The AWS Certified DevOps Engineer – Professional (DOP-C02) certification is designed for individuals in a DevOps engineering role who are responsible for provisioning, operating, and managing distributed systems on the AWS platform. Earning this certification demonstrates your ability to implement and manage scalable, secure, and automated systems using AWS best practices.
This credential highlights advanced technical skills in managing complex, distributed application environments and reinforces your credibility among peers, employers, and clients. Organizations benefit from certified professionals by accelerating the delivery of reliable, secure, and compliant systems. Candidates pursuing this certification will be assessed on their ability to:
- Design and implement continuous integration and continuous delivery (CI/CD) systems on AWS
- Automate security controls, compliance checks, and governance workflows
- Develop and deploy monitoring, logging, and metrics systems
- Build resilient and scalable systems with self-healing capabilities
- Design, implement, and manage tools to automate operational processes
– Target Audience
This certification is intended for DevOps professionals who have:
- A minimum of two years of hands-on experience in provisioning, operating, and managing AWS environments
- Working knowledge of the software development lifecycle, including an understanding of programming or scripting languages
- A background in both development and systems operations
– Recommended General IT Experience
To be well-prepared for this exam, candidates should possess:
- Practical experience in building highly automated infrastructures
- Proficiency in administering operating systems such as Linux or Windows
- Familiarity with modern DevOps practices, including Agile, Infrastructure as Code (IaC), and configuration management
– Recommended AWS Experience
In addition to general IT knowledge, candidates should also have:
- Hands-on experience with AWS services, particularly those related to infrastructure security, monitoring, and automation
- A strong understanding of how to secure AWS environments and implement compliance-driven processes
Exam Details
- The AWS Certified DevOps Engineer – Professional (DOP-C02) is a Professional-level certification exam designed to assess advanced expertise in DevOps practices on the AWS platform.
- The exam has a total duration of 180 minutes and consists of 75 questions, presented in either multiple-choice or multiple-response formats.
- Candidates can choose to take the exam at a Pearson VUE testing center or opt for the online proctored format, depending on their convenience.
- The exam is available in English, Japanese, Korean, and Simplified Chinese, making it accessible to a global audience.
- Exam results are provided as a scaled score ranging from 100 to 1,000, with a minimum passing score of 750 required to earn the certification.
Course Outline
The exam covers the following topics:
1. Learn about SDLC Automation (22%)
1.1: Implementing CI/CD pipelines.
Required Knowledge
- Software development lifecycle (SDLC) concepts, phases, and models
- Pipeline deployment patterns for single- and multi-account environments
Skills
- Configuring code, image, and artifact repositories (AWS Documentation: AWS::CodeArtifact::Repository)
- Using version control to integrate pipelines with application environments (AWS Documentation: Integrations with CodePipeline action types)
- Setting up build processes (for example, AWS CodeBuild) (AWS Documentation: What is AWS CodeBuild?)
- Managing build and deployment secrets (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store) (AWS Documentation: Referencing AWS Secrets Manager secrets from Parameter Store parameters)
- Determining appropriate deployment strategies (for example, AWS CodeDeploy) (AWS Documentation: Working with deployment configurations in CodeDeploy)
1.2: Integrating automated testing into CI/CD pipelines.
Required Knowledge
- Different types of tests (for example, unit tests, integration tests, acceptance tests, user interface tests, security scans)
- Reasonable use of different types of tests at different stages of the CI/CD pipeline
Skills
- Running builds or tests when generating pull requests or code merges (for example, AWS CodeCommit, CodeBuild) (AWS Documentation: Working with pull requests in AWS CodeCommit repositories)
- Running load/stress tests, performance benchmarking, and application testing at scale (AWS Documentation: Load testing applications)
- Measuring application health based on application exit codes (AWS Documentation: Metrics commonly used for health checks)
- Automating unit tests and code coverage (AWS Documentation: Integrating with automated tests)
- Invoking AWS services in a pipeline for testing (AWS Documentation: Invoke an AWS Lambda function in a pipeline in CodePipeline)
1.3 Building and managing artifacts.
Required Knowledge
- Artifact use cases and secure management
- Methods to create and generate artifacts
- Artifact lifecycle considerations
Skills
- Creating and configuring artifact repositories (for example, AWS CodeArtifact, Amazon S3, Amazon Elastic Container Registry [Amazon ECR]) (AWS Documentation: Create a repository)
- Configuring build tools for generating artifacts (for example, CodeBuild, AWS Lambda) (AWS Documentation: Build specification reference for CodeBuild)
- Automating Amazon EC2 instance and container image build processes (for example, EC2 Image Builder) (AWS Documentation: What is EC2 Image Builder?)
