The course is part of this learning path
AWS DevOps Engineer Professional Introduction
Implement and manage continuous delivery systems and methodologies on AWS
Implement and automate security controls, governance processes, and compliance validation
Define and deploy monitoring, metrics, and logging systems on AWS
Implement systems that are highly available, scalable, and self-healing on the AWS platform
Design, manage and maintain tools to automate operational processes
Domain 1: SDLC Automation 22%
Domain 2: Configuration Management and Infrastructure as Code 19%
Domain 3: Monitoring and Logging 15%
Domain 4: Policies and Standards Automation 10%
Domain 5: Incident and Event Response 18%
Domain 6: High Availability, Fault Tolerance and Disaster Recovery 16%
Hello and welcome to this learning path focused on the AWS Certified DevOps Engineer Professional Certification. My name is Stuart Scott and I'm the AWS Content Lead for Cloud Academy and I've created this learning path which is packed full of technical courses, hands-on labs, and assessments to ensure you have a solid understanding across all domains, the confidence to navigate the AWS environment, and the required preparation needed to pass this difficult certification. This is one of the two professional level certifications available with AWS and it's guided to those who already have experience with AWS and ideally have already passed the AWS Developer Associate Exam. But this is not a prerequisite in taking this certification. The aim of the certification is to validate your knowledge across a number of different key areas which have been defined by AWS as to being able to implement and manage continuous delivery systems and methodologies on AWS, implement and automate security controls, governance processes, and compliance validation. Define and deploy monitoring, metrics, and logging systems on AWS, implement systems that are highly available, scalable and self-healing on the AWS platform, and design, manage, and maintain tools to automate operational processes. As a means of demonstrating this knowledge you will be tested across six different domains with each domain contributing to a total percentage of your overall score. These domains have been broken down as follows, domain one, SDLC automation, which is 22%, domain two, configuration management and infrastructure as code is 19%, domain three, monitoring and logging at 15%, domain four, policies and standards automation at 10%, domain five, incident and event response at 18%, and domain six, high availability, fault tolerance, and disaster recovery at 16%. Each of these domains can be broken down into defined areas of knowledge.
Let's take a look at each domain. Domain one, SDLC automation. This domain covers all areas of the software development lifecycle within AWS. It covers a range of AWS services to test your awareness of best practices and concepts. You must fully understand the SDLC and the core services used. This is the largest percentage area of the certification so be sure to pay particular attention to this domain. Apply concepts required to automate a CI/CD pipeline. This assesses your level of understanding of what a CI/CD pipeline is and how to automate the process of implementation and management of your CI/CD. You should be familiar with AWS CodePipeline. Determine source control strategies and how to implement them. Here you must be aware of the services used and how to implement them to enable you to collaborate with teams on code in a secure and scalable method. Knowledge of AWS CodeCommit will be invaluable when addressing this point. Apply concepts required to automate and integrate testing. This point will assess your knowledge of how to test your code effectively enabling you to ready your packages for deployment. You should have an understanding of the concepts with testing and the different environments associated. A focus on AWS CodeBuild would be useful to learn the requirements covered in this point. Apply concepts required to build and manage artifacts securely. You must have an understanding and awareness of how to manage your code within AWS, ensuring it remains safe and secure at all times. Knowledge of AWS CodeCommit and AWS CodeDeploy is recommended. Determine deployment/delivery strategies, for example, A/B, Blue/green, Canary, Red/black and how to implement them using AWS services. The final point in this domain looks at your ability to implement the correct deployment strategy for a solution based on set requirements. You must have knowledge across a range of AWS services used to effectively carry out different delivery methods. Domain two, configuration management and infrastructure as code. This domain covers the second highest percentage at 19% and assesses your level of understanding and ability to implement a state configuration management across your deployments. From security and compliance to selecting the most appropriate AWS service to manage your infrastructure. Determine deployment services based on deployment needs. In this point you will be tested against your ability to select the most appropriate set of services and features to run a deployment based on a set of requirements.
There are numerous ways to deploy applications within AWS and you need to be familiar with all of them. Determine application and infrastructure deployment models based on business needs. Again, a working knowledge of different deployment models is required. Once you have selected your deployment service, How will you use that service to ensure you meet business requirements when deploying your application? Apply security concepts in the automation of resource provisioning. Security flows through every layer of deploying an application. Here you need to understand how to implement security at different levels throughout the SDLC and when building other solutions and the AWS services required to do so. Determine how to implement lifecycle hooks on a deployment. You must understand what a lifecycle hook is and how to incorporate them within your deployments. AWS CodeDeploy can be used to implement lifecycle hooks so an awareness and understanding of the service would be advantageous. Apply concepts required to manage systems using AWS configuration management tools and services. Here you'll be expected to know how to manage your code, deployments, and resources using AWS services which focus on configuration management such as AWS Config. Domain three, monitoring and logging.
This domain will focus on your awareness and insight into all things monitoring and logging in AWS. This covers a number of different services and you'll need to ensure you know how to determine what data you can log, how to track it, and how to monitor that logged data to your benefit using automation services. Having the ability to set up logging and monitoring strategies to gain a deeper understanding of your infrastructure is essential. Determine how to set up the aggregation, storage, and analysis of logs and metrics. Here you'll be expected to have a sound understanding of how to configure various logs to capture and collect data using range of a AWS services including the ingestion of data using services such as Kinesis. Apply concepts required to automate monitoring and event management of an environment. This point would assess you on how you could configure automation to identify and remediate issues as and when they occur. You must know how to proactively implement monitoring and event management across your account.
