TODO
Note
This section contains a series of exercises and assessment questions designed to reinforce the concepts from the cloud computing chapters. Solutions and detailed explanations are provided in the solutions.rst file. It is highly recommended to attempt the exercises yourself before reviewing the solutions.
Part 1: Foundational Exercises
These exercises cover the core concepts of cloud computing, service models, and architectural patterns.
Exercise 1: Cloud Service Model Recommendation
Scenario: You are a cloud architect consulting for three different companies.
Company A (StartupFast): A 2-person startup building a new food delivery app. They need to launch in 8 weeks with a limited budget and expect viral growth.
Company B (MegaCorp): A Fortune 500 manufacturing company with existing .NET applications, a large IT department, strict compliance requirements (SOX, GDPR), and a hybrid cloud strategy.
Company C (DataInsights LLC): An AI/ML consultancy that processes terabytes of data with variable workloads. Their team consists of data scientists, not DevOps engineers.
Task: For each company, recommend the optimal mix of cloud service models (IaaS, PaaS, SaaS) and justify your choices. Outline the key services you would use and the primary benefits of your proposed architecture.
Exercise 2: Scaling Strategy Design
Scenario: You are designing a news website that experiences highly variable traffic: low during normal hours but massive, unpredictable spikes during breaking news events.
Task:
Design two scaling strategies: one based on vertical scaling and one on horizontal scaling.
Create a comparison matrix evaluating each strategy on cost, response time to traffic spikes, complexity, and reliability.
Which strategy would you choose and why?
Exercise 3: VM vs. Container Migration Plan
Scenario: Your team is migrating a traditional 3-tier web application (React frontend, Node.js backend, PostgreSQL database) from on-premises servers to the cloud.
Task:
Outline a migration plan using a VM-based (IaaS) architecture.
Outline a migration plan using a container-based (PaaS/CaaS) architecture on Kubernetes.
Compare the two approaches, focusing on resource efficiency, deployment speed, operational complexity, and cost.
Exercise 4: Cloud Security Assessment
Scenario: Your startup’s MVP is getting traction, and you need to implement proper cloud security before handling customer data.
Task:
Design an Identity and Access Management (IAM) strategy for a team of 5 developers and 2 DevOps engineers.
Create a security checklist for your containerized application deployment.
Propose encryption strategies for data at rest and in transit.
Design a compliance framework for GDPR requirements.
Exercise 5: FinOps and Cost Optimization
Scenario: Your cloud bill has grown from $100/month to $5,000/month as your application scaled. Leadership wants a cost optimization plan.
Task:
Identify the top 5 cost optimization strategies for containerized applications.
Design a resource tagging strategy for cost allocation across teams.
Create an auto-scaling policy that balances performance and cost.
Propose a Reserved Instance vs. Spot Instance strategy.
Exercise 6: Cloud Observability Strategy
Scenario: Your microservices application is experiencing intermittent performance issues in production. Users are complaining about slow response times, but you can’t identify the root cause.
Task:
Design a comprehensive observability strategy using the three pillars (metrics, logs, traces).
Define SLOs for your main user journeys and create alerting rules.
Create a monitoring dashboard that shows the Golden Signals for your application.
Design an incident response runbook for high latency issues.
Exercise 7: Disaster Recovery Planning
Scenario: Your company’s primary cloud region experienced a 6-hour outage, and you need to design a multi-region disaster recovery strategy.
Task: 1. Design a disaster recovery strategy with defined RTO (Recovery Time Objective) and RPO (Recovery Point Objective). 2. Create a multi-region deployment architecture using Kubernetes. 3. Plan data replication and backup strategies for stateful services. 4. Design a testing procedure to validate your disaster recovery plan quarterly.
Part 2: Hands-On Implementation
These exercises require you to apply your knowledge using specific tools and cloud provider services.
Exercise 4: Multi-Cloud Service Mapping
Task: Create a service mapping table for the following categories across AWS, Azure, and GCP. This is a reference exercise to build familiarity.
Compute (VMs, Containers, Serverless)
Storage (Object, Block)
Database (SQL, NoSQL)
Networking (VPC, Load Balancer, CDN)
Identity & Access Management
Monitoring
Exercise 5: Terraform Multi-Cloud Implementation
Scenario: Implement a simple web server infrastructure on both AWS and Azure using a single Terraform project.
