Skip to main content
Public Cloud in DevOps

Public Cloud in DevOps

$249.00
When you get access:
Course access is prepared after purchase and delivered via email
Your guarantee:
30-day money-back guarantee — no questions asked
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
How you learn:
Self-paced • Lifetime updates
Who trusts this:
Trusted by professionals in 160+ countries
Adding to cart… The item has been added

This curriculum spans the design and operational rigor of a multi-workshop cloud governance program, covering identity, infrastructure, pipelines, networking, and observability with the depth required to guide enterprise teams through real-world DevOps transformations in regulated environments.

Module 1: Cloud Account and Identity Architecture

  • Define organizational unit (OU) structure in AWS Organizations or Azure Management Groups to align with business units while enforcing centralized guardrails.
  • Implement identity federation using SAML 2.0 or OIDC to integrate cloud identities with existing enterprise directory services like Active Directory or Azure AD.
  • Enforce multi-factor authentication (MFA) for all privileged roles and evaluate trade-offs between security and developer productivity for non-privileged access.
  • Design least-privilege IAM policies using attribute-based access control (ABAC) or role-based access control (RBAC), balancing granularity with policy maintainability.
  • Establish cross-account access patterns using role chaining or resource-based policies for secure inter-service communication across environments.
  • Configure identity auditing and alerting on anomalous sign-in activity using native cloud logging services integrated with SIEM platforms.

Module 2: Secure and Compliant Infrastructure Provisioning

  • Select between Terraform, AWS CloudFormation, or Azure Resource Manager based on team expertise, state management needs, and multi-cloud requirements.
  • Implement infrastructure as code (IaC) linting and static analysis in CI pipelines using tools like Checkov or tfsec to detect policy violations pre-deployment.
  • Design reusable infrastructure modules with parameterized inputs while avoiding over-abstraction that obscures operational visibility.
  • Manage sensitive configuration data using cloud-native secret stores (e.g., AWS Secrets Manager, Azure Key Vault) instead of environment variables or configuration files.
  • Enforce encryption-by-default policies for data at rest and in transit across all provisioned resources using infrastructure templates and guardrail rules.
  • Integrate compliance scanning tools (e.g., AWS Config, Azure Policy) to continuously audit resource configurations against regulatory frameworks like HIPAA or ISO 27001.

Module 3: CI/CD Pipeline Design and Security

  • Architect pipeline segmentation to separate build, test, and deployment stages across different cloud accounts or VPCs to limit blast radius.
  • Implement pipeline-as-code using YAML or domain-specific languages (e.g., Jenkinsfile, GitHub Actions) with version-controlled pipeline definitions.
  • Enforce signed commits and artifact provenance verification to prevent unauthorized code from entering the deployment pipeline.
  • Integrate automated security scanning tools (SAST, DAST, SCA) into pipeline stages and define policy gates that block non-compliant builds.
  • Configure immutable build artifacts stored in versioned repositories (e.g., Amazon S3, Azure Blob Storage) with lifecycle policies and access controls.
  • Design rollback mechanisms using blue/green or canary deployment patterns with automated health checks and traffic shifting.

Module 4: Cloud Networking for DevOps Workloads

  • Design VPC or VNet architectures with public, private, and transit subnets to isolate workloads and control egress traffic paths.
  • Implement DNS resolution strategies across hybrid environments using private hosted zones or Azure Private DNS with conditional forwarding.
  • Configure secure inter-VPC communication using AWS Transit Gateway or Azure Virtual WAN while managing routing complexity at scale.
  • Enforce egress filtering using firewall appliances or cloud-native services (e.g., AWS Network Firewall, Azure Firewall) with centralized logging.
  • Evaluate the use of service endpoints, private links, or VPC peering based on latency, cost, and operational overhead requirements.
  • Plan IP address space allocation across regions and accounts to prevent overlap and support future expansion.

Module 5: Observability and Runtime Governance

  • Standardize logging formats and metadata tagging across services to enable centralized aggregation in cloud-native tools like CloudWatch Logs or Azure Monitor.
  • Configure distributed tracing for microservices using AWS X-Ray or Azure Application Insights to diagnose latency bottlenecks.
  • Define custom metrics and dashboards that reflect business-critical service level objectives (SLOs), not just infrastructure KPIs.
  • Implement log retention and archival policies aligned with compliance requirements and cost constraints.
  • Set up alerting thresholds using anomaly detection and dynamic baselines to reduce false positives in production environments.
  • Integrate observability data with incident response workflows using automated ticket creation and on-call escalation rules.

Module 6: Cost Management and Resource Optimization

  • Implement tagging standards for cost allocation and enforce tag compliance using automated remediation for untagged resources.
  • Right-size compute instances based on performance telemetry and utilization trends, balancing cost savings with application performance.
  • Evaluate reserved instances or savings plans against actual usage patterns to optimize long-term spend without overcommitting.
  • Configure auto-scaling policies using predictive and reactive metrics to align capacity with demand fluctuations.
  • Monitor and govern serverless resource consumption (e.g., AWS Lambda, Azure Functions) to prevent runaway costs from misconfigured triggers.
  • Conduct regular cost reviews using cloud-native cost explorer tools and attribute spend to teams via chargeback or showback models.

Module 7: Disaster Recovery and Operational Resilience

  • Define recovery time objectives (RTO) and recovery point objectives (RPO) for critical services and align them with replication and backup strategies.
  • Implement cross-region data replication for databases using managed services (e.g., Amazon RDS Multi-AZ, Azure SQL Geo-Replication).
  • Design automated failover procedures for DNS and application routing using health checks and routing policies.
  • Conduct regular disaster recovery testing using controlled failover events to validate runbooks and team readiness.
  • Store backup data in immutable storage with write-once-read-many (WORM) configurations to protect against ransomware.
  • Document and version control all operational runbooks, ensuring they are accessible during outages without cloud dependency.

Module 8: DevOps Toolchain Integration and Lifecycle Management

  • Integrate cloud provider APIs with third-party tools (e.g., Jira, ServiceNow) for automated ticketing and change management workflows.
  • Standardize container image builds using cloud-native registries (ECR, ACR) with vulnerability scanning and image signing.
  • Manage CLI and SDK versioning across development teams to prevent drift and ensure compatibility with cloud service updates.
  • Automate deprovisioning of stale environments (e.g., feature branch deployments) using time-to-live (TTL) tagging and cleanup jobs.
  • Centralize tool configuration management using GitOps patterns to maintain consistency across environments.
  • Monitor API rate limits and service quotas across cloud accounts and implement alerting before throttling impacts operations.
!