Conversation
There was a problem hiding this comment.
Pull request overview
Introduces the initial AWS track for the DevOps Lab (parallel to the existing Azure track), including intentionally broken artifacts for incident-based troubleshooting, plus scripts to validate progress and automate end-to-end validation.
Changes:
- Added AWS Terraform, Kubernetes, Docker, GitHub Actions, and monitoring scaffolding to support the AWS lab track.
- Added AWS lab scripts (
setup,validate,destroy) and a GitHub Skills end-to-end validation script. - Updated documentation to mark AWS as available and provide the AWS incident queue and walkthrough.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
README.md |
Marks AWS track as available and links to the AWS guide. |
aws/README.md |
Adds the AWS lab guide with prerequisites and 7 incident queue. |
aws/app/app.py |
Adds a sample FastAPI app with Redis connectivity. |
aws/app/requirements.txt |
Adds Python dependencies for the AWS app. |
aws/app/tests/test_app.py |
Adds basic API endpoint tests for the app. |
aws/docker/Dockerfile |
Adds container build definition for the app (used in incidents). |
aws/docker/docker-compose.yml |
Adds local dev stack (app + redis) (used in incidents). |
aws/github-actions/ci.yml |
Adds CI workflow scaffold (used in incidents). |
aws/github-actions/cd.yml |
Adds CD workflow scaffold for ECR/EKS. |
aws/kubernetes/namespace.yaml |
Adds namespace manifest for AWS lab workloads. |
aws/kubernetes/app-deployment.yaml |
Adds app deployment manifest scaffold (used in incidents). |
aws/kubernetes/app-service.yaml |
Adds LoadBalancer service manifest scaffold (used in incidents). |
aws/kubernetes/redis-deployment.yaml |
Adds Redis deployment manifest scaffold (used in incidents). |
aws/kubernetes/redis-service.yaml |
Adds Redis service manifest scaffold (used in incidents). |
aws/monitoring/alerts.json |
Adds CloudWatch alarm configuration scaffold (used in incidents). |
aws/scripts/setup.sh |
Adds AWS setup/prereq script. |
aws/scripts/validate.sh |
Adds incident validation + token generation/verification for AWS track. |
aws/scripts/destroy.sh |
Adds AWS teardown script for Terraform/EKS/ECR/VPC-related cleanup. |
aws/terraform/main.tf |
Adds AWS Terraform scaffold for VPC/ECR/EKS/log group (used in incidents). |
aws/terraform/outputs.tf |
Adds Terraform outputs used by scripts/pipelines (used in incidents). |
aws/terraform/variables.tf |
Adds Terraform variables for AWS region. |
.github/skills/validate-devops-lab/aws/scripts/run-full-validation.sh |
Adds an automated “fix + deploy + validate + destroy” script for CI/Skills. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| env: | ||
| AWS_REGION: ${{ secrets.AWS_REGION }} | ||
| ECR_REPO: ${{ secrets.ECR_REPO }} | ||
| EKS_CLUSTER: ${{ secrets.EKS_CLUSTER_NAME }} | ||
|
|
||
| jobs: | ||
| build-and-push: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Login to ECR | ||
| run: | | ||
| aws ecr get-login-password --region ${{ env.AWS_REGION }} | \ | ||
| docker login --username AWS --password-stdin ${{ env.ECR_REPO }} |
There was a problem hiding this comment.
aws/scripts/validate.sh marks INC-005 as resolved when cd.yml contains configure-aws-credentials@v4, no credentials: key, aws-access-key-id, and kubectl. This cd.yml already satisfies those checks, so students will see INC-005 resolved immediately, which conflicts with the lab’s incident queue/intent. Either introduce an intentional failure in this workflow (that validate_inc_005 detects) or tighten validate_inc_005 so the initial file is correctly treated as broken.
.github/skills/validate-devops-lab/aws/scripts/run-full-validation.sh
Outdated
Show resolved
Hide resolved
…tion.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 23 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) | ||
| - [Terraform](https://developer.hashicorp.com/terraform/install) (v1.0+) | ||
| - [Docker](https://docs.docker.com/get-docker/) | ||
| - [kubectl](https://kubernetes.io/docs/tasks/tools/) |
There was a problem hiding this comment.
aws/scripts/validate.sh uses Python with the yaml module to validate GitHub Actions workflows, but the AWS lab prerequisites don’t mention Python/PyYAML. Add Python 3 + PyYAML (or adjust validation to avoid requiring PyYAML) so students can actually reach 7/7 incident resolution and export a token.
| - [kubectl](https://kubernetes.io/docs/tasks/tools/) | |
| - [kubectl](https://kubernetes.io/docs/tasks/tools/) | |
| - [Python 3](https://www.python.org/downloads/) (3.x) | |
| - [PyYAML](https://pyyaml.org/wiki/PyYAMLDocumentation) for Python 3 (e.g., `pip install pyyaml`) |
| if ! python3 -c "import yaml; yaml.safe_load(open('$CD'))" 2>/dev/null; then return; fi | ||
| if ! grep -q "aws-actions/configure-aws-credentials@v4" "$CD" 2>/dev/null; then return; fi | ||
| if grep -q "credentials:" "$CD" 2>/dev/null; then return; fi | ||
| if ! grep -q "aws-access-key-id" "$CD" 2>/dev/null; then return; fi | ||
| if ! grep -q "aws-secret-access-key" "$CD" 2>/dev/null; then return; fi | ||
| if ! grep -q "aws-region" "$CD" 2>/dev/null; then return; fi | ||
| if ! grep -q "aws eks update-kubeconfig" "$CD" 2>/dev/null; then return; fi | ||
| if ! grep -q "kubectl" "$CD" 2>/dev/null; then return; fi | ||
|
|
There was a problem hiding this comment.
INC-005 validation currently requires static aws-access-key-id / aws-secret-access-key inputs, which prevents using AWS’s recommended GitHub Actions OIDC flow (role-to-assume). Consider updating the lab docs + validation to allow OIDC-based auth (or explicitly justify why long-lived keys are required) to avoid teaching an insecure default.
This pull request introduces the initial AWS implementation of the DevOps Lab, making the AWS track available alongside Azure. It adds a complete set of resources, documentation, and incident-driven exercises for users to deploy, troubleshoot, and destroy a DevOps pipeline on AWS. The changes include new application code, Docker and Kubernetes configurations, CI/CD pipelines, monitoring setup, and infrastructure teardown scripts.
Key changes:
AWS Lab Availability and Documentation
README.md, and a comprehensive guide (aws/README.md) has been added. This guide details prerequisites, setup instructions, a queue of seven incidents to resolve, and cleanup steps. [1] [2]Application and Containerization
aws/app/app.py) with Redis integration, requirements (aws/app/requirements.txt), and tests (aws/app/tests/test_app.py). [1] [2] [3]aws/docker/Dockerfile) and a Docker Compose file to run the app with Redis locally (aws/docker/docker-compose.yml). [1] [2]CI/CD Pipelines
aws/github-actions/ci.yml) and CD (aws/github-actions/cd.yml), covering test execution, Docker image building, ECR push, and EKS deployment. [1] [2]Kubernetes and Monitoring
aws/kubernetes/). [1] [2] [3] [4] [5]aws/monitoring/alerts.json.Teardown and Cleanup
aws/scripts/destroy.sh) to clean up all AWS resources, ECR images, Kubernetes objects, and Terraform state.