1.4: Implementing deployment strategies for instance, container, and serverless environments.
Required Knowledge
- Deployment methodologies for various platforms (for example, Amazon EC2, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Lambda)
- Application storage patterns (for example, Amazon Elastic File System [Amazon EFS], Amazon S3, Amazon Elastic Block Store [Amazon EBS])
- Mutable deployment patterns in contrast to immutable deployment patterns
- Tools and services available for distributing code (for example, CodeDeploy, EC2 Image Builder)
Skills
- Configuring security permissions to allow access to artifact repositories (for example, AWS Identity and Access Management [IAM], CodeArtifact) (AWS Documentation: Identity and Access Management for AWS CodeArtifact)
- Configuring deployment agents (for example, CodeDeploy agent) (AWS Documentation: Working with the CodeDeploy agent)
- Troubleshooting deployment issues (AWS Documentation: Troubleshooting CodeDeploy)
- Using different deployment methods (for example, blue/green, canary) (AWS Documentation: Blue/Green Deployments)
2. Understanding Configuration Management and IaC (17%)
2.1 Defining cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle.
Required Knowledge
- Infrastructure as code (IaC) options and tools for AWS
- Change management processes for IaC-based platforms
- Configurations management services and strategies
Skills
- Composing and deploying IaC templates (for example, AWS Serverless Application Model [AWS SAM], AWS CloudFormation, AWS Cloud Development Kit [AWS CDK]) (AWS Documentation: What is the AWS CDK?)
- Applying AWS CloudFormation StackSets across multiple accounts and AWS Regions (AWS Documentation: Use AWS CloudFormation StackSets for Multiple Accounts in an AWS Organization)
- Determining optimal configuration management services (for example, AWS OpsWorks, AWS Systems Manager, AWS Config, AWS AppConfig) (AWS Documentation: What is AWS AppConfig?)
- Implementing infrastructure patterns, governance controls, and security standards into reusable IaC templates (for example, AWS Service Catalog, CloudFormation modules, AWS CDK) (AWS Documentation: Deploy and manage AWS Control Tower controls by using AWS CDK and AWS CloudFormation)
2.2 Deploying automation to create, onboard, and secure AWS accounts in a multiaccount/multi-Region environment.
Required Knowledge
- AWS account structures, best practices, and related AWS services
Skills
- Standardizing and automating account provisioning and configuration (AWS Documentation: Automate account creation, and resource provisioning)
- Creating, consolidating, and centrally managing accounts (for example, AWS Organizations, AWS Control Tower) (AWS Documentation: Manage Accounts Through AWS Organizations)
- Applying IAM solutions for multi-account and complex organization structures (for example, SCPs, assuming roles) (AWS Documentation: Service control policies (SCPs))
- Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, AWS Service Catalog, SCPs) (AWS Documentation: What Is AWS Control Tower?)
2. 3: Designing and building automated solutions for complex tasks and large-scale environments.
Required Knowledge
- AWS services and solutions to automate tasks and processes
- Methods and strategies to interact with the AWS software-defined infrastructure
Skills
- Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config) (AWS Documentation: AWS Systems Manager Patch Manager)
- Developing Lambda function automations for complex scenarios (for example, AWS SDKs, Lambda, AWS Step Functions) (AWS Documentation: Getting started with Lambda)
- Automating the configuration of software applications to the desired state (for example, OpsWorks, Systems Manager State Manager) (AWS Documentation: AWS Systems Manager State Manager)
- Maintaining software compliance (for example, Systems Manager) (AWS Documentation: AWS Systems Manager Compliance)
