AWS Certified DevOps Engineer Professional 2026 - DOP-C02

Automate the entire AWS cicd workflow—from code push to automatic deployment across development, test, staging, and prod environments—using CodeCommit, CodePipeline, CodeBuild, CodeDeploy, CodeStar, CodeArtifact, and CodeGuru.

Explore version control with git, understand central online repository for collaboration, and learn how AWS CodeCommit provides a private, scalable, fully managed repository with IAM, encryption, and secure access.

Explore the AWS console update featuring a brighter white interface and rounded blue buttons, while maintaining the same usability as the old gray, square-button design.

Create and explore an AWS CodeCommit repository, upload and commit files, manage branches and notifications, and set up triggers and SNS notifications for repository events.

Push code directly to AWS CodeCommit using SSH keys or HTTPS credentials from IAM, then clone, add, commit, and push changes while viewing commit history.

Learn how CodeCommit uses EventBridge to automate pull request events, migrate repositories via git clone, enable cross-region replication, and enforce branch security and pull request approvals with IAM policies.

Orchestrate your AWS CI/CD with CodePipeline, connecting sources like CodeCommit, ECR, or GitHub to build, test, and deploy with CodeBuild, CodeDeploy, and artifacts stored in S3, supporting stages and approvals.

Create and deploy two beanstalk web server environments using nodejs for a simple application, then link updates to CodePipeline and remember to delete environments to avoid charges.

Create a custom CodePipeline that deploys code from GitHub to Elastic Beanstalk, with stages, a manual approval step, and prod deployment to Elastic Beanstalk environments.

CodePipeline starts via events, webhooks, or polling, with EventBridge or CodeStar Source Connection for GitHub. Manual approvals use AWS ownership and require GetPipeline and PutApprovalResult permissions via SNS.

Learn to use CloudFormation as a CodePipeline target to deploy AWS resources with templates, CDK, or SAML, manage change sets, manual approvals, and parameter overrides across regions and accounts.

Master advanced CodePipeline concepts by applying best practices, parallel actions, multi-region deployments with CodeDeploy, artifacts per region, and integration with EventBridge, Lambda, Step Functions, and CloudFormation.

Explore aws codebuild overview: configure buildspec.yml at repo root, build from sources like CodeCommit or GitHub, use prebuilt or custom images, and manage artifacts and logs in s3 and cloudwatch.

Create a GitHub-connected CodeBuild project to test the Congratulations message on deployment, using Buildspec.yaml and push-based builds from the main branch.

Create a buildspec.yaml in GitHub and use CodeBuild with the test that greps 'Congratulations' in index.html, then automate CI/CD by connecting CodeBuild to CodePipeline for deployment to Elastic Beanstalk.

Explore CodeBuild concepts, including default, custom, and dynamic environment variables, security with service roles and encryption, and build badges. Trigger builds via EventBridge and validate pull requests with test reports.

Learn how AWS CodeDeploy automates application deployment across EC2, on-premises, Lambda, and ECS. Use in-place and blue/green deployments with rollback, traffic shifting, appspec.yml, and deployment speeds from all-at-once to canary.

Master CodeDeploy deployments for EC2 on-premises, using in-place and blue/green strategies with tags, autoscaling groups, load balancers, and deployment hooks to control rollout.

Explore how CodeDeploy orchestrates blue/green ECS deployments with a load balancer, using a new ECS task definition and ECR image, an appspec.yml in S3, and optional CodePipeline automation.

Discover how to deploy a new lambda version with CodeDeploy using an appspec.yml in S3, shift alias from v1 to v2, and manage traffic with canary, linear, or all-at-once strategies.

Explore CodeDeploy rollbacks and troubleshooting, including automatic and manual rollbacks to the last known good version, time synchronization issues, agent and permissions checks, ASG blue-green traffic, and ELB health checks.

Discover AWS CodeArtifact as a secure, scalable artifact management service that proxies public repositories, caches dependencies in your VPC, and powers automated CI/CD pipelines with CodeBuild, CodePipeline, EventBridge, and CodeDeploy.

Learn how CodeArtifact repositories use upstream repositories and domains to enable centralized caching, de-dup storage, and cross-account sharing with external connections and domain policies.

Practice using code artifact by creating a demo repository with an upstream pypi-store, configuring a domain and KMS key, connected via token and pip3, and managing packages.

Learn how to automate the creation, testing, and distribution of EC2 AMIs with EC2 Image Builder, integrating CodePipeline, CodeCommit, and CloudFormation for rolling updates.

Learn how to share EC2 image builder outputs—images, recipes, and components—using RAM across accounts, publish latest AMI IDs to SSM parameter store, and reference them in CloudFormation for deployments.

Explore AWS Amplify as a one-stop tool for building web and mobile apps, integrating authentication, storage, APIs, CI/CD, analytics, and AI/ML predictions, deployable via the Amplify Console and CloudFront.

Connect CodeCommit branches to AWS Amplify to deploy each branch separately, linking development to dev.example.com and production to example.com via Route 53.

