2021 AWS DOP 證照心得

目錄

前言
官方考試指南
實戰經驗談
運算
聯網和內容交付
開發人員工具
儲存
紀錄(log)
高可用性、容錯、災難恢復
其它
實作建議
總結
參考

前言

官方考試指南

  • 在 AWS 上實作和管理持續交付系統和方法
  • 實作和自動化安全控制、管控處理程序和合規驗證
  • 在 AWS 上定義和部署監控、指標和記錄系統
  • 在 AWS 平台上實作具高度可用性、可擴展性和自我修復能力的系統
  • 設計、管理和維護工具以自動化操作程序
  • 具有至少使用一種高階程式設計設計語言開發程式碼的經驗
  • 建構高度自動化基礎架構的經驗
  • 管理操作系統的經驗
  • 了解現今的開發與作業程序及方法
+-------+--------------------------------+-----+
| 領域1 | SDLC 自動化 | 22% |
+-------+--------------------------------+-----+
| 領域2 | 配置管理與基礎設施即程式碼 | 19% |
+-------+--------------------------------+-----+
| 領域3 | 監控與紀錄系統 | 15% |
+-------+--------------------------------+-----+
| 領域4 | 政策與標準自動化 | 10% |
+-------+--------------------------------+-----+
| 領域5 | 事故與事件反應 | 18% |
+-------+--------------------------------+-----+
| 領域6 | 高可用性、容錯能力、與災難恢復 | 16% |
+-------+--------------------------------+-----+
  1. 應用自動化 CI/CD 管道所需的概念
    • 建立版本庫
    • 建立組建服務(build services) 
    • 整合自動化測試(譬如:單元測試、整合測試)
    • 建立產品/產品服務部署
    • 編排多組管道階段(pipeline stages)
  2. 決定版本控制策略以及如何實作
    • 決定從多位貢獻者整合程式碼變動的工作流程
    • 評估安全性需求以及建議程式碼版本庫存取設計
    • 讓執行中應用程式的版本和版本庫版本一致(標籤)
    • 分辨不同的版本控制類型
  3. 應用自動化和整合測試所需的概念
    • 執行整合測試作為程式碼合併程序的一部分
    • 執行大規模負載/壓力測試與測試應用程式效能
    • 根據應用程式結束代碼(exit code)量測應用程式的健康狀況()
    • 自動化單元測試好檢查通過/失敗、程式碼覆蓋率(CodePipeline、CodeBuild 等等)
    • 透過管道整合測試
  4. 應用安全地組建和管理成品(artifacts)的概念
    • 根據成品安全性分類分辨儲存選項
    • 翻譯應用程式需求到作業系統和套件配置裡頭(組建規格,build specs)
    • 決定程式碼/環境相依性與所需資源
    譬如:CodeDeploy AppSpec、CodeBuild buildspec
    • 執行程式碼組建程序
  5. 決定部署/交付策略(像是A/B、藍/綠、金絲雀、紅/黑)以及如何使用 AWS 服務實作這些策略
    • 基於工作需求決定正確的交付策略
    • 評判現有佈署策略與建議可改善的項目
    • 根據企業最低營運目標推薦 DNS/路由策略(像是 Route53、ELB、ALB、負載平衡器)
    • 驗證部署成功/失敗並自動化復原
  1. 基於部署需求決定部署服務
    • 展示部署模型(deployment models)的程序流程知識
    • 給定部署模型情況下,分類和實作相關 AWS 服務以滿足需求
    o 根據需求決定合適使用 CloudFormation 而非 OpsWorks (這條描述原文我判斷不出在供殺小,根據經驗所做的猜測;Given the requirement to have Dynamo DB choose CloudFormation instead of OpsWorks)
    o 決定復原更新(後)要做什麼事
  2. 根據企業需求決定應用程式和基礎設施部署模型
    • 根據企業需求平衡不同考量(成本、可用性、恢復時間)以選擇最佳的部署模型
    • 給定特定 AWS 服務決定部署模型
    • 分析連於部署模型的風險和相關修復方針
  3. 應用資源佈建自動化中的安全性概念
    • 根據需求選擇最佳的自動化工具
    • 展示資源佈建之安全性最佳實踐的知識
    • 對一個部署(像是建立、推動等等)所有的週期階段審查 IAM 政策並評估充足但最少的權限是否被賦予
    • 審查憑證管理方案(像是 EC2 參數存放、第三方)
    • 建立自動化
    o CloudFormation 範本、Chef Recipe、Cookbooks、Code pipeline 等等
  4. 在一個部署中決定如何實作生命週期關聯(lifecycle hooks)
    • 決定合適的整合技術以符合專案需求
    • 在一個 Auto Scaling 群組中選擇合適的關聯方案(譬如實作節點失效後的葉節點選擇)
    • 評估關聯實作的失敗影響(如果一個遠端呼叫失、如果一個相依服務暫時無法使用—譬如 Amazon S3—)並推薦彈性上可改善的項目
    • 對失敗影響評估部署推展程序並評估返轉/復原流程
  5. 應用使用 AWS 配置管理工具和服務管理系統所需的概念
    • 辨認 AWS 配置管理工具的優劣
    • 展示配置管理元件的知識
    • 在無需協助下執行端到端配置管理服務同時遵循業界最佳實踐
  1. Determine how to set up the aggregation, storage, and analysis of logs and metrics.
  2. Apply concepts required to automate monitoring and event management of an environment
  3. Apply concepts required to audit, log, and monitor operating systems, infrastructures, and applications
  4. Determine how to implement tagging and other metadata strategies
  1. Apply concepts required to enforce standards for logging, metrics, monitoring, testing, and security
  2. Determine how to optimize cost through automation
  3. Apply concepts required to implement governance strategies
  1. Troubleshoot issues and determine how to restore operations
  2. Determine how to automate event management and alerting
  3. Apply concepts required to implement automated healing
  4. Apply concepts required to set up event-driven automated actions
  1. Determine appropriate use of multi-AZ versus multi-region architectures
  2. Determine how to implement high availability, scalability, and fault tolerance
  3. Determine the fight services based on business needs (e.g., RTO/RPO, cost)
  4. Determine how to design and automate disaster recovery strategies
  5. Evaluate a deployment for points of failure

