DevOps Engineering with Cloud Computing

This module covers the fundamentals and advanced usage of Git and GitHub, starting with Git basics such as initializing repositories, adding and committing changes, checking the status, and viewing the commit history. It then explores branching and merging strategies, including resolving merge conflicts, using stashing, applying tags, and performing reset or revert operations. The module also delves into GitHub workflows, including managing repositories, forking projects, creating pull requests, conducting code reviews, and tracking tasks through issues and project boards. Finally, it introduces GitHub Actions for continuous integration, providing an overview of automated pipelines triggered on push or pull request events.

This module provides a comprehensive introduction to AWS, beginning with account setup, Identity and Access Management (IAM) including users, groups, roles, multi-factor authentication, and the principle of least privilege, along with AWS CLI usage and credential management. It covers networking fundamentals such as VPCs, subnets, route tables, Internet and NAT gateways, security groups, and network ACLs. Students will learn about EC2 instances, including AMIs, instance types, key pairs, user data, and EBS storage, as well as storage solutions like S3 with versioning, lifecycle policies, and encryption, plus an overview of EFS. The module also explores networking and delivery services such as ALB/NLB, Auto Scaling, CloudFront, and Route 53, and database services including RDS with backups and DynamoDB basics. Serverless computing is introduced via Lambda and API Gateway patterns, while messaging and notifications are covered through SQS and SNS. Observability is addressed with CloudWatch metrics, logs, alarms, and CloudTrail auditing, alongside security tools like KMS and AWS Certificate Manager. Infrastructure as Code is introduced with CloudFormation stacks and drift awareness, and cost management strategies are discussed through budgets, Cost Explorer, and tagging strategies, providing a holistic foundation for AWS architecture and operations.

This module introduces Docker and containerization, covering why containers are used, Docker vs virtualization, and engine architecture. It teaches container lifecycle management, image creation with layers and multi-stage builds, CMD vs ENTRYPOINT, port publishing, health checks, volumes, and networking basics. Students learn Docker Compose for multi-container apps, registry management, image tagging/versioning, and Dockerizing common stacks like Node.js, Python/Flask, Java, Go, and PHP, along with best practices for performance and image optimization.

This module introduces Kubernetes, explaining its purpose, use cases, and cluster architecture with core components. Students learn to set up lab clusters using Minikube, k3s, or kubeadm, and work with kubectl and contexts. Key concepts such as Pods, Deployments, ReplicaSets, StatefulSets, Namespaces, and resource quotas are covered, along with Services (ClusterIP, NodePort, LoadBalancer) and DNS. The module also covers storage with Volumes, PersistentVolumes, and PersistentVolumeClaims, configuration management using ConfigMaps and Secrets, Ingress and basic ingress controllers, CronJobs, Jobs, and DaemonSets. Networking and traffic controls, Horizontal Pod Autoscaling with resource requests/limits, and security using RBAC, service accounts, and least privilege principles are also included.

This module covers CI/CD concepts and pipeline patterns using Jenkins, including installation on Linux and Docker and initial admin setup. Students learn about controllers, agents, build nodes, and the differences between freestyle jobs and pipelines using Jenkinsfiles. The module addresses environment variables, credentials, secrets management, Git webhooks, PR builds, and multi-branch pipelines, as well as build, test, package, and deploy stages. It also covers notifications via email, Slack, or SNS, caching and artifact management across stages, basic hardening and backup practices, and troubleshooting common pipeline failures, culminating in a small end-to-end pipeline project.

This module introduces SonarQube for code quality and security analysis, covering setup options including local installation and Docker, as well as configuring quality gates. It teaches the use of language analyzers, rules, and quality profiles, along with importing coverage and test reports from CI jobs. Students learn PR decoration and how to block merges when quality gates fail, interpret issues such as bugs, vulnerabilities, and code smells, and follow remediation workflows. The module also covers integrating SonarQube scans into Jenkins and GitHub Actions pipelines for automated code quality enforcement.

This module covers Trivy for container and infrastructure security, including installation and updating vulnerability databases. Students learn to scan container images, filesystems, and SBOMs, set severity thresholds, use exit codes, and enforce build gates. It also covers integrating Trivy with registries to scan images before push or deployment, handling false positives and generating baseline reports, and incorporating Trivy scanning steps into Jenkins pipelines for automated security checks.

This module covers monitoring and observability using Prometheus and Grafana. It introduces the Prometheus metrics model, exporters, and targets, along with service discovery for Kubernetes and static jobs. Students learn to create recording and alerting rules, write PromQL queries for SLOs and capacity planning, and build Grafana dashboards for infrastructure, applications, and business KPIs. The module also covers Alertmanager configuration for routing, silences, and deduplication, blackbox probing for HTTP, TCP, and ICMP checks, and tuning retention and storage for efficient monitoring.