Learn how AWS CloudFormation enables infrastructure as code by detailing templates that declare resources like security groups, EC2 instances, S3 buckets, and load balancer, with automated deployment and version-controlled templates.

Practice creating cloud infrastructure with CloudFormation in us-east-1 using yaml templates and Application Composer. See how a stack provisions an EC2 instance from code, including a MyInstance in us-east-1a.

Update a CloudFormation stack by replacing the template, previewing a change set, and executing resource replacements for EC2, security groups, and elastic IPs.

Learn how YAML makes CloudFormation templates readable and easy to write, compared to JSON. Understand YAML constructs like nested objects, arrays, multi-line strings, and comments.

Explore how CloudFormation resources define AWS components in templates, reference each other, and let AWS manage creation, updates, and deletes, with examples like EC2 instances and security groups.

Explore CloudFormation parameters, their types, constraints, and validation, and learn to reuse templates with inputs like instance types via AllowedValues and values with NoEcho, the !Ref function, and pseudo parameters.

Learn how CloudFormation mappings provide region and environment specific values, such as region-based AMI IDs, using FindInMap with a region map, and when to use mappings versus parameters.

Learn how CloudFormation outputs optional values can be exported and imported across stacks to share resources like VPC IDs and subnet IDs, enabling cross-stack collaboration.

Learn how CloudFormation conditions control resource and output creation based on environment, region, or parameters, enabling prod-only resources using functions like And, Equals, If, Not, Or.

Explore CloudFormation intrinsic functions, including Ref, GetAtt, FindInMap, ImportValue, Join, Sub, ForEach, ToJson, and conditional functions like If, Not, Equals, plus Base64 and GetAZs, with resource attribute examples.

Explore how CloudFormation rollbacks handle stack creation and updates, compare default deletion with preserving resources, and learn to troubleshoot failures using logs and continue update rollback.

CloudFormation service roles enable stack operations via an IAM PassRole; use a dedicated role like DemoRole for CFN with S3 capabilities to manage resources.

Explore CloudFormation capabilities, including capability_named_iam, capability_iam, capability_auto_expand, macro and nested stacks, and how to acknowledge capabilities to deploy iam resources safely, addressing InsufficientCapabilitiesException.

Explore CloudFormation DeletionPolicy options—delete, retain, and snapshot—control resource fate on stack deletion, with examples for S3, EBS, RDS, and other resources.

CloudFormation stack policies use JSON documents to control update actions, protecting resources by default. Allow updates selectively while denying updates to the production database to prevent unintentional changes.

Enable termination protection in CloudFormation to prevent accidental stack deletions; learn how to enable it in the console, verify its status, and disable it when you have the necessary permissions.

Explore CloudFormation custom resources, backed by Lambda or SNS, to provision non-supported resources with input parameters, and automate actions like emptying an S3 bucket before deletion.

Explore deploying a CloudFormation custom resource backed by Lambda or Amazon SNS, learn how to use a pre-signed S3 URL for CloudFormation responses, and empty an S3 bucket on delete.

Explore dynamic references in CloudFormation to retrieve plaintext or secure values from SSM Parameter Store or Secrets Manager using the resolve syntax, enabling RDS master password management and secret rotation.

Pass user data to EC2 instances via CloudFormation using base64-encoded scripts and cloud-init logs. Test a demo stack that installs httpd and serves a hello world page.

Leverage CloudFormation cfn-init to read metadata, install packages, create files, run commands, and start services for scalable EC2 configurations. Check /var/log/cfn-init.log to verify success and debug issues.

Explore how CloudFormation uses cfn-signal and WaitCondition to verify EC2 configuration after cfn-init, with a creation policy and signals to complete a stack.

Explore how CloudFormation wait conditions rely on cfn-init and cfn-signal, diagnose failures with logs, ensure EC2 internet access for service communication, and debug by disabling rollback to preserve resources.

Learn how CloudFormation nested stacks encapsulate reusable components like load balancers and security groups, update via the parent stack, and distinguish nested stacks from cross stacks for proper reuse.

Explore how CloudFormation's dependsOn enforces a specific resource creation order, such as DBInstance before EC2 and S3 after EC2, with deletion following the same sequence.

Explore how CloudFormation StackSets deploy a stack across multiple accounts and regions using administrator and target roles, with AWS Organization support for automatic deployment to new accounts.

Deploy StackSets across multiple regions to enable AWS config, create StackSet admin and execution roles, and track resource configurations across regions in the same account.

Add stacks to a CloudFormation stack set, specify more regions and accounts, override parameters if needed, and review stack instances to verify deployments are current.

Learn how to delete stack sets in CloudFormation by detaching stacks, deleting stack instances, and performing a full cleanup including execution roles and the admin role.

Identify and resolve CloudFormation issues by diagnosing delete failed and update rollback failed states, checking for empty S3 buckets, security group deletions, and StackSets permission or quota problems.

