AWS Certified DevOps Engineer Professional Exam Study Guide [DOP-C01]

AWS Certified DevOps Engineer - Professional Study Guide

Preparing for the AWS Certified DevOps Engineer – Professional (DOP-C01) exam? Don’t know where to start? This post is the AWS Certified DevOps Engineer Certificate Study Guide (with links to each objective in the exam domain).

I have curated a detailed list of articles from AWS documentation and other blogs for each objective of the AWS Certified DevOps Engineer – Professional (DOP-C01) exam. Please share the post within your circles so it helps them to prepare for the exam.

AWS Certified DevOps Professional Course

LinkedIn Learning (Free trial)Prepare for AWS DevOps Engineer Certification
PluralsightAWS Certified DevOps Engineer (DOP-C01)
UdemyAWS Certified DevOps Professional Exam

AWS Certified DevOps Engineer Practice Test

Whizlabs Exam QuestionsAWS DevOps (400Qs + Course + 33 Labs)
Udemy Practice TestAWS DevOps Engineer Practice Test (85Qs)

AWS Certified DevOps Engineer Other Stuff

Udacity NanodegreeBecome an AWS Cloud DevOps Engineer
Amazon e-book (PDF)Implement effective DevOps with AWS

To view other AWS certificate study guides, click here.

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Domain 1: SDLC Automation – 22%

1.1 Apply Concepts Required to Automate a CI/CD Pipeline

Set up repositories

Create an AWS CodeCommit repository

Create a GitHub repository

CodeArtifact: Create a repository

Set up build services

AWS CodeBuild: Fully managed build service

Create a Build project

Integrate automated testing (e.g., unit tests, integrity tests)

Integrating with automated tests

Perform unit testing in an AWS CodeStar project

Automated unit testing in DevOps Pipeline

Set up deployment products/services

Getting started with CodeDeploy

Create a deployment configuration with CodeDeploy

Create a deployment with CodeDeploy

Orchestrate multiple pipeline stages

Create a four-stage pipeline

Work with stage transitions in CodePipeline

1.2 Determine Source Control Strategies and How to Implement Them

Determine a workflow for integrating code changes from multiple contributors

Federated multi-account access for AWS CodeCommit

CodePipeline integration with CodeBuild & multiple input sources

Assess security requirements and recommend code repository access design

Build security in CI/CD pipelines

Security in AWS CodePipeline

Build end-to-end AWS DevSecOps CI/CD pipeline

Reconcile running application versions to repository versions (tags)

Managing application versions

Publish a new version of an existing app

Differentiate different source control types

3 different types Of version control systems

Version Control Systems

1.3 Apply Concepts Required to Automate and Integrate Testing

Run integration tests as part of the code merge process

Integration testing on AWS

AWS serverless integration testing

Run load/stress testing and benchmark applications at scale

Load test a web application’s backend

Ensure optimal performance with distributed load testing

Measure application health based on application exit codes (robust Health Check)

Implementing health checks

Capture CI/CD metrics with DevOps monitoring dashboard

Automate unit tests to check pass/fail, code coverage

Integrate tests with pipeline

Continuous testing with CodeBuild & CodePipeline

Use AWS CodePipeline with CodeBuild to test code & run builds

1.4 Apply Concepts Required to Build and Manage Artifacts Securely

Distinguish storage options based on artifacts security classification

Data classification | security pillar

Data classification overview

Translate application requirements into Operating System and package configuration (build specs)

Batch build buildspec reference

Determine the code/environment dependencies and required resources

Run a code build process

Create a Build project

Run a build in the console

1.5 Determine Deployment/Delivery Strategies (e.g., A/B, Blue/Green, Canary, Red/Black) and How to Implement Them Using AWS Services

Determine the correct delivery strategy based on business needs

AWS deployment strategies

Elastic Beanstalk deployment strategies

Choose the right modern deployment strategy

Critique existing deployment strategies and suggest improvements

Monitor and verify the deployment

Use the agent to validate a deployment package

Recommend DNS/routing strategies (e.g., Route 53, ELB, ALB, load balancer) based on business continuity goals

Choosing a routing policy

Route traffic to an ELB load balancer

Use AWS ALB path-based routing

Verify deployment success/failure and automate rollbacks

Automate rollback of failed ECS deployments

Amazon link (affiliate)

Domain 2: Configuration Management and Infrastructure as Code – 19%

2.1 Determine Deployment Services Based on Deployment Needs

Demonstrate knowledge of process flows of deployment models

Cloud computing deployment models

Given a specific deployment model, classify and implement relevant AWS services to meet requirements

o Given the requirement to have DynamoDB choose CloudFormation instead of OpsWorks

When to use OpsWorks vs. CloudFormation?

