AWS Certified DevOps Engineer Professional Quick Facts (2025)

Exam Domain Breakdown

Domain 1: SDLC Automation (22% of the exam)

Task Statement 1.1: Implement CI/CD pipelines.

• Software development lifecycle (SDLC) concepts, phases, and models
• Pipeline deployment patterns for single- and multi-account environments
• Configuring code, image, and artifact repositories
• Using version control to integrate pipelines with application environments
• Setting up build processes (for example, AWS CodeBuild)
• Managing build and deployment secrets (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store)
• Determining appropriate deployment strategies (for example, AWS CodeDeploy)

1.1 summary: In this section, you will explore how to establish reliable CI/CD pipelines that streamline the application lifecycle. From version control integration to artifact management, you will learn the core principles required to create automated, secure, and consistent delivery processes. The focus is on enabling repeatable operations across different environments, ensuring faster feedback cycles and efficient deployment strategies.

Beyond setup, you will also focus on real-world use of services such as CodeBuild and CodeDeploy for pipeline execution and delivery. Automation of secrets management, parameter injection, and repository configurations ensures that pipelines are highly secure and production-ready. You will walk away with practical skills to design solutions that enable teams to release with confidence at scale.

Task Statement 1.2: Integrate automated testing into CI/CD pipelines.

• Different types of tests (for example, unit tests, integration tests, acceptance tests, user interface tests, security scans)
• Reasonable use of different types of tests at different stages of the CI/CD pipeline
• Running builds or tests when generating pull requests or code merges (for example, CodeBuild)
• Running load/stress tests, performance benchmarking, and application testing at scale
• Measuring application health based on application exit codes
• Automating unit tests and code coverage
• Invoking AWS services in a pipeline for testing

1.2 summary: This section emphasizes creating pipelines that prioritize continuous quality through automated testing. You will gain clarity on how to integrate the right types of tests at optimal pipeline stages, increasing reliability before deployment. Running tests on pull requests, merges, and in pre-deployment cycles helps ensure early detection of potential issues, protecting downstream environments.

Additionally, you will practice integrating load testing, benchmarking, and application health checks into pipelines. With AWS-native services like CodeBuild, automation of these tests becomes seamless. The goal is to establish pipelines that support ongoing innovation without sacrificing stability, quality, or overall performance.

Task Statement 1.3: Build and manage artifacts.

• Artifact use cases and secure management
• Methods to create and generate artifacts
• Artifact lifecycle considerations
• Creating and configuring artifact repositories (for example, AWS CodeArtifact, Amazon S3, Amazon Elastic Container Registry [Amazon ECR])
• Configuring build tools for generating artifacts (for example, CodeBuild, AWS Lambda)
• Automating Amazon EC2 instance and container image build processes (for example, EC2 Image Builder)

1.3 summary: This section teaches how artifacts fit into DevOps processes and strategies for managing their lifecycles securely. You will learn how to configure build tools for generating artifacts and integrate repositories like CodeArtifact and Amazon ECR to centralize storage and distribution. This ensures smooth collaboration across development and operations teams.

You will also explore automation strategies for building container images and EC2 instances. Lifecycle considerations around versioning, retention, and promotion pipelines help streamline environments while controlling risk. By the end of this section, you will be confident in designing artifact strategies that reinforce consistency and scalability across deployments.

Task Statement 1.4: Implement deployment strategies for instance, container, and serverless environments.

• Deployment methodologies for various platforms (for example, Amazon EC2, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Lambda)
• Application storage patterns (for example, Amazon Elastic File System [Amazon EFS], Amazon S3, Amazon Elastic Block Store [Amazon EBS])
• Mutable deployment patterns in contrast to immutable deployment patterns
• Tools and services available for distributing code (for example, CodeDeploy, EC2 Image Builder)
• Configuring security permissions to allow access to artifact repositories (for example, AWS Identity and Access Management [IAM], CodeArtifact)
• Configuring deployment agents (for example, CodeDeploy agent)
• Troubleshooting deployment issues
• Using different deployment methods (for example, blue/green, canary)

1.4 summary: Here you will focus on deployment methodologies across EC2, containers, and serverless platforms. By learning approaches such as blue/green and canary deployments, you will discover ways to minimize downtime while balancing agility and reliability. Understanding the differences between mutable and immutable patterns helps make informed choices that fit specific workloads.

