Training
Regional
Sample Tasks

Sample Tasks

This page lists various sample tasks that you could expect when participating at a Skills53 competition on the regional level. It is not meant to express the specific scope that the competition will cover, but rather to give you an idea of the type of tasks you might encounter. You can easily train these kinds of tasks yourself by either creating your own AWS account (paid) or using the free AWS Academy Learners Lab offering.

The Skills53 regional championships are competitive, but they are also designed to be an exciting entry point into cloud computing. Even if you’re new to AWS or have minimal experience, you’ll find tasks that are approachable and rewarding to solve. With a mix of easy, medium, and challenging tasks, there’s something for everyone - whether you’re aiming for the top spot or simply exploring the possibilities.

While some tasks may seem advanced, the competition platform offers helpful hints to guide you if needed. Using hints deducts a few points for fairness, but it ensures you can keep progressing and learning throughout the event. Completing tasks and seeing your progress in real time creates a thrilling and supportive atmosphere.

These tasks are designed not only to test your skills but also to encourage you to explore AWS services hands-on. Whether you’re preparing for the competition or simply learning, these examples offer a great starting point to deepen your cloud computing expertise.

Auto Scaling

Services

  • Amazon Auto Scaling
  • Amazon EC2
  • Amazon Elastic Load Balancing

Summary

You are required to future-proof your infrastructure and must use an auto-scaling group that handles 1 to 4 EC2 instances, currently manually set at 2. Each EC2 instance should host a static web server that outputs its own instance ID. You should then expose the instances behind a load balancer and verify that scaling works correctly, including that each instance correctly displays its own instance ID.

Task

  1. Create an auto-scaling group configured to manage 1 to 4 instances, with the desired capacity set to 2.
  2. Use a launch template that provisions EC2 instances:
    • Instances should run Amazon Linux 2.
    • Ensure each instance hosts a static web server displaying its instance ID on the default page.
  3. Deploy an Application Load Balancer:
    • Attach the load balancer to public subnets.
    • Configure the load balancer to route HTTP traffic to the instances.

Verification:

  • Access the load balancer’s DNS name and confirm it routes traffic to the EC2 instances.
  • Check that each instance correctly displays its unique instance ID when accessed through the load balancer.

Hints:

  • In the launch template, use a startup script to configure a web server and set up the default page with the instance ID. Research how to use metadata to retrieve the instance ID during boot.
  • Use the AWS Management Console or CLI to check that the load balancer is healthy and properly routing traffic to the instances.

Basic Compute

Services

  • Amazon EC2

Summary

You have been given a broken EC2 instance that is not responding to SSH connections. You are required to troubleshoot the issue and fix the instance so that it is accessible via SSH. Possible causes could be that the instance is stopped or the security group is misconfigured.

Task

You’ve received an EC2 instance that is currently inaccessible. Your goal is to identify the issue, resolve it, and restore SSH connectivity using the provided credentials.

  • Ensure the EC2 instance is running and accessible.
  • Verify that the instance has an attached security group allowing SSH (port 22) from your IP address.
  • Ensure the instance has network connectivity and a public IP address.

Verification:

  • Confirm you can connect to the instance via SSH using the provided username and password.
  • Validate that basic Linux commands (e.g., ls, whoami) execute successfully after login.

Hints:

  • Check the instance’s current state and network configuration using the AWS Management Console or CLI.
  • Review the security group rules for the instance, ensuring that inbound SSH traffic is allowed from your public IP.
  • Verify that the instance’s subnet has an Internet gateway, and its route table is configured correctly for public access.

Container Orchestration

Services

  • Amazon Elastic Container Service (ECS)
  • Amazon Elastic Container Registry (ECR)

Summary

You are required to deploy a containerized application using Amazon ECS. The task involves creating an ECR repository and configuring it as a pull-through cache for Docker Hub to pull the traefik/whoami image. You will then deploy this container as a service in ECS using the Fargate launch type, ensuring the service is correctly associated with a load balancer.

