    5. Leave "On-demand" billing selected (default).

    6. Click "Create" button.

    7. Create Carts table with partition key: userId

    8. Create Orders table with partition key: orderId

    Tip: Table names are case-sensitive. On-demand billing is cost-effective for variable traffic.
  4. Implement Cognito Authentication
    Set up Cognito User Pool for secure authentication.

    1. Click the "Configuration" tab in the Lambda console.

    2. Scroll down and click "Authentication" in the left sidebar.

    3. Click "Configure Cognito" button.

    4. In "User Pool name", enter: ecommerce-users

    5. Check "Enable email verification" checkbox.

    6. Under "App Client", enter name: web-app-client

    7. Click "Create User Pool" button.

    8. Return to API Gateway and add a "Cognito Authorizer" using the created pool.

    Tip: Email verification prevents fake accounts. The authorizer validates JWT tokens automatically.
  5. Deploy and Test All APIs
    Deploy the API and test each Lambda function.

    1. Click the "Test" tab in the console above.

    2. From "Event template" dropdown, select "API Gateway AWS Proxy".

    3. In the JSON editor, enter a valid test event (sample provided in textarea).

    4. Click the orange "Test" button.

    5. Verify you see "Execution result: succeeded" with status code 200.

    6. Test each of your three functions: product-service, cart-service, order-service.

    7. Check the "DynamoDB Tables" tab to confirm data was written.

    Tip: All 3 functions must show "succeeded". Check "Log output" if errors occur.
  6. Configure CloudWatch Monitoring
    Enable monitoring and set up alarms for your functions.

    1. Click the "Monitor" tab in the console above.

    2. Review the metrics displayed: Invocations, Duration, Errors, Throttles.

    3. Click "Configuration" tab, then "Monitoring and operations tools".

    4. Click "Edit" and enable "Active tracing" (X-Ray).

    5. Click "Save" to apply changes.

    6. Enable monitoring for all three functions.

    Tip: X-Ray helps trace requests across services. Monitor error rates and duration closely.
  7. Review Your Results
    After completing all steps, view your dashboard to see your progress and results.

    1. Click the "View Dashboard" button below to see your serverless architecture metrics.

    2. Review the dynamic stats showing your completed configurations.

    3. Click "View API Endpoints" to see your created API URLs.

    4. Click "View DynamoDB Tables" to confirm all tables are active.

    Tip: Dashboard updates dynamically as you configure services. Check it frequently during the lab!

AWS Lambda Console

Lambda Functions

No functions yet. Click "Create function" to get started.

Function Code - Select a function

// Select a function to view code

Test Event Configuration

Function Configuration

256 MB

Function Metrics

Invocations
--
No data yet
Avg Duration
--
No data yet
Error Rate
--
No data yet
Throttles
--
No data yet
Progress: 0/6 tasks completed
Score: 0/100
0%

Lab Completed!

Excellent serverless implementation!

Lab 5: Kubernetes Microservices Deployment
K8s / Advanced
Scenario: Microservices Application Deployment
TechCorp needs to deploy their microservices-based application on Kubernetes. Deploy a multi-tier application with frontend, backend API, and database services. Configure deployments, services, ingress controllers, and horizontal pod autoscaling. Implement ConfigMaps, Secrets, and persistent volumes. Set up monitoring with Prometheus and Grafana.

Learning Objectives:

  • Deployments: Create and manage Kubernetes deployments
  • Services & Networking: Configure service discovery and ingress
  • Configuration: Use ConfigMaps and Secrets for app config
  • Scaling: Implement HPA and resource management

Step-by-Step Instructions:

  1. Create Namespace
    Create a dedicated namespace called 'microservices' to isolate your application resources.
    kubectl create namespace microservices
    Tip: Namespaces provide logical separation. Use kubectl config set-context to switch context.
  2. Deploy Frontend Service
    Deploy React frontend with 3 replicas AND expose it as LoadBalancer service.
    kubectl create deployment frontend --image=nginx:latest --replicas=3 -n microservices kubectl expose deployment frontend --type=LoadBalancer --port=80 -n microservices
    Tip: Both commands required. Set resource limits. Configure liveness/readiness probes.
  3. Deploy Backend API
    Create ConfigMap for backend config AND deploy backend with ClusterIP service.
    kubectl create configmap api-config --from-literal=DB_HOST=postgres-db -n microservices kubectl create deployment backend-api --image=node:18 --replicas=2 -n microservices
    Tip: ConfigMap must be created first. Then deploy backend referencing the ConfigMap.
  4. Configure Database
    Create Secret for database credentials AND deploy PostgreSQL StatefulSet.
    kubectl create secret generic db-credentials --from-literal=password=SecureP@ss123 -n microservices kubectl create deployment postgres-db --image=postgres:14 -n microservices
    Tip: Use StatefulSet for databases. Configure PVC for persistent storage. Never hardcode passwords.
  5. Set Up Ingress
    Install NGINX Ingress Controller AND create ingress rules for routing.
    kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml kubectl create ingress main-ingress --rule="/api/*=backend-api:8080" -n microservices
    Tip: First install controller, then create rules. Add TLS for HTTPS. Configure rate limiting.
  6. Configure Autoscaling
    Create HorizontalPodAutoscaler for BOTH frontend AND backend deployments.
    kubectl autoscale deployment frontend --cpu-percent=70 --min=3 --max=10 -n microservices kubectl autoscale deployment backend-api --cpu-percent=70 --min=2 --max=8 -n microservices
    Tip: Both HPAs required. Ensure metrics-server is installed. Monitor with kubectl describe hpa.
  7. Review Your Results
    After completing all steps, view your dashboard to see your Kubernetes deployment results.