In addition, you will practice securely configuring IAM permissions, deployment agents, and supporting tools like CodeDeploy. Storage integration with EFS, EBS, or S3 ensures data persistence across different services. Together, these techniques empower you to deliver seamless deployments that combine reliability with speed.

Domain 2: Configuration Management and IaC (17% of the exam)

Task Statement 2.1: Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle.

• Infrastructure as code (IaC) options and tools for AWS
• Change management processes for IaC-based platforms
• Configuration management services and strategies
• Composing and deploying IaC templates (for example, AWS Serverless Application Model [AWS SAM], AWS CloudFormation, AWS Cloud Development Kit [AWS CDK])
• Applying CloudFormation StackSets across multiple accounts and AWS Regions
• Determining optimal configuration management services (for example, AWS OpsWorks, AWS Systems Manager, AWS Config, AWS AppConfig)
• Implementing infrastructure patterns, governance controls, and security standards into reusable IaC templates (for example, AWS Service Catalog, CloudFormation modules, AWS CDK)

2.1 summary: This section highlights the power of infrastructure as code (IaC) to automate provisioning and management of AWS environments. By mastering CloudFormation, SAM, and AWS CDK, you will learn how to optimize change management practices and enforce governance controls consistently. IaC makes repeatable deployments secure and predictable across accounts and Regions.

You will also explore incorporating compliance and security standards into IaC templates. By using services such as Service Catalog and CloudFormation modules, you can ensure that all deployments align with organizational best practices. This translates into agile, compliant, and reusable deployment patterns.

Task Statement 2.2: Deploy automation to create, onboard, and secure AWS accounts in a multi-account or multi-Region environment.

• AWS account structures, best practices, and related AWS services
• Standardizing and automating account provisioning and configuration
• Creating, consolidating, and centrally managing accounts (for example, AWS Organizations, AWS Control Tower)
• Applying IAM solutions for multi-account and complex organization structures (for example, SCPs, assuming roles)
• Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, AWS Service Catalog, SCPs)

2.2 summary: This section teaches how to manage AWS accounts at scale while maintaining control and governance across organizational structures. With AWS Organizations and Control Tower, you can centralize onboarding and secure multi-account setups. Account automation reinforces consistency and simplifies governance.

IAM solutions, such as permission boundaries and service control policies (SCPs), help enforce least privilege across accounts. Security and compliance automation with Config, GuardDuty, and Security Hub further adds guardrails at scale. Strength in account provisioning ensures secure, standardized operations, even across complex enterprise hierarchies.

Task Statement 2.3: Design and build automated solutions for complex tasks and large-scale environments.

• AWS services and solutions to automate tasks and processes
• Methods and strategies to interact with the AWS software-defined infrastructure
• Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config)
• Developing Lambda function automations for complex scenarios (for example, AWS SDKs, Lambda, AWS Step Functions)
• Automating the configuration of software applications to the desired state (for example, OpsWorks, Systems Manager State Manager)
• Maintaining software compliance (for example, Systems Manager)

2.3 summary: This section brings automation strategies to large environments with a range of AWS services. From Systems Manager for patching and inventory to Lambda and Step Functions for event-driven workflows, your toolkit expands significantly. You will automate repetitive processes, freeing up teams for innovation.

Beyond system tasks, you also learn to build state management automations with OpsWorks and State Manager. Software compliance monitoring ensures that environments remain consistent and aligned with requirements. With automation, scalability and reliability merge for streamlined enterprise operations.

Domain 3: Resilient Cloud Solutions (15% of the exam)

Task Statement 3.1: Implement highly available solutions to meet resilience and business requirements.

• Multi-AZ and multi-Region deployments (for example, compute layer, data layer)
• SLAs
• Replication and failover methods for stateful services
• Techniques to achieve high availability (for example, Multi-AZ, multi-Region)
• Translating business requirements into technical resiliency needs
• Identifying and remediating single points of failure in existing workloads
• Enabling cross-Region solutions where available (for example, Amazon DynamoDB, Amazon RDS, Amazon Route 53, Amazon S3, Amazon CloudFront)
• Configuring load balancing to support cross-AZ services
• Configuring applications and related services to support multiple Availability Zones and Regions while minimizing downtime

3.1 summary: Building resilient workloads relies on leveraging AWS tools that drive redundancy and mitigate failure risks. This section covers architectures with cross-AZ and multi-Region resiliency for both compute and data layers. By translating business SLAs into technical provisioning, you ensure workloads stay online through diverse scenarios.