3. Understanding Resilient Cloud Solutions (15%)
3.1 Implementing highly available solutions to meet resilience and business requirements.
Required Knowledge
- Multi-AZ and multi-Region deployments (for example, compute layer, data layer)
- SLAs
- Replication and failover methods for stateful services
- Techniques to achieve high availability (for example, Multi-AZ, multi-Region)
Skills
- Translating business requirements into technical resiliency needs
- Identifying and remediating single points of failure in existing workloads (AWS Documentation: Failure management)
- Enabling cross-Region solutions where available (for example, Amazon DynamoDB, Amazon RDS, Amazon Route 53, Amazon S3, Amazon CloudFront) (AWS Documentation: Use various origins with CloudFront distributions)
- Configuring load balancing to support cross-AZ services (AWS Documentation: Cross-zone load balancing for target groups)
- Configuring applications and related services to support multiple Availability Zones and Regions while minimizing downtime (AWS Documentation: Configuring and managing a Multi-AZ deployment)
3.2 Implementing solutions that are scalable to meet business requirements.
Required Knowledge
- Appropriate metrics for scaling services
- Loosely coupled and distributed architectures
- Serverless architectures
- Container platforms
Skills
- Identifying and remediating scaling issues (AWS Documentation: What is Amazon EC2 Auto Scaling?)
- Identifying and implementing appropriate auto scaling, load balancing, and caching solutions (AWS Documentation: Set up a scaled and load-balanced application)
- Deploying container-based applications (for example, Amazon ECS, Amazon EKS) (AWS Documentation: Deploy a sample application)
- Deploying workloads in multiple AWS Regions for global scalability (AWS Documentation: Deploy the workload to multiple locations)
- Configuring serverless applications (for example, Amazon API Gateway, Lambda, AWS Fargate) (AWS Documentation: Build and Test a Serverless Application with AWS Lambda)
3.3 Implementing automated recovery processes to meet RTO/RPO requirements.
Required Knowledge
- Disaster recovery concepts (for example, RTO, RPO)
- Backup and recovery strategies (for example, pilot light, warm standby)
- Recovery procedures
Skills
- Testing failover of Multi-AZ/multi-Region workloads (for example, Amazon RDS, Amazon Aurora, Route 53, CloudFront) (AWS Documentation: Configuring and managing a Multi-AZ deployment)
- Identifying and implementing appropriate cross-Region backup and recovery strategies (for example, AWS Backup, Amazon S3, Systems Manager) (AWS Documentation: Amazon S3 backups)
- Configuring a load balancer to recover from backend failure (AWS Documentation: Configuring an Application Load Balancer)
4. Understand Monitoring and Logging (15%)
4.1 Configuring the collection, aggregation, and storage of logs and metrics.
Required Knowledge
- How to monitor applications and infrastructure
- Amazon CloudWatch metrics (for example, namespaces, metrics, dimensions, and resolution)
- Real-time log ingestion
- Encryption options for at-rest and in-transit logs and metrics (for example, client-side and server-side, AWS Key Management Service [AWS KMS])
- Security configurations (for example, IAM roles and permissions to allow for log collection)
Skills
- Securely storing and managing logs (AWS Documentation: What is Amazon CloudWatch Logs?)
- Creating CloudWatch metrics from log events by using metric filters (AWS Documentation: Create a metric filter for a log group)
- Creating CloudWatch metric streams (for example, Amazon S3 or Amazon Kinesis Data Firehose options) (AWS Documentation: Custom setup with Firehose)
- Collecting custom metrics (for example, using the CloudWatch agent) (AWS Documentation: Collect metrics, logs, and traces with the CloudWatch agent)
- Managing log storage lifecycles (for example, S3 lifecycles, CloudWatch log group retention) (AWS Documentation: Managing your storage lifecycle)
- Processing log data by using CloudWatch log subscriptions (for example, Kinesis, Lambda, Amazon OpenSearch Service) (AWS Documentation: Real-time processing of log data with subscriptions)
- Searching log data by using filter and pattern syntax or CloudWatch Logs Insights (AWS Documentation: Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail)
- Configuring encryption of log data (for example, AWS KMS) (AWS Documentation: Encrypt log data in CloudWatch Logs using AWS Key Management Service)