Create and review CloudFormation change sets to preview template updates before applying them, view changes across nested stacks, and execute to update or create the stack safely.

Explore cfn-hup, a CloudFormation bootstrap tool that polls ec2 metadata every 15 minutes and reconfigures via cfn-init, demonstrated by updating a live httpd website.

CloudFormation drift detects manual changes by comparing actual resource configurations to templates across stacks and StackSets. Learn to view drift details and decide to update templates or revert.

AWS service catalog provides a self-service portal with IAM authorized CloudFormation template products organized into portfolios managed by admins, enabling governance, compliance, and standardization through centralized provisioning.

Explore service catalog concepts for the exam, including CloudFormation stack sets with regions and account constraints, launch constraints with an IAM role, and CodeCommit–Lambda synchronization for versioned templates.

Elastic Beanstalk provides a developer-centric, single interface to deploy code with automatic capacity provisioning, load balancing, and health monitoring, using environments, versions, and web or worker tiers.

Create an Elastic Beanstalk web server environment with a sample app on a single t3 micro instance. Explore CloudFormation-backed resources, health, logs, monitoring, and configuration options to manage deployments.

Create a second Elastic Beanstalk environment named prod using Node.js and a sample app to demonstrate high availability, with subnets, a load balancer, auto scaling, and health reporting.

Compare Elastic Beanstalk deployment options such as all at once, rolling, rolling with additional batches, immutable, blue/green, and traffic splitting, highlighting downtime, capacity, and rollback implications.

Master elastic beanstalk deployment modes, including all at once, rolling, rolling with additional batch, and immutable, plus traffic splitting. See blue-green deployment through environment swapping and Node.js sample app updates.

Explain web versus worker deployments in Elastic Beanstalk, decoupling long tasks to a worker tier via an SQS queue, with cron.yaml for periodic tasks and EventBridge notifications.

Explore AWS SAM, a framework to build, debug locally, and deploy serverless apps using SAM YAML and CloudFormation, with SAM build, deploy, and accelerate for Lambda, API Gateway, and DynamoDB.

Learn how SAM integrates with CodeDeploy to update Lambda aliases via traffic shifting, with pre- and post-traffic hooks, alarms, and optional automated rollbacks.

Explore the AWS CDK to define infrastructure in TypeScript, Python, Java, and .NET using constructs such as a VPC and an ECS cluster; CDK synthesizes to CloudFormation templates.

Learn to build cloud infrastructure with the AWS CDK by creating an S3 bucket, a Lambda for Rekognition, and a DynamoDB table, then bootstrap, synth, and deploy.

Define and visualize workflows as AWS Step Functions state machines, where each task state orchestrates a Lambda, DynamoDB, or ECS work, defined in JSON.

Explore AWS Step Functions with a Hello World demo in Workflow Studio, drag-and-drop components, and build a state machine with branching, parallel execution, and variable initialization.

Build a state machine that invokes a Lambda function, includes a choice state, and uses the state-machine.json to demonstrate the flow.

Leverage AWS AppConfig to manage external, dynamic configurations and feature flags with gradual deployments across EC2, Lambda, and ECS. Validate configs with JSON Schema or Lambda, and monitor with CloudWatch.

Master the AWS Systems Manager to manage a fleet of EC2 and on-prem servers, automate patching, monitor with CloudWatch, and leverage inventory, compliance, and automation tools for scalable operations.

Register EC2 instances in AWS Systems Manager Fleet Manager by using Amazon Linux 2, attach the SSM IAM role, and verify the agent is online with no inbound access.

Use environment and team tags to form resource groups and enable SSM-driven patching across EC2, S3, DynamoDB, and Lambda for dev, prod, and finance environments.

Leverage SSM documents in JSON or YAML to define actions and run commands across EC2 fleets, using Parameter Store, State Manager, Patch Manager, and Automation, and no SSH.

Explore how SSM automations use runbooks to perform EC2 and AWS resource tasks, such as restarting instances, creating AMIs, and EBS snapshots, via console, CLI, or EventBridge maintenance windows.

Discover the SSM parameter store, a serverless, secure configuration and secrets repository with KMS encryption, versioning, IAM access, EventBridge notifications, CloudFormation integration, and hierarchical parameters.

Explore the AWS parameter store by creating hierarchical parameters like /my-app/dev/db-url, choosing standard or secure-string types, and retrieving them via CLI with decryption and recursive path queries.

Automate patching with AWS SSM Patch Manager for EC2 and on-premises servers. Apply OS, application, and security updates via patch baselines and patch groups, with maintenance windows.

Configure patch manager policies for EC2 and on-premises patching, including scan and install, schedules, baselines, and targeted deployment. Create maintenance windows and run patch tasks with rate and error controls.

Explore how the aws ssm session manager provides a secure shell for ec2 and on-prem servers via console, cli, or sdk, without inbound ssh or bastion access, with commands logged.

Learn to establish an SSH session to EC2 instances using SSM session manager, even with no SSH inbound rules, and log sessions with CloudWatch and S3 for compliance.