Task: 1. Structure your Terraform project with a root main.tf and provider-specific modules (e.g., ./modules/aws and ./modules/azure). 2. The root module should use a variable (e.g., var.cloud_provider) to decide which child module to use. 3. Each module should create a virtual network, a subnet, and a single web server VM that responds to HTTP requests. 4. Demonstrate how you would deploy to AWS and then to Azure by changing the input variable.
(For a full solution, see the practical lab in section 0.8)
Exercise 8: Cloud-Native CI/CD Pipeline
Scenario: Design a modern CI/CD pipeline that deploys your containerized application to multiple cloud environments with proper security, testing, and observability.
Task:
Create a GitHub Actions workflow that builds, tests, and scans your container image for security vulnerabilities.
Implement automated deployment to staging and production Kubernetes clusters.
Add smoke tests and health checks that run after deployment.
Implement automated rollback if health checks fail.
Include security scanning (SAST, dependency scanning, container scanning) in your pipeline.
Deliverables:
.github/workflows/deploy.yml with complete CI/CD pipeline
Kubernetes deployment manifests with health checks
Security scanning configuration (e.g., Trivy, Snyk)
Rollback strategy documentation
Exercise 9: Serverless vs Containers TCO
Scenario: Your startup is deciding between a traditional containerized architecture (EKS/GKE/AKS) vs. a serverless-first approach for a new API service.
Task:
Design both architectures for the same API service handling 1M requests/month with seasonal traffic spikes.
Calculate Total Cost of Ownership (TCO) for both approaches over 12 months, including: - Infrastructure costs (compute, storage, networking) - Operational overhead (monitoring, maintenance, security) - Developer productivity impact - Scaling capabilities and limitations
Create a decision matrix comparing factors like cost, scalability, vendor lock-in, operational complexity, and developer experience.
Make a recommendation with clear reasoning for your choice.
Research Requirements:
Current pricing for AWS Lambda vs EKS, Google Cloud Run vs GKE, Azure Functions vs AKS
Performance characteristics and cold start implications
Monitoring and debugging capabilities
Integration ecosystem and available services
Exercise 10: Cloud Security Implementation
Scenario: You’re tasked with implementing a comprehensive cloud security strategy for a financial services application handling sensitive customer data.
Task:
Design an Identity and Access Management (IAM) strategy with:
Role-based access control (RBAC) for different team members
Service account management for applications
Multi-factor authentication requirements
Principle of least privilege implementation
Implement data protection measures:
Encryption at rest and in transit configuration
Key management strategy (AWS KMS, Azure Key Vault, GCP KMS)
Database encryption for PII data
Backup encryption and secure storage
Network security architecture:
Virtual Private Cloud (VPC) design with proper segmentation
Security groups and network ACLs configuration
Web Application Firewall (WAF) rules
DDoS protection strategy
Compliance and audit preparation:
Logging strategy for compliance requirements (SOX, PCI-DSS)
Continuous security monitoring setup
Vulnerability assessment procedures
Incident response playbook
Deliverables:
Infrastructure as Code (Terraform/CloudFormation) templates
Security policy documentation
Compliance checklist with controls mapping
Incident response runbook
Part 3: Assessment Questions
Attempt to answer these questions to test your understanding of the key concepts.
Multiple Choice Questions
In the IaaS model, which of the following is the customer responsible for managing? a) Physical servers b) Virtualization hypervisor c) Operating System d) Data center security
A startup wants to launch a new application as quickly as possible with a small team. Which cloud strategy is generally most suitable? a) Cloud Agnostic b) Cloud Native c) On-Premises d) Private Cloud
What is the primary advantage of horizontal scaling over vertical scaling? a) It is always cheaper. b) It improves the performance of a single instance. c) It increases availability and fault tolerance. d) It requires less complex networking.
Which tool is best suited for managing a cloud-agnostic infrastructure as code? a) AWS CloudFormation b) Azure Resource Manager c) Terraform d) Google Cloud Deployment Manager
What is the main purpose of an API Gateway in a microservices architecture? a) To run application business logic. b) To provide a single entry point for clients and handle cross-cutting concerns. c) To store and manage application data. d) To replace the need for a container orchestrator.
Short Answer Questions
Explain the concept of “cattle vs. pets” in cloud infrastructure management and how it relates to the Cloud Native approach.
Describe the trade-offs between using a managed database service (like AWS RDS) versus self-hosting a database (like PostgreSQL on an EC2 VM).
What are the “6 Rs” of cloud migration? List and briefly describe at least four of them.