    1. Click the "View Dashboard" button below to see your cluster metrics.

    2. Review Deployments, Pods, Services, and HPAs counts (they update dynamically).

    3. Click "View Architecture" to visualize your microservices topology.

    Tip: Dashboard reflects your actual progress. All stats start at 0 and increase as you complete tasks.

kubectl Terminal

kubectl@cluster:~$
Progress: 0/6 tasks completed
Score: 0/100
0%

Lab Completed!

Great Kubernetes deployment!

Lab 6: Multi-Cloud Load Balancing
Multi-Cloud / Expert
Scenario: Global Traffic Management
GlobalStream needs a multi-cloud load balancing solution for their video streaming platform. Implement load balancers across AWS ALB, Azure Application Gateway, and configure global traffic management. Set up health checks, SSL termination, WAF rules, and geographic routing. Implement auto-scaling groups behind load balancers and configure CDN integration for optimal performance.

Learning Objectives:

  • Load Balancer Types: Configure ALB, NLB, and Application Gateway
  • Traffic Distribution: Implement routing rules and health checks
  • Security: Configure WAF and SSL/TLS termination
  • Performance: Integrate CDN and optimize for global traffic

Step-by-Step Instructions:

  1. Create AWS Application Load Balancer
    Create internet-facing ALB named 'streaming-alb' in multiple AZs.
    aws elbv2 create-load-balancer --name streaming-alb --subnets subnet-abc123 subnet-def456 --security-groups sg-xyz789
    Tip: Name must be 'streaming-alb'. Enable access logs. Configure deletion protection.
  2. Configure Target Groups
    Create target group AND register targets with health checks.
    aws elbv2 create-target-group --name video-api-tg --protocol HTTP --port 8080 --vpc-id vpc-12345 --health-check-path /health aws elbv2 register-targets --target-group-arn ARN --targets Id=i-1234 Id=i-5678 Id=i-9012
    Tip: Create target group first, then register instances. Set deregistration delay to 30s.
  3. Deploy Azure Application Gateway
    Create App Gateway with WAF enabled in West Europe region.
    az network application-gateway create --name streaming-appgw --resource-group rg-streaming --sku WAF_v2 --location westeurope
    Tip: Enable WAF with OWASP 3.2 rules. Configure auto-scaling (min: 2, max: 10).
  4. Implement SSL/TLS Termination
    Import SSL certificate to ACM AND create HTTPS listener on ALB.
    aws acm import-certificate --certificate fileb://cert.pem --private-key fileb://privkey.pem --certificate-chain fileb://chain.pem aws elbv2 create-listener --load-balancer-arn ARN --protocol HTTPS --port 443 --certificates CertificateArn=ACM_ARN --default-actions Type=forward,TargetGroupArn=TG_ARN
    Tip: Import cert first, then create listener. Redirect HTTP to HTTPS. Use TLS 1.2+.
  5. Configure Global Traffic Manager
    Create Route 53 health check AND configure geolocation routing policy.
    aws route53 create-health-check --type HTTPS --resource-path /health --fully-qualified-domain-name streaming-alb.elb.amazonaws.com aws route53 change-resource-record-sets --hosted-zone-id Z123 --change-batch file://geolocation-records.json
    Tip: Health check first, then routing. North America → AWS, Europe → Azure. Set up failover.
  6. Enable CDN Integration
    Create CloudFront distribution with ALB origin AND configure cache behaviors.
    aws cloudfront create-distribution --origin-domain-name streaming-alb.elb.amazonaws.com --default-root-object index.html aws cloudfront create-cache-policy --cache-policy-config file://cache-policy.json
    Tip: Create distribution, then configure caching. Cache static 24h. Enable compression.
  7. Review Your Results
    After completing all steps, view your dashboard to see your multi-cloud load balancing results.

    1. Click the "View Dashboard" button below to see your infrastructure metrics.

    2. Review Load Balancers, Target Groups, Health Checks, and CDN status (they update dynamically).

    3. Click "Traffic Analytics" to see request distribution across regions.

    4. Click "Test Failover" to simulate regional failure (only works after configuring health checks).

    Tip: Dashboard reflects your actual progress. Failover test requires both AWS ALB and Azure Gateway configured.

AWS CloudShell

aws@cloudshell:~$
Progress: 0/6 tasks completed
Score: 0/100
0%

Lab Completed!

Excellent multi-cloud load balancing!