Book Image

AWS Certified DevOps Engineer - Professional Certification and Beyond

By : Adam Book
Book Image

AWS Certified DevOps Engineer - Professional Certification and Beyond

By: Adam Book

Overview of this book

The AWS Certified DevOps Engineer certification is one of the highest AWS credentials, vastly recognized in cloud computing or software development industries. This book is an extensive guide to helping you strengthen your DevOps skills as you work with your AWS workloads on a day-to-day basis. You'll begin by learning how to create and deploy a workload using the AWS code suite of tools, and then move on to adding monitoring and fault tolerance to your workload. You'll explore enterprise scenarios that'll help you to understand various AWS tools and services. This book is packed with detailed explanations of essential concepts to help you get to grips with the domains needed to pass the DevOps professional exam. As you advance, you'll delve into AWS with the help of hands-on examples and practice questions to gain a holistic understanding of the services covered in the AWS DevOps professional exam. Throughout the book, you'll find real-world scenarios that you can easily incorporate in your daily activities when working with AWS, making you a valuable asset for any organization. By the end of this AWS certification book, you'll have gained the knowledge needed to pass the AWS Certified DevOps Engineer exam, and be able to implement different techniques for delivering each service in real-world scenarios.

Related Content you might be interested in

Current Title:

Small book image
AWS Certified DevOps Engineer - Professional Certification and Beyond
Adam Book
Nov, 2021 | 638 pages
Small book image
AWS Certified Cloud Practitioner Exam Guide
Rajesh Daswani
Jan, 2022 | 630 pages
Small book image
AWS Certified SysOps Administrator ??? Associate Guide
Marko Sluga
Jan, 2019 | 584 pages
Small book image
AWS for System Administrators
Prashant Lakhera
Feb, 2021 | 388 pages
Table of Contents (31 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share your thoughts
1
Section 1: Establishing the Fundamentals
Section 1: Establishing the Fundamentals
Free Chapter
2
Chapter 1: Amazon Web Service Pillars
Chapter 1: Amazon Web Service Pillars
Service pillars overview
Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Overarching service pillar principals
Summary
Review questions
Review answers
Further reading
3
Chapter 2: Fundamental AWS Services
Chapter 2: Fundamental AWS Services
Technical requirements
Setting up and accessing your AWS account
Cloud compute in AWS
Virtual Private Cloud networking and Route 53 networking
Cloud databases
Message and queueing systems
Trusted Advisor
Summary
Review questions
Review answers
4
Chapter 3: Identity and Access Management and Working with Secrets in AWS
Chapter 3: Identity and Access Management and Working with Secrets in AWS
Technical requirements
Understanding the Shared Responsibility Model in AWS
IAM roles, groups, users, and policies
Using AWS Organizations as part of your guidance
Integrating federation with an AWS account
Storing secrets securely in AWS
Using Cognito with application authentication
Summary
Review questions
Review answers
5
Chapter 4: Amazon S3 Blob Storage
Chapter 4: Amazon S3 Blob Storage
S3 concepts
S3 endpoints
S3 access control
S3 access logs
Encryption options with S3
Using S3 events to trigger other AWS services
S3 Batch operations
S3 Batch hands on-example
S3 replication
S3 versioning
Summary
Review questions
Review answers
6
Chapter 5: Amazon DynamoDB
Chapter 5: Amazon DynamoDB
Understanding the basis and background of DynamoDB
Understanding DynamoDB data modeling
Inserting and accessing data in DynamoDB
Understanding DynamoDB Streams
Using the DynamoDB accelerator (DAX)
Authenticating and authorizing in DynamoDB
Monitoring DynamoDB
Summary
Review questions
Review answers
7
Section 2: Developing, Deploying, and Using Infrastructure as Code
Section 2: Developing, Deploying, and Using Infrastructure as Code
8
Chapter 6: Understanding CI/CD and the SDLC
Chapter 6: Understanding CI/CD and the SDLC
Introduction to the SDLC
Development teams
Understanding the different types of deployments
Review questions
Review answers
Summary
9
Chapter 7: Using CloudFormation Templates to Deploy Workloads
Chapter 7: Using CloudFormation Templates to Deploy Workloads
Technical requirements
Essential CloudFormation topics
Creating nested stacks with dependencies
Adding a helper script to a CloudFormation template
Understanding how to detect drift in CloudFormation templates
Using the Cloud Development Kit
Summary
Review questions
Review answers
10
Chapter 8: Creating Workloads with CodeCommit and CodeBuild
Chapter 8: Creating Workloads with CodeCommit and CodeBuild
Technical requirements
Using CodeCommit for code versioning
Setting up your CodeCommit repository
Using AWS CodeBuild
Summary
Review questions
Review answers
11
Chapter 9: Deploying Workloads with CodeDeploy and CodePipeline
Chapter 9: Deploying Workloads with CodeDeploy and CodePipeline
Technical requirements
About AWS CodePipeline
Setting up a code pipeline
Using Jenkins to build your workloads
About AWS CodeDeploy