Apply concepts required to audit, log, and monitor operating systems, infrastructures, and applications. You must be able to implement the correct services, features and configurations to track changes and monitor your infrastructure. For example, using services like AWS CloudTrail, AWS Config, and Amazon CloudWatch. Determine how to implement tagging and other metadata strategies. The final point in this domain looks at your ability to implement tagging strategies and understand the importance behind it and why you need metadata. Domain four, policies and standards automation. This domain has a focus on security and governance enabling you to show how to implement standards across your infrastructure using AWS services and adhering to strict compliance controls as and when needed. It also has a requirement that requires you to show how you could implement this through the use of automation methods. Apply concepts required to enforce standards for logging, metrics, monitoring, testing, and security. This point focuses on the best methods to standardize your processes and policies using AWS services and controls. There are a number of controls and mechanisms that you can put in place to ensure certain actions can or can't take place depending on your business requirements. For example, implementing Config rules to check for compliance and automating remediation or using IAM roles to set permissions to perform a specific task. Determine how to optimize cost through automation. This will assess your knowledge of best practices when it comes to cost optimization using a range of AWS Services. You should be aware of how and where you can minimize spend and how to automate this. Apply concepts required to implement governance strategies. Using a range of security and management services you will need to adopt processes to enforce compliance against governance controls, such as those defined by PCI or HIPAA.
You will need to demonstrate which services and features you can implement to enforce this compliance. Domain five, incident an event response. This domain focuses on the best practices and processes to help you identify and resolve incidents as and when they arise within your environment as quickly as possible using automated and event-driven actions. Troubleshoot issues and determine how to restore operations. This point tests your ability to find the root cause of an incident across your infrastructure and how to best proceed in implementing a solution. There may be more than one correct answer presented so you must determine the best course of action depending on the requirements asked in the question. Determine how to automate event management and alerting. You must have knowledge of automation methods which can help identify issues within your environment. You will need to have knowledge across a number of key services including, but not limited to, Amazon CloudWatch, Amazon SNS, AWS Lambda, AWS Config, and AWS CloudTrail. Apply the concepts required to implement automated healing. This follows closely with the previous point, however, you must also be able to implement solutions to help you remediate issues as and when they are detected using methods in the previous point. Apply the concepts required to setup event-driven automated actions. AWS Lambda is a key component to help you answer any questions on this point. Having a solid understanding of this service will help you determine how to implement such solutions and corresponding actions. Domain six, high availability, fault tolerance, and disaster recovery. This domain will ask you a number of questions to ascertain your knowledge and understanding of the AWS global network and how you can use it to implement a range of solutions to help build resiliency and high availability, in addition to implementing a successful backup and disaster recovery strategy.
Determine the appropriate use of multi-AZ versus multi-region architectures. You must have a clear understanding of how the AWS global infrastructure is pieced together with the different components involved. Using these regional components you'll need to demonstrate how to architect your solutions as per different business requirements. Determine how to implement high availability, scalability and fault tolerance. Again, your knowledge will be tested on the AWS global infrastructure in addition to the services that provide their own level of fault tolerance and high availability. You must be aware of how different services manage this point and how they scale as required. Determine the right services based on business needs.
Example, RTO and RPO in cost. Ensure you understand the difference between recovery time objective and recovery point objective, and how this affects the business and what actions and services you can make use of to reduce both when needed. Determine how to design and automate disaster recovery strategies. This simply requires you to demonstrate that you have a solid understanding of how to backup and restore different environments when presented with different scenarios. You should be aware of how to implement these to achieve different levels of RTO and RPO. Evaluate a deployment for points of failure. This assesses your ability to identify potential weak points and concerns within a deployment that could potentially cause disruption to your deployment and infrastructure. Okay, so that's the exams detail covered as to what's required from a knowledge perspective. So what is involved with the learning path? The learning path has been created in such a way that for each domain covered, there are a number of technical courses and hands-on labs, which will provide all the information you need to become prepared to master each domain control point discussed. The content will begin with an overview of some of the core services across the foundational categories of computer storage in databases. This will then lead into a series of courses focusing on containers, continuous integration, and continuous delivery known as CI/CD.
This provides a great introduction to the next set of courses and labs which focuses entirely on the different AWS developer tools that are available. The content then moves towards monitoring and config management of your AWS infrastructure before progressing on to deployment techniques and services used to help distribute your applications and resources through infrastructure as code. Following this section, the focus moves on to login and how you can use different services to provide log management infrastructure to ingest data for analysis and inspection. Following logs, security is then targeted, providing an overview of some of the key security controls and methods to help protect your environment.
Lastly the content looks at provisioning infrastructure across the AWS global network to satisfy high availability and resiliency, as well as distributed back-up and DR possibilities. I recommend you review you some of the AWS white papers when you have completed your learning path to help solidify your understanding of the services, features, and methodologies. For this particular certification, it would be beneficial to look at the following, all of which can be found here. Running containerized microservices on AWS, microservices on AWS, infrastructure as code, practicing continuous integration and continuous delivery on AWS, Jenkins on AWS, import Windows server to Amazon EC2 with PowerShell, blue/green deployments on AWS, introduction to devops on AWS, and development and test on AWS. Now we have a clear understanding of what is required by a certified AWS devops engineer professional, let's get started with the training. If you have any questions throughout this learning path please contact us at email@example.com.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date Stuart has created over 40 courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.