Study Guide

AWS Certified DevOps Engineer - Professional Study Guide

Use the official AWS domain outline to connect SDLC automation, infrastructure as code, resilient cloud solutions, monitoring, incident response, security, and compliance to scenario-based questions and explanations.

Download App Free Practice Exam Key Terms Glossary

How the Exam Is Structured

AWS Certified DevOps Engineer - Professional (DOP-C02) validates SDLC automation, infrastructure as code, resilient cloud solutions, monitoring, incident response, security, and compliance. The ExamPal practice bank includes 440 premium questions and 40 free questions mapped across the official blueprint.

Domain	Weight	Focus
Domain 1: SDLC Automation	22%	Task 1.1: Implement CI/CD pipelines; Continuous integration patterns and tools (AWS CodePipeline, AWS CodeBuild, AWS CodeCommit, AWS CodeArtifact)
Domain 2: Configuration Management and Infrastructure as Code	17%	Task 2.1: Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle; AWS CloudFormation (templates, stacks, StackSets, change sets, drift detection, custom resources, transforms, nested stacks)
Domain 3: Resilient Cloud Solutions	15%	Task 3.1: Implement highly available solutions to meet resilience and business requirements; Multi-AZ patterns for RDS, Aurora, ElastiCache
Domain 4: Monitoring and Logging	15%	Task 4.1: Configure systems to collect, aggregate, and store telemetry, including logs, metrics, traces, and events; Amazon CloudWatch metrics (standard + custom), CloudWatch Logs (subscription filters, log groups, retention)
Domain 5: Incident and Event Response	14%	Task 5.1: Manage event sources to process, notify, and take action in response to events; Amazon EventBridge rules and event buses (default, custom, partner)
Domain 6: Security and Compliance	17%	Task 6.1: Implement techniques for identity and access management at scale; IAM users, groups, roles, policies, permission boundaries, session policies

22% of exam

Domain 1: SDLC Automation

Covers automating the software delivery lifecycle, including CI/CD pipeline design, test automation, artifact management, and deployment strategies across instance, container, and serverless environments. The domain emphasizes AWS-native tooling and deployment controls used to build, test, promote, and release software reliably.

Task 1.1: Implement CI/CD pipelines

Continuous integration patterns and tools (AWS CodePipeline, AWS CodeBuild, AWS CodeCommit, AWS CodeArtifact)

Build and test automation for source code

Task 1.2: Integrate automated testing into CI/CD pipelines

Unit, integration, performance, security, and acceptance testing in pipelines

Test result reporting and quality gates

Task 1.3: Build and manage artifacts

17% of exam

Domain 2: Configuration Management and Infrastructure as Code

Covers defining, provisioning, and managing infrastructure using infrastructure-as-code and reusable components. The domain also includes multi-account and multi-region account governance, plus automation for large-scale and hybrid environments.

Task 2.1: Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle

AWS CloudFormation (templates, stacks, StackSets, change sets, drift detection, custom resources, transforms, nested stacks)

AWS Cloud Development Kit (CDK), AWS SAM, AWS CDK for Terraform / Pulumi

Task 2.2: Deploy automation to create, onboard, and secure AWS accounts in a multi-account, multi-region, and/or hybrid environment

AWS Organizations, AWS Control Tower, AWS Landing Zone Accelerator

AWS Account Factory, Service Control Policies (SCPs)

Task 2.3: Design and build automated solutions for complex tasks and large-scale environments

15% of exam

Domain 3: Resilient Cloud Solutions

Covers designing and implementing highly available, scalable, and recoverable cloud architectures. The domain emphasizes resilience patterns, scaling approaches, and disaster recovery strategies that satisfy business continuity objectives.

Task 3.1: Implement highly available solutions to meet resilience and business requirements

Multi-AZ patterns for RDS, Aurora, ElastiCache

Auto Scaling Groups, target tracking and step scaling policies

Task 3.2: Implement solutions that are scalable to meet business requirements

Horizontal vs vertical scaling, Application Auto Scaling for ECS/Lambda/DynamoDB

Decoupling via Amazon SQS (Standard/FIFO), Amazon SNS, Amazon EventBridge

Task 3.3: Implement automated recovery processes to meet RTO and RPO requirements

15% of exam

Domain 4: Monitoring and Logging

Covers collecting, storing, analyzing, and acting on telemetry across AWS environments. The domain includes logs, metrics, traces, events, observability tooling, and notification mechanisms used to detect issues and optimize performance.