Use cases for AWS CodeDeploy
Summary
Review questions
Review answers
12
Chapter 10: Using AWS Opsworks to Manage and Deploy your Application Stack
Chapter 10: Using AWS Opsworks to Manage and Deploy your Application Stack
Technical requirements
OpsWorks essentials
Use cases for AWS OpsWorks
Available OpsWorks platforms
Creating and deploying a recipe
Deployments in OpsWorks
Monitoring OpsWorks
Summary
Review questions
Review answers
13
Chapter 11: Using Elastic Beanstalk to Deploy your Application
Chapter 11: Using Elastic Beanstalk to Deploy your Application
Technical requirements
Understanding the built-in functionality of Elastic Beanstalk
Creating a service role in the IAM console
Installing and using the Elastic Beanstalk command-line interface (EB CLI)
Understanding advanced configuration options with .ebextensions
Deployment types with Elastic Beanstalk
Using Elastic Beanstalk to deploy an application
Elastic Beanstalk use cases
Summary
Review questions
Review answers
14
Chapter 12: Lambda Deployments and Versioning
Chapter 12: Lambda Deployments and Versioning
Technical requirements
AWS Lambda overview
Lambda functions
Lambda triggers and event source mappings
Deploying versions using Lambda
Working with Lambda layers
Monitoring Lambda functions
Optimal Lambda use cases and anti-patterns
Orchestrating Step Functions with Lambda
Summary
Questions
Answers
15
Chapter 13: Blue Green Deployments
Chapter 13: Blue Green Deployments
Understanding the concept of blue/green deployments
AWS services that you can use for blue/green deployments
Benefits of blue/green deployments with AWS
Techniques for performing blue/green deployments in AWS
Using best practices in your data tier with blue/green deployments
Summary
Review questions
Review answers
16
Section 3: Monitoring and Logging Your Environment and Workloads
Section 3: Monitoring and Logging Your Environment and Workloads
17
Chapter 14: CloudWatch and X-Ray's Role in DevOps
Chapter 14: CloudWatch and X-Ray's Role in DevOps
CloudWatch overview
Using CloudWatch to aggregate your logs
CloudWatch alarms
Adding application tracing with X-Ray
Summary
Review questions
Review answers
18
Chapter 15: CloudWatch Metrics and Amazon EventBridge
Chapter 15: CloudWatch Metrics and Amazon EventBridge
A closer look at CloudWatch metrics
Basic metrics in CloudWatch for AWS services
Using CloudWatch metrics to create dashboards
Amazon EventBridge overview
Summary
Questions
Review answers
19
Chapter 16: Various Logs Generated (VPC Flow Logs, Load Balancer Logs, CloudTrail Logs)
Chapter 16: Various Logs Generated (VPC Flow Logs, Load Balancer Logs, CloudTrail Logs)
Previous logs discussed
The power of AWS CloudTrail
Enabling Elastic Load Balancer logs
Using VPC Flow Logs
Cleaning up the resources
Summary
Review questions
Review answers
20
Chapter 17: Advanced and Enterprise Logging Scenarios
Chapter 17: Advanced and Enterprise Logging Scenarios
Using QuickSight to visualize data
Searching and grouping logs with managed Elasticsearch
Understanding the Amazon Kinesis service
Cleaning up resources
Summary
Review questions
Review answers
21
Section 4: Enabling Highly Available Workloads, Fault Tolerance, and Implementing Standards and Policies
Section 4: Enabling Highly Available Workloads, Fault Tolerance, and Implementing Standards and Policies
22
Chapter 18: Autoscaling and Lifecycle Hooks
Chapter 18: Autoscaling and Lifecycle Hooks
Understanding AWS Auto Scaling
Deploying EC2 instances with Auto Scaling
The Auto Scaling lifecycle
Using Auto Scaling lifecycle hooks
Summary
Review questions
Review answers
23
Chapter 19: Protecting Data in Flight and at Rest
Chapter 19: Protecting Data in Flight and at Rest
Data encryption introduction
Understanding KMS keys
Protecting data in transit with AWS Certificate Manager
Summary
Review questions
Review answers
24
Chapter 20: Enforcing Standards and Compliance with System Manger's Role and AWS Config
Chapter 20: Enforcing Standards and Compliance with System Manger's Role and AWS Config
The various capabilities of AWS Systems Manager
AWS Config essentials
Summary
Questions
Review answers
25
Chapter 21: Using Amazon Inspector to Check your Environment
Chapter 21: Using Amazon Inspector to Check your Environment
Understanding Amazon Inspector
Configuring the Inspector agent both manually and automatically
Summary
Review questions
Review answers
26
Chapter 22: Other Policy and Standards Services to Know
Chapter 22: Other Policy and Standards Services to Know
Detecting threats with Amazon GuardDuty
Seeing how to protect data intelligently with Amazon Macie
A brief look at the migration tools available from AWS
Summary
Review questions
Review answers
27
Section 5: Exam Tips and Tricks
Section 5: Exam Tips and Tricks
28
Chapter 23: Overview of the DevOps Professional Certification Test
Chapter 23: Overview of the DevOps Professional Certification Test
The DOP-C01 exam guide
How the exam is scored
Understanding the different testing options
Study tips for preparing for the exam
Summary
29
Chapter 24: Practice Exam 1
Chapter 24: Practice Exam 1
Test questions
Test answers
Question breakdown
Summary
Why subscribe?
30
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Operational excellence

