AWS Certified DevOps Engineer Professional

AWS Certified DevOps Engineer Professional certification exam has been built to validate the technical expertise of the candidate in provisioning, operating, and managing distributed application systems on the AWS platform. It validates an examinee’s ability to – 

• Implement and manage continuous delivery systems and methodologies on AWS
• Implement and automate security controls, governance processes, and compliance validation
• Define and deploy monitoring, metrics, and logging systems on AWSImplement systems that are highly available, scalable, and self-healing on the AWS platform
• Design, manage and maintain tools to automate operational processes

Recommended Knowledge

Candidates who wish to appear for exam must comply with the following AWS Certified Devops Engineer Professional certification prerequisites

• Experience developing code in at least one high-level programming language
• Experience building highly automated infrastructures
• Understanding of modern development and operations processes and methodologies 
• Experience administering operating systems

AWS Learning Path

This learning path is designed for individuals who want to learn how to use the most common DevOps patterns to develop, deploy, and maintain applications in the AWS Cloud. Build technical skills as you progress along the path toward AWS Certification.

Exam Details

The AWS Certified DevOps Engineer Professional exam is 180 minutes long. Though the examination comprises 80 questions as the number of questions keep on changing over time. Speaking of which, the candidate may encounter Multiple Choice and Multi-Response Questions. However, there are no prerequisites. And, as far as the language of the exam is concerned. The exam is only available in only 4 languages. Further, these include English, Japanese, Chinese (Simplified), Korean.

Scheduling the exam

To register for an exam, the candidate needs to sign in to aws.training and click “Certification” in the top navigation. Next, click “AWS Certification Account” followed by the “Schedule New Exam.

Exam Detailed Course Outline

The AWS DevOps Engineer Professional (DOP-C02) Exam covers the following topics – 

Module 1: Understanding SDLC Automation (22%)

1.1: Implement CI/CD pipelines.

Required Knowledge 

• Software development lifecycle (SDLC) concepts, phases, and models
• Pipeline deployment patterns for single- and multi-account environments

Skills 

• Configuring code, image, and artifact repositories (AWS Documentation: AWS::CodeArtifact::Repository)
• Using version control to integrate pipelines with application environments (AWS Documentation: Integrations with CodePipeline action types)
• Setting up build processes (for example, AWS CodeBuild) (AWS Documentation: What is AWS CodeBuild?)
• Managing build and deployment secrets (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store) (AWS Documentation: Referencing AWS Secrets Manager secrets from Parameter Store parameters)
• Determining appropriate deployment strategies (for example, AWS CodeDeploy) (AWS Documentation: Working with deployment configurations in CodeDeploy)

1.2: Integrate automated testing into CI/CD pipelines.

Required Knowledge 

• Different types of tests (for example, unit tests, integration tests, acceptance tests, user interface tests, security scans)
• Reasonable use of different types of tests at different stages of the CI/CD pipeline

Skills 

• Running builds or tests when generating pull requests or code merges (for example, AWS CodeCommit, CodeBuild) (AWS Documentation: Working with pull requests in AWS CodeCommit repositories)
• Running load/stress tests, performance benchmarking, and application testing at scale (AWS Documentation: Load testing applications)
• Measuring application health based on application exit codes (AWS Documentation: Metrics commonly used for health checks)
• Automating unit tests and code coverage (AWS Documentation: Integrating with automated tests)
• Invoking AWS services in a pipeline for testing (AWS Documentation: Invoke an AWS Lambda function in a pipeline in CodePipeline)

1.3 Build and manage artifacts.

Required Knowledge 

• Artifact use cases and secure management
• Methods to create and generate artifacts
• Artifact lifecycle considerations

Skills 

• Creating and configuring artifact repositories (for example, AWS CodeArtifact, Amazon S3, Amazon Elastic Container Registry [Amazon ECR]) (AWS Documentation: Create a repository)
• Configuring build tools for generating artifacts (for example, CodeBuild, AWS Lambda) (AWS Documentation: Build specification reference for CodeBuild)
• Automating Amazon EC2 instance and container image build processes (for example, EC2 Image Builder) (AWS Documentation: What is EC2 Image Builder?)