Task

You’ve been asked to deploy a simple containerized service on AWS. The service should use Amazon ECS and pull its image through a configured ECR repository.

  • Create an ECR repository named skills53-whoami and configure it as a pull-through cache for Docker Hub to fetch the traefik/whoami image.
  • Deploy the container as a service in ECS with the following requirements:
    • Use Fargate as the launch type.
    • Set the desired task count to 2.
    • Ensure the service is associated with a load balancer for HTTP traffic.
  • Configure the load balancer to correctly route traffic to the running tasks.

Verification:

  • Confirm the service is accessible via the load balancer’s DNS name.
  • Verify that traffic is correctly routed to both tasks, and the traefik/whoami image outputs the expected container information.

Hints:

  • Use the AWS documentation to learn how to configure an ECR pull-through cache.
  • Ensure the ECS service is deployed in at least two subnets across different Availability Zones.
  • Use the ECS console or CLI to monitor the service’s health and ensure tasks are running without issues.

Cloud Networking

Services

  • Amazon VPC

Summary

You are required to set up a new VPC with three subnets of different sizes. You have not been provided with the desired CIDR, but you know how many hosts are required to fit in each subnet, along with the desired availability zones. You should also ensure that the VPC has a correctly configured Internet gateway and that the subnets are correctly associated with the route table. Lastly, set up a Network ACL that allows only HTTP and HTTPS traffic to the subnets.

Task

You’ve been tasked with designing a VPC that meets specific requirements for a new project.

  1. Create a VPC named skills53-vpc with:
    • A CIDR block that accommodates the required subnets.
    • An attached Internet gateway.
  2. Set up three subnets in different Availability Zones:
    • Subnet 1: Must support at least 37 usable hosts.
    • Subnet 2: Must support at least 86 usable hosts.
    • Subnet 3: Must support at least 145 usable hosts.
  3. Associate all subnets with the main route table of the VPC.
  4. Configure a Network ACL to allow only the following inbound traffic:
    • HTTP (port 80).
    • HTTPS (port 443).
  5. Deny all other inbound traffic explicitly.

Verification:

  • Confirm that all subnets are associated with the correct route table and can access the Internet via the Internet gateway.
  • Verify that the Network ACL allows only HTTP and HTTPS traffic to the subnets by testing connectivity using an EC2 instance in each subnet.

Hints:

  • Use the VPC wizard in the AWS Management Console or the CLI to simplify subnet and Internet gateway creation.
  • Calculate the required CIDR blocks carefully to ensure they accommodate the required number of usable hosts while minimizing wasted addresses.
  • Test Network ACL rules by deploying a basic EC2 instance in each subnet and verifying that HTTP/HTTPS traffic is allowed while other traffic is blocked.

DNS Zone Management

Services

  • Amazon Route 53

Summary

A public subdomain has been delegated to your AWS account and is present as a Route 53 hosted zone. You are required to provision various DNS records for this domain, such as A, CNAME, and MX records. You should verify that the records are correctly set up and that the domain is resolving correctly.

Task

You’ve been assigned to manage a DNS subdomain for a client’s project. Your goal is to create the required DNS records and ensure the subdomain functions as expected.

  1. Use the pre-configured hosted zone in Route 53 for the subdomain.
  2. Add the following DNS records:
    • An A record for the zone apex that resolves to the IP address 203.0.113.10.
    • A CNAME record for www that points to the zone apex.
    • An MX record for the zone apex that points to mail.example.com with a priority of 10.
    • A TXT record for the zone apex containing the text skills53-verification.
  3. Ensure all changes are applied and the records are propagated.

Verification:

  • Use a DNS lookup tool (e.g., dig or online tools) to confirm that the records are correctly set up and resolving.
  • Verify that the www subdomain resolves correctly via the CNAME.
  • Test email delivery using the configured MX record (e.g., by checking for successful mail server responses).