Navigate to Fleet Manager, identify the three managed instances, and terminate them to avoid running costs; this cleanup is covered in the lecture.

Enable dhmc to manage ec2 instances with systems manager without an ec2 instance profile fully. It uses an instance identity role and imds v2 for region-enabled ssm agent management.

Enable default host management in AWS Systems Manager Fleet Manager, create the IAM role, and ensure the SSM agent is updated to version 3.2+ on Amazon Linux 2023 EC2.

Systems Manager extends to on-premises servers, IoT and edge devices via hybrid activation, using activation code and ID to register a server as a managed instance via the SSM agent.

Perform a hybrid activation, launch an on-premises Ubuntu instance, register with SSM using activation code and ID, start the SSM agent, and verify the managed node in the fleet manager.

Activate and manage Greengrass core devices with Systems Manager by installing the SSM agent, applying a Token Exchange IAM role, and using Patch Manager, Session Manager, and Run Command features.

Enable cost savings with SSM automations by automatically starting and stopping EC2 and RDS instances, resizing capacity, and creating golden AMIs via EventBridge and AWS Config remediation.

Aggregate patch and configuration compliance data across regions with AWS Systems Manager, using resource data sync to S3, then analyze via Athena and QuickSight and integrate with Security Hub.

Explore how AWS OpsCenter within Systems Manager centralizes security and performance issues into OpsItems, surfaces notifications, and guides automations and runbooks to rapidly resolve problems.

Learn to access private-subnet EC2 instances with SSM Session Manager by configuring VPC endpoints for SSM, SSM Session Manager, KMS, CloudWatch logs, and S3.

Learn lambda versions and aliases, where versions are immutable and aliases point to versions using dev, test, and prod. Implement canary deployments with traffic weights to validate V2 before switching.

Learn how to create and publish lambda versions, manage aliases such as dev, test, and prod, and implement weighted traffic to gradually migrate to a new version.

Explore Lambda environment variables as key-value strings that tailor function behavior without code changes, and learn to encrypt them with KMS using Lambda service key or a customer master key.

Explore environment variables in lambda with a Python 3.8 function. Set, retrieve, and test ENVIRONMENT_NAME to see how unencrypted values change lambda behavior.

Understand lambda concurrency and throttling, including reserved concurrency and 429 errors for synchronous calls; asynchronous retries to DLQ, plus provisioned concurrency and Application Auto Scaling to reduce cold starts.

Explore Lambda concurrency settings, including unreserved and reserved concurrency, testing throttling with zero reserve, and enabling provisioned concurrency to reduce cold starts with a warm pool.

Describe mounting an EFS file system to Lambda via a VPC using EFS access points. Compare Lambda storage options, including /tmp ephemeral, Lambda layers, S3, and EFS.

Learn how to mount an efs file system from a different account onto a lambda function across vpc peering, including permissions, access points, mount targets, and efs policy setup.

Discover how API gateway exposes REST and HTTP endpoints, proxying to Lambda with WebSocket support and security features. Learn endpoint types, authentication options, rate limiting, OpenAPI tooling, and SDK generation.

Explore building and testing a REST API with AWS API Gateway, integrating a Lambda function via proxy, deploying to a dev stage, and validating requests and responses with CloudWatch logs.

Deploy changes to API Gateway stages to go live and manage versions like v1 and v2, using stage variables to route to Lambda aliases across dev, test, prod.

Learn how to use API Gateway stage variables to route to Lambda aliases across dev, test, and prod by creating function versions, aliases, and deployments.

Discover how the OpenAPI specification defines rest APIs and integrates with API gateway, enabling import/export, client code generation, and json schema based request validation.

Import an OpenAPI definition to create a REST API in API gateway using the Pet Store example. Export as OpenAPI or swagger (JSON or YAML) and generate multi-language SDKs.

Enable API gateway caching to reduce backend calls, with a 300-second default TTL, stage-level caches, and per-method overrides, plus IAM authorization to invalidate.

Explore canary deployments on API gateway by routing a small percentage of traffic to a new version while monitoring metrics and logs, enabling a safe blue/green deployment.

Demonstrates setting up a canary deployment in API Gateway, using stage variables to route Lambda versions v1 and v2, testing, and promoting the canary to 100 percent.

Enable CloudWatch logs and X-Ray tracing for API Gateway, logging requests and responses. Track metrics like CacheHitCount, CacheMissCount, IntegrationLatency, and Latency, and manage throttling with usage plans to avoid timeouts.

Explore amazon ecs launch types, including ec2 launch type with provisioning and ecs agents, and fargate’s serverless containers, plus ecs task roles, load balancers, and efs for persistent data.

Explore ECS service auto scaling with AWS Application Auto Scaling, using CPU utilization, memory utilization, and ALB request count, and understand capacity providers versus ASG for EC2 launch type.

Explore serverless architectures on Amazon ECS with Fargate, EventBridge, S3, and DynamoDB; learn to trigger ECS tasks from EventBridge rules, schedules, and SQS queues, and monitor task lifecycle.

