AWS Certified DevOps Engineer - Professional Certification and Beyond

AWS Certified DevOps Engineer - Professional Certification and Beyond

by Adam Book
Released November 2021
Publisher(s): Packt Publishing
ISBN: 9781801074452

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Explore the ins and outs of becoming an AWS certified DevOps professional engineer with the help of easy-to-follow practical examples and detailed explanations

Key Features

  • Discover how to implement and manage continuous delivery systems and methodologies on AWS
  • Explore real-world scenarios and hands-on examples that will prepare you to take the DOP-C01 exam with confidence
  • Learn from enterprise DevOps scenarios to prepare fully for the AWS certification exam

Book Description

The AWS Certified DevOps Engineer certification is one of the highest AWS credentials, vastly recognized in cloud computing or software development industries. This book is an extensive guide to helping you strengthen your DevOps skills as you work with your AWS workloads on a day-to-day basis.

You'll begin by learning how to create and deploy a workload using the AWS code suite of tools, and then move on to adding monitoring and fault tolerance to your workload. You'll explore enterprise scenarios that'll help you to understand various AWS tools and services. This book is packed with detailed explanations of essential concepts to help you get to grips with the domains needed to pass the DevOps professional exam. As you advance, you'll delve into AWS with the help of hands-on examples and practice questions to gain a holistic understanding of the services covered in the AWS DevOps professional exam. Throughout the book, you'll find real-world scenarios that you can easily incorporate in your daily activities when working with AWS, making you a valuable asset for any organization.

By the end of this AWS certification book, you'll have gained the knowledge needed to pass the AWS Certified DevOps Engineer exam, and be able to implement different techniques for delivering each service in real-world scenarios.

What you will learn

  • Automate your pipelines, build phases, and deployments with AWS-native tooling
  • Discover how to implement logging and monitoring using AWS-native tooling
  • Gain a solid understanding of the services included in the AWS DevOps Professional exam
  • Reinforce security practices on the AWS platform from an exam point of view
  • Find out how to automatically enforce standards and policies in AWS environments
  • Explore AWS best practices and anti-patterns
  • Enhance your core AWS skills with the help of exercises and practice tests

Who this book is for

This book is for AWS developers and SysOps administrators looking to advance their careers by achieving the highly sought-after DevOps Professional certification. Basic knowledge of AWS as well as its core services (EC2, S3, and RDS) is needed. Familiarity with DevOps concepts such as source control, monitoring, and logging, not necessarily in the AWS context, will be helpful.