Hints:

  • Use the Route 53 console to create and manage records, and ensure the hosted zone’s NS records are correctly delegated.
  • Propagation of DNS changes may take some time; use tools to check the status and TTL of the records.
  • Double-check the formats for each record type, especially for MX and TXT.
  • If you don’t own a domain, practice by creating a private hosted zone in Route 53 and associating it with a VPC. You can test records by setting up local DNS resolution within that VPC.

Lambda Troubleshooting

Services

  • AWS Lambda
  • Amazon S3

Summary

You have been provided with an existing simple Lambda function that is not working as expected. It is supposed to list various objects in an S3 bucket, but it is failing to do so. You are required to troubleshoot the Lambda function and fix the issue. You should also ensure that the function is correctly configured and that it has the necessary permissions to access the S3 bucket.

Task

A client has reported that their Lambda function is failing to list objects in an S3 bucket. Your goal is to identify and resolve the issue.

  1. Inspect the Lambda function’s configuration and code for errors.
  2. Verify that the Lambda function has the required IAM role and permissions:
    • Ensure the role includes s3:ListBucket for the bucket in question.
    • Ensure the role includes s3:GetObject for objects within the bucket.
  3. Test the Lambda function by invoking it and confirming that it lists the objects as expected.

Verification:

  • Confirm that the Lambda function successfully lists the objects in the S3 bucket.
  • Verify the logs in CloudWatch for any remaining errors or warnings.

Hints:

  • Check the Lambda execution role in the IAM console to ensure it is correctly attached and has the necessary policies.
  • Use the AWS Lambda test interface to invoke the function with different input payloads if required.
  • Review the function’s logs in CloudWatch to identify and debug any runtime issues.

Example Code:

import boto3
import os

def lambda_handler(event, context):
    # Initialize the S3 client
    s3 = boto3.client('s3')

    # Specify the S3 bucket name (can be hardcoded or passed via the event)
    bucket_name = os.environ.get('BUCKET_NAME', 'your-bucket-name')

    try:
        # List objects in the bucket
        response = s3.list_objects_v2(Bucket=bucket_name)
        if 'Contents' in response:
            files = [obj['Key'] for obj in response['Contents']]
            return {
                'statusCode': 200,
                'body': f"Objects in bucket '{bucket_name}': {files}"
            }
        else:
            return {
                'statusCode': 200,
                'body': f"No objects found in bucket '{bucket_name}'."
            }
    except Exception as e:
        return {
            'statusCode': 500,
            'body': f"Error accessing bucket '{bucket_name}': {str(e)}"
        }

Static Website Hosting

Services

  • Amazon Certificate Manager
  • Amazon CloudFront
  • Amazon S3

Summary

You are required to host a static website on AWS. The website should be served over HTTPS and should be globally distributed. You should also ensure that the website is highly available and protected against DDoS attacks. The website should consist of two pages: an index page (index.html) and a contact page (contact.html). When a user visits the root of the website, they should see the index page.

Task

You’ve been tasked with hosting a secure, globally accessible static website for a new product launch.

  1. Create an S3 bucket named skills53-static-site and upload the provided index.html and contact.html files.
  2. Configure the S3 bucket for static website hosting.
  3. Use Amazon CloudFront to distribute the website globally:
    • Configure CloudFront to use the S3 bucket as the origin.
    • Enforce HTTPS for all requests.
    • Attach an Amazon Certificate Manager (ACM) public certificate if using a custom domain, or use the default CloudFront domain for testing.
  4. Ensure index.html is configured as the default root object.

Verification:

  • Confirm that accessing the CloudFront URL serves the index.html page by default.
  • Verify that the contact.html page is accessible directly via its URL.
  • Ensure all requests are served over HTTPS.

Hints:

  • Never use Private CA in ACM, as it is costly. Use a public ACM certificate or stick to the default CloudFront domain.
  • The “default root object” in CloudFront determines which file is served when a user accesses the root of the domain.
  • Use the S3 Management Console to upload files and enable static website hosting.
  • CloudFront distributions take time to deploy. Plan your testing accordingly.