Preparing for the AWS Certified DevOps Engineer – Professional (DOP-C01) exam? Don’t know where to start? This post is the AWS Certified DevOps Engineer Certificate Study Guide (with links to each objective in the exam domain).
I have curated a detailed list of articles from AWS documentation and other blogs for each objective of the AWS Certified DevOps Engineer – Professional (DOP-C01) exam. Please share the post within your circles so it helps them to prepare for the exam.
AWS Certified DevOps Professional Course
| LinkedIn Learning (Free trial) | Prepare for AWS DevOps Engineer Certification |
| Pluralsight | AWS Certified DevOps Engineer (DOP-C01) |
| Udemy | AWS Certified DevOps Professional Exam |
AWS Certified DevOps Engineer Practice Test
| Whizlabs Exam Questions | AWS DevOps (400Qs + Course + 33 Labs) |
| Udemy Practice Test | AWS DevOps Engineer Practice Test (85Qs) |
AWS Certified DevOps Engineer Other Stuff
| Udacity Nanodegree | Become an AWS Cloud DevOps Engineer |
| Amazon e-book (PDF) | Implement effective DevOps with AWS |
To view other AWS certificate study guides, click here.
Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.
Domain 1: SDLC Automation – 22%
1.1 Apply Concepts Required to Automate a CI/CD Pipeline
Set up repositories
Create an AWS CodeCommit repository
CodeArtifact: Create a repository
Set up build services
AWS CodeBuild: Fully managed build service
Integrate automated testing (e.g., unit tests, integrity tests)
Integrating with automated tests
Perform unit testing in an AWS CodeStar project
Automated unit testing in DevOps Pipeline
Set up deployment products/services
Getting started with CodeDeploy
Create a deployment configuration with CodeDeploy
Create a deployment with CodeDeploy
Orchestrate multiple pipeline stages
Work with stage transitions in CodePipeline
1.2 Determine Source Control Strategies and How to Implement Them
Determine a workflow for integrating code changes from multiple contributors
Federated multi-account access for AWS CodeCommit
CodePipeline integration with CodeBuild & multiple input sources
Assess security requirements and recommend code repository access design
Build security in CI/CD pipelines
Build end-to-end AWS DevSecOps CI/CD pipeline
Reconcile running application versions to repository versions (tags)
Publish a new version of an existing app
Differentiate different source control types
3 different types Of version control systems
1.3 Apply Concepts Required to Automate and Integrate Testing
Run integration tests as part of the code merge process
AWS serverless integration testing
Run load/stress testing and benchmark applications at scale
Load test a web application’s backend
Ensure optimal performance with distributed load testing
Measure application health based on application exit codes (robust Health Check)
Capture CI/CD metrics with DevOps monitoring dashboard
Automate unit tests to check pass/fail, code coverage
o CodePipeline, CodeBuild, etc.
Code coverage reports | AWS CodeBuild
Integrate tests with pipeline
Continuous testing with CodeBuild & CodePipeline
Use AWS CodePipeline with CodeBuild to test code & run builds
1.4 Apply Concepts Required to Build and Manage Artifacts Securely
Distinguish storage options based on artifacts security classification
Data classification | security pillar
Translate application requirements into Operating System and package configuration (build specs)
Batch build buildspec reference
Determine the code/environment dependencies and required resources
o Example: CodeDeploy AppSpec, CodeBuild buildspec
CodeDeploy AppSpec file reference
Run a code build process
1.5 Determine Deployment/Delivery Strategies (e.g., A/B, Blue/Green, Canary, Red/Black) and How to Implement Them Using AWS Services
Determine the correct delivery strategy based on business needs
Elastic Beanstalk deployment strategies
Choose the right modern deployment strategy
Critique existing deployment strategies and suggest improvements
Monitor and verify the deployment
Use the agent to validate a deployment package
Recommend DNS/routing strategies (e.g., Route 53, ELB, ALB, load balancer) based on business continuity goals
Route traffic to an ELB load balancer
Use AWS ALB path-based routing
Verify deployment success/failure and automate rollbacks
Automate rollback of failed ECS deployments
Amazon link (affiliate)
Domain 2: Configuration Management and Infrastructure as Code – 19%
2.1 Determine Deployment Services Based on Deployment Needs
Demonstrate knowledge of process flows of deployment models
Cloud computing deployment models
Given a specific deployment model, classify and implement relevant AWS services to meet requirements
o Given the requirement to have DynamoDB choose CloudFormation instead of OpsWorks
When to use OpsWorks vs. CloudFormation?
