Module 1: SDLC Automation
Implement CI/CD pipelines
- Software development lifecycle (SDLC) concepts, phases, and models
- Pipeline deployment patterns for single- and multi-account environments
Integrate automated testing into CI/CD pipelines
- Different types of tests (unit tests, integration tests, acceptance tests, user interface tests, security scans)
- Reasonable use of different types of tests at different stages of the CI/CD pipeline
Build and manage artifacts
- Artifact use cases and secure management
- Methods to create and generate artifacts
- Artifact lifecycle considerations
Implement deployment strategies for instance, container, and serverless environments
- Deployment methodologies for various platforms (Amazon EC2, Amazon ECS, Amazon EKS, Lambda)
- Application storage patterns (Amazon EFS, Amazon S3, Amazon EBS)
- Mutable deployment patterns in contrast to immutable deployment patterns
- Tools and services available for distributing code (CodeDeploy, EC2 Image Builder)
Module 2: Configuration Management and Infrastructure as Code
Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle
- Infrastructure as code (IaC) options and tools for AWS
- Change management processes for IaC-based platforms
- Configuration management services and strategies
Deploy automation to create, onboard, and secure AWS accounts in a multi-account or multi-Region environment
- AWS account structures, best practices, and related AWS services
Design and build automated solutions for complex tasks and large-scale environments
- AWS services and solutions to automate tasks and processes
- Methods and strategies to interact with the AWS software-defined infrastructure
Module 3: Resilient Cloud Solutions
Implement highly available solutions to meet resilience and business requirements
- Multi-AZ and multi-Region deployments (compute layer, data layer)
- SLAs
- Replication and failover methods for stateful services
- Techniques to achieve high availability (multi-AZ, multi-Region)
Implement solutions that are scalable to meet business requirements
- Appropriate metrics for scaling services
- Loosely coupled and distributed architectures
- Serverless architectures
- Container platforms
Implement automated recovery processes to meet RTO and RPO requirements
- Disaster recovery concepts (RTO, RPO)
- Backup and recovery strategies (pilot light, warm standby)
- Recovery procedures
Module 4: Monitoring and Logging
Configure the collection, aggregation, and storage of logs and metrics
- How to monitor applications and infrastructure
- Amazon CloudWatch metrics (namespaces, metrics, dimensions, and resolution)
- Real-time log ingestion
- Encryption options for at-rest and in-transit logs and metrics (client-side and server-side, AWS KMS)
- Security configurations (IAM roles and permissions to allow for log collection)
Audit, monitor, and analyze logs and metrics to detect issues
- Anomaly detection alarms (CloudWatch anomaly detection)
- Common CloudWatch metrics and logs (CPU utilization with
- Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer ALB)
- Amazon Inspector and common assessment templates
- AWS Config rules
- AWS CloudTrail log events
Automate monitoring and event management of complex environments
- Event-driven, asynchronous design patterns (S3 Event Notifications or Amazon EventBridge events to Amazon SNS or Lambda)
- Capabilities of auto scaling for a variety of AWS services (EC2 Auto Scaling groups, RDS storage auto scaling, DynamoDB, ECS capacity provider, EKS autoscalers)
- Alert notification and action capabilities (CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery)
- Health check capabilities in AWS services (ALB target groups, Route 53)
Module 5: Incident and Event Response
Manage event sources to process, notify, and take action in response to events
- AWS services that generate, capture, and process events (AWS Health, EventBridge, CloudTrail)
- Event-driven architectures (fan out, event streaming, queuing)
Implement configuration changes in response to events
- Fleet management services (Systems Manager, AWS Auto Scaling)
- Configuration management services (AWS Config)
Troubleshoot system and application failures
- AWS metrics and logging services (CloudWatch, X-Ray)
- AWS service health services (AWS Health, CloudWatch, Systems Manager OpsCenter)
- Root cause analysis
Module 6: Security and Compliance
Implement techniques for identity and access management at scale
- Appropriate usage of different IAM entities for human and machine access (users, groups, roles, identity providers, identity-based policies, resource-based policies, session policies)
- Identity federation techniques (using IAM identity providers and AWS IAM Identity Center AWS Single Sign-On)
- Permission management delegation by using IAM permissions boundaries
- Organizational SCPs
Apply automation for security controls and data protection
- Network security components (security groups, network ACLs, routing, AWS Network Firewall, AWS WAF, AWS Shield)
- Certificates and public key infrastructure (PKI)
- Data management (data classification, encryption, key management, access controls)
Implement security monitoring and auditing solutions
- Security auditing services and features (CloudTrail, AWS Config, VPC Flow Logs, CloudFormation drift detection)
- AWS services for identifying security vulnerabilities and events (GuardDuty, Amazon Inspector, IAM Access Analyzer, AWS Config)
- Common cloud security threats (insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)