4.2 Auditing, monitoring, and analyzing logs and metrics to detect issues.
Required Knowledge
- Anomaly detection alarms (for example, CloudWatch anomaly detection)
- Common CloudWatch metrics and logs (for example, CPU utilization with Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer)
- Amazon Inspector and common assessment templates
- AWS Config rules
- AWS CloudTrail log events
Skills
- Building CloudWatch dashboards and Amazon QuickSight visualizations (AWS Documentation: Monitoring data in Amazon QuickSight)
- Associating CloudWatch alarms with CloudWatch metrics (standard and custom) (AWS Documentation: Create alarms for custom metrics using Amazon CloudWatch anomaly detection)
- Configuring AWS X-Ray for different services (for example, containers, API Gateway, Lambda) (AWS Documentation: Visualize Lambda function invocations using AWS X-Ray)
- Analyzing real-time log streams (for example, using Kinesis Data Streams) (AWS Documentation: What Is Amazon Kinesis Data Streams?)
- Analyzing logs with AWS services (for example, Amazon Athena, CloudWatch Logs Insights) (AWS Documentation: Analyzing log data with CloudWatch Logs Insights)
4.3 Automating monitoring and event management of complex environments.
Required Knowledge
- Event-driven, asynchronous design patterns (for example, S3 Event Notifications or Amazon EventBridge events to Amazon Simple Notification Service [Amazon SNS] or Lambda)
- Capabilities of auto scaling a variety of AWS services (for example, EC2 Auto Scaling groups, RDS storage auto scaling, DynamoDB, ECS capacity provider, EKS autoscalers)
- Alert notification and action capabilities (for example, CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery)
- Health check capabilities in AWS services (for example, Application Load Balancer target groups, Route 53)
Skills
- Configuring solutions for auto scaling (for example, DynamoDB, EC2 Auto Scaling groups, RDS storage auto scaling, ECS capacity provider) (AWS Documentation: Automatically manage Amazon ECS capacity with cluster auto scaling)
- Creating CloudWatch custom metrics and metric filters, alarms, and notifications (for example, Amazon SNS, Lambda) (AWS Documentation: Creating custom CloudWatch metrics and alarms in AMS)
- Configuring S3 events to process log files (for example, by using Lambda), and deliver log files to another destination (for example, OpenSearch Service, CloudWatch Logs) Configuring EventBridge to send notifications based on a particular event pattern (AWS Documentation: Log Amazon S3 object-level operations using EventBridge)
- Installing and configuring agents on EC2 instances (for example, AWS Systems Manager Agen [SSM Agent], CloudWatch agent) (AWS Documentation: Installing the CloudWatch agent using AWS Systems Manager)
- Configuring AWS Config rules to remediate issues (AWS Documentation: Remediating Noncompliant Resources with AWS Config Rules)
- Configuring health checks (for example, Route 53, Application Load Balancer) (AWS Documentation: How health checks work in simple Amazon Route 53 configurations)
5. Learn about Incident and Event Response (14%)
5.1 Managing event sources to process, notify, and take action in response to events.
Required Knowledge
- AWS services that generate, capture, and process events (for example, AWS Health, EventBridge, CloudTrail, CloudWatch Events)
- Event-driven architectures (for example, fan out, event streaming, queuing)
Skills
- Integrating AWS event sources (for example, AWS Health, EventBridge, CloudTrail, CloudWatch Events) (AWS Documentation: Events from AWS services)
- Building event processing workflows (for example, Amazon Simple Queue Service [Amazon SQS], Kinesis, Amazon SNS, Lambda, Step Functions) (AWS Documentation: Using Lambda with Amazon SQS)
5.2 Implementing configuration changes in response to events.
Required Knowledge
- Fleet management services (for example, Systems Manager, AWS Auto Scaling)
- Configuration management services (for example, AWS Config)
Skills
- Applying configuration changes to systems (AWS Documentation: What is AWS AppConfig?)