Amazon DynamoDB template snippets

DynamoDB table: AWS CloudFormation

Use CloudFormation to create DynamoDB global tables

o Determine what to do with rolling updates

Rolling update

Trigger rolling updates

2.2 Determine Application and Infrastructure Deployment Models Based on Business Needs

Balance different considerations (cost, availability, time to recovery) based on business requirements to choose the best deployment model

Cost considerations for global deployments

Choose the best cloud deployment model

Determine a deployment model given specific AWS services

Overview of deployment options on AWS

Cloud computing deployment models

Analyze risks associated with deployment models and relevant remedies

Mitigate deployment risks

How do you mitigate deployment risks?

2.3 Apply Security Concepts in the Automation of Resource Provisioning

Choose the best automation tool given requirements

AWS Service Catalog, AWS Organizations, & AWS Lambda

Self-service provisioning of resources with AWS Control Tower

Automate infrastructure with AWS CloudFormation

Demonstrate knowledge of security best practices for resource provisioning (e.g., encrypting data bags, generating credentials on the fly)

Encrypt a data bag item

Temporary security credentials in IAM

Review IAM policies and assess if sufficient but least privilege is granted for all lifecycle stages of deployment (e.g., create, update, promote)

Techniques for writing least privilege IAM policies

Approaching least privilege IAM policies

Review credential management solutions (e.g., EC2 parameter store, third party)

AWS Systems Manager parameter store

The right way to store secrets with the parameter Store

What is AWS Secrets Manager?

Build the automation

2.4 Determine How to Implement Lifecycle Hooks on a Deployment

Determine appropriate integration techniques to meet project requirements

Application integration on AWS

Application integration patterns for microservices

Choose the appropriate hook solution (e.g., implement leader node selection after a node failure) in an Auto Scaling group

EC2 auto scaling lifecycle hooks

Adding lifecycle hooks

Using AWS Lambda with auto-scaling lifecycle hooks

Evaluate hook implementation for failure impacts (if a remote call fails, if a dependent service is temporarily unavailable (i.e., Amazon S3), and recommend resiliency improvements

Resilience in EC2 auto-scaling

Limitations of EC2 auto-scaling lifecycle hooks

Evaluate deployment rollout procedures for failure impacts and evaluate rollback/recovery processes

Automate rollback of failed Amazon ECS deployments

Rollback a deployment with CodeDeploy

2.5 Apply Concepts Required to Manage Systems Using AWS Configuration Management Tools and Services

Identify pros and cons of AWS configuration management tools

Pros and Cons of AWS Config

AWS Config reviews

Demonstrate knowledge of configuration management components

Components of a configuration item

Key components of AWS Config

Show the ability to run configuration management services end to end with no assistance while adhering to industry best practices

Configuration management best practices

AWS Config best practices

Security best practices for AWS Config

Domain 3: Monitoring and Logging – 15%

3.1 Determine How to Set up the Aggregation, Storage, and Analysis of Logs and Metrics

Implement and configure distributed logs collection and processing (e.g., agents, syslog, flumed, CW agent)

Centralized logging

Collect, & display CloudWatch logs in a single dashboard

Apache Flume & logging for data pipelines

Collect logs from EC2 with the CloudWatch agent

Aggregate logs (e.g., Amazon S3, CW Logs, intermediate systems (EMR), Kinesis FH – Transformation, ELK/BI)

Aggregate logs with S3 replication

Log aggregation

AWS EMR log aggregation

Build a log solution aggregator with Kinesis data firehose

Implement custom CW metrics, Log subscription filters

Creating custom CloudWatch metrics

Use custom CloudWatch metrics

Create a subscription filter

Using CloudWatch logs subscription filters

Manage Log storage lifecycle (e.g., CW to S3, S3 lifecycle, S3 events)

Managing your S3 storage lifecycle

Lifecycle and other bucket configurations

3.2 Apply Concepts Required to Automate Monitoring and Event Management of an Environment

Parse logs (e.g., Amazon S3 data events/event logs/ELB/ALB/CF access logs) and correlate with other alarms/events (e.g., CW events to AWS Lambda) and take appropriate action

