External Exercise Lanes

This module's exercises are oriented toward concrete artifacts (diagrams, policies, decision records) rather than coding katas. External URL references are fine and encouraged where they add a realistic scenario or a concrete worked example.

How To Use This Page

1. Finish the relevant concept page and practice file first.
2. Produce the artifact from memory before opening any URL.
3. Only then compare your artifact against the official example in the linked doc.
4. Keep a mistake log with tags such as wrong AZ placement, over-broad IAM, missed egress charge, NAT in one AZ, IAM user instead of role, no required tags, or single-subnet ASG.

Lane 1: Cluster 1 - What a Cloud Platform Is

Use this lane when the shared-responsibility / regions / abstraction-ladder intuitions are still wobbly.

Target outcomes:

• one written shared-responsibility diagram for a specific workload
• one multi-AZ vs multi-region decision record with cost rationale
• one "which rung on the ladder?" memo for three workloads

Anchor references:

• AWS Shared Responsibility Model
• AWS EC2: Regions and Zones

Lane 2: Cluster 2 - Compute

Use this lane when you pick the wrong compute primitive or cannot defend your choice.

Target outcomes:

• four scenarios with chosen compute primitive and one rejected alternative each
• one cold-start mitigation plan for a latency-sensitive Lambda
• one ASG design across 3 AZs with documented scaling policy

Anchor references:

• EC2 Auto Scaling: Auto Scaling groups
• AWS Fargate for ECS
• Lambda concurrency
• Lambda SnapStart

Lane 3: Cluster 3 - Networking

Use this lane when your VPC, LB, or DNS reasoning is weak.

Target outcomes:

• one VPC design across 3 AZs with public/private-app/private-data subnets, route tables, NAT placement
• one L4 vs L7 decision record for a candidate service
• one DNS plan (public + private + service discovery) for a 2-service app
• one VPC Gateway Endpoint or PrivateLink design

Anchor references:

• Amazon VPC: How it works
• Amazon VPC: Subnets for your VPC
• AWS: What is an Application Load Balancer?
• Route 53 private hosted zones

Lane 4: Clusters 4 and 5 - Storage, Databases, Identity, Accounts

Use this lane when you need volume on IAM, landing zones, or cost reasoning.

Target outcomes:

• at least 3 IAM policies with narrow Action + Resource + at least one Condition
• one landing-zone sketch (OUs + core accounts + SCPs + baseline)
• one cost-attribution plan (tag set, budgets, anomaly alerts)
• one cross-region DR cost estimate with flagged compliance concerns

Anchor references:

• IAM JSON policy element reference
• Control Tower: Multi-account landing zone
• Tagging Best Practices: Cost allocation tags
• Overview of Data Transfer Costs

Self-Curated Problem Set

Build a custom set with these minimums:

• 3 VPC topology sketches (small, medium, multi-region)
• 3 IAM policy-writing problems of increasing tightness
• 3 compute-choice memos (differently shaped workloads)
• 2 landing-zone designs (small org vs enterprise)
• 2 cost-surprise post-mortems (write up and propose fix)

Completion Checklist

• Completed at least one artifact in each lane
• Logged at least 8 real mistakes and corrections
• Rewrote at least 2 policies or diagrams after review
• Validated at least 3 decisions against the anchor references
• Produced at least one cross-provider comparison (AWS vs GCP or Azure) for one concept