1. 4: Implement deployment strategies for instance, container, and serverless environments.

Required Knowledge 

• Deployment methodologies for various platforms (for example, Amazon EC2, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Lambda)
• Application storage patterns (for example, Amazon Elastic File System [Amazon EFS], Amazon S3, Amazon Elastic Block Store [Amazon EBS])
• Mutable deployment patterns in contrast to immutable deployment patterns
• Tools and services available for distributing code (for example, CodeDeploy, EC2 Image Builder)

Skills 

• Configuring security permissions to allow access to artifact repositories (for example, AWS Identity and Access Management [IAM], CodeArtifact) (AWS Documentation: Identity and Access Management for AWS CodeArtifact)
• Configuring deployment agents (for example, CodeDeploy agent) (AWS Documentation: Working with the CodeDeploy agent)
• Troubleshooting deployment issues (AWS Documentation: Troubleshooting CodeDeploy)
• Using different deployment methods (for example, blue/green, canary) (AWS Documentation: Blue/Green Deployments)

Module 2: Understanding Configuration Management and IaC (17%)

2.1 Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle.

Required Knowledge 

• Infrastructure as code (IaC) options and tools for AWS
• Change management processes for IaC-based platforms
• Configurations management services and strategies

Skills 

• Composing and deploying IaC templates (for example, AWS Serverless Application Model [AWS SAM], AWS CloudFormation, AWS Cloud Development Kit [AWS CDK]) (AWS Documentation: What is the AWS CDK?)
• Applying AWS CloudFormation StackSets across multiple accounts and AWS Regions (AWS Documentation: Use AWS CloudFormation StackSets for Multiple Accounts in an AWS Organization)
• Determining optimal configuration management services (for example, AWS OpsWorks, AWS Systems Manager, AWS Config, AWS AppConfig) (AWS Documentation: What is AWS AppConfig?)
• Implementing infrastructure patterns, governance controls, and security standards into reusable IaC templates (for example, AWS Service Catalog, CloudFormation modules, AWS CDK) (AWS Documentation: Deploy and manage AWS Control Tower controls by using AWS CDK and AWS CloudFormation)

2.2 Deploy automation to create, onboard, and secure AWS accounts in a multiaccount/multi-Region environment.

Required Knowledge 

• AWS account structures, best practices, and related AWS services

Skills 

• Standardizing and automating account provisioning and configuration (AWS Documentation: Automate account creation, and resource provisioning)
• Creating, consolidating, and centrally managing accounts (for example, AWS Organizations, AWS Control Tower) (AWS Documentation: Manage Accounts Through AWS Organizations)
• Applying IAM solutions for multi-account and complex organization structures (for example, SCPs, assuming roles) (AWS Documentation: Service control policies (SCPs))
• Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, AWS Service Catalog, SCPs) (AWS Documentation: What Is AWS Control Tower?)

2. 3: Design and build automated solutions for complex tasks and large-scale environments.

Required Knowledge 

• AWS services and solutions to automate tasks and processes
• Methods and strategies to interact with the AWS software-defined infrastructure

Skills 

• Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config) (AWS Documentation: AWS Systems Manager Patch Manager)
• Developing Lambda function automations for complex scenarios (for example, AWS SDKs, Lambda, AWS Step Functions) (AWS Documentation: Getting started with Lambda)
• Automating the configuration of software applications to the desired state (for example, OpsWorks, Systems Manager State Manager) (AWS Documentation: AWS Systems Manager State Manager)
• Maintaining software compliance (for example, Systems Manager) (AWS Documentation: AWS Systems Manager Compliance)

Module 3: Understanding Resilient Cloud Solutions (15%)

3.1 Implement highly available solutions to meet resilience and business requirements.

Required Knowledge 

• Multi-AZ and multi-Region deployments (for example, compute layer, data layer)
• SLAs
• Replication and failover methods for stateful services
• Techniques to achieve high availability (for example, Multi-AZ, multi-Region)

