Lab Challenge

Code Red: Repair an AWS Environment with a Linux Bastion Host

Push your skills to the next level in a live environment
Start Lab Challenge


Time Limit

1h 15m



About Lab Challenges

Lab challenges are hands-on labs with the gloves off. You jump into an auto-provisioned cloud environment and are given a goal to accomplish. No instructions, no hints. To pass, you'll have a limited time to demonstrate your problem-solving skills and get the checks that inspect the state of your lab environment.

Challenge Description

When running applications in the cloud, enterprises keep security a top priority.

In this lab, you will be assessing your ability to troubleshoot AWS networking and security issues in a production-like environment. Putting your skills to the test, you will need to repair the environment by fixing an issue and ensuring you do not disrupt any of the properly functioning aspects of the environment. In this lab, you will be demonstrating how you can successfully repair an AWS Environment with a Linux Bastion Host for connecting to backend instances following best practices. This is a real environment, which means you can prove your knowledge in an applied situation, leaving behind multiple choice questions for a dynamic performance-based exam situation.


August 9th, 2021 - Added a hint that appears after the first failed attempt at running the checks

May 12th, 2021 - Lab check description updated to clarify more about what is meant by best practice

What will be assessed

  • General AWS Knowledge
  • AWS Networking and Security best practices
  • Ability to troubleshoot issues related to the above

Intended audience

  • AWS Networking and Security practitioners
  • Examinees preparing for AWS Certification exams, particularly, the Security and Networking Specialty exams


  • AWS Networking and Security knowledge
  • Completion of the Securing your VPC using Public and Private Subnets lab is recommended before attempting this lab.

Environment example

Environment before
Environment after
About the Author
Learning paths49

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.