Configure ECS task logging to CloudWatch Logs with the awslogs driver and task definition logConfiguration, and compare Fargate versus EC2 approaches and sidecar or firelens options.

Explore Amazon elastic container registry for storing docker images on AWS with private and public options. Understand integration with ECS, IAM, and S3-backed storage, plus image vulnerability scanning and lifecycle.

Explore Amazon ECR lifecycle policies that expire untagged images older than 14 days or keep one, with priority-based rules to reduce storage costs and enable deployment to ECS or Fargate.

Explore Amazon EKS, the managed Kubernetes service on AWS, with EC2 and Fargate launch modes. Manage pods, services, and storage using CSI drivers across cloud environments.

Explore eks control plane logs, api server, audit, authenticator, controller manager, scheduler, and implement cloudwatch integration for node and container logs with fluent bit or fluentd, enabling cloudwatch insights.

Learn how Amazon Kinesis Data Streams ingest real-time data with producers and consumers, manage shards for throughput, enforce security and retention up to 365 days, with on-demand or provisioned capacity.

Explore creating and managing Amazon Kinesis Data Streams, including on-demand vs provisioned throughput, shards, and put-record. Practice producing and consuming data with AWS CLI and CloudShell.

Ingest, transform with Lambda, buffer, and batch-write streaming data with Amazon Data Firehose to S3, Redshift, OpenSearch, or third-party destinations in near real-time.

Learn to configure Kinesis Data Firehose delivery streams to ingest data from producers, optionally transform with Lambda, and deliver to S3, OpenSearch, or Redshift with buffering and encryption.

Leverage the Amazon managed service for Apache Flink to run real-time data stream processing on a managed cluster, with automatic scaling, checkpoints, and Kinesis Data Streams or Amazon MSK.

Explore the AWS Kinesis data analytics options, including streaming applications built with Apache Flink and the studio notebook, plus legacy SQL applications for real-time analytics.

Explore Amazon Route 53, a highly available, fully managed authoritative DNS, and learn to register domains, create public and private hosted zones, and configure A, AAAA, and CNAME records.

Explore Route 53's weighted routing policy to steer 70/20/10 traffic across three EC2 instances for load balancing across regions, and learn how zero weights or health checks influence routing.

Implement latency-based routing in Route 53 to send users to nearest AWS region with the lowest latency, such as us-east-1 or ap-southeast-1. Test with a VPN to verify regional routing.

Explore how Route 53 failover uses primary and secondary health-checked records to automatically switch DNS responses between eu-central-1 and us-east-1.

Explore how RDS read replicas scale reads with asynchronous replication across availability zones and regions, and how multi-AZ provides disaster recovery with synchronous replication and automatic failover.

Explore how Amazon Aurora uses writer and reader endpoints, auto scaling, and global databases for fast failover, cross-region replication, and local vs global data access.

Use Amazon ElastiCache to cache frequent queries with Redis or Memcached, reducing database load. Store session data to keep apps stateless, and compare Redis multi-AZ, AOF, backups with Memcached partitioning.

Practice using Amazon ElastiCache for Redis; configure a node-based cluster (cluster mode disabled) with auto-failover, t2 micro, backups, and security groups, and use endpoints for access; then delete.

Compare cluster mode disabled and enabled in ElastiCache for Redis, detailing primary and replica roles, reads, writes, and scaling through shards, read replicas, and configuration endpoints.

Explore how DynamoDB is a fully managed, cloud-native NoSQL database with single-digit millisecond performance, multi-AZ replication, and IAM security, enabling auto-scaling and no maintenance.

Create a DynamoDB table named DemoTable with a user ID partition key, exploring serverless no-SQL design and on-demand versus provisioned capacity with auto-scaling.

Explore DynamoDB advanced features, including DAX caching for microsecond reads, DynamoDB Streams and Kinesis integrations, global tables for active-active replication, TTL and backups, and exporting to S3 for analytics.

Migrate on-premise databases to AWS with DMS, enabling resilient, continuous replication via CDC. Use SCT for schema conversion when engines differ.

Explore AWS DMS end-to-end migration workflow, from discovery and schema conversion to endpoints, replication tasks, and serverless or provisioned instances for migrating or replicating data.

Monitor dms replication tasks and per-table activity (inserts, updates, deletes, and ddl), track task status and table states, and review CloudWatch metrics for host and throughput and latency.

Enable versioning on source and destination buckets to enable S3 replication. Choose cross-region or same-region replication, grant S3 IAM read and write permissions, and note cross-account and aggregation use cases.

Create an origin bucket in eu-west-1 and a replica in us-east-1, enable versioning, and configure a cross-region replication rule that also covers delete markers and existing objects via batch operation.

Explore how AWS Storage Gateway bridges on-premises storage with the cloud to enable hybrid cloud, disaster recovery, and tiered storage using S3, EBS, and Glacier.