This module focuses on centralized logging using Loki and Promtail. It covers Loki’s architecture, including log streams and labels, and guides students through installing Promtail with scrape configurations for Kubernetes and Linux hosts. The module teaches parsing pipelines, relabeling patterns, querying logs in Grafana, and creating troubleshooting dashboards. It also addresses retention policies, storage backends, multi-environment labeling, tenant separation, and basic alerting based on log patterns and error rates.

This module focuses on alerting and on-call readiness, teaching students how to define SLIs, SLOs, and error budgets to guide effective alerting. It covers the difference between symptom-based and cause-based alerts, strategies to reduce noise, and designing escalation policies, on-call rotations, and proper paging etiquette. Students learn to create runbooks and playbooks with standardized remediation steps, understand incident command roles, and coordinate war-room activities. The module also emphasizes post-incident practices, including blameless postmortems, stakeholder communication using templates and status pages, and measuring MTTR/MTTA to drive continuous improvement in incident management.

This module covers Infrastructure as Code with Terraform, including providers, resources, variables, outputs, and modules. Students learn state management with remote backends and locking, workspaces for multi-environment patterns, and advanced features like data sources, depends_on, lifecycle rules, and resource import. The module also addresses module design, versioning, and registry usage, policy-as-code concepts with OPA/Sentinel, security scanning using tools like tfsec and Checkov, and code review practices. Additionally, it covers CI/CD integration for automated plan and apply workflows with approvals, as well as drift detection and remediation strategies. 

This module introduces Ansible for automation and configuration management, covering inventory management (static and dynamic), ad-hoc commands, and playbooks. Students learn to structure reusable roles and collections, implement idempotent tasks, handlers, and check mode, and manage variables, Jinja2 templates, and conditionals. The module also covers Ansible Vault for secrets management, dynamic inventory for AWS (EC2 and tags), OS hardening baselines, and application deployments. Additionally, it addresses testing with Molecule and CI integration, as well as performance tuning and error handling for efficient automation.

This module covers Agile methodologies in the context of DevOps, emphasizing Agile values and principles for efficient delivery. It introduces Scrum roles, events, and artifacts, as well as Kanban flow, WIP limits, and cycle time tracking. Students learn to write user stories with acceptance criteria, define the “done” state, estimate work using story points, and perform lightweight planning. The module also aligns release planning with CI/CD practices and trunk-based development to enable continuous, predictable delivery.

This module introduces practical DevOps collaboration and productivity tools, covering Jira for managing projects, issue types, backlogs, sprints, boards, dashboards, filters, swimlanes, and burndown/burnup charts. It also explores MS Teams for standups, channels, screen sharing, and recording meetings, as well as SharePoint and OneDrive for versioned documentation and runbooks. Additionally, students learn to use Excel for backlogs, metrics, and operational trackers, and PowerPoint for technical demos and stakeholder updates, enabling effective team collaboration and communication.

This module covers artifact repositories in DevOps pipelines, highlighting their importance for managing and promoting software artifacts. Students learn to work with JFrog Artifactory for Maven, npm, PyPI, and generic packages, as well as Docker image registries, including best practices for repository layout. The module addresses promotion flows from development to production, immutability strategies, cleanup, retention, and provenance using checksums and SBOMs. It also covers access control, tokens, and repository permissions following least privilege principles, CI/CD integration for publishing, caching, and pull-through proxies, and implementing vulnerability scanning gates before artifact promotion and deployment.

This module focuses on DevSecOps practices, covering secure coding and dependency scanning in CI pipelines, including SCA and license checks. Students learn secrets management and rotation for CI/CD, containers, and IaC, as well as implementing IAM least privilege and role separation across AWS and Kubernetes clusters. The module addresses network segmentation, security groups, NACLs, and TLS certificate management, container hardening, image signing, and base image policies. It also covers patch and vulnerability management with actionable SLAs, centralized logging, SIEM fundamentals, incident response runbooks, and using CloudTrail and CloudWatch for guardrails, auditing, and compliance readiness.

This capstone module guides students through end-to-end DevOps project implementation. Starting with kickoff and proposal approval, participants design architecture diagrams including VPCs, subnets, ALB, Route 53, and TLS. The module covers application containerization, Git repository management with branching policies, and CI/CD pipelines using Jenkins for build, test, SAST, Trivy scanning, and deployment. Infrastructure is provisioned with Terraform for VPC, EC2/EKS, IAM roles, and parameterized environments, while Kubernetes deployments utilize ConfigMaps, Secrets, Ingress, and HPA. Observability is implemented with Prometheus metrics, Grafana dashboards, alerting, and centralized logging via Loki with troubleshooting dashboards. Students also define artifact promotion policies, rollback strategies, and conclude with a final demo, runbook handoff, and cost and operability review.