- Modifying infrastructure configurations in response to events (AWS Documentation: Example Events for AWS Config Rules)
- Remediating a non-desired system state (AWS Documentation: Remediating Noncompliant Resources with AWS Config Rules)
5.3 Troubleshooting system and application failures.
Required Knowledge
- AWS metrics and logging services (for example, CloudWatch, X-Ray)
- AWS service health services (for example, AWS Health, CloudWatch, Systems Manager OpsCenter)
- Root cause analysis
Skills
- Analyzing failed deployments (for example, AWS CodePipeline, CodeBuild, CodeDeploy, CloudFormation, CloudWatch synthetic monitoring) (AWS Documentation: Monitoring deployments with Amazon CloudWatch tools)
- Analyzing incidents regarding failed processes (for example, auto scaling, Amazon ECS, Amazon EKS) (AWS Documentation: Autoscaling)
6. Concepts of Security and Compliance (17%)
6.1 Implementing techniques for identity and access management at scale.
Required Knowledge
- Appropriate usage of different IAM entities for human and machine access (for example, users, groups, roles, identity providers, identity-based policies, resource-based policies, session policies)
- Identity federation techniques (for example, using IAM identity providers and AWS Single Sign-On)
- Permission management delegation by using IAM permissions boundaries
- Organizational SCPs
Skills
- Designing policies to enforce least privilege access (AWS Documentation: Implementing policies for least-privilege permissions for AWS CloudFormation)
- Implementing role-based and attribute-based access control patterns (AWS Documentation: What is ABAC for AWS?)
- Automating credential rotation for machine identities (for example, Secrets Manager) (AWS Documentation: Automatically rotate IAM user access keys at scale with AWS Organizations and AWS Secrets Manager)
- Managing permissions to control access to human and machine identities (for example, enabling multi-factor authentication [MFA], AWS Security Token Service [AWS STS], IAM profiles) (AWS Documentation: Security best practices in IAM)
6.2 Applying automation for security controls and data protection.
Required Knowledge
- Network security components (for example, security groups, network ACLs, routing, AWS Network Firewall, AWS WAF, AWS Shield)
- Certificates and public key infrastructure (PKI)
- Data management (for example, data classification, encryption, key management, access controls)
Skills
- Automating the application of security controls in multi-account and multi-Region environments (for example, Security Hub, Organizations, AWS Control Tower, Systems Manager) (AWS Documentation: AWS multi-account strategy for your AWS Control Tower landing zone)
- Combining security controls to apply defense in depth (for example, AWS Certificate Manager [ACM], AWS WAF, AWS Config, AWS Config rules, Security Hub, GuardDuty, security groups, network ACLs, Amazon Detective, Network Firewall) (AWS Documentation: Security group policies)
- Automating the discovery of sensitive data at scale (for example, Amazon Macie) (AWS Documentation: Discovering sensitive data with Amazon Macie)
- Encrypting data in transit and data at rest (for example, AWS KMS, AWS CloudHSM, ACM) (AWS Documentation: Encrypting Data-at-Rest and Data-in-Transit)
6.3 Implementing security monitoring and auditing solutions.
Required Knowledge
- Security auditing services and features (for example, CloudTrail, AWS Config, VPC Flow Logs, CloudFormation drift detection)
- AWS services for identifying security vulnerabilities and events (for example, GuardDuty, Amazon Inspector, IAM Access Analyzer, AWS Config)
- Common cloud security threats (for example, insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)
Skills
- Implementing robust security auditing (AWS Documentation: AWS security audit guidelines)
- Configuring alerting based on unexpected or anomalous security events (AWS Documentation: Using CloudWatch anomaly detection)
- Configuring service and application logging (for example, CloudTrail, CloudWatch Logs) (AWS Documentation: Sending events to CloudWatch Logs)
- Analyzing logs, metrics, and security findings (AWS Documentation: Analyze logs, findings, and metrics centrally)
AWS Certified DevOps Engineer Professional Exam FAQs
AWS Certification Exam Policy
Amazon Web Services (AWS) has implemented a well-defined set of certification policies and procedures to maintain a secure, consistent, and fair testing experience for all candidates. These policies are designed to protect the integrity of the AWS Certification Program and address key areas such as exam retakes, score reporting, and the inclusion of unscored questions.
– Exam Retake Policy
Candidates who do not pass an AWS certification exam must observe a mandatory 14-day waiting period before retaking the exam. There is no limit to the number of attempts; however, each retake requires payment of the full exam fee. This policy encourages proper preparation and reinforces the credibility of the certification process.
