Skip to main content

Skillber v1.0 is here!

Learn more

Module 12: Cloud Capstone

Checking access...

The Cloud Capstone is the culmination of everything you have learned across all four modules. You will design, implement, and document a production-grade microservices application deployed on AWS with multi-region high availability, CI/CD pipelines, full observability, and defense-in-depth security.

Project Scenario

Your organization runs a customer-facing e-commerce platform that must serve users globally with 99.99% availability. The application consists of three microservices — Product Service, Order Service, and User Service — each with its own data store. Your task is to design and provision the full infrastructure using Terraform, deploy the services on ECS Fargate, and wire up monitoring, alerting, and security controls.

Requirements

CategoryRequirement
ComputeECS Fargate with service auto-scaling across two regions
DatabaseRDS PostgreSQL Multi-AZ (primary) + read replicas in second region
CachingElastiCache Redis for session state and product catalog
NetworkingCustom VPCs with public/private subnets, NAT Gateways, Transit Gateway, VPC Peering
CI/CDCodePipeline + CodeBuild with testing, security scanning, and approval gates
ObservabilityCloudWatch metrics + logs, X-Ray tracing, Grafana dashboards, SLO-based alerting
SecurityKMS envelope encryption, WAF, Shield Advanced, security groups, NACLs
IaCAll infrastructure defined in Terraform modules with remote state
DNS/CDNRoute 53 latency-based routing + CloudFront with WAF
ComplianceSOC 2 control mapping, encryption at rest and in transit, audit logging

Deliverables

  1. Architecture diagram — Multi-region VPC topology with all services and data flows
  2. Terraform code — Modular IaC covering networking, compute, database, caching, and security
  3. CI/CD pipeline configuration — buildspec files, stage definitions, approval workflows
  4. Monitoring setup — CloudWatch dashboards, X-Ray tracing config, Grafana data sources, alerting rules
  5. Security documentation — Encryption key hierarchy, WAF rule sets, network segmentation, compliance mapping
  6. Incident response runbook — Playbooks for common failure scenarios (region failover, database failover, DDoS)

Evaluation Criteria

CriterionWeight
Architecture correctness and completeness25%
Terraform code quality and modularity20%
Security controls implementation20%
Monitoring and observability setup15%
CI/CD pipeline design10%
Documentation quality10%

Tip

Start by reviewing the Architecture Reference page, then build each Terraform module incrementally. Validate one module at a time before moving to the next.

Submission

Submit a GitHub repository with your Terraform modules, pipeline configurations, architecture diagram, and runbooks. Your repository README should explain the design decisions, trade-offs, and how to deploy the infrastructure.