Amazon DynamoDB template snippets
DynamoDB table: AWS CloudFormation
Use CloudFormation to create DynamoDB global tables
o Determine what to do with rolling updates
2.2 Determine Application and Infrastructure Deployment Models Based on Business Needs
Balance different considerations (cost, availability, time to recovery) based on business requirements to choose the best deployment model
Cost considerations for global deployments
Choose the best cloud deployment model
Determine a deployment model given specific AWS services
Overview of deployment options on AWS
Cloud computing deployment models
Analyze risks associated with deployment models and relevant remedies
How do you mitigate deployment risks?
2.3 Apply Security Concepts in the Automation of Resource Provisioning
Choose the best automation tool given requirements
AWS Service Catalog, AWS Organizations, & AWS Lambda
Self-service provisioning of resources with AWS Control Tower
Automate infrastructure with AWS CloudFormation
Demonstrate knowledge of security best practices for resource provisioning (e.g., encrypting data bags, generating credentials on the fly)
Temporary security credentials in IAM
Review IAM policies and assess if sufficient but least privilege is granted for all lifecycle stages of deployment (e.g., create, update, promote)
Techniques for writing least privilege IAM policies
Approaching least privilege IAM policies
Review credential management solutions (e.g., EC2 parameter store, third party)
AWS Systems Manager parameter store
The right way to store secrets with the parameter Store
Build the automation
o CloudFormation template, Chef Recipe, Cookbooks, Code pipeline, etc.
Use AWS Systems Manager Automation & CloudFormation
2.4 Determine How to Implement Lifecycle Hooks on a Deployment
Determine appropriate integration techniques to meet project requirements
Application integration on AWS
Application integration patterns for microservices
Choose the appropriate hook solution (e.g., implement leader node selection after a node failure) in an Auto Scaling group
EC2 auto scaling lifecycle hooks
Using AWS Lambda with auto-scaling lifecycle hooks
Evaluate hook implementation for failure impacts (if a remote call fails, if a dependent service is temporarily unavailable (i.e., Amazon S3), and recommend resiliency improvements
Resilience in EC2 auto-scaling
Limitations of EC2 auto-scaling lifecycle hooks
Evaluate deployment rollout procedures for failure impacts and evaluate rollback/recovery processes
Automate rollback of failed Amazon ECS deployments
Rollback a deployment with CodeDeploy
2.5 Apply Concepts Required to Manage Systems Using AWS Configuration Management Tools and Services
Identify pros and cons of AWS configuration management tools
Demonstrate knowledge of configuration management components
Components of a configuration item
Show the ability to run configuration management services end to end with no assistance while adhering to industry best practices
Configuration management best practices
Security best practices for AWS Config
Domain 3: Monitoring and Logging – 15%
3.1 Determine How to Set up the Aggregation, Storage, and Analysis of Logs and Metrics
Implement and configure distributed logs collection and processing (e.g., agents, syslog, flumed, CW agent)
Collect, & display CloudWatch logs in a single dashboard
Apache Flume & logging for data pipelines
Collect logs from EC2 with the CloudWatch agent
Aggregate logs (e.g., Amazon S3, CW Logs, intermediate systems (EMR), Kinesis FH – Transformation, ELK/BI)
Aggregate logs with S3 replication
Build a log solution aggregator with Kinesis data firehose
Implement custom CW metrics, Log subscription filters
Creating custom CloudWatch metrics
Using CloudWatch logs subscription filters
Manage Log storage lifecycle (e.g., CW to S3, S3 lifecycle, S3 events)
Managing your S3 storage lifecycle
Lifecycle and other bucket configurations
3.2 Apply Concepts Required to Automate Monitoring and Event Management of an Environment
Parse logs (e.g., Amazon S3 data events/event logs/ELB/ALB/CF access logs) and correlate with other alarms/events (e.g., CW events to AWS Lambda) and take appropriate action
Parsing logs and structured logging
Parse log based on Regular Expressions
