AWS DevOps Engineer - Professional Labs

Master AWS DevOps at the professional level with hands-on, PBQ-style labs: CI/CD pipelines with CodePipeline/CodeBuild, infrastructure automation with CloudFormation and change sets, and observability + incident response with CloudWatch alarms, SSM automation, and safe rollbacks.

These labs cover all DevOps & container certifications including:

KCNA DCA KCSA Terraform Associate CKAD
CKA CKS AWS DevOps Professional Azure DevOps AZ-400 Google Prof. Cloud DevOps

AWS DevOps Professional Labs - Module 8

Professional-grade AWS DevOps labs with CI/CD pipelines, IaC change safety, and observability + incident automation - aligned to the AWS Certified DevOps Engineer - Professional exam.

Lab 22: CI/CD Pipeline with CodePipeline + CodeBuild
AWS / GUI + Terminal
Scenario: Standardize Deployment Pipeline
Your organization needs a reliable CI/CD pipeline for the orders-service. Configure a pipeline with a Git source, a CodeBuild build stage, and a deploy stage. Use a buildspec.yml to run tests and create an artifact, and ensure the pipeline requires manual approval before production deploy.
AWS DevOps Pro Lab

Learning Objectives:

  • CodePipeline: stages, actions, artifacts
  • CodeBuild: buildspec, environment variables, reports
  • Approvals: gate production deployment
  • Release safety: verify artifact integrity and deploy order

Step-by-Step Instructions

  1. Step 1: Configure Source stage
    In the Pipeline Console tab, set:
    Repository = orders-service Branch = main
    Then click Connect Source.
  2. Step 2: Configure Build stage
    Set CodeBuild project:
    Project = orders-build Runtime = nodejs18 Buildspec = buildspec.yml
    Then click Create Build Stage.
  3. Step 3: Add Manual Approval
    Add an approval gate before production:
    Action = ManualApproval Approver = release-manager
    Then click Add Approval.
  4. Step 4: Configure Deploy stage
    Set deploy target:
    Target = ECS Service = orders-prod
    Then click Create Deploy Stage.
  5. Step 5: Generate pipeline spec
    Click Generate YAML to create a pipeline definition.
  6. Step 6: Trigger pipeline
    In the Terminal tab, trigger the pipeline:
    aws codepipeline start-pipeline-execution --name orders-pipeline
    Expected: execution starts, build succeeds, approval pending before deploy.

AWS DevOps Lab Environment

Pipeline Console
Terminal
CodePipeline Builder Account: demo
Source Stage
Build Stage (CodeBuild)
Approval + Deploy
Pipeline Status
Source--
Build--
Approval--
Deploy--
Configuration
Repo--
Build Project--
Deploy Target--
AppliedNo
Activity Log
[system]Pipeline console ready. No pipeline configured.
aws@devops:~$
Progress: 0/6 tasks completed
Score: 0/100
After Completing All Steps:

1. Validate to see pipeline best-practice checklist.
2. View Architecture to understand stage flow and artifact handoff.
3. Reset to re-practice pipeline configuration.
0%

Lab Completed!

CI/CD pipeline configured and execution triggered.

Lab 23: CloudFormation Change Sets + Safe Deployments
AWS / GUI + Terminal
Scenario: Prevent Risky IaC Changes
The platform team must update the payments-stack with new resources while minimizing risk. Create a CloudFormation change set, review it for destructive changes, require an explicit approval if replacements are detected, then execute the change set safely.
AWS DevOps Pro Lab

Learning Objectives:

  • CloudFormation: stacks, drift, templates
  • Change sets: preview and gate updates
  • Replace detection: identify resource replacement
  • Safe rollout: explicit approvals before execution

Step-by-Step Instructions

  1. Step 1: Select stack + template
    In the CloudFormation Console, choose:
    Stack = payments-stack Template = add-sqs-queue.yml
    Then click Load Template.
  2. Step 2: Create change set
    Create a change set named payments-changeset and click Create Change Set.
  3. Step 3: Review changes
    Click Review to inspect adds/modifies/replaces.
    Tip: Replacements can cause downtime. Gate with approval.
  4. Step 4: Approve if safe
    If no replacements are found, click Approve Execution.
  5. Step 5: Execute change set
    Click Execute to apply the change set.
  6. Step 6: Verify stack update
    In the Terminal, run:
    aws cloudformation describe-stacks --stack-name payments-stack
    Expected: StackStatus = UPDATE_COMPLETE.