Table of contents

  1. AWS Certified DevOps Engineer - Professional Certification and Beyond
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Acknowledgments
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Share your thoughts
  7. Section 1: Establishing the Fundamentals
  8. Chapter 1: Amazon Web Service Pillars
    1. Service pillars overview
    2. Operational excellence
      1. Performing Operations as Code
      2. Refining operations frequently
      3. Making small, frequent, and reversible changes
      4. Anticipating failure
      5. Learning from failure
      6. Example – operational excellence
    3. Security
      1. Implementing a strong identity foundation
      2. Enabling traceability
      3. Applying security at all layers
      4. Automating security best practices
      5. Protecting data in transit and at rest
      6. Using mechanisms to keep people away from data
      7. Preparing for security events
    4. Reliability
      1. Automating recovery from failure
      2. Testing recovery procedures
      3. Scaling horizontally to increase workload availability
      4. Stop guessing capacity
      5. Managing changes in automation
    5. Performance efficiency
      1. Making advanced technologies easier for your team to implement
      2. Being able to go global in minutes
      3. Using serverless architectures
      4. Allowing your teams to experiment
      5. Using technology that aligns with your workload's goals
    6. Cost optimization
      1. Implementing cloud financial management
      2. Adopting a consumption model
      3. Measuring overall efficiency
      4. Stop spending money on undifferentiated heavy lifting
      5. Analyzing and attributing expenditure
    7. Overarching service pillar principals
    8. Summary
    9. Review questions
    10. Review answers
    11. Further reading
  9. Chapter 2: Fundamental AWS Services
    1. Technical requirements
    2. Setting up and accessing your AWS account
      1. Accessing the AWS Management Console
      2. Setting up and using the AWS CLI v2
      3. Configuring the CLI
    3. Cloud compute in AWS
      1. Amazon Elastic Cloud Compute (EC2)
      2. AWS Batch
    4. Virtual Private Cloud networking and Route 53 networking
      1. VPC
      2. Route 53
    5. Cloud databases
      1. Relational databases
      2. Key-value databases
      3. In-memory databases
      4. Document databases
    6. Message and queueing systems
      1. Simple Notification Service (SNS)
      2. Simple Queue Service (SQS)
      3. Amazon MQ
      4. Simple Email Service (SES)
    7. Trusted Advisor
      1. Accessing Trusted Advisor
    8. Summary
    9. Review questions
    10. Review answers
  10. Chapter 3: Identity and Access Management and Working with Secrets in AWS
    1. Technical requirements
    2. Understanding the Shared Responsibility Model in AWS
      1. Authorization versus authentication
      2. Terms to understand for IAM
    3. IAM roles, groups, users, and policies
      1. IAM policies
    4. Using AWS Organizations as part of your guidance
      1. Separation with OUs
      2. SCPs
    5. Integrating federation with an AWS account
      1. When would you use federation?
      2. Using AD federation with IAM
      3. AWS SSO
      4. Choosing a user identity strategy
    6. Storing secrets securely in AWS
      1. AWS Secrets Manager
      2. SSM Parameter Store
    7. Using Cognito with application authentication
      1. Where would you use Cognito?
      2. User pools
      3. Identity pools
    8. Summary
    9. Review questions
    10. Review answers
  11. Chapter 4: Amazon S3 Blob Storage
    1. S3 concepts
      1. Interacting with S3
      2. S3 naming guidelines
      3. Moving data to S3
      4. S3 storage tiers
      5. Using lifecycle policies in S3
    2. S3 endpoints
    3. S3 access control
      1. Resource-based policies
      2. User-based policies
      3. Cross-account access
    4. S3 access logs
    5. Encryption options with S3
      1. Server-side encryption
      2. Client-side encryption
    6. Using S3 events to trigger other AWS services
    7. S3 Batch operations
    8. S3 Batch hands on-example
    9. S3 replication
    10. S3 versioning
    11. Summary
    12. Review questions
    13. Review answers
  12. Chapter 5: Amazon DynamoDB
    1. Understanding the basis and background of DynamoDB
      1. DynamoDB origins
      2. NoSQL versus relational databases
      3. Core components of Dynamo
      4. Tables and their attributes
      5. The primary key
      6. Secondary indexes
      7. Other pertinent Dynamo information
    2. Understanding DynamoDB data modeling
      1. Read and write capacity
      2. Adaptive capacity
      3. Data types available in DynamoDB tables
    3. Inserting and accessing data in DynamoDB
      1. Creating tables in Dynamo DB
      2. Inserting data into DynamoDB
      3. Scanning data
      4. Querying data