Skills 

• Translating business requirements into technical resiliency needs
• Identifying and remediating single points of failure in existing workloads (AWS Documentation: Failure management)
• Enabling cross-Region solutions where available (for example, Amazon DynamoDB, Amazon RDS, Amazon Route 53, Amazon S3, Amazon CloudFront) (AWS Documentation: Use various origins with CloudFront distributions)
• Configuring load balancing to support cross-AZ services (AWS Documentation: Cross-zone load balancing for target groups)
• Configuring applications and related services to support multiple Availability Zones and Regions while minimizing downtime (AWS Documentation: Configuring and managing a Multi-AZ deployment)

3.2 Implement solutions that are scalable to meet business requirements.

Required Knowledge 

• Appropriate metrics for scaling services
• Loosely coupled and distributed architectures
• Serverless architectures
• Container platforms

Skills 

• Identifying and remediating scaling issues (AWS Documentation: What is Amazon EC2 Auto Scaling?)
• Identifying and implementing appropriate auto scaling, load balancing, and caching solutions (AWS Documentation: Set up a scaled and load-balanced application)
• Deploying container-based applications (for example, Amazon ECS, Amazon EKS) (AWS Documentation: Deploy a sample application)
• Deploying workloads in multiple AWS Regions for global scalability (AWS Documentation: Deploy the workload to multiple locations)
• Configuring serverless applications (for example, Amazon API Gateway, Lambda, AWS Fargate) (AWS Documentation: Build and Test a Serverless Application with AWS Lambda)

3.3 Implement automated recovery processes to meet RTO/RPO requirements.

Required Knowledge 

• Disaster recovery concepts (for example, RTO, RPO)
• Backup and recovery strategies (for example, pilot light, warm standby)
• Recovery procedures

Skills 

• Testing failover of Multi-AZ/multi-Region workloads (for example, Amazon RDS, Amazon Aurora, Route 53, CloudFront) (AWS Documentation: Configuring and managing a Multi-AZ deployment)
• Identifying and implementing appropriate cross-Region backup and recovery strategies (for example, AWS Backup, Amazon S3, Systems Manager) (AWS Documentation: Amazon S3 backups)
• Configuring a load balancer to recover from backend failure (AWS Documentation: Configuring an Application Load Balancer)

Module 4: Monitoring and Logging (15%)

4.1 Configure the collection, aggregation, and storage of logs and metrics.

Required Knowledge 

• How to monitor applications and infrastructure
• Amazon CloudWatch metrics (for example, namespaces, metrics, dimensions, and resolution)
• Real-time log ingestion
• Encryption options for at-rest and in-transit logs and metrics (for example, client-side and server-side, AWS Key Management Service [AWS KMS])
• Security configurations (for example, IAM roles and permissions to allow for log collection)

Skills 

• Securely storing and managing logs (AWS Documentation: What is Amazon CloudWatch Logs?)
• Creating CloudWatch metrics from log events by using metric filters (AWS Documentation: Create a metric filter for a log group)
• Creating CloudWatch metric streams (for example, Amazon S3 or Amazon Kinesis Data Firehose options) (AWS Documentation: Custom setup with Firehose)
• Collecting custom metrics (for example, using the CloudWatch agent) (AWS Documentation: Collect metrics, logs, and traces with the CloudWatch agent)
• Managing log storage lifecycles (for example, S3 lifecycles, CloudWatch log group retention) (AWS Documentation: Managing your storage lifecycle)
• Processing log data by using CloudWatch log subscriptions (for example, Kinesis, Lambda, Amazon OpenSearch Service) (AWS Documentation: Real-time processing of log data with subscriptions)
• Searching log data by using filter and pattern syntax or CloudWatch Logs Insights (AWS Documentation: Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail)
• Configuring encryption of log data (for example, AWS KMS) (AWS Documentation: Encrypt log data in CloudWatch Logs using AWS Key Management Service)

4.2 Audit, monitor, and analyze logs and metrics to detect issues.

Required Knowledge 

• Anomaly detection alarms (for example, CloudWatch anomaly detection)
• Common CloudWatch metrics and logs (for example, CPU utilization with Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer)
• Amazon Inspector and common assessment templates
• AWS Config rules
• AWS CloudTrail log events