Parsing logs and structured logging

Parse log based on Regular Expressions

Analyzing log data with CloudWatch Logs Insights

Use CloudTrail/VPC flow logs for detective control (e.g., CT, CW log filters, Athena, NACL or WAF rules) and take dependent actions (AWS step) based on error handling logic (state machine)

Investigate VPC flow with Amazon Detective

Log Amazon Detective API calls with AWS CloudTrail

Logging and monitoring in AWS WAF

Error handling in Step functions

Configure and implement Patch/inventory/state management using ESM (SSM), Inspector, CodeDeploy, OpsWorks, and CW agents

Configuring inventory collection using AWS SSM

AWS Systems Manager inventory

Handle scaling/failover events (e.g., ASG, DB HA, route table/DNS update, Application Config, Auto Recovery, PH dashboard, TA)

Using Amazon EC2 Auto Scaling with EventBridge

AWS Personal Health Dashboard notifications for auto-scaling

Get SNS notifications when your auto-scaling group scales

Determine how to automate the creation of monitoring

Automated monitoring tools for EC2

S3 automated monitoring tools

3.3 Apply Concepts Required to Audit, Log, and Monitor Operating Systems, Infrastructures, and Applications

Monitor end to end service metrics (DDB/S3) using available AWS tools (X-ray with EB and Lambda)

Tracing S3 requests using AWS X-Ray

Using AWS Lambda with AWS X-Ray

AWS X-Ray distributed tracing in Lambda

Verify environment/OS state through auditing (Inspector), Config rules, CloudTrail (process and action), and AWS APIs

Work with Inspector agents on Windows-based OS

Evaluate resources with AWS Config rules

Log Step Functions using AWS CloudTrail

Enable, configure, and analyze custom metrics (e.g., Application metrics, memory, KCL/KPL) and take action

Monitor your custom application metrics

Create custom CloudWatch metrics

Monitor the KCL with Amazon CloudWatch

Monitoring the KPL with CloudWatch

Ensure container monitoring (e.g., task state, placement, logging, port mapping, LB)

PortMapping: Amazon Elastic Container Service

Logging & monitoring in Amazon ECS

Amazon ECS task placement

Distinguish between services that enable service level or OS level monitoring

o Example: AWS services that use OS agents (e.g., Inspector, SSM)

Amazon Inspector agents

Work with Amazon Inspector agents on Windows-based OS

Working with SSM agent

3.4 Determine How to Implement Tagging and Other Metadata Strategies

Segregate authority based on tagging (lifecycle stages – dev/prod) with Condition context keys

AWS global condition context keys

Secure resource tags used for authorization

Utilize Amazon S3 system/user-defined metadata for classification and automation

Working with object metadata

Automated metadata extraction using the AWS Media Analysis Solution

Design and implement tag-based deployment groups with CodeDeploy

Tagging instances for deployment groups

Work with deployment groups in CodeDeploy

Best practice for cost allocation/optimization with tagging

Using cost allocation tags

AWS Tagging: Best practices for cost allocation

Domain 4: Policies and Standards Automation – 10%

4.1 Apply Concepts Required to Enforce Standards for Logging, Metrics, Monitoring, Testing, and Security

Detect, report, and respond to governance and security violations

Audit your AWS resources for security compliance

Detect and mitigate Guardrail violation

How do you detect & investigate security events?

Apply logging standards across application, operating system, and infrastructure

AWS logging best practices

Know your OS logs from your web server & app logs

Apply context-specific application health and performance monitoring

Use CloudWatch Events to monitor app health

Evaluate your serverless application’s health

Outline standards for delivery models for logs and metrics (e.g., JSON, XML, Data Normalization)

JSON format | Amazon CloudWatch

4.2 Determine How to Optimize Cost Through Automation

Prioritize automation effort to reduce labor costs

Prioritize & automate agent work

Automate running tasks using EC2 Systems Manager

Implement right-sizing of workload based on metrics

Right-sizing instances to match workloads

Tips for right-sizing

Assess ways to improve time to market through automating process orchestration and repeatable tasks

Reducing time to market with AWS

6 Ways AWS can shorten your platform’s Time-to-Market

Automate tasks in your AWS account with Lambda

Diagnose outliers to determine use case fit

Use dedicated transforms to handle outliers

Measure and automate cost optimization through events

o Example: Trusted Advisor

Optimize costs using Trusted Advisor

How do I optimize costs using Trusted Advisor?