As we look at the operational excellence pillar, especially in the context of DevOps, this is one – if not the most – important service pillar for your day-to-day responsibilities. We will start by thinking about how our teams are organized; after all, the DevOps movement came about from breaking down silos between Development and Operations teams.

Question – How does your team determine what its priorities are?

* Does it talk to customers (whether they're internal or external)?

* Does it get its direction from product owners who have drawn out a roadmap?

Amazon outlines five design principles that incorporate operational excellence in the cloud:

  • Performing Operations as Code
  • Refining operations frequently
  • Making small, frequent, and reversible changes
  • Anticipating failure
  • Learning from all operational failures

Let's take a look at each of these operational design principals in detail to see how they relate to your world as a DevOps engineer. As you go through the design principles of not only this pillar but all the service pillars, you will find that the best practices are spelled out, along with different services, to help you complete the objective.

Performing Operations as Code

With the contrivance of Infrastructure as Code, the cloud allows teams to create their applications using code alone, without the need to interact with a graphical interface. Moreover, it allows any the underlying networking, services, datastores, and more that's required to run your applications and workloads. Moving most, if not all, the operations to code does quite a few things for a team:

  • Distributes knowledge quickly and prevents only one person on the team from being able to perform an operation
  • Allows for a peer review of the environment to be conducted, along with quick iterations
  • Allows changes and improvements to be tested quickly, without the production environment being disrupted

In AWS, you can perform Operations as Code using a few different services, such as CloudFormation, the Cloud Development Kit (CDK), language-specific software development kits (SDK), or by using the command-line interface (CLI).