AWS DevOps Lab Environment

CloudFormation Console
Terminal
CloudFormation Change Set Manager Region: us-east-1
Stack Update
Change Set Status
Stack--
Change Set--
Replacements--
ExecutedNo
Gates
ReviewedNo
ApprovedNo
StatusNot started
Activity Log
[system]CloudFormation console ready. No change set loaded.
aws@devops:~$
Progress: 0/6 tasks completed
Score: 0/100
After Completing All Steps:

1. Validate to see change safety checklist.
2. View Architecture to see change set gates and execution flow.
3. Reset to re-practice safe IaC updates.
0%

Lab Completed!

Change set reviewed, approved, and executed safely.

Lab 24: Observability + Incident Automation
AWS / GUI + Terminal
Scenario: Auto-Remediate Production Alerts
Your production service is experiencing elevated error rates. Configure CloudWatch metrics and alarms, create an SSM automation document that rolls back a bad deployment, and ensure the alert triggers a safe remediation workflow (with approvals) instead of manual intervention.
AWS DevOps Pro Lab

Learning Objectives:

  • CloudWatch: metrics, alarms, log filters
  • SSM Automation: runbooks, approvals, execution history
  • Remediation: safe rollback patterns
  • Incident response: reduce MTTR with automation

Step-by-Step Instructions

  1. Step 1: Create metric filter
    In the Observability Console, set:
    Log Group = /prod/orders Pattern = "ERROR" Metric = OrdersErrorCount
    Then click Create Filter.
  2. Step 2: Create CloudWatch alarm
    Configure:
    Threshold = 5 errors / 5 minutes Alarm = orders-error-alarm
    Then click Create Alarm.
  3. Step 3: Create SSM runbook
    Set:
    Runbook = RollbackOrdersService Action = ECS rollback to previous task definition
    Then click Create Runbook.
  4. Step 4: Link alarm to automation
    Click Link Automation to connect the alarm to the runbook with an approval step.
  5. Step 5: Simulate incident
    In the Terminal, simulate errors:
    aws logs put-log-events --log-group-name /prod/orders --log-stream-name app --log-events "ERROR"
    Expected: alarm enters ALARM state.
  6. Step 6: Execute remediation
    Approve and run the automation, then verify:
    aws ssm get-automation-execution --automation-execution-id exec-123
    Expected: AutomationExecutionStatus = Success.

AWS DevOps Lab Environment

Observability Console
Terminal
CloudWatch + SSM Automation Env: production
Metric Filter + Alarm
SSM Automation Runbook
Observability
Metric FilterNo
AlarmNo
Alarm StateOK
Errors0
Automation
Runbook--
LinkedNo
Approval--
Execution--
Activity Log
[system]Observability console ready. No alarms or runbooks configured.
aws@devops:~$
Progress: 0/6 tasks completed
Score: 0/100
After Completing All Steps:

1. Validate to see observability + automation checklist.
2. View Architecture to see alarm -> approval -> automation pipeline.
3. Reset to re-practice incident automation patterns.
0%

Lab Completed!

Observability and incident automation configured successfully.

Module 1: KCNA Module 2: DCA Module 3: KCSA Module 4: Terraform Module 5: CKAD Module 6: CKA Module 7: CKS Module 8: AWS DevOps Module 9: AZ-400 Module 10: Google DevOps