4.3 Apply Concepts Required to Implement Governance Strategies

Generalize governance standards across CI/CD pipeline

Cloud governance & compliance with policy as code

Build end-to-end AWS DevSecOps CI/CD pipeline

Outline and measure the real-time status of compliance with governance strategies

Governance in AWS: Right balance between agility & safety

Real-time insights on account activity

Cloud governance & compliance

Report on compliance with governance strategies

AWS Governance: Drive success in the cloud

Governance in the cloud & in the digital age

Deploy governance policies related to self-service capabilities

Deploy enterprise proof-of-concept with AWS Service Catalog

o Example: Service Catalog, CFN Nag

Domain 5: Incident and Event Response – 18%

5.1 Troubleshoot Issues and Determine How to Restore Operations

Given an issue, evaluate how to narrow down the unhealthy components as quickly as possible

Given an increase in load, determine what steps to take to mitigate the impact

Determine the causes and impacts of a failure

o Example: Deployment, operations

Determine the best way to restore operations after a failure occurs

Investigate and correlate logged events with application components

o Example: application source code

5.2 Determine How to Automate Event Management and Alerting

Set up automated restores from backup in the event of a catastrophic failure

Set up methods to deliver alerts and notifications that are appropriate for different types of events

Assess the quality/actionability of alerts

Configure metrics appropriate to an application’s SLAs

Proactively update limits

5.3 Apply Concepts Required to Implement Automated Healing

Set up the correct scaling strategy to enable auto-healing when a failure occurs (e.g., with Auto Scaling policies)

Use the correct rollback strategy to avoid impact from failed deployments

Configure Route 53 to ensure cross-Region failover

Detect and respond to maintenance or Spot termination events

5.4 Apply Concepts Required to Set up Event-driven Automated Actions

Configure Lambda functions or CloudWatch actions to implement automated actions

Set up CloudWatch event rules and/or Config rules and targets

Use AWS Systems Manager or Step Functions to coordinate components (e.g., Lambda, use maintenance windows)

Configure a build/roll-out process to automatically respond to critical software updates

Domain 6: High Availability, Fault Tolerance, and Disaster Recovery – 16%

6.1 Determine Appropriate Use of Multi-AZ Versus Multi-region Architectures

Determine deployment strategy based on HA/DR requirements

Determine data replication strategy based on cost and durability requirements

Determine infrastructure, platform, and services based on HA/DR requirements

Design for HA/FT/DR based on service availability (i.e., global/regional/single AZ)

6.2 Determine How to Implement High Availability, Scalability, and Fault Tolerance

Design deployment strategy to support HA/FT/scalability

Assess statefulness of application infrastructure components

Use load balancing to distribute traffic across multiple AZ/ASGs/instance types (spot/M4 vs C4) /targets

Use appropriate caching solutions to improve availability and performance

6.3 Determine the Right Services Based on Business Needs (e.g., RTO/RPO, Cost)

Determine a cost-effective storage solution for your application

o Example: tiered, archival, EBS type, hot/cold

Choose a database platform and configuration to meet business requirements

Choose a cost-effective Compute platform based on business requirements

o Example: Spot

Choose a deployment service/model based on business requirements

o Example: Code Deploy, Blue/Green deployment

Determine when to use managed service vs. self-managed infrastructure (Docker on EC2 vs. ECS)

6.4 Determine How to Design and Automate Disaster Recovery Strategies

Automate failure detection

Automate components/environment recovery

Choose appropriate deployment strategy for environment recovery

Design automation to support failover in a hybrid environment

6.5 Evaluate a Deployment for Points of Failure

Determine appropriate deployment-specific health checks

Implement failure detection during deployment

Implement failure event handling/response

Ensure that resources/components/processes exist to react to failures during deployment

Look for exit codes on each event of the deployment

Map errors to different points of deployment

This brings us to the end of the AWS Certified DevOps Engineer – Professional (DOP-C01) Exam Preparation Study Guide

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!

In case you are looking for other AWS certificate exams study guides, check out this page

Get Updates on AWS DevOps Certification

Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the AWS Certified DevOps Study Guide

You may also like