Explore how AWS Storage Gateway File Gateway stays in sync with S3 using the RefreshCache API or automated cache refresh via Lambda to prevent stale data.

Explore auto scaling group scaling policies: dynamic target tracking, step, scheduled, and predictive scaling, with metrics like CPU utilization and requests per target.

Learn how autoscaling groups use dynamic, predictive, and scheduled actions to maintain target cpu utilization, with target tracking, simple and step scaling, and CloudWatch alarms.

Lifecycle hooks in autoscaling groups let you pause an instance in pending during scale-out or terminate with a wait state. Use EventBridge to trigger actions and collect logs.

Compare sns notifications for asg events with EventBridge's json format, covering launch and termination success or failure, plus instance refresh statuses; use EventBridge filters to target specific events.

Discover how termination policies in auto scaling groups determine which instances terminate during scale-in, instance refresh, or az rebalance, and how oldest template and closest to next billing hour work.

Learn how auto scaling groups use warm pools of pre-initialized instances to reduce scale-out latency, with warm pool sizing, instance states, lifecycle hooks, and cost trade-offs.

Explore how AWS application auto scaling manages capacity across resources from a single place, enabling scaling plans with target tracking or scheduled policies for DynamoDB, Aurora, ECS, and Lambda.

Explore how application load balancer rules process in order, with default rules and actions like forward, redirect, or fixed response, using conditions and weights for blue-green deployments.

Explore dualstack networking for elastic load balancers, enabling IPv4, IPv6, and dualstack access with separate IPv4/IPv6 target groups, auto protocol resolution, and PrivateLink cross-VPC support.

Learn how NAT gateways provide managed, high bandwidth, highly available internet access for private subnets via public subnets and the internet gateway, with AZ-level redundancy and pay-per-use pricing.

Master multi-AZ architectures in AWS, including a three-tier design with high availability for RDS, EFS, ELB, Aurora, OpenSearch, and DynamoDB, with synchronously replicated standby and cross-zone load balancing.

Explore blue-green deployment strategies on AWS using an ALB with blue and green target groups, including traffic switching, canary and alias approaches, and DNS considerations with Route 53.

Use Route 53 health checks and DNS failovers to implement multi-region architectures with latency-based and geoproximity routing. Replicate data with DynamoDB global tables and monitor CloudWatch alarms for low-latency access.

Learn disaster recovery in AWS by defining RPO and RTO and comparing backup and restore, pilot light, warm standby, and multi-site hot site strategies.

Explore Amazon CloudWatch metrics, including namespaces and dimensions, monitor EC2 CPUUtilization and S3 bucket size, and stream custom metrics via Firehose to analytics destinations.

Push custom metrics to CloudWatch with PutMetricData, dimensions like instance.id and instance.type, standard or high-resolution storage, and timestamps up to two weeks past or two hours in the future.

Analyze CloudWatch metrics to establish baselines and surface anomalies with machine learning, triggering alarms based on expected values rather than static thresholds, with options to exclude certain periods from training.

Explore CloudWatch Logs: organize with log groups, streams, retention, and KMS encryption; route logs to S3, Kinesis, Lambda, or OpenSearch; query with CloudWatch Logs Insights and cross-account aggregation.

Explore CloudWatch Logs basics, including log groups and streams, stdout and stderr outputs, and using metric filters and alarms to monitor, export, and query insights with CloudWatch Logs Insights.

Explore CloudWatch Logs Live Tail to monitor log events in real time by creating a demo log group and log stream, applying filters, and viewing matching entries.

Create CloudWatch logs metric filters with expressions to count errors or find IPs, generate metrics with up to three dimensions, and trigger alarms via SNS after filter creation.

Create a CloudWatch metric filter using a pattern from Engine X access logs to detect 400 errors, publish to a custom namespace and metric, and link it to an alarm.

Distinguish application logs, operating system logs, and access logs, and learn to stream them to CloudWatch Logs or S3 using Lambda, ECS, Beanstalk, and load balancers.

Explore how CloudWatch agents push logs from EC2 and on-prem servers to CloudWatch Logs, using the old Logs Agent or the unified agent with granular metrics.

Explore CloudWatch alarms and composite alarms, understand states OK, INSUFFICIENT_DATA, ALARM, periods and thresholds, then trigger EC2 actions, auto-scaling, SNS, Lambda, and recovery.

Create a CloudWatch alarm on an EC2 instance to terminate the machine when CPU usage stays above 95% for 15 minutes, including metric selection and set alarm states.

Configure CloudWatch synthetics canary scripts in Node.js or Python to reproduce customer flows on APIs and websites, monitor availability and latency, and capture load times and screenshots with Headless Chrome.

Explore amazon athena, a serverless query service over s3 that uses presto, standard sql, and formats like parquet and ORC, with federated queries via lambda.

Configure a query results location in S3, use Athena's serverless SQL to query data, and create a database and table to run aggregations on access logs.

Explore Amazon EventBridge, formerly CloudWatch Events, for scheduled and event-driven routing to AWS Lambda, Amazon SNS, Amazon SQS, Amazon Kinesis, and AWS Step Functions, with schemas, archives, and cross-account policies.

Master Amazon EventBridge with hands-on guidance by building rules and event patterns, wiring EC2 state-change events to SNS or SQS, configuring schedules, event buses, partner sources, and the schema registry.

Explore content filtering in EventBridge by building advanced event patterns that filter by source, detail type, bucket name prefix, object key suffix, and other criteria to route only matching events.

Learn to configure EventBridge input transformers to transform EC2 instance state-change notifications and route simplified outputs to CloudWatch log groups using a rule and input templates.

Configure Amazon S3 event notifications to react to object events like creation, removal, restoration, or replication, filter by JPEG endings, and route to SNS, SQS, Lambda, or Event Bridge.

Explore S3 event notifications by creating a bucket and configuring events for all object create actions, publishing to SQS, SNS, Lambda, or EventBridge, and testing with a jpeg upload.

Learn how to verify Amazon S3 object integrity with MD5, Content MD5 header, and ETag, and note support for SHA-1, SHA-256, CRC32, CRC32C.

Explore the AWS Health Dashboard's service history and account health view, with alerts and remediation guidance. See outages and proactive notices for scheduled maintenance impacting your accounts.

Discover the AWS health dashboard to monitor service health by region, review service history and account issues, and learn to configure organizational health and automate alerts with EventBridge.

Learn to use the AWS Health Dashboard with EventBridge to trigger SNS notifications and Lambda remediations for EC2 updates, exposed IAM keys, and retirement events.

Understand the three EC2 status checks—system, instance, and attached EBS—and how CloudWatch alarms or an auto scaling group can recover instances to maintain uptime.

Monitor EC2 status with system and instance checks, create a CloudWatch status check alarm with recover action, and simulate alarm states using CloudShell and AWS CLI.

CloudTrail provides governance, compliance, and audit history across AWS accounts by logging console, SDK, and CLI events. Store logs in CloudWatch Logs or S3, enable CloudTrail Insights to detect activity.

CloudTrail records API calls and user activity in an event history UI, showing event source, access key, and region, demonstrated by terminating an EC2 instance.

Learn how to integrate CloudTrail with EventBridge to intercept API calls and trigger SNS notifications for events such as DeleteTable, AssumeRole, and AuthorizeSecurityGroupIngress.

Learn how SQS handles failed messages with dead letter queues, using maximum receives thresholds, redrive to source, and debugging for FIFO and standard queues.

Configure a dead-letter queue for a demo queue, enable 14-day retention and encryption, then run three reads to move messages to the DLQ and redrive to the source queue.

Configure Amazon SNS subscriptions with a redrive policy to route discarded messages to a dedicated dead letter queue for each subscription, including http endpoint and lambda subscriptions.

Explore AWS X-Ray for visual analysis and tracing of requests across microservices, revealing latency and error rates and guiding distributed tracing and troubleshooting in a DevOps context.

Enable AWS X-Ray on Beanstalk by activating the X-Ray daemon and granting an IAM role; instrument your app with the X-Ray SDK to send traces.

Explore the AWS Distro for OpenTelemetry, a secure production-ready distribution. It collects traces, metrics, and AWS resource metadata via agents and collectors, sending data to X-Ray, CloudWatch, Prometheus, or Datadog.

Discover how AWS Config audits resources against managed or custom rules, leverages Lambda for evaluation, remediates non-compliance with SSM documents, and uses CloudTrail along with EventBridge or SNS for alerts.

Learn how to use AWS Config to record resources, include global resources, store data in S3, and apply managed rules like restricted SSH, evaluate compliance, and remediate noncompliant security groups.

Configure AWS Config with a Configuration Recorder to capture configuration items and changes, deploy it across accounts with a StackSet, and aggregate data with Aggregators for cross-account visibility and compliance.

Conformance packs deploy YAML-configured rules and remediations across accounts or an organization, acting like the CloudFormation of config rules with Lambda-backed custom rules.

Explore AWS Config organizational rules and conformance packs, deploying rules from the management account to all member accounts, with organization-wide scope and account-level compliance.

Explore how AWS Organizations centralizes multi-account management with a management account, member accounts, and organizational units, using the Organization Account Access Role for admin tasks and consolidated billing.

Define and enforce service control policies (SCPs) to allow or deny IAM actions across an AWS organization, applied at OU or account level with explicit allows and management account protection.

Discover AWS Control Tower’s automated, compliant multi-account governance built on AWS Organizations. See account factory provisions accounts with Service Catalog, and guardrails for preventive and detective policy enforcement.

Discover how AWS Control Tower builds a landing zone with security and sandbox OUs, log archive and audit accounts, and guardrails, while enabling IAM Identity Center and SSO access.

Discover how landing zones in Control Tower create a secure, compliant multi-account environment using organization, account factory, OUs, SCP, IAM Identity Center, guardrails, and Config.

Explore account factory customization in AWS Control Tower, using a hub-stored CloudFormation blueprint in Service Catalog to deploy new accounts and automate migrations with conformance packs.

Explore customizations for AWS Control Tower (CfCT), a GitOps framework that deploys CloudFormation templates and SCPs across all accounts via pipelines, CodeBuild, and Step Functions.

Integrate AWS Config with Control Tower to enforce detective guardrails across all member accounts, deploy conformance packs via stack sets, and automate config deployment with event-driven Lambda and CloudFormation.

Explore how the control tower account factory for terraform automates provisioning of new accounts via codecommit, codepipeline, and codebuild, with optional cloudtrail data events, enterprise support, and default VPC deletion.

Discover AWS IAM Identity Center, delivering one login for multiple AWS accounts via SAML 2.0. Configure built-in or external identity stores and permission sets, enabling attribute-based access across accounts.

Integrate with IdPs via saml 2.0 and automate provisioning with scim; apply abac using user tags and resource tags, define permission sets, and enforce context-aware MFA in IAM Identity Center.

Protects web applications from layer seven exploits with web ACL rules for IPs, headers, bodies, and URLs, deployed on CloudFront, ALB, API gateway, and AppSync.

Manage firewall rules across all accounts in an AWS organization using AWS Firewall Manager; define region-level security policies with WAF and Shield, and auto-apply to new ALB and other resources.

Learn firewall manager policies for WebACLs with optional auto remediation, Shield Advanced, and security group auditing, with centralized or distributed network firewall management and Route 53 resolver DNS firewall associations.

GuardDuty uses machine learning to detect unusual activity from CloudTrail, VPC flow logs, and DNS data, including cryptocurrency threats, with one-click enable and a 30-day trial.

Master advanced GuardDuty for multi-account setups with delegated administration, findings management, suppression rules, and automated responses via EventBridge, SNS, and Lambda, including trusted and threat IP lists.

Explore Amazon GuardDuty and CloudFormation integration by using a Lambda-backed custom resource to enable GuardDuty only when not already active, and deploy across an organization with StackSets.

Amazon Detective analyzes data from GuardDuty, Macie, and Security Hub with machine learning and graphs to quickly identify root causes and unify VPC Flow Logs, CloudTrail, and GuardDuty.

Amazon Inspector runs security assessments on EC2 instances, container images in ECR, and Lambda functions. It analyzes CVEs, reports findings to AWS Security Hub and EventBridge, and assigns risk scores.

Enable Amazon Inspector on your EC2 instances by installing the SSM agent and configuring an IAM role or default host management for Systems Manager, then assess inventory and receive recommendations.

Learn how to migrate an EC2 instance across availability zones using AMIs, and how to share, copy, and re-encrypt AMIs with KMS CMKs and EBS snapshot permissions.

Discover how AWS Trusted Advisor provides an account assessment with core checks across six categories, and that full checks require a business or enterprise plan with the AWS Support API.

Explore Trusted Advisor architectures and automate responses with event-driven workflows using EventBridge, SNS, and Lambda for underutilized EC2 and service quota alerts.

Discover AWS Secrets Manager, a newer service for storing and rotating secrets with Lambda-generated rotation, integrated with RDS and other databases, encrypted by KMS, and multi-region replication for disaster recovery.

Explore how AWS Secrets Manager rotates, manages, and retrieves secrets—distinct from SSM parameter store—across their life cycle, with MySQL, PostgreSQL, Amazon Aurora, and RDS integrations, region replication, and IAM policies.

Explore how to use the AWS tag editor to manage tags across multiple resources, add updates, delete tags, and search tagged or untagged resources across regions.

Explore Amazon QuickSight, a serverless, machine learning–powered business intelligence service for creating interactive dashboards from your databases, offering per-session pricing and integrations to RDS, Aurora, Athena, Redshift, and S3.

Explore AWS Glue, a serverless ETL service that loads data from S3 and RDS, converts CSV to Parquet for Athena, and catalogs metadata with the Glue Data Catalog.

Learn how to sign in to AWS certification accounts, create a Builder ID, access the certification portal, and schedule exams via Pearson VUE, including online and in-person options.

Discover how to save 50% on your next AWS exam by claiming benefits tokens after passing a prior exam, then apply the voucher code at checkout to receive the discount.

Non-native English speakers can request a 30-minute accommodation via exam registration by selecting ESL +30 minutes, uploading documentation if needed, and schedule the exam again with the extra time applied.

Revisit lectures and practice extensively to prepare for the AWS DevOps Engineer Professional exam. Leverage the free exam readiness course and DevOps blogs to understand AWS architectures.

Navigate AWS certification paths across foundational, associate, professional, and specialty levels. Follow role-based tracks such as solutions architect, devops engineer, security, data, AI practitioner, and machine learning engineer.

Celebrate finishing the course and invite learners to leave a star rating with optional comments, then post exam success on Q&A or LinkedIn while accessing bonus AWS practice exams.