Replication techniques and load balancing support high service availability. You will also learn how to spot and remediate single points of failure in current deployments. With best practices for redundancy and failover, you create stable solutions aligned with resilience expectations.

Task Statement 3.2: Implement solutions that are scalable to meet business requirements.

• Appropriate metrics for scaling services
• Loosely coupled and distributed architectures
• Serverless architectures
• Container platforms
• Identifying and remediating scaling issues
• Identifying and implementing appropriate auto scaling, load balancing, and caching solutions
• Deploying container-based applications (for example, Amazon ECS, Amazon EKS)
• Deploying workloads in multiple Regions for global scalability
• Configuring serverless applications (for example, Amazon API Gateway, Lambda, AWS Fargate)

3.2 summary: Here you will focus on scalability patterns and solutions. Metrics-driven scaling ensures infrastructure adapts gracefully to demand changes. Loosely coupled architectures, container orchestration, and serverless workflows provide elasticity while minimizing operational overhead.

You will also learn to design distributed workloads that scale across Regions. Adding intelligent caching and load balancing completes the toolkit for smooth, globally-aware architecture. These techniques align AWS solutions with business demand, delivering responsive and cost-optimized scalability.

Task Statement 3.3: Implement automated recovery processes to meet RTO and RPO requirements.

• Disaster recovery concepts (for example, RTO, RPO)
• Backup and recovery strategies (for example, pilot light, warm standby)
• Recovery procedures
• Testing failover of Multi-AZ and multi-Region workloads (for example, Amazon RDS, Amazon Aurora, Route 53, CloudFront)
• Identifying and implementing appropriate cross-Region backup and recovery strategies (for example, AWS Backup, Amazon S3, Systems Manager)
• Configuring a load balancer to recover from backend failure

3.3 summary: Disaster recovery is the centerpiece of this section, where strategies such as pilot light and warm standby are applied to AWS environments. Practical RTO and RPO alignment ensures preparedness for disruptions. Testing failover scenarios confirms solutions function reliably at scale.

From multi-AZ databases to global traffic routing with Route 53, AWS offers ways to support recovery objectives. Using services such as AWS Backup and Systems Manager adds automation to recovery workflows. With these practices, recovery strategies become seamless, automated, and measurable.

Domain 4: Monitoring and Logging (15% of the exam)

Task Statement 4.1: Configure the collection, aggregation, and storage of logs and metrics.

• How to monitor applications and infrastructure
• Amazon CloudWatch metrics (for example, namespaces, metrics, dimensions, and resolution)
• Real-time log ingestion
• Encryption options for at-rest and in-transit logs and metrics (for example, client-side and server-side, AWS Key Management Service [AWS KMS])
• Security configurations (for example, IAM roles and permissions to allow for log collection)
• Securely storing and managing logs
• Creating CloudWatch metrics from log events by using metric filters
• Creating CloudWatch metric streams (for example, Amazon S3 or Amazon Kinesis Data Firehose options)
• Collecting custom metrics (for example, using the CloudWatch agent)
• Managing log storage lifecycles (for example, S3 lifecycles, CloudWatch log group retention)
• Processing log data by using CloudWatch log subscriptions (for example, Kinesis, Lambda, Amazon OpenSearch Service)
• Searching log data by using filter and pattern syntax or CloudWatch Logs Insights
• Configuring encryption of log data (for example, AWS KMS)

4.1 summary: This section focuses on monitoring and logging fundamentals across AWS services. CloudWatch metrics and custom logs underpin visibility into infrastructure and applications. You will practice securing, collecting, and managing log data across multiple destinations for long-term analysis.

Encryption options and lifecycle management help align monitoring with compliance and cost-optimization needs. Automations like metric filters and processing streams complement integrated dashboards, ensuring monitoring is proactive and insightful. Log aggregation thus becomes a scalable, secure strategy across all workloads.

Task Statement 4.2: Audit, monitor, and analyze logs and metrics to detect issues.