實戰經驗談

運算

Introducing Native Support for Predictive Scaling with Amazon EC2 Auto Scaling ⁴¹
Model serving in Java with AWS Elastic Beanstalk made easy with Deep Java Library ²⁸
How to get notified on specific Lambda function error patterns using CloudWatch ²⁹
Figure in How Steamhaus Used AWS Well-Architected to Improve Sperry Rail’s Artificial Intelligence System
Figure in Game Server Hosting on AWS Fargate

聯網和內容交付

開發人員工具

Blue/Green Deployments with Amazon Elastic Container Service¹⁶
Best practices for organizing larger serverless applications¹²
Figure in CI/CD on Amazon EKS using AWS CodeCommit, AWS CodePipeline, AWS CodeBuild, and FluxCD

儲存

Figure in Use Amazon DynamoDB Accelerator (DAX) from AWS Lambda to increase performance while reducing costs

紀錄(log)

BBVA: Architecture for Large-Scale Macie Implementation

高可用性、容錯、和災難復原

Figure in Implementing Multi-Region Disaster Recovery Using Event-Driven Architecture

其它

Improve monitoring of AWS Systems Manager Agent²⁶
How to visualize multi-account Amazon Inspector findings with Amazon Elasticsearch Service³⁷

實作建議

總結

Day 2 is stasis. Followed by irrelevance. Followed by excruciating, painful decline. Followed by death. And that is why it is always Day 1. — Jeff Bezos

參考

  1. Construct Hub,
    https://constructs.dev/search?q=scott.hsieh&offset=0
  2. AWS User Group Taiwan Meetup 2021–07 線上小,https://youtu.be/HG8mQ32m970
  3. 不是坐著玩原神就是躺著刷天諭,偶爾膩了就和派翠絲速刷各式西洋韓國劇,最後一部看的是 VOCIE 4 來著。
  4. 台北大縱走,https://gisweb.taipei.gov.tw/release/
  5. Kudzu,https://wiki.guildwars2.com/wiki/Kudzu
  6. AWS Certified DevOps Engineer — Professional,https://aws.amazon.com/tw/certification/certified-devops-engineer-professional/
  7. DOP 考試指南,https://d1.awsstatic.com/training-and-certification/docs-devops-pro/AWS-Certified-DevOps-Engineer-Professional_Exam-Guide.pdf
  8. Amazon Web Services, Inc. or its affiliates., 2017. Running Containerized Microservices on AWS. [ebook] Available at: https://d1.awsstatic.com/whitepapers/DevOps/running-containerized-microservices-on-aws.pdf [Accessed 25 July 2021].
  9. Amazon Web Services, Inc. or its affiliates., 2021. Elastic Load Balancing features. [online] Amazon Web Services, Inc. Available at: https://aws.amazon.com/elasticloadbalancing/features/ [Accessed 7 August 2021].
  10. Amazon Web Services, Inc. or its affiliates, 2021. Error retries and exponential backoff in AWS. [online] Docs.aws.amazon.com. Available at: https://docs.aws.amazon.com/general/latest/gr/api-retries.html [Accessed 31 July 2021].
  11. Ball, D. and Fallahi, K., 2020. AWS CodeDeploy now supports linear and canary deployments for Amazon ECS. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/containers/aws-codedeploy-now-supports-linear-and-canary-deployments-for-amazon-ecs/ [Accessed 8 August 2021].
  12. Beswick, J., 2020. Best practices for organizing larger serverless applications. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/compute/best-practices-for-organizing-larger-serverless-applications/ [Accessed 8 August 2021].
  13. Bingöl, S., 2020. Exam Readiness : AWS DevOps Engineer Professional (DOP-C01). [online] Medium. Available at: https://medium.com/aws-certified-user-group-turkey/exam-readiness-aws-devops-engineer-professional-dop-c01-975e22b3f98a [Accessed 7 August 2021].
  14. Bhattacharya, S., Benjamin, G. and Natarajan, V., 2021. Simplify your data lifecycle by using object tags with Amazon