AWS Certified DevOps Engineer - Professional 2022

Domain 1: SDLC Automation

• Apply concepts required to automate a CI/CD pipeline

• Set up repositories

• Set up build services

• Integrate automated testing (e.g., unit tests, integrity tests)

• Set up deployment products/services

• Orchestrate multiple pipeline stages

 Determine source control strategies and how to implement them

• Determine a workflow for integrating code changes from multiple contributors

• Assess security requirements and recommend code repository access design

• Reconcile running application versions to repository versions (tags)

• Differentiate different source control types

Apply concepts required to automate and integrate testing

• Run integration tests as part of code merge process

• Run load/stress testing and benchmark applications at scale

• Measure application health based on application exit codes (robust Health Check)

• Automate unit tests to check pass/fail, code coverage

• CodePipeline, CodeBuild, etc.

• Integrate tests with pipeline

 Apply concepts required to build and manage artifacts securely

• Distinguish storage options based on artifacts security classification

• Translate application requirements into Operating System and package configuration (build specs)

• Determine the code/environment dependencies and required resources

• Example: CodeDeploy AppSpec, CodeBuild buildspec

• Run a code build process

Domain 2: Configuration Management and Infrastructure as Code

Determine deployment services based on deployment needs 

• Demonstrate knowledge of process flows of deployment models

• Given a specific deployment model, classify and implement relevant AWS services to meet requirements

• Given the requirement to have DynamoDB choose CloudFormation instead of OpsWorks

• Determine what to do with rolling updates

Determine application and infrastructure deployment models based on business needs

• Balance different considerations (cost, availability, time to recovery) based on business requirements to choose the best deployment model

• Determine a deployment model given specific AWS services

• Analyze risks associated with deployment models and relevant remedies

Apply security concepts in the automation of resource provisioning

• Choose the best automation tool given requirements

• Demonstrate knowledge of security best practices for resource provisioning (e.g., encrypting data bags, generating credentials on the fly)

• Review IAM policies and assess if sufficient but least privilege is granted for all lifecycle stages of a deployment (e.g., create, update, promote)

• Review credential management solutions (e.g., EC2 parameter store, third party)

• Build the automation

• CloudFormation template, Chef Recipe, Cookbooks, Code pipeline, etc.

Determine how to implement lifecycle hooks on a deployment

• Determine appropriate integration techniques to meet project requirements

• Choose the appropriate hook solution (e.g., implement leader node selection after a node failure) in an Auto Scaling group

• Evaluate hook implementation for failure impacts (if a remote call fails, if a dependent service is temporarily unavailable (i.e., Amazon S3), and recommend resiliency improvements

• Evaluate deployment rollout procedures for failure impacts and evaluate rollback/recovery processes

• Apply concepts required to manage systems using AWS configuration management tools and services

• Identify pros and cons of AWS configuration management tools

• Demonstrate knowledge of configuration management components

Domain 3: Monitoring and Logging

Determine how to set up the aggregation, storage, and analysis of logs and metrics

• Implement and configure distributed logs collection and processing (e.g., agents, syslog, flumed, CW agent)

• Aggregate logs (e.g., Amazon S3, CW Logs, intermediate systems (EMR), Kinesis FH – Transformation, ELK/BI)

• Implement custom CW metrics, Log subscription filters

• Manage Log storage lifecycle (e.g., CW to S3, S3 lifecycle, S3 events)

Apply concepts required to automate monitoring and event management of an environment

• Parse logs (e.g., Amazon S3 data events/event logs/ELB/ALB/CF access logs) and correlate with other alarms/events (e.g., CW events to AWS Lambda) and take appropriate action

• Use CloudTrail/VPC flow logs for detective control (e.g., CT, CW log filters, Athena, NACL or WAF rules) and take dependent actions (AWS step) based on error handling logic (state machine)

• Configure and implement Patch/inventory/state management using ESM (SSM), Inspector, CodeDeploy, OpsWorks, and CW agents

• EC2 retirement/maintenance

• Handle scaling/failover events (e.g., ASG, DB HA, route table/DNS update, Application Config, Auto Recovery, PH dashboard, TA)

• Determine how to automate the creation of monitoring

Apply concepts required to audit, log, and monitor operating systems, infrastructures, and applications

• Monitor end to end service metrics (DDB/S3) using available AWS tools (X-ray with EB and Lambda)

• Verify environment/OS state through auditing (Inspector), Config rules, CloudTrail (process and action), and AWS APIs

• Enable, configure, and analyze custom metrics (e.g., Application metrics, memory, KCL/KPL) and take action

• Ensure container monitoring (e.g., task state, placement, logging, port mapping, LB)

• Distinguish between services that enable service level or OS level monitoring

• Example: AWS services that use OS agents (e.g., Inspector, SSM)