• Anomaly detection alarms (for example, CloudWatch anomaly detection)
• Common CloudWatch metrics and logs (for example, CPU utilization with Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer [ALB])
• Amazon Inspector and common assessment templates
• AWS Config rules
• AWS CloudTrail log events
• Building CloudWatch dashboards and Amazon QuickSight visualizations
• Associating CloudWatch alarms with CloudWatch metrics (standard and custom)
• Configuring AWS X-Ray for different services (for example, containers, API Gateway, Lambda)
• Analyzing real-time log streams (for example, using Kinesis Data Streams)
• Analyzing logs with AWS services (for example, Amazon Athena, CloudWatch Logs Insights)

4.2 summary: In this section, you will develop monitoring solutions that actively assess system health and security. CloudWatch anomaly detection alarms, Config rules, and Inspector templates offer automated insights into performance and configuration. Visualizations through dashboards empower teams to respond proactively.

You will also gain experience in tracing applications using AWS X-Ray and analyzing logs through services like Athena and Kinesis. Through hands-on strategies, environments become transparent, with anomalies detected and surfaced for action early in their lifecycle.

Task Statement 4.3: Automate monitoring and event management of complex environments.

• Event-driven, asynchronous design patterns (for example, S3 Event Notifications or Amazon EventBridge events to Amazon Simple Notification Service [Amazon SNS] or Lambda)
• Capabilities of auto scaling for a variety of AWS services (for example, EC2 Auto Scaling groups, RDS storage auto scaling, DynamoDB, ECS capacity provider, EKS autoscalers)
• Alert notification and action capabilities (for example, CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery)
• Health check capabilities in AWS services (for example, ALB target groups, Route 53)
• Configuring solutions for auto scaling (for example, DynamoDB, EC2 Auto Scaling groups, RDS storage auto scaling, ECS capacity provider)
• Creating CloudWatch custom metrics and metric filters, alarms, and notifications (for example, Amazon SNS, Lambda)
• Configuring S3 events to process log files (for example, by using Lambda) and deliver log files to another destination (for example, OpenSearch Service, CloudWatch Logs)
• Configuring EventBridge to send notifications based on a particular event pattern
• Installing and configuring agents on EC2 instances (for example, AWS Systems Manager Agent [SSM Agent], CloudWatch agent)
• Configuring AWS Config rules to remediate issues
• Configuring health checks (for example, Route 53, ALB)

4.3 summary: Building on earlier monitoring principles, this section prioritizes event-driven responses and automation. By setting up notifications, alarms, and automatic recoveries, environments heal themselves, reducing downtime. Real-time metrics power scaling decisions, and services such as Route 53 ensure healthy application routing.

EventBridge, Lambda, and S3-based triggers exemplify asynchronous workflows that simplify alert responses. Meanwhile, Config rules automate remediation of policy drift or misconfigurations. Together, automation and event-driven design transform monitoring into proactive management.

Domain 5: Incident and Event Response (14% of the exam)

Task Statement 5.1: Manage event sources to process, notify, and take action in response to events.

• AWS services that generate, capture, and process events (for example, AWS Health, EventBridge, CloudTrail)
• Event-driven architectures (for example, fan out, event streaming, queuing)
• Integrating AWS event sources (for example, AWS Health, EventBridge, CloudTrail)
• Building event processing workflows (for example, Amazon Simple Queue Service [Amazon SQS], Kinesis, Amazon SNS, Lambda, Step Functions)

5.1 summary: Here, you will discover how AWS makes event-driven responsiveness a core design principle. Event capture services provide signals that can initiate automated workflows, ensuring faster and more reliable outcomes than manual intervention. You will also learn about fan-out and queuing models that increase application resilience.

By leveraging integration with Lambda, SNS, SQS, and Step Functions, you can orchestrate event processing at any scale. These integrations are vital for real-time systems and provide the flexibility to respond dynamically to AWS events.

Task Statement 5.2: Implement configuration changes in response to events.

• Fleet management services (for example, Systems Manager, AWS Auto Scaling)
• Configuration management services (for example, AWS Config)
• Applying configuration changes to systems
• Modifying infrastructure configurations in response to events
• Remediating a non-desired system state

5.2 summary: This section guides you in automating configuration changes applied in direct response to events. Event-driven workflows tied to services like Systems Manager simplify management at fleet scale. When paired with Config, you can maintain consistent infrastructure states effortlessly.

You will also learn how to apply and track state changes dynamically across accounts and Regions. Automating remediation of non-desired states lets infrastructure self-heal and stay compliant with operational goals.