– Exam Scoring and Results
The AWS Certified DevOps Engineer – Professional (DOP-C02) exam is evaluated on a pass or fail basis. Scores are determined using a scaled scoring system, ranging from 100 to 1,000, with a minimum passing score of 750. This scaled approach ensures fairness across different versions of the exam, which may vary slightly in difficulty.
The scoring is based on a compensatory model, meaning candidates are not required to pass each individual section—only the overall score must meet or exceed the passing threshold. The score report may include a breakdown of performance by domain, offering insights into strengths and areas for improvement, although these section scores do not individually determine the final result.
AWS Certified DevOps Engineer Professional Exam Study Guide
Step 1: Understand the Exam Objectives Thoroughly
Begin your preparation by reviewing the official AWS DOP-C02 exam guide. This document outlines the key domains, knowledge areas, and task statements covered in the exam. Understanding these objectives will help you identify the core competencies AWS expects and prioritize your study areas accordingly. Focus on domains such as SDLC automation, configuration management, monitoring, incident response, and infrastructure as code.
Step 2: Leverage Official AWS Training Resources
AWS offers a variety of official training courses that are tailored specifically for the DevOps Engineer – Professional certification. These courses are created by AWS experts and provide deep insights into the services, best practices, and architecture patterns relevant to the exam. You can access instructor-led or on-demand training depending on your preferred learning style and schedule.
Step 3: Utilize AWS Skill Builder for Targeted Learning
The AWS Skill Builder platform offers structured learning paths and curated learning plans for the DOP-C02 exam. It allows you to explore video modules, labs, and quizzes aligned with each exam domain. You can personalize your study experience by focusing on areas where you need the most improvement and track your progress as you go.
Step 4: Enroll in Digital Courses to Fill Knowledge Gaps
Identify the domains or services you are less confident in—such as CloudFormation, CodePipeline, or operational automation—and enroll in specialized digital courses that focus on those topics. Many third-party platforms and AWS itself offer in-depth modules that can help reinforce key concepts and bridge any gaps in your technical knowledge.
Step 5: Get Hands-On with AWS Builder Labs
Practice is critical for mastering DevOps tools and workflows. Use AWS Builder Labs to get hands-on experience with real-world scenarios. These labs simulate DevOps tasks such as automating deployments, configuring monitoring systems, and securing environments. This practical exposure will help you internalize concepts and develop muscle memory for common tasks asked in the exam.
Step 6: Explore Gamified Learning with AWS Cloud Quest
Make your preparation interactive and engaging by using AWS Cloud Quest: DevOps Engineer. This gamified training tool allows you to solve real DevOps challenges in a virtual environment while earning points and unlocking achievements. It’s a great way to reinforce concepts in a fun, scenario-driven format.
Step 7: Test Your Skills with AWS Jam Events
Participate in AWS Jam sessions, which are challenge-based team learning experiences that mimic real-world AWS use cases. These events help you practice problem-solving and collaboration, which are essential for DevOps roles. Whether done solo or in a group, AWS Jam challenges push you to think critically and apply your knowledge practically.
Step 8: Join Study Groups and Online Communities
Connecting with peers can provide valuable insights and keep you motivated. Join online study groups, AWS discussion forums, or community Slack/Discord channels focused on AWS certifications. These platforms are great for asking questions, sharing resources, and learning from others’ experiences.
Step 9: Take Practice Exams to Assess Readiness
Before scheduling your actual exam, take several DOP-C02 practice tests from trusted providers. These mock exams simulate the exam format and difficulty, helping you get comfortable with time management and question types. Review your incorrect answers in detail to understand where your weaknesses lie and revisit those topics.
Step 10: Review, Reinforce, and Schedule the Exam
In the final phase of preparation, revisit the exam guide and your notes. Focus on reviewing high-priority areas, especially those where you scored lower in practice tests. Reinforce your understanding of best practices, AWS CLI commands, and automation workflows. Once you consistently score well on mock exams and feel confident with the content, go ahead and schedule your exam through Pearson VUE, choosing either a testing center or an online proctored format.