      5. Secondary indexes in Dynamo, both global and local
    4. Understanding DynamoDB Streams
      1. Global tables
    5. Using the DynamoDB accelerator (DAX)
    6. Authenticating and authorizing in DynamoDB
      1. Web Identity Federation
    7. Monitoring DynamoDB
      1. Contributor Insights
    8. Summary
    9. Review questions
    10. Review answers
  13. Section 2: Developing, Deploying, and Using Infrastructure as Code
  14. Chapter 6: Understanding CI/CD and the SDLC
    1. Introduction to the SDLC
      1. CI
      2. Continuous delivery
      3. CD
      4. Testing
      5. Maturing throughout the process
    2. Development teams
      1. The application team
      2. The infrastructure team
      3. The tools team
    3. Understanding the different types of deployments
      1. In-place deployments
      2. Immutable and blue-green deployments
      3. Canary deployments
      4. Rolling deployments
      5. Linear deployments
      6. All-at-once deployments
    4. Review questions
    5. Review answers
    6. Summary
  15. Chapter 7: Using CloudFormation Templates to Deploy Workloads
    1. Technical requirements
    2. Essential CloudFormation topics
      1. The anatomy of a CloudFormation template
      2. Launching CloudFormation templates
      3. Using change sets
      4. Rollback features of CloudFormation
      5. Intrinsic functions in CloudFormation
      6. CloudFormation best practices
    3. Creating nested stacks with dependencies
      1. Packaging up your nested stack for deployment
      2. Creating a nested stack using the AWS CLI
      3. Using DependsOn to order resources
      4. Adding wait conditions to a template
      5. Using curl to signal
    4. Adding a helper script to a CloudFormation template
    5. Understanding how to detect drift in CloudFormation templates
      1. Managing templates with Service Catalog
    6. Using the Cloud Development Kit
      1. Concepts of the AWS CDK
      2. Advantages of using the AWS CDK
    7. Summary
    8. Review questions
    9. Review answers
  16. Chapter 8: Creating Workloads with CodeCommit and CodeBuild
    1. Technical requirements
    2. Using CodeCommit for code versioning
      1. What is CodeCommit?
      2. Benefits of CodeCommit
      3. Controlling access to repositories
    3. Setting up your CodeCommit repository
      1. Creating your IAM group for developers
      2. Creating your developer
      3. Adding your developer's SSH key
      4. Creating a developer branch and pushing commits to that branch
      5. Approvals in CodeCommit
      6. Merging your developer branch with the main branch
    4. Using AWS CodeBuild
      1. Features to know about CodeBuild
      2. Creating a CodeBuild job
      3. Constructing the buildspec file
      4. Storing CodeBuild artifacts
      5. Using CodeBuild to test
      6. Triggering CodeBuild jobs via CodeCommit
      7. Advanced features of AWS CodeBuild
    5. Summary
    6. Review questions
    7. Review answers
  17. Chapter 9: Deploying Workloads with CodeDeploy and CodePipeline
    1. Technical requirements
    2. About AWS CodePipeline
      1. CodePipeline structure for actions
      2. Use cases for AWS CodePipeline
    3. Setting up a code pipeline
      1. Creating our code base prior to setting up the pipeline
      2. Creating our tools team member
      3. Creating a pipeline
      4. Updating our developer users
      5. CodePipeline concepts
      6. Approval actions in a code pipeline
    4. Using Jenkins to build your workloads
    5. About AWS CodeDeploy
      1. Basic CodeDeploy concepts to understand
      2. Installing the CodeDeploy agent file
      3. Understanding the appspec file
      4. Deployment rollbacks and content redeployment
    6. Use cases for AWS CodeDeploy
      1. Deploying application updates to servers in an on-premises data center
      2. Deploying application updates to Windows or Linux servers in the AWS cloud
      3. Deploying application updates to multiple regions with one deployment push
      4. Deploying a new task to ECS in blue/green fashion
      5. Deploying a task to Amazon ECS and using Lambda to validate before switching traffic over
      6. Monitoring CodeDeploy jobs
    7. Summary
    8. Review questions
    9. Review answers
  18. Chapter 10: Using AWS Opsworks to Manage and Deploy your Application Stack
    1. Technical requirements
    2. OpsWorks essentials
      1. Understanding the components of OpsWorks
      2. Lifecycle events in OpsWorks
      3. Access management in OpsWorks
    3. Use cases for AWS OpsWorks
    4. Available OpsWorks platforms
      1. OpsWorks Stacks
      2. OpsWorks for Chef Automate
      3. OpsWorks for Puppet Enterprise
    5. Creating and deploying a recipe
    6. Deployments in OpsWorks
    7. Monitoring OpsWorks
    8. Summary
    9. Review questions
    10. Review answers
  19. Chapter 11: Using Elastic Beanstalk to Deploy your Application
    1. Technical requirements