Task 4.1: Configure systems to collect, aggregate, and store telemetry, including logs, metrics, traces, and events

Amazon CloudWatch metrics (standard + custom), CloudWatch Logs (subscription filters, log groups, retention)

AWS X-Ray for distributed tracing, ADOT (AWS Distro for OpenTelemetry)

Task 4.2: Audit, monitor, and analyze logs, metrics, traces, and events to detect issues and optimize performance

CloudWatch Logs Insights queries, CloudWatch Metrics Insights

Amazon OpenSearch Service for log analytics and visualization

Task 4.3: Automate observability of AWS environments to proactively send notifications, generate reports, and identify performance and compliance issues

14% of exam

Domain 5: Incident and Event Response

Covers responding to events, automating remediation, and troubleshooting failures in AWS environments. The domain emphasizes event-driven workflows, configuration remediation, and analysis of logs and health signals during incidents.

Task 5.1: Manage event sources to process, notify, and take action in response to events

Amazon EventBridge rules and event buses (default, custom, partner)

AWS Lambda as event target

Task 5.2: Implement configuration changes in response to events

AWS Systems Manager Automation runbooks for remediation

AWS Config rules + remediation actions

Task 5.3: Troubleshoot system and application failures

17% of exam

Domain 6: Security and Compliance

Covers identity and access management at scale, security automation, data protection, monitoring, and compliance auditing. The domain emphasizes AWS-native controls for least privilege, encryption, threat detection, and governance across multi-account environments.

Task 6.1: Implement techniques for identity and access management at scale

IAM users, groups, roles, policies, permission boundaries, session policies

IAM Identity Center (formerly SSO) for federated multi-account access

Task 6.2: Apply automation for security controls and data protection

AWS Key Management Service (KMS), AWS CloudHSM, AWS Secrets Manager

AWS Certificate Manager (ACM) for TLS certificate lifecycle

Task 6.3: Implement security monitoring and auditing solutions

Key Terms to Know

These terms are loaded from the shared terminology pack and appear across the question explanations.

ACM: Abbreviation for AWS Certificate Manager.
ADOT: AWS Distro for OpenTelemetry, an AWS distribution used for collecting observability data.
ALB: Application Load Balancer, a load balancer type used for application traffic distribution and weighted target groups.
ALB weighted target groups: An Application Load Balancer traffic-shifting mechanism that distributes traffic across target groups using weights.
AWS Account Factory: A Control Tower capability used to create and onboard AWS accounts.
AWS Amplify: An AWS service used for deployments, according to the text.
AWS App Runner: An AWS service used for deployments, according to the text.
AWS Audit Manager: An AWS service used to collect evidence and generate compliance reports.
AWS Backup: An AWS service for centralized backup management and recovery.
AWS CDK for Terraform: A CDK-based approach for defining Terraform infrastructure as code.
AWS Certificate Manager: An AWS service for provisioning and managing TLS certificates.
AWS Chatbot: An AWS service that delivers ChatOps notifications and integrates with chat tools.
AWS Cloud Development Kit: An infrastructure-as-code framework for defining cloud resources using programming languages.
AWS CloudFormation: An infrastructure-as-code service used to define cloud infrastructure and reusable components for provisioning and lifecycle management.
AWS CloudHSM: An AWS service that provides dedicated hardware security modules for cryptographic operations.
AWS CodeArtifact: An AWS artifact repository service used to store and manage build artifacts.
AWS CodeBuild: An AWS service used for build and test automation for source code within CI/CD pipelines.
AWS CodeCommit: An AWS service used as a source code repository in CI/CD workflows.

Official Materials and Guidance

This page is built from AWS DOP-C02 official exam guide, the shared syllabus, topic tree, terminology pack, free pack, and premium pack.

-AWS Dop c02 Exam Guide

Download App Official source Start Free Practice Exam