Analyzing log data with CloudWatch Logs Insights
Use CloudTrail/VPC flow logs for detective control (e.g., CT, CW log filters, Athena, NACL or WAF rules) and take dependent actions (AWS step) based on error handling logic (state machine)
Investigate VPC flow with Amazon Detective
Log Amazon Detective API calls with AWS CloudTrail
Logging and monitoring in AWS WAF
Error handling in Step functions
Configure and implement Patch/inventory/state management using ESM (SSM), Inspector, CodeDeploy, OpsWorks, and CW agents
Configuring inventory collection using AWS SSM
Handle scaling/failover events (e.g., ASG, DB HA, route table/DNS update, Application Config, Auto Recovery, PH dashboard, TA)
Using Amazon EC2 Auto Scaling with EventBridge
AWS Personal Health Dashboard notifications for auto-scaling
Get SNS notifications when your auto-scaling group scales
Determine how to automate the creation of monitoring
Automated monitoring tools for EC2
3.3 Apply Concepts Required to Audit, Log, and Monitor Operating Systems, Infrastructures, and Applications
Monitor end to end service metrics (DDB/S3) using available AWS tools (X-ray with EB and Lambda)
Tracing S3 requests using AWS X-Ray
Using AWS Lambda with AWS X-Ray
AWS X-Ray distributed tracing in Lambda
Verify environment/OS state through auditing (Inspector), Config rules, CloudTrail (process and action), and AWS APIs
Work with Inspector agents on Windows-based OS
Evaluate resources with AWS Config rules
Log Step Functions using AWS CloudTrail
Enable, configure, and analyze custom metrics (e.g., Application metrics, memory, KCL/KPL) and take action
Monitor your custom application metrics
Create custom CloudWatch metrics
Monitor the KCL with Amazon CloudWatch
Monitoring the KPL with CloudWatch
Ensure container monitoring (e.g., task state, placement, logging, port mapping, LB)
PortMapping: Amazon Elastic Container Service
Logging & monitoring in Amazon ECS
Distinguish between services that enable service level or OS level monitoring
o Example: AWS services that use OS agents (e.g., Inspector, SSM)
3.4 Determine How to Implement Tagging and Other Metadata Strategies
Segregate authority based on tagging (lifecycle stages – dev/prod) with Condition context keys
AWS global condition context keys
Secure resource tags used for authorization
Utilize Amazon S3 system/user-defined metadata for classification and automation
Automated metadata extraction using the AWS Media Analysis Solution
Design and implement tag-based deployment groups with CodeDeploy
Tagging instances for deployment groups
Work with deployment groups in CodeDeploy
Best practice for cost allocation/optimization with tagging
AWS Tagging: Best practices for cost allocation
Domain 4: Policies and Standards Automation – 10%
4.1 Apply Concepts Required to Enforce Standards for Logging, Metrics, Monitoring, Testing, and Security
Detect, report, and respond to governance and security violations
Audit your AWS resources for security compliance
Detect and mitigate Guardrail violation
How do you detect & investigate security events?
Apply logging standards across application, operating system, and infrastructure
Know your OS logs from your web server & app logs
Apply context-specific application health and performance monitoring
Use CloudWatch Events to monitor app health
Evaluate your serverless application’s health
Outline standards for delivery models for logs and metrics (e.g., JSON, XML, Data Normalization)
JSON format | Amazon CloudWatch
4.2 Determine How to Optimize Cost Through Automation
Prioritize automation effort to reduce labor costs
Prioritize & automate agent work
Automate running tasks using EC2 Systems Manager
Implement right-sizing of workload based on metrics
Right-sizing instances to match workloads
Assess ways to improve time to market through automating process orchestration and repeatable tasks
Reducing time to market with AWS
6 Ways AWS can shorten your platform’s Time-to-Market
Automate tasks in your AWS account with Lambda
Diagnose outliers to determine use case fit
Use dedicated transforms to handle outliers
o Example: Configuration drift
Measure and automate cost optimization through events
o Example: Trusted Advisor
Optimize costs using Trusted Advisor
How do I optimize costs using Trusted Advisor?
