Blog of Dev

Pass the AWS DevOps Pro Exam

Andrew Templeton -

Pass the AWS DevOps Pro Exam

In today's fast-moving IT environment, no field is hotter than cloud computing, no platform is more relevant than Amazon Web Services (AWS) and no skill set is more in-demand than DevOps Engineering.

As business needs change and evolve more rapidly than ever before, Certified AWS DevOps Engineering Professionals facilitate delivery, security, and performance engineering, by using advanced software techniques to manage, deploy, govern and optimize AWS cloud infrastructure.

AWS DevOps Engineer Professional Certification

AWS Certifications show employers the holder's proficiency in cloud computing with an industry-respected stamp of approval. Of the AWS Certifications, the AWS DevOps Engineer Professional certificate is the newest and most uncommon - having one unlocks many opportunities.

What is this certificate? In Amazon's own words...:

The AWS Certified DevOps Engineer – Professional exam validates technical expertise in provisioning, operating, and managing distributed application systems on the AWS platform.

Practically speaking, the exam covers four subject areas:

  1. Continuous Delivery & Process Automation
  2. Monitoring, Metrics, & Logging
  3. Security, Governance & Validation
  4. High Availability & Elasticity

As this is a professional level certification, any exam taker must excel in all of these knowledge domains and the many skills that make up each area of focus. That's a lot of material!

How to Study

The DevOps Engineering Professional exam requires in-depth knowledge not only of the core concepts of each AWS service, but also practical skill in creation and optimization of systems using these tools. This differs from some of the other certifications, in that it is not sufficient to merely know what tool to use when, but how to optimally use each one, as well as the limitations each has.

For example, instead of being asked which tool to use for automating continuous delivery of complete stacks (Use AWS CloudFormation), you may be asked to design an optimal system for creating a stack and then knowing how it is finished completing (Use AWS CloudFormation with SNS Stack Topics in a delivery pipeline).

Make sure to pay close attention to the "why" when learning. Then, after finishing a course, come back after some time. The second time watching, try to see if you can predict what the lecturer says next - for knowledge-based portions of lectures, this is an excellent way to memorize important concepts, while the practical work-along sections of videos are perfect for testing if you remember how to apply your knowledge to system design.

Finally, since all of the questions require scenario-based intuition and design expertise, make sure to take lots of practice quizzes - you will need about 70% accuracy to pass. The key here, beyond accuracy, is pace - the exam is nearly three hours long, and you must be very, very quick so solve questions. When taking practice quizzes, you should be able to answer knowledge questions in 20 seconds or less, and scenario-based questions in 150 seconds or less, in order to finish on time when taking the real exam.

What to Study

While AWS provides an Official Exam Blueprint, this PDF covers only the very high-level subject areas. I have compiled a more comprehensive list of topics, grouped in a way that should help you find study resources.

The AWS DevOps Engineering Pro Guide

Each heading covers a major focus area for the exam. These major headings may each take several weeks of solid study for a beginner. Each sub-heading covers one logical skill set, and should take a student about one week to learn. The bullets are question types you will encounter, and will take about one day of reading the AWS Developer Guides for the relevant subject.

Automation on AWS

  • Automation Basics
    • Continuous Integration
    • Continuous Deployment
    • Source Control Best Practices
  • Delivery Automation Tools on AWS
    • AWS Elastic Beanstalk
    • AWS CodeDeploy
    • AWS ECS and Docker on AWS
    • Intro to AWS OpsWorks
    • Advanced AWS Opsworks
    • AWS CodePipeline
    • AWS CodeCommit
  • AWS CloudFormation: Automating Infrastructure
    • Intro AWS CloudFormation Template
    • A VPC-Based Project in CloudFormation
    • Using CloudFormation To Deploy Builds
    • Continuous Deployment of Infrastructure
    • Advanced CloudFormation: Nested Stacks
    • Advanced CloudFormation: Custom Resources
  • Deployment Techniques and Strategies
    • Rolling & Canary Deployments
    • Blue-Green Deployments
    • Full-Stack testing
    • Bootstrapping
    • Immutable Infrastructures

Monitoring, Metrics, and Logging

  • Monitoring Tools
    • CloudWatch Metrics
    • Health Checks (Route53 + ELB + EC2)
    • CloudWatch Alerts
  • Logging Tools
    • CloudWatch Logs
    • Using Log Streams
    • Log Aggregation and Traceability
    • Real-Time Log Analysis

Data Security on AWS

  • Data Lifecycles
    • At Rest
    • In Transit
    • During Disposal
  • Data Encryption on AWS
    • Encryption Keys: KMS, HSM, X.509, IKE
    • Encryption In Transit: HTTPS, SSL and Client-Side
    • Encryption At Rest: AWS EC2
    • Encryption At Rest: AWS S3

Access Control on AWS

  • Controlling Access to AWS: IAM
    • IAM Policies: Language of Permissions
    • IAM Users & Groups: Manage Your Team
    • IAM Roles: Granting Access to Services
    • IAM Roles: Managing Multiple Accounts
  • Security Auditing AWS
    • AWS Trusted Advisor
    • AWS Config
    • AWS CloudTrail
    • AWS Inspector

Network Security on AWS

  • AWS VPC
    • Intro to AWS VPC
    • AWS VPC Subnetting
    • AWS VPC and the Internet: NATs, IGWs, Routes
    • Secure a VPC: Security Groups vs Network ACLs
    • Private S3 Traffic: AWS VPC Endpoints
    • Access Other VPCs: AWS VPC Peering
    • AWS VPC: Sample Networks (A peered network, private S3, Ruby on Rails implementation)
  • Multi-Site Networks on AWS
    • AWS Direct Connect
    • VPNs and IPsec
    • Multi-Region Connectivity

Managing AWS

  • Metering and Budgeting
    • Metering and Billing Basics
    • Multi-Account and Consolidating Billing
    • AWS DevPay
    • Monitoring Spending
  • IT Governance
    • Tools for Monitoring Compliance
    • AWS Service Directory
    • Compliance Reporting
    • AWS Directory Service

High Availability and Elasticity

  • Basic Concepts
    • Measuring Availability
    • Measuring Recoverability
    • Measuring Performance
    • Availablity Zones and Regions
  • Availability on AWS
    • Self-Healing Architecture
    • Recovery Through Infrastructure Automation
    • Mitigating Risk
    • Failover Strategies
  • Scaling on AWS
    • Vertical vs Horizonal Scaling
    • Offload Effort to AWS
    • Scaling network, asset delivery and front-ends
    • Scaling compute and middle-tiers
    • Scaling databases and storage