// Validates the networking lab by going through the actual student journey - SSHing through bastion, running real connectivity tests, fixing issues with cloud CLI, and verifying each incident is resolved. Supports Azure, AWS, and GCP.
| name | validate-networking-lab |
| description | Validates the networking lab by going through the actual student journey - SSHing through bastion, running real connectivity tests, fixing issues with cloud CLI, and verifying each incident is resolved. Supports Azure, AWS, and GCP. |
Test the lab like a student would: diagnose via SSH, fix with cloud CLI, verify.
~/.ssh/netlab-keyThe validation script will automatically deploy, test, and destroy the lab.
cd /home/gps/Developer/networking-lab/.github/skills/validate-networking-lab/azure/scripts
chmod +x *.sh
./run-full-validation.sh
Options:
--skip-deploy: Skip deployment (use existing infrastructure)cd /home/gps/Developer/networking-lab/.github/skills/validate-networking-lab/aws/scripts
chmod +x *.sh
./run-full-validation.sh
Options:
--skip-deploy: Skip deployment (use existing infrastructure)cd /home/gps/Developer/networking-lab/.github/skills/validate-networking-lab/gcp/scripts
chmod +x *.sh
./run-full-validation.sh
╔══════════════════════════════════════════════════════════════╗
║ VALIDATION SUMMARY ║
╚══════════════════════════════════════════════════════════════╝
┌────────────────────────────────────┬──────────┐
│ Step │ Result │
├────────────────────────────────────┼──────────┤
│ Deploy Infrastructure │ ✓ PASS │
│ Initial Diagnosis │ ✓ PASS │
│ Fix INC-4521 (NAT Gateway) │ ✓ PASS │
│ Fix INC-4522 (DNS) │ ✓ PASS │
│ Fix INC-4523 (NSG Ports) │ ✓ PASS │
│ Fix INC-4524 (Security) │ ✓ PASS │
│ Final Validation │ ✓ PASS │
│ Token Generation Test │ ✓ PASS │
└────────────────────────────────────┴──────────┘
══════════════════════════════════════════════════════════════
ALL TESTS PASSED (8/8)
Lab validation complete - ready for student use
══════════════════════════════════════════════════════════════
Exit code 0 = all passed, exit code 1 = something failed.
| Incident | Concept | Azure | AWS | GCP |
|---|---|---|---|---|
| INC-4521 | NAT/Internet Egress | NAT Gateway + Subnet | NAT Gateway + Route Table | Cloud NAT + Router |
| INC-4522 | Private DNS | Private DNS Zone + VNet Link | Route 53 Private Zone + VPC Association | Cloud DNS Private Zone |
| INC-4523 | Firewall Rules | NSG Rules | Security Groups | Firewall Rules |
| INC-4524 | Security Hardening | NSG Source Restrictions | SG Source Restrictions | Firewall Source Restrictions |
All resources must be destroyed after completing the lab to avoid ongoing costs.
The validation script automatically destroys all resources by deleting the entire resource group. This ensures complete cleanup regardless of how fixes were applied (Terraform, CLI commands, Azure Portal, etc.).
Students may fix the lab issues using different methods than the provided scripts:
Deleting the resource group (az group delete) destroys ALL contained resources, guaranteeing no orphaned resources remain.
If you need to manually destroy the lab:
# Get the resource group name from terraform state
cd azure/terraform
RESOURCE_GROUP=$(terraform output -raw resource_group_name)
# Delete the entire resource group (destroys EVERYTHING)
az group delete -n "$RESOURCE_GROUP" --yes
# Clean up local files
rm -f ~/.ssh/netlab-key
rm -f terraform.tfstate terraform.tfstate.backup
If cleanup fails or is interrupted, verify no resources remain:
az group list --query "[?starts_with(name, 'rg-networking-lab')]" -o table
Delete any remaining groups manually to avoid unexpected charges.
The scripts in <cloud>/scripts/ contain solutions and are git-ignored.