4.3 Apply Concepts Required to Implement Governance Strategies
Generalize governance standards across CI/CD pipeline
Cloud governance & compliance with policy as code
Build end-to-end AWS DevSecOps CI/CD pipeline
Outline and measure the real-time status of compliance with governance strategies
Governance in AWS: Right balance between agility & safety
Real-time insights on account activity
Report on compliance with governance strategies
AWS Governance: Drive success in the cloud
Governance in the cloud & in the digital age
Deploy governance policies related to self-service capabilities
Deploy enterprise proof-of-concept with AWS Service Catalog
o Example: Service Catalog, CFN Nag
Domain 5: Incident and Event Response – 18%
5.1 Troubleshoot Issues and Determine How to Restore Operations
Given an issue, evaluate how to narrow down the unhealthy components as quickly as possible
Given an increase in load, determine what steps to take to mitigate the impact
Determine the causes and impacts of a failure
o Example: Deployment, operations
Determine the best way to restore operations after a failure occurs
Investigate and correlate logged events with application components
o Example: application source code
5.2 Determine How to Automate Event Management and Alerting
Set up automated restores from backup in the event of a catastrophic failure
Set up methods to deliver alerts and notifications that are appropriate for different types of events
Assess the quality/actionability of alerts
Configure metrics appropriate to an application’s SLAs
Proactively update limits
5.3 Apply Concepts Required to Implement Automated Healing
Set up the correct scaling strategy to enable auto-healing when a failure occurs (e.g., with Auto Scaling policies)
Use the correct rollback strategy to avoid impact from failed deployments
Configure Route 53 to ensure cross-Region failover
Detect and respond to maintenance or Spot termination events
5.4 Apply Concepts Required to Set up Event-driven Automated Actions
Configure Lambda functions or CloudWatch actions to implement automated actions
Set up CloudWatch event rules and/or Config rules and targets
Use AWS Systems Manager or Step Functions to coordinate components (e.g., Lambda, use maintenance windows)
Configure a build/roll-out process to automatically respond to critical software updates
Domain 6: High Availability, Fault Tolerance, and Disaster Recovery – 16%
6.1 Determine Appropriate Use of Multi-AZ Versus Multi-region Architectures
Determine deployment strategy based on HA/DR requirements
Determine data replication strategy based on cost and durability requirements
Determine infrastructure, platform, and services based on HA/DR requirements
Design for HA/FT/DR based on service availability (i.e., global/regional/single AZ)
6.2 Determine How to Implement High Availability, Scalability, and Fault Tolerance
Design deployment strategy to support HA/FT/scalability
Assess statefulness of application infrastructure components
Use load balancing to distribute traffic across multiple AZ/ASGs/instance types (spot/M4 vs C4) /targets
Use appropriate caching solutions to improve availability and performance
6.3 Determine the Right Services Based on Business Needs (e.g., RTO/RPO, Cost)
Determine a cost-effective storage solution for your application
o Example: tiered, archival, EBS type, hot/cold
Choose a database platform and configuration to meet business requirements
Choose a cost-effective Compute platform based on business requirements
o Example: Spot
Choose a deployment service/model based on business requirements
o Example: Code Deploy, Blue/Green deployment
Determine when to use managed service vs. self-managed infrastructure (Docker on EC2 vs. ECS)
6.4 Determine How to Design and Automate Disaster Recovery Strategies
Automate failure detection
Automate components/environment recovery
Choose appropriate deployment strategy for environment recovery
Design automation to support failover in a hybrid environment
6.5 Evaluate a Deployment for Points of Failure
Determine appropriate deployment-specific health checks
Implement failure detection during deployment
Implement failure event handling/response
Ensure that resources/components/processes exist to react to failures during deployment
Look for exit codes on each event of the deployment
Map errors to different points of deployment
This brings us to the end of the AWS Certified DevOps Engineer – Professional (DOP-C01) Exam Preparation Study Guide
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are looking for other AWS certificate exams study guides, check out this page
Get Updates on AWS DevOps Certification
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