Task Statement 5.3: Troubleshoot system and application failures.

• AWS metrics and logging services (for example, CloudWatch, X-Ray)
• AWS service health services (for example, AWS Health, CloudWatch, Systems Manager OpsCenter)
• Root cause analysis
• Analyzing failed deployments (for example, AWS CodePipeline, CodeBuild, CodeDeploy, CloudFormation, CloudWatch synthetic monitoring)
• Analyzing incidents regarding failed processes (for example, auto scaling, Amazon ECS, Amazon EKS)

5.3 summary: Troubleshooting is highlighted here with root cause analysis supported by metrics, logs, and tracing solutions. AWS Health, OpsCenter, and CloudWatch consolidate issue detection and monitoring. By analyzing failures systematically, you align incidents with corrective action steps.

You will also practice analyzing pipeline failures and service-specific breakdowns. From auto scaling misconfigurations to container orchestration issues, you gain confidence in diagnosing failures and restoring systems quickly.

Domain 6: Security and Compliance (17% of the exam)

Task Statement 6.1: Implement techniques for identity and access management at scale.

• Appropriate usage of different IAM entities for human and machine access (for example, users, groups, roles, identity providers, identity-based policies, resource-based policies, session policies)
• Identity federation techniques (for example, using IAM identity providers and AWS IAM Identity Center)
• Permission management delegation by using IAM permissions boundaries
• Organizational SCPs
• Designing policies to enforce least privilege access
• Implementing role-based and attribute-based access control patterns
• Automating credential rotation for machine identities (for example, Secrets Manager)
• Managing permissions to control access to human and machine identities (for example, enabling multi-factor authentication [MFA], AWS Security Token Service [AWS STS], IAM profiles)

6.1 summary: This section concentrates on scaling identity access controls for diverse use cases. IAM entities handle human and machine identities effectively when appropriately applied. Federation techniques, attribute-based access control, and permission boundaries all reinforce enterprise-level security.

Automations such as credential rotation paired with robust MFA implementations keep access secure and streamlined. With knowledge of delegation strategies and advanced IAM configurations, you can control permissions reliably at scale.

Task Statement 6.2: Apply automation for security controls and data protection.

• Network security components (for example, security groups, network ACLs, routing, AWS Network Firewall, AWS WAF, AWS Shield)
• Certificates and public key infrastructure (PKI)
• Data management (for example, data classification, encryption, key management, access controls)
• Automating the application of security controls in multi-account and multi-Region environments (for example, Security Hub, Organizations, AWS Control Tower, Systems Manager)
• Combining security controls to apply defense in depth (for example, AWS Certificate Manager [ACM], AWS WAF, AWS Config, AWS Config rules, Security Hub, GuardDuty, security groups, network ACLs, Amazon Detective, Network Firewall)
• Automating the discovery of sensitive data at scale (for example, Amazon Macie)
• Encrypting data in transit and data at rest (for example, AWS KMS, AWS CloudHSM, ACM)

6.2 summary: Security automation is emphasized here, with layered defense implemented across accounts and Regions. You will explore combining network and application security as well as encryption techniques. Together, these measures create a defense-in-depth strategy.

Automated discovery with Macie and compliance scanning via Config enforce ongoing protection. Certificates with ACM safeguard communication. By the end, data integrity and access control are integrated into every part of the AWS environment.

Task Statement 6.3: Implement security monitoring and auditing solutions.

• Security auditing services and features (for example, CloudTrail, AWS Config, VPC Flow Logs, CloudFormation drift detection)
• AWS services for identifying security vulnerabilities and events (for example, GuardDuty, Amazon Inspector, IAM Access Analyzer, AWS Config)
• Common cloud security threats (for example, insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)
• Implementing robust security auditing
• Configuring alerting based on unexpected or anomalous security events
• Configuring service and application logging (for example, CloudTrail, CloudWatch Logs)
• Analyzing logs, metrics, and security findings

6.3 summary: This section focuses on bringing vigilance to security operations. Auditing services such as CloudTrail and Config provide the foundation for continuous monitoring. Vulnerability detection with Inspector and GuardDuty further extend the ecosystem.

Threat-specific monitoring, such as detecting misconfigured S3 buckets or vulnerable access keys, keeps systems secure. Automated alerting and log analysis integrate seamlessly, creating an ecosystem of proactive, intelligent monitoring to keep environments safe.