Skills 

• Building CloudWatch dashboards and Amazon QuickSight visualizations (AWS Documentation: Monitoring data in Amazon QuickSight)
• Associating CloudWatch alarms with CloudWatch metrics (standard and custom) (AWS Documentation: Create alarms for custom metrics using Amazon CloudWatch anomaly detection)
• Configuring AWS X-Ray for different services (for example, containers, API Gateway, Lambda) (AWS Documentation: Visualize Lambda function invocations using AWS X-Ray)
• Analyzing real-time log streams (for example, using Kinesis Data Streams) (AWS Documentation: What Is Amazon Kinesis Data Streams?)
• Analyzing logs with AWS services (for example, Amazon Athena, CloudWatch Logs Insights) (AWS Documentation: Analyzing log data with CloudWatch Logs Insights)

4.3 Automate monitoring and event management of complex environments.

Required Knowledge 

• Event-driven, asynchronous design patterns (for example, S3 Event Notifications or Amazon EventBridge events to Amazon Simple Notification Service [Amazon SNS] or Lambda)
• Capabilities of auto scaling a variety of AWS services (for example, EC2 Auto Scaling groups, RDS storage auto scaling, DynamoDB, ECS capacity provider, EKS autoscalers)
• Alert notification and action capabilities (for example, CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery)
• Health check capabilities in AWS services (for example, Application Load Balancer target groups, Route 53)

Skills 

• Configuring solutions for auto scaling (for example, DynamoDB, EC2 Auto Scaling groups, RDS storage auto scaling, ECS capacity provider) (AWS Documentation: Automatically manage Amazon ECS capacity with cluster auto scaling)
• Creating CloudWatch custom metrics and metric filters, alarms, and notifications (for example, Amazon SNS, Lambda) (AWS Documentation: Creating custom CloudWatch metrics and alarms in AMS)
• Configuring S3 events to process log files (for example, by using Lambda), and deliver log files to another destination (for example, OpenSearch Service, CloudWatch Logs) Configuring EventBridge to send notifications based on a particular event pattern (AWS Documentation: Log Amazon S3 object-level operations using EventBridge)
• Installing and configuring agents on EC2 instances (for example, AWS Systems Manager Agen [SSM Agent], CloudWatch agent) (AWS Documentation: Installing the CloudWatch agent using AWS Systems Manager)
• Configuring AWS Config rules to remediate issues (AWS Documentation: Remediating Noncompliant Resources with AWS Config Rules)
• Configuring health checks (for example, Route 53, Application Load Balancer) (AWS Documentation: How health checks work in simple Amazon Route 53 configurations)

Module 5: Incident and Event Response (14%)

5.1 Manage event sources to process, notify, and take action in response to events.

Required Knowledge 

• AWS services that generate, capture, and process events (for example, AWS Health, EventBridge, CloudTrail, CloudWatch Events)
• Event-driven architectures (for example, fan out, event streaming, queuing)

Skills 

• Integrating AWS event sources (for example, AWS Health, EventBridge, CloudTrail, CloudWatch Events) (AWS Documentation: Events from AWS services)
• Building event processing workflows (for example, Amazon Simple Queue Service [Amazon SQS], Kinesis, Amazon SNS, Lambda, Step Functions) (AWS Documentation: Using Lambda with Amazon SQS)

5.2 Implement configuration changes in response to events.

Required Knowledge 

• Fleet management services (for example, Systems Manager, AWS Auto Scaling)
• Configuration management services (for example, AWS Config)

Skills 

• Applying configuration changes to systems (AWS Documentation: What is AWS AppConfig?)
• Modifying infrastructure configurations in response to events (AWS Documentation: Example Events for AWS Config Rules)
• Remediating a non-desired system state (AWS Documentation: Remediating Noncompliant Resources with AWS Config Rules)

5.3 Troubleshoot system and application failures.

Required Knowledge 

• AWS metrics and logging services (for example, CloudWatch, X-Ray)
• AWS service health services (for example, AWS Health, CloudWatch, Systems Manager OpsCenter)
• Root cause analysis

