DevOps Roadmap — Part 12: Complete DevOps Project
This is the final part of the DevOps Roadmap series. Instead of introducing new concepts, we are going to connect everything you have learned across eleven parts into one coherent project. This is how a real DevOps workflow looks when all the pieces fit together. Follow along and build this — the hands-on experience is what turns knowledge into skill.
What We Are Building
A production-grade deployment pipeline for a web application with these components working together:
- Terraform — Provision AWS infrastructure (VPC, EC2, RDS, S3)
- Ansible — Configure servers after provisioning
- Docker — Containerize the application
- GitHub Actions — CI/CD pipeline that tests, builds, and deploys automatically
- AWS ECR + ECS — Container registry and managed container runtime
- Prometheus + Grafana — Monitoring and alerting
Phase 1 — Infrastructure with Terraform
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = "production-vpc"
cidr = "10.0.0.0/16"
azs = ["ap-south-1a", "ap-south-1b"]
public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
private_subnets = ["10.0.10.0/24", "10.0.11.0/24"]
enable_nat_gateway = true
}
module "ecs" {
source = "terraform-aws-modules/ecs/aws"
cluster_name = "production-cluster"
}
resource "aws_ecr_repository" "app" {
name = "my-app"
image_tag_mutability = "MUTABLE"
image_scanning_configuration {
scan_on_push = true
}
}
resource "aws_db_instance" "postgres" {
engine = "postgres"
engine_version = "15"
instance_class = "db.t3.micro"
db_name = "appdb"
username = "appuser"
password = var.db_password
db_subnet_group_name = aws_db_subnet_group.main.name
vpc_security_group_ids = [aws_security_group.db.id]
skip_final_snapshot = false
}Phase 2 — CI/CD Pipeline
name: Full Deployment Pipeline
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run tests
run: |
docker build --target test -t app:test .
docker run --rm app:test pytest
security-scan:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Scan for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: 'app:latest'
severity: 'CRITICAL,HIGH'
exit-code: '1'
build-push:
needs: security-scan
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-south-1
- name: Push to ECR
id: build
run: |
aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_URI
docker build -t $ECR_URI:${{ github.sha }} .
docker push $ECR_URI:${{ github.sha }}
deploy:
needs: build-push
environment: production
runs-on: ubuntu-latest
steps:
- name: Update ECS service
run: |
aws ecs update-service --cluster production-cluster --service my-app-service --force-new-deploymentPhase 3 — Monitoring Stack
version: '3.8'
services:
prometheus:
image: prom/prometheus:latest
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus-data:/prometheus
ports:
- "9090:9090"
grafana:
image: grafana/grafana:latest
environment:
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD}
volumes:
- grafana-data:/var/lib/grafana
ports:
- "3000:3000"
alertmanager:
image: prom/alertmanager:latest
volumes:
- ./alertmanager.yml:/etc/alertmanager/alertmanager.yml
ports:
- "9093:9093"
volumes:
prometheus-data:
grafana-data:The Complete Flow
- Developer pushes code to GitHub
- GitHub Actions triggers: tests run, security scan, Docker image built
- Image pushed to AWS ECR with the commit SHA as tag
- ECS task definition updated with new image
- ECS performs rolling deployment — no downtime
- Prometheus scrapes new containers automatically
- Grafana dashboards update in real time
- Alerts fire to Slack/email if any service degrades
This is professional DevOps. Every deployment is automated, auditable, and reversible. The infrastructure is code. The configuration is code. The pipeline is code. Everything lives in Git and can be reviewed, rolled back, or reproduced by anyone on the team.
You have now completed the DevOps Roadmap series. The tools you have learned — Linux, Git, Docker, CI/CD, Terraform, Ansible, Kubernetes, Cloud, Monitoring — form the complete foundation of a modern DevOps engineer. The next step is to build and deploy something real. That experience is what makes everything stick.
DevOps Project Architecture
A complete DevOps project demonstrates the full pipeline from code commit to production deployment. The minimal viable architecture: application code in a Git repository, a CI pipeline that runs on every push (lint, test, build, containerize), a CD pipeline that deploys to staging automatically and to production with approval, infrastructure managed as code with Terraform, application configuration managed with environment variables or a secrets manager, and monitoring with metrics, logs, and alerts. Building this end-to-end pipeline, even for a simple application, demonstrates all the core DevOps competencies that employers look for.
The DevOps Mindset Beyond Tools
DevOps is often described as a set of tools, but the more important dimension is the mindset and culture it represents. The core principles: automate everything that can be automated — manual processes are slow, error-prone, and do not scale. Measure everything — you cannot improve what you cannot measure, and data-driven decisions are better than intuition. Fail fast and recover faster — design systems to detect failures quickly and recover automatically. Shift left on security and quality — find problems early in the development process where they are cheapest to fix. The best DevOps engineers combine technical depth with the communication skills to help teams adopt these principles. Technical skill without cultural influence produces tools that nobody uses. Cultural change without technical depth produces aspirations that nobody can execute.
Your Complete DevOps Portfolio Project
Build and publicly document a complete DevOps project: choose a simple web application (or use an existing open-source project), containerize it with a production-ready Dockerfile, write Terraform for the cloud infrastructure, set up a GitHub Actions CI/CD pipeline that deploys to your cloud infrastructure, add Prometheus monitoring and a Grafana dashboard, and write a comprehensive README documenting the architecture, setup steps, and design decisions. This portfolio project demonstrates every core DevOps skill in one coherent project and is far more compelling to hiring managers than a list of tools on a resume.
The Continuous Improvement Mindset
DevOps is not a destination but a continuous journey of improvement. The practices covered here — automation, monitoring, infrastructure as code, CI/CD pipelines — are tools in service of a deeper goal: enabling teams to deliver software changes to production quickly, safely, and reliably. The measurement that matters is not which tools you use but how long it takes to go from a committed code change to running in production, and how confident you are in that process. The best DevOps teams measure their deployment frequency, lead time for changes, change failure rate, and mean time to recovery (the DORA metrics), and treat these as engineering objectives to improve over time.