In my off-time I’ve been studying for the AWS DevOps Engineer Professional Certification (exam blueprints can be found here). I have the SysOps Associate Certification and I wanted to keep pushing and learn as much as I could about the world’s leading cloud platform. Finally, last Monday I sat the exam and passed! Given this I’ll go over my exam preparation and tips, the impressions I had of it and hopefully yield some useful insights for anyone in preparation mode for this exam.
My AWS Background
I have roughly four years experience in AWS, my first use case for the platform was Elastic Map Reduce, where I set up Hadoop clusters to run Apache Pig scripts for a recommender engine. In those four years I, like most, have used services based on the commercial need at the time; EC2/RDS/Route 53 for hosting then got more sophisticated with Cloudformation, caching etc. AWS has evolved enormously in that time and it’s difficult not to stick with the toolset you know works, even when a better fit tool is released. With AWS it is obviously valuable to seek external courses to push yourself out of just using the standard patterns. Once you’ve expanded your knowledge you then use certification as a means of validating what you know. The combination of hands-on experience and study is a must to pass this certification, you really need be using what you’ve studied before sitting the exam.
As a first step for getting ready, make sure you’re on the same page as everyone else in terms of how you are leveraging AWS. To do this I used the following courses:
ACloudGuru: I highly recommend AWS Certified DevOps Engineer Professional course for anyone hoping to pass the exam, it brought me up to speed with the more recent and advanced features of AWS I wouldn’t regularly get to use in a business-as-usual environment. This course should be taken months before you plan to take the exam so you can start using the advanced features and be comfortable with them. I found it evened my skills out and many answers are given in the course that helped when it came to reasoning through exam questions. Even beyond the exam, Adrian and Nick (creators of the course) provide a great deal of AWS knowledge that is going to make you a more effective AWS engineer.
CloudAcademy: I found the content here useful, and it complemented what was on ACloudGuru. Focus on the practice exam available for DevOps Professional, the questions can give you an idea of where you are in your study and give you an insight into some of the fringe knowledge you’re going to need to know to pass the exam. The answers to the questions in the practice exams lead back to relevant AWS whitepapers and documentation that is going to be mandatory reading before sitting the exam.
Once I was confident with my base AWS knowledge, I went to the console and experimented with the DevOps solutions I had less experience with. Setting up
hello world sites on OpsWorks and Elastic Beanstalk to get a feel for them both and exploring what I came across in study was really important.
Before I booked anything I also took the practice exam provided by AWS to make sure I was ready for what was to come. I very much recommend this step also – in my case I found the questions matched to what I experienced taking the full exam. It’s twenty questions with an hour sitting time in an online format.
I found the questions to be AWS CI/deployment service heavy; I would 100% recommend setting up systems in Elastic Beanstalk, OpsWorks and Cloudformation (if you haven’t already). My go-to deployment method is Cloudformation backed by a CI service. I found Cloudformation elements of the exam straightforward; the questions tended to hint towards the advanced features such as wait conditions, custom resources and update policies. If you completed the A Cloud Guru content these should be clear.
Question Review Marking: Take advantage of the ability to mark a question for later review. If you’re spending too long with a question, select the most plausible solution and move on to the next (there may be many plausible answers). I answered what I knew for certain, then came back to the more verbose or in-the-weeds questions. Another benefit is that later questions may hint at solutions to a question you came across earlier where you had two reasonable solutions and that question cleared it up for you.
Misdirects: Services being used incorrectly or features that do not exist was an element of the exam. The only solution to these is actually knowing the services in and out and keeping up to date with the functionality of the services - the exam will try and trip you up. Ruling these out reduces the possible answers and makes answering correctly easier. Keeping up with the AWS blog and documentation to know what is possible in the service will help a lot.
Most Frequent Questions
Cloudformation/Opsworks/Elastic Beanstalk: These came as comparitative solutions to a proposed scenario - generally there was some tip which made one of the three the more likely choice, or the proposed solution in the answer had a flaw which ruled it out. The only way to get these questions is knowing the services well. A big proportion of the questions were dedicated to these.
Deployment techniques: Which is the best way to implement a blue/green deployment, how to use Cloudformation policies to implement rolling deployments on stack updates, load balancing edge cases, and deployment in the context of Cloudformation/OPSWorks/Elastic Beanstalk dominated a lot of the exam.
Cloudwatch Monitoring/Alerting/Logs: These came up in the scope of monitoring systems along with SNS/SES. Expect questions about metrics to scale up and down on, how to alert effectively given ill fitting metrics, and knowing what the Cloudwatch Log Agent can and can’t do.
Autoscaling: I had many questions about autoscaling in relation to their lifecycles, use of stand-by states, log management and their interactions with launch configurations and loadbalancers. A lot of experience with and study of autoscaling is going to help here.
Credential Storage: I had questions on how credentials should be managed in AWS. Remember that the exam predates SSM parameter store and does not mention credential storage solutions such as Unicreds or Credstash. Friends do not let friends store credentials in version control.
IAM and Cross account access: I had a question or two about allowing external access to an AWS account through principals.
EBS: Volume and snapshot management.
Questions I Expected
Networking: Not much in the way of Direct Connect, VPC, VPN or connectivity questions, these however feature heavily in the Solutions Architect Professional Certification.
DynamoDB: I expected more DynamoDB deep dive questions, I didn’t get many however.
AWS Governance/Account Federation: IAM was mentioned in a few questions but I thought there would be more.
For the record, at the time of this article there are 1,800 AWS DevOps professionals gauging from my certificate ID (AWS-PDOE-1825) so there are plenty of people worldwide with this cert; for comparison, the architect associate has around 32,000 as of February. I found it to be a great means of pushing myself to be a better engineer. I think it’s very easy to fall into the trap of thinking you know the best way of engineering a solution; consulting AWS and the community to validate if a newer and simpler solution exists can save you so much time and heartache in the long run. To finish, I will refer back to Jeff Atwoods classic programming article Sharpening the Saw. If there are any questions I can field, please feel free to email me or leave a question in the comments below, thanks all.