Hello, and welcome to this learning path that has been designed to help you prepare for and pass the AWS Certified DevOps Engineer - Professional certification exam.

My name is Danny Jessee, and I am one of the trainers here at Cloud Academy, specializing in AWS–Amazon Web Services–and AWS certifications. Feel free to connect with me to ask any questions using the details shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com, where one of our cloud experts will reply to your question.

The AWS Certified DevOps Engineer - Professional certification is one of only two professional-level AWS certifications and has been designed for anyone in a DevOps engineer role who has knowledge and experience using AWS services to provision, operate, and manage distributed systems and services. AWS recommends that candidates for this exam have at least 2 years of hands-on experience with modern DevOps processes and methodologies as well as building, administering, and securing infrastructure in AWS. Ideally you’ve already passed the AWS Certified Developer - Associate exam, but that is not a prerequisite for taking this certification. This learning path will provide you with the knowledge you need when preparing to take the latest version of the AWS Certified DevOps Engineer - Professional certification exam, DOP-C02, which was released in March 2023.

The certification itself is broken down into six distinct domains:

1. SDLC Automation (22%),

2. Configuration Management and IaC (17%),

3. Resilient Cloud Solutions (15%),

4. Monitoring and Logging (15%),

5. Incident and Event Response (14%), and

6. Security and Compliance (17%).

Each of these domains carry a specific percentage weighting within the exam. Each domain also contains a series of task statements that call out specific required knowledge and skills. These are outlined in the official AWS exam guide, which is linked in the Course Material section for this course and can be found here. Let’s start by taking a look at each of these domains in more detail to give you a better understanding of the topics that will be covered on the exam.

We’ll begin with Domain 1: SDLC Automation. This domain accounts for 22% of the exam content and focuses on 4 key areas:

• Implement CI/CD pipelines,

• Integrate automated testing into CI/CD pipelines,

• Build and manage artifacts, and

• Implement deployment strategies for instance, container, and serverless environments.

This domain is all about knowing your way around the software development lifecycle, or SDLC. In the context of AWS, this means understanding how to create and configure continuous integration and continuous delivery, or CI/CD pipelines using AWS CodePipeline. In addition to CodePipeline, you should also be familiar with CodeCommit, CodeArtifact, CodeBuild, and CodeDeploy. You should know how to leverage all of these services to perform common DevOps tasks like configuring repositories, setting up build processes, and managing builds and tests that run whenever events like a pull request or code merge take place. And once you’ve built your deployment artifacts, you should know how to securely deploy them to a variety of different platforms and environments, including EC2, ECS, and Lambda.

Next, we have Domain 2: Configuration Management and IaC. This domain accounts for 17% of the exam content and focuses on 3 areas of interest:

• Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle,

• Deploy automation to create, onboard, and secure AWS accounts in a multi-account/multi-region environment, and

• Design and build automated solutions for complex tasks and large-scale environments.

Building on the objectives from Domain 1, this domain will ensure you know how to implement robust configuration management using infrastructure as code, or IaC. This includes knowing how to build, deploy, and maintain IaC templates using services like CloudFormation and the AWS Cloud Development Kit, or CDK. And you’ll see the theme of automation continues in this domain, extending beyond CI/CD pipelines for application deployments to also include system inventory, configuration, and patch management, along with using services like AWS Organizations and Control Tower to establish governance and define automated processes that provision and secure AWS accounts at scale in a multi-region environment.

Moving on, we have Domain 3: Resilient Cloud Solutions. This domain accounts for 15% of the exam content and focuses on the following 3 items:

• Implement highly available solutions to meet resilience and business requirements,

• Implement solutions that are scalable to meet business requirements, and 

• Implement automated recovery processes to meet RTO/RPO requirements.

This domain will ensure you know how to leverage the AWS global infrastructure to engineer solutions that are highly available and resilient to failure. This includes understanding which AWS services provide their own built-in levels of fault tolerance and high availability. You’ll need to understand how services such as Amazon Route 53 and CloudFront can be used to enable cross-Region solutions, and how elastic load balancing can support services across Availability Zones within a single Region. Now you’ll notice each of these task statements references the ability to implement solutions and processes based on either business requirements or Recovery Time Objective and Recovery Point Objective, or RTO and RPO requirements. This means you’ll also need to balance cost and performance considerations when choosing the most effective solution that still satisfies all of the given requirements.

After that, we have Domain 4: Monitoring and Logging. This domain also accounts for 15% of the exam content and will assess you in these 3 areas:

• Configure the collection, aggregation, and storage of logs and metrics,

• Audit, monitor, and analyze logs and metrics to detect issues, and

• Automate monitoring and event management of complex environments.

This domain is focused on your awareness and insight into all things monitoring and logging in AWS. This covers a number of different services, including Amazon CloudWatch for logs, metrics, dashboards, and alarms, Amazon EventBridge, and AWS CloudTrail. You'll need to determine what data and metrics you can log, how to track them, and how to monitor that logged data using automation services. Having the ability to set up logging and monitoring strategies to gain a deeper understanding of your infrastructure is essential when detecting and remediating issues in large-scale production environments.

Building on these concepts, we have Domain 5: Incident and Event Response. This domain accounts for 14% of the exam content and focuses on 3 key areas:

• Manage event sources to process, notify, and take action in response to events,

• Implement configuration changes in response to events, and

• Troubleshoot system and application failures.

This domain focuses on the best practices and processes to help you identify and resolve incidents as they arise within your environment as quickly as possible using automated and event-driven actions. When important events are generated by some of the services we discussed in Domain 4, you’ll need to know how to use services like the Amazon Simple Notification Service, or SNS, to configure notifications and build robust event-processing workflows using services like the Amazon Simple Queue Service, or SQS, and AWS Step Functions. When troubleshooting application failures, you may need to follow code through a distributed system with tracing data using a service like AWS X-Ray, which can also be useful when performing a root cause analysis.

And finally, we have Domain 6: Security and Compliance. This domain accounts for 17% of the exam content and will assess you in 3 areas:

• Implement techniques for identity and access management at scale,

• Apply automation for security controls and data protection, and

• Implement security monitoring and auditing solutions.

Now it goes without saying that DevOps engineers need to incorporate security best practices across all elements of an application’s architecture, code, and deployment. And to that end, this domain will ensure you understand the principle of least privilege access and how to leverage AWS Identity and Access Management, or IAM, to define policies that grant only the minimum subset of permissions required for a given user, role, or service. It also includes knowing how to protect sensitive data using encryption in transit and at rest, and how to leverage services such as AWS Secrets Manager to securely automate credential rotation. You’ll need to understand the role of network security components like AWS Network Firewall and services like the AWS Security Hub when applying a robust defense-in-depth strategy.

Throughout this learning path, you’ll be guided through a series of courses, hands-on labs, hands-on lab challenges, and assessments that cover every element within the domains I just discussed. This will ensure that you have the required knowledge and sufficient hands-on experience to help you pass this certification exam.

Feedback on our learning paths here at Cloud Academy is valuable to both us as trainers and any students looking to take the same learning path in the future. If you have any feedback, positive or negative, or if you notice anything that needs to be updated or corrected for the next release cycle, it would be greatly appreciated if you could email support@cloudacademy.com.

That brings me to the end of this introduction, now let’s dive in! Best of luck on your certification journey!