Module 5 – Failure Simulation

If You Don’t Simulate Failure, Production Will

Infrastructure is not validated during deployment.

It is validated during failure.

Failure simulation reveals:

  • Weak segmentation
  • Poor scaling policy
  • IAM overexposure
  • Hidden coupling
  • Inadequate redundancy

Resilience is not assumed.
It is tested.

1. Failure Philosophy

A resilient system should:

  • Detect failure
  • Contain failure
  • Recover automatically
  • Minimize user impact

If one component fails and the entire system collapses, architecture is flawed.

Failure simulation is controlled chaos.

2. Instance-Level Failure

Testing Auto Scaling & Health Checks

Scenario

Terminate one application instance manually.

Observe:

  • Load balancer health check marks instance unhealthy
  • Auto Scaling Group launches replacement
  • Traffic continues flowing

Questions to answer:

  • How long did recovery take?
  • Did users experience downtime?
  • Did scaling policy behave as expected?

If recovery is manual, scaling design is incomplete.

3. Availability Zone Failure

Testing Multi-AZ Resilience

Simulate AZ failure by:

  • Disabling or terminating instances in one AZ
  • Observing load balancer behavior

Expected behavior:

  • Traffic routes to surviving AZ
  • System remains available

If outage occurs:

  • Instances not distributed properly
  • Load balancer not multi-AZ
  • Auto Scaling misconfigured

High availability must be validated, not assumed.

4. Database Interruption

Testing Dependency Handling

Simulate database failure by:

  • Stopping database service
  • Blocking database security group rule
  • Removing route temporarily

Observe:

  • Application error messages
  • Retry behavior
  • Log entries
  • Alert triggers

If application crashes entirely:

Dependency handling is weak.

Architecture must assume downstream failures.

5. Security Misconfiguration Testing

Testing Blast Radius

Temporarily modify:

  • Remove inbound rule from app security group
  • Restrict IAM role permissions
  • Deny database access

Observe:

  • What breaks?
  • How quickly is failure visible?
  • Are logs helpful?

Security failure often looks like system failure.

You must differentiate.

6. Resource Exhaustion Simulation

Testing Scaling and Alerting

CPU Saturation

Stress instances:

  • Generate traffic spike
  • Observe scaling triggers
  • Monitor CPU metrics

Questions:

  • Did Auto Scaling trigger?
  • Was threshold too high?
  • Was scaling too slow?

Memory Pressure

Simulate memory exhaustion:

  • Deploy memory-heavy workload
  • Observe swap behavior
  • Watch for instance degradation

If application crashes before scaling:

Threshold tuning is incorrect.

Storage Exhaustion

Simulate disk fill:

  • Fill root or data volume
  • Monitor service behavior

Expected:

  • Alert triggers before critical failure
  • Scaling does not mask disk issues

Storage issues often bypass scaling protections.

7. Network Partition Simulation

Testing Internal Communication

Simulate:

  • Remove private subnet route
  • Block internal security group rule

Observe:

  • Application-to-database failure
  • Log clarity
  • Monitoring response

Network partitions expose hidden coupling.

Distributed systems must tolerate partial isolation.

8. Observability During Failure

During every simulation:

Monitor:

  • CPU usage
  • Memory usage
  • Disk usage
  • Application logs
  • Auto Scaling activity
  • Load balancer target health

Failure simulation without monitoring is blind testing.

9. Recovery Time Measurement

Measure:

  • Detection time
  • Recovery initiation time
  • Full recovery completion time

Key concepts:

MTTD – Mean Time To Detect
MTTR – Mean Time To Recover

Architecture must minimize both.

10. Cost Impact of Failure

Observe:

  • Did scaling increase cost unexpectedly?
  • Did replacement instances double usage?
  • Did cross-AZ traffic spike?

Resilience increases cost.

Architecture must balance reliability and budget.

11. Failure Documentation Template

For each simulation, document:

  • Scenario
  • Expected behavior
  • Actual behavior
  • Root cause of unexpected results
  • Recovery time
  • Lessons learned
  • Design improvement ideas

Failure documentation builds operational maturity.

12. Lab Assignment

Simulate all of the following:

  1. Terminate one app instance.
  2. Simulate AZ-level instance loss.
  3. Interrupt database connectivity.
  4. Remove security group rule temporarily.
  5. Generate traffic spike to trigger scaling.
  6. Fill storage to 90%.
  7. Document recovery behavior.

Deliverable:

Create a resilience report including:

  • Recovery timelines
  • Observed weaknesses
  • Architecture improvements
  • Cost implications

If you cannot explain how your system behaves under failure, you do not control it.

13. Production Reflection

Consider:

  • What single failure would cause total outage?
  • What would happen if state file was lost?
  • What happens if NAT Gateway fails?
  • Is scaling masking deeper design flaws?
  • How would you perform chaos engineering safely?

Resilience is iterative.

Each failure simulation should improve architecture.

Course Completion Criteria

You have completed Cloud Infrastructure Engineering when:

  • VPC is segmented intentionally
  • IAM is least-privilege enforced
  • Scaling is health-driven
  • Infrastructure is code-defined
  • Failures are tested and understood
  • Recovery time is measurable

You are no longer deploying cloud infrastructure.

You are engineering resilient systems.

Back To Top
Search
error: Content is protected !!