Refining operations frequently

As you run your workload in the cloud, you should be in a continual improvement process for not only your application and infrastructure but also your methods of operation. Teams that run in an agile process are familiar with having a retrospective meeting after each sprint to ask three questions: what went well, what didn't go well, and what has room for improvement?

Operating a workload in the cloud presents the same opportunities for retrospection and to ask those same three questions. It doesn't have to be after a sprint, but it should occur after events such as the following:

  • Automated, manual, or hybrid deployments
  • Automated, manual, or hybrid testing
  • After a production issue
  • Running a game day simulation

After each of these situations, you should be able to look at your current operational setup and see what could be better. If you have step-by-step runbooks that have been created for incidents or deployments, ask yourself and your team whether there were any missing steps or steps that are no longer needed. If you had a production issue, did you have the correct monitoring in place to troubleshoot that issue?

Making small, frequent, and reversible changes

As we build and move workloads into the cloud, instead of placing multiple systems on a single server, the best design practices are to break any large monolith designs into smaller, decoupled pieces. With the pieces being smaller, decoupled, and more manageable, you can work with smaller changes that are more reversible, should a problem arise.

The ability to reverse changes can also come in the form of good coding practices. AWS CodeCommit allows Git tags in code repositories. By tagging each release once it has been deployed, you can quickly redeploy a previous version of your working code, should a problem arise in the code base. Lambda has a similar feature called versions.

Anticipating failure

Don't expect that just because you are moving to the cloud and the service that your application is relying on is labeled as a managed service, that you no longer need to worry about failures. Failures happen, maybe not often; however, when running a business, any sort of downtime can translate into lost revenue. Having a plan to mitigate risks (and also test that plan) can genuinely mean the difference in keeping your service-level agreement (SLA) or having to apologize or, even worse, having to give customers credits or refunds.

Learning from failure

Things fail from time to time, but when they do, it's important not to dwell on the failures. Instead, perform post-mortem analysis and find the lessons that can make the team and the workloads stronger and more resilient for the future. Sharing learning across teams helps bring everyone's perspective into focus. One of the main questions that should be asked and answered after failure is, Could the issue be resolved with automatic remediation?

One of the significant issues in larger organizations today is that in their quest of trying to be great, they stop being good. Sometimes, you need to be good at the things you do, especially on a daily basis. It can be a steppingstone to greatness. However, the eternal quest for excellence without the retrospective of what is preventing you from becoming good can sometimes be an exercise in spinning your wheels, and not gaining traction.

Example – operational excellence

Let's take a look at the following relevant example, which shows the implementation of automated patching for the instances in an environment:

Figure 1.1 – Operational excellence – automated patching groups

Figure 1.1 – Operational excellence – automated patching groups

If you have instances in your environment that you are self-managing and need to be updated with patch updates, then you can use System Manager Patch Manager to help automate the task of keeping your operating systems up to date. This can be done on a regular basis using a Systems Manager Maintenance Task.

The initial step would be to make sure that the SSM agent (formally known as Simple Systems Manager) is installed on the machines that you want to stay up to date with patching.

Next, you would create a patching baseline, which includes rules for auto-approving patches within days of their release, as well as a list of both approved and rejected patches.

After that, you may need to modify the IAM role on the instance to make sure that the SSM service has the correct permissions.

Optionally, you can set up patch management groups. In the preceding diagram, we can see that we have two different types of servers, and they are both running on the same operating system. However, they are running different functions, so we would want to set up one patching group for the Linux servers and one group for the Database servers. The Database servers may only get critical patches, whereas the Linux servers may get the critical patches as well as the update patches.

Previous Section
End of Section 3
Next Section