Skills 

• Analyzing failed deployments (for example, AWS CodePipeline, CodeBuild, CodeDeploy, CloudFormation, CloudWatch synthetic monitoring) (AWS Documentation: Monitoring deployments with Amazon CloudWatch tools)
• Analyzing incidents regarding failed processes (for example, auto scaling, Amazon ECS, Amazon EKS) (AWS Documentation: Autoscaling)

Module 6: Security and Compliance (17%)

6.1 Implement techniques for identity and access management at scale.

Required Knowledge 

• Appropriate usage of different IAM entities for human and machine access (for example, users, groups, roles, identity providers, identity-based policies, resource-based policies, session policies)
• Identity federation techniques (for example, using IAM identity providers and AWS Single Sign-On)
• Permission management delegation by using IAM permissions boundaries
• Organizational SCPs

Skills 

• Designing policies to enforce least privilege access (AWS Documentation: Implementing policies for least-privilege permissions for AWS CloudFormation)
• Implementing role-based and attribute-based access control patterns (AWS Documentation: What is ABAC for AWS?)
• Automating credential rotation for machine identities (for example, Secrets Manager) (AWS Documentation: Automatically rotate IAM user access keys at scale with AWS Organizations and AWS Secrets Manager)
• Managing permissions to control access to human and machine identities (for example, enabling multi-factor authentication [MFA], AWS Security Token Service [AWS STS], IAM profiles) (AWS Documentation: Security best practices in IAM)

6.2 Apply automation for security controls and data protection.

Required Knowledge 

• Network security components (for example, security groups, network ACLs, routing, AWS Network Firewall, AWS WAF, AWS Shield)
• Certificates and public key infrastructure (PKI)
• Data management (for example, data classification, encryption, key management, access controls)

Skills 

• Automating the application of security controls in multi-account and multi-Region environments (for example, Security Hub, Organizations, AWS Control Tower, Systems Manager) (AWS Documentation: AWS multi-account strategy for your AWS Control Tower landing zone)
• Combining security controls to apply defense in depth (for example, AWS Certificate Manager [ACM], AWS WAF, AWS Config, AWS Config rules, Security Hub, GuardDuty, security groups, network ACLs, Amazon Detective, Network Firewall) (AWS Documentation: Security group policies)
• Automating the discovery of sensitive data at scale (for example, Amazon Macie) (AWS Documentation: Discovering sensitive data with Amazon Macie)
• Encrypting data in transit and data at rest (for example, AWS KMS, AWS CloudHSM, ACM) (AWS Documentation: Encrypting Data-at-Rest and Data-in-Transit)

6.3 Implement security monitoring and auditing solutions.

Required Knowledge 

• Security auditing services and features (for example, CloudTrail, AWS Config, VPC Flow Logs, CloudFormation drift detection)
• AWS services for identifying security vulnerabilities and events (for example, GuardDuty, Amazon Inspector, IAM Access Analyzer, AWS Config)
• Common cloud security threats (for example, insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)

Skills 

• Implementing robust security auditing (AWS Documentation: AWS security audit guidelines)
• Configuring alerting based on unexpected or anomalous security events (AWS Documentation: Using CloudWatch anomaly detection)
• Configuring service and application logging (for example, CloudTrail, CloudWatch Logs) (AWS Documentation: Sending events to CloudWatch Logs)
• Analyzing logs, metrics, and security findings (AWS Documentation: Analyze logs, findings, and metrics centrally)

AWS DevOps Engineer Professional Interview Questions

Exam Policies

Amazon Web Services (AWS) is one of the most dominant and successful players in the field of cloud computing. Being a game-changer and a responsible vendor, AWS provides exam policies for potential candidates in a comprehensive yet succinct way to help them derive positive outcomes. This exam policies include general information, training, and certification details that are required before and after the exam.

