Capstone: Incident Response Drill
End-of-course integration drill: diagnose and remediate a broken S3-to-Lambda event pipeline with IAM, CloudWatch, deployment, and event-routing failure modes spanning five DOP-C02 domains.
Lab Overview
This advanced capstone presents a deliberately broken system: an S3 bucket that should trigger a Lambda via SQS, but nothing works. IAM policies are wrong, the event source mapping is missing, the S3 notification has the wrong prefix filter, and a CloudWatch alarm is red.
You will:
- Investigate the broken system using CloudWatch Logs, IAM policy inspection, SQS queue attributes, and S3 event notification configuration
- Map every failure point to create an incident response baseline
- Fix IAM permission boundaries: grant the Lambda role SQS consumption permissions and fix the SQS queue policy to allow S3 delivery
- Create the missing Lambda event source mapping and adjust the Lambda timeout from 1 second to 10 seconds
- Correct the S3 event notification prefix filter and replay events through the pipeline
- Validate full end-to-end recovery with multiple test files and produce an incident postmortem document
This lab integrates Domain 1 (SDLC Automation), Domain 2 (Configuration Management/IaC), Domain 3 (Resilient Cloud Solutions), Domain 4 (Monitoring and Logging), and Domain 5 (Incident and Event Response). Every resource is tagged for identification. Region: us-east-1.
What You'll Learn
Systematically diagnose a broken event-driven pipeline by correlating CloudWatch Logs, IAM policy evaluation, SQS queue monitoring, and S3 event notification configuration
Identify and remediate IAM permission gaps in cross-service trust relationships, including Lambda execution roles and SQS resource-based policies
Configure Lambda event source mappings for SQS triggers and tune function timeout and memory settings for message processing workloads
Correct S3 bucket event notification filters and validate end-to-end message delivery through a decoupled pipeline
Produce an incident postmortem document covering timeline, root cause analysis, remediation actions, and prevention recommendations
Prerequisites
basic-aws-cli-familiarity
aws-associate-level-knowledge
completed-aws-devops-cli-operations-baseline-lab
Technologies Covered
Part of a Course
This lab is part of the AWS Certified DevOps Engineer - Professional (DOP-C02) course
View All CoursesChoose your plan
Simple, Transparent Pricing
Unlock full access to TeKanAid courses, labs, and bootcamps
Pro
Course content without labs
Renews automatically. Cancel anytime.
Final price verified at checkout.
- Full access to all courses
- Progress tracking
- Certificate of completion
- Community access
- Bootcamp participation
- New content access
Premium
Full access with hands-on labs
Renews automatically. Cancel anytime.
Final price verified at checkout.
- Everything in Pro
- Unlimited hands-on labs
- Lab AI Assistant
- Accelerator bootcamps with live office hours
- Priority support
Prefer a single course?
Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.
Browse CoursesTry it free, no credit card
Three free ways to start. All bridge into the paid Premium catalog when you're ready.
Not ready to commit? The crash course is email-only. No academy account required.
Ready to Get Started?
Start this hands-on lab and build real-world Platform Engineering skills
Get Access Now