    2. Understanding the built-in functionality of Elastic Beanstalk
      1. Different environments in Elastic Beanstalk
      2. The different components that make up Elastic Beanstalk
    3. Creating a service role in the IAM console
    4. Installing and using the Elastic Beanstalk command-line interface (EB CLI)
      1. Installing the EB CLI
      2. Using the EB CLI to create a project
    5. Understanding advanced configuration options with .ebextensions
    6. Deployment types with Elastic Beanstalk
      1. All-at-once deployments
      2. Rolling deployments
      3. Rolling with additional batch
      4. Immutable
      5. Traffic splitting
    7. Using Elastic Beanstalk to deploy an application
      1. Troubleshooting the deployment with the EB CLI
    8. Elastic Beanstalk use cases
      1. Elastic Beanstalk anti-patterns
    9. Summary
    10. Review questions
    11. Review answers
  20. Chapter 12: Lambda Deployments and Versioning
    1. Technical requirements
    2. AWS Lambda overview
      1. Serverless instead of servers
      2. Synchronous versus asynchronous invocation
    3. Lambda functions
      1. The basic concepts of Lambda
      2. The Lambda handler
      3. Limits of Lambda
      4. Creating a Lambda function
    4. Lambda triggers and event source mappings
      1. Looking at event source mappings
      2. Services that Lambda can read from event sources
    5. Deploying versions using Lambda
      1. Using aliases in Lambda
    6. Working with Lambda layers
      1. Adding a Lambda layer to our function
    7. Monitoring Lambda functions
      1. Using X-Ray to help troubleshoot your functions
    8. Optimal Lambda use cases and anti-patterns
      1. AWS Lambda optimal use cases
      2. Lambda anti-patterns
    9. Orchestrating Step Functions with Lambda
      1. Understanding state machines inside of Step Functions
      2. How do Step Functions work?
      3. States available in Step Functions
      4. Creating a Step Function
    10. Summary
    11. Questions
    12. Answers
  21. Chapter 13: Blue Green Deployments
    1. Understanding the concept of blue/green deployments
      1. Deployments are not easy
    2. AWS services that you can use for blue/green deployments
      1. AWS CloudFormation
      2. AWS Elastic Beanstalk
      3. AWS CodeDeploy
      4. AWS ELB
      5. Amazon ECS
      6. Amazon Elastic Kubernetes Service
      7. AWS OpsWorks
      8. Amazon CloudWatch
      9. Amazon Route 53
    3. Benefits of blue/green deployments with AWS
    4. Techniques for performing blue/green deployments in AWS
      1. Updating DNS routing with Route 53
      2. Swapping the Auto Scaling group behind ELB
      3. Updating Auto Scaling group launch configurations
      4. Updating ECS
      5. Swapping the environment of an Elastic Beanstalk application
      6. Cloning an OpsWorks stack and then updating the DNS record
    5. Using best practices in your data tier with blue/green deployments
      1. Separating schema changes from code changes
    6. Summary
    7. Review questions
    8. Review answers
  22. Section 3: Monitoring and Logging Your Environment and Workloads
  23. Chapter 14: CloudWatch and X-Ray's Role in DevOps
    1. CloudWatch overview
      1. Understanding and using the CloudWatch unified agent
      2. Installing the CloudWatch agent on an EC2 instance
    2. Using CloudWatch to aggregate your logs
      1. CloudWatch Logs terminology
    3. CloudWatch alarms
      1. Creating a CloudWatch alarm
    4. Adding application tracing with X-Ray
      1. How does the X-Ray service work?
      2. X-Ray and serverless services
      3. Implementing X-Ray on a Lambda function
    5. Summary
    6. Review questions
    7. Review answers
  24. Chapter 15: CloudWatch Metrics and Amazon EventBridge
    1. A closer look at CloudWatch metrics
      1. Viewing your metrics in CloudWatch
      2. Streaming metrics with CloudWatch metric streams
    2. Basic metrics in CloudWatch for AWS services
      1. Basic monitoring for the EC2 service
      2. Using custom metrics in CloudWatch
      3. High-resolution metrics in CloudWatch
      4. Creating custom metrics in CloudWatch
      5. Publishing a custom metric
    3. Using CloudWatch metrics to create dashboards
      1. Creating a base dashboard to monitor our resources
    4. Amazon EventBridge overview
      1. EventBridge service limits
      2. Event-driven architectures with EventBridge
      3. Using EventBridge to capture AWS service events
    5. Summary
    6. Questions
    7. Review answers
  25. Chapter 16: Various Logs Generated (VPC Flow Logs, Load Balancer Logs, CloudTrail Logs)
    1. Previous logs discussed
    2. The power of AWS CloudTrail
      1. Setting up CloudTrail
    3. Enabling Elastic Load Balancer logs
      1. Setting up an Elastic Load Balancer and enabling logging
      2. Use cases for Elastic Load Balancer logs
    4. Using VPC Flow Logs
      1. Limitations regarding VPC Flow Logs
      2. Enabling VPC Flow Logs
      3. Use cases for VPC Flow Logs
      4. Going back to our CloudTrail logs
      5. Searching through CloudTrail logs
    5. Cleaning up the resources
    6. Summary
    7. Review questions
    8. Review answers
  26. Chapter 17: Advanced and Enterprise Logging Scenarios
    1. Using QuickSight to visualize data
      1. Querying data with Amazon Athena
      2. Amazon QuickSight use cases
      3. Creating a dashboard with Amazon QuickSight
    2. Searching and grouping logs with managed Elasticsearch
      1. Use cases for managed Elasticsearch
      2. Streaming logs from CloudWatch Logs to the Elasticsearch service
    3. Understanding the Amazon Kinesis service
      1. Using Amazon Kinesis to process logs
      2. Using tagging and metadata to properly categorize logs
    4. Cleaning up resources
    5. Summary
    6. Review questions
    7. Review answers
  27. Section 4: Enabling Highly Available Workloads, Fault Tolerance, and Implementing Standards and Policies
  28. Chapter 18: Autoscaling and Lifecycle Hooks
    1. Understanding AWS Auto Scaling
      1. Understanding the differences between vertical and horizontal scaling
      2. The key components of Auto Scaling
      3. Understanding the different types of Auto Scaling
      4. The four primary use cases for AWS Auto Scaling
    2. Deploying EC2 instances with Auto Scaling
    3. The Auto Scaling lifecycle
    4. Using Auto Scaling lifecycle hooks
      1. Use cases for lifecycle hooks
      2. Cleaning up resources
    5. Summary
    6. Review questions
    7. Review answers
  29. Chapter 19: Protecting Data in Flight and at Rest
    1. Data encryption introduction
      1. Options for encrypting data at rest in AWS
    2. Understanding KMS keys
      1. Using AWS-managed CMKs keys to encrypt storage
      2. Creating and managing a customer-managed key in KMS
      3. Adding encryption to data stores using our custom KMS key
    3. Protecting data in transit with AWS Certificate Manager
      1. The two functions that ACM can serve
      2. Adding a certificate to Amazon CloudFront
    4. Summary
    5. Review questions
    6. Review answers
  30. Chapter 20: Enforcing Standards and Compliance with System Manger's Role and AWS Config
    1. The various capabilities of AWS Systems Manager
      1. Key features and benefits of Systems Manager
      2. Node management with Systems Manager
      3. Running remote commands on an EC2 instance
      4. Use cases for Systems Manager
    2. AWS Config essentials
      1. Concepts to understand about AWS Config
      2. Understanding how Config works
      3. Standing up AWS Config – a practical example
      4. The Config rule structure
    3. Summary
    4. Questions
    5. Review answers
  31. Chapter 21: Using Amazon Inspector to Check your Environment
    1. Understanding Amazon Inspector
      1. Getting started with Amazon Inspector
      2. Use cases for Amazon Inspector
    2. Configuring the Inspector agent both manually and automatically
      1. Using Amazon Inspector hands-on
      2. Comprehending the findings of Inspector assessment reports
    3. Summary
    4. Review questions
    5. Review answers
  32. Chapter 22: Other Policy and Standards Services to Know
    1. Detecting threats with Amazon GuardDuty
      1. Key information to understand regarding GuardDuty
      2. Use cases for Amazon GuardDuty
      3. Amazon GuardDuty integrates naturally with AWS Security Hub
    2. Seeing how to protect data intelligently with Amazon Macie
      1. Amazon Macie use cases
    3. A brief look at the migration tools available from AWS
      1. Bringing your servers into AWS with SMS
      2. Key features of SMS
      3. Migrating multi-tier applications with SMS
    4. Summary
    5. Review questions
    6. Review answers
  33. Section 5: Exam Tips and Tricks
  34. Chapter 23: Overview of the DevOps Professional Certification Test
    1. The DOP-C01 exam guide
      1. The exam requirements as per the exam guide
    2. How the exam is scored
      1. Obtaining a passing score
      2. If you do not pass the exam on your first attempt
    3. Understanding the different testing options
      1. Registering to take the exam
      2. Taking the test at a testing center
      3. Taking the test via online proctoring
      4. Taking a certification test at re:Invent – a cautionary tale
    4. Study tips for preparing for the exam
      1. AWS whitepapers to read
      2. Final test tips
    5. Summary
  35. Chapter 24: Practice Exam 1
    1. Test questions
    2. Test answers
    3. Question breakdown
    4. Summary
    5. Why subscribe?
  36. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share your thoughts

Product information

  • Title: AWS Certified DevOps Engineer - Professional Certification and Beyond
  • Author(s): Adam Book
  • Release date: November 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781801074452