For More Queries Visit : AWS Certified DevOps Engineer Professional FAQs

AWS Learning Resources

DevOps Concepts

• DevOps Basics
• Continuous Integration & Deployment
• Deployment Types
• AB Testing
• Blue/Green Deployments
• Bootstrapping
• Immutable Architecture
• Containers and Docker

CI/CD/Automation

• CloudFormation Stacks
• CloudFormation Templates
• OpsWorks for Puppet
• CloudFormation Access Control
• CloudFormation Logging
• OpsWorks Basics
• CloudFormation Concepts
• OpsWorks for Chef Automate
• OpsWorks Stacks & Layers
• Elastic Beanstalk Concepts
• OpsWorks Resource Management
• OpsWorks Monitoring
• Elastic Beanstalk
• Application Management
• OpsWorks Security
• OpsWorks Databags & berkshelf
• Elastic Beanstalk Environment Management
• Beanstalk Configuration

Monitoring/Metrics/Logging

• CloudWatch Basics
• CloudWatch Dashboard

Security/Governance/Validation

• Delegation & Federation
• Corporate Identity Federation
• Web Identity Federation

High Availability and Elasticity

• Auto Scaling Concepts
• Auto Scaling Launch Templates
• Amazon RD
• Auto Scaling Launch Configurations
• Auto Scaling Groups
• RDS DR Instances
• Auto Scaling Monitoring
• Auto Scaling Control Access
• RDS Monitoring
• RDS Security
• Amazon Aurora
• Aurora Connection Management
• Aurora Configuration
• Dynamo DB Basics
• Aurora Security
• Dynamo DB Global Tables
• SQS
• Kinesis

Deployment

• AWS CodeCommit
• CodeCommit Repositories
• CodeCommit Files
• AWS CodeBuild
• CodeCommit Commits
• CodeDeploy Basics
• AWS Lambda Basics
• CodePipeline Basics
• API Gateway Concepts
• AWS Secrets Manager

Preparatory Guide for AWS DevOps Engineer-Professional (DOP-C01)

Which AWS certification is best for developers? It is the AWS DevOps Engineer-Professional. But preparing for the exam is not easy. Here we provide you the AWS Certified Devops Engineer Professional study guide that will cover all the important resources to pass the exam.

Official Site

Amazon prescribes that before taking the exam you should have enough hands-on experience with relevant AWS products and services. Amazon has its own courses for preparation and sample tests too. Also, one can take AWS Certified Devops Engineer Professional training and practice exams in order to test your knowledge in a timed environment. These are also available on the official site. Besides these, AWS offers online courses with an intent to build your technical skills.

Whitepapers

Cadndaiets preparing for the AWS can also take the help of amazon whitepapers for preparation. These are the authentic study resources which we can surely vouch for. These are basically the pdf formats of the topics which you can find on the official page of amazon certifications. Whitepapers not only strengthen your preparation process but also helps you build a strong strategy to lay your focus on. AWS also offers sample papers to assist the candidates with acquiring additional knowledge and skills to prepare for the certification exams.

Online forums

You can opt for online study groups and forums where you can ask people who have already given the exam or who are preparing for the same, your doubts. You can even take tests of each other to see the level of preparation. clearing the doubts will help in boosting self-confidence and will also let you see into your weak parts. the discussion will help to identify the parts where more preparation is needed and parts that are fully prepared.

Books

AWS Certified Devops Engineer Professional Books are a perennial source available for learning. There are various books available for the security specialty exam which you can find online or in libraries. Some of the books that can arm you are as follows:

• AWS Automation Cookbook by Nikit Swaraj
• Continuous Delivery and DevOps – Quickstart by Paul Swartout
• Implementing DevOps on AWS by Veselin kantsev
• Effective DevOps with AWS by Nathenial Felson

Practice Tests

Practice tests are the oldest yet the most essential part of exam preparation. Therefore all you need now are the AWS Certified Devops Engineer Professional practice exams. Solve as many sample papers and test series as this will help you to identify the level at which you are and how much preparation do you still need. The Internet is flooded with a plethora of practice tests, so make sure to find the most reliable and authentic one to end your preparation process. practice tests will help you evaluate yourself as well as boost your confidence.

Get ready to Practice and Prepare for AWS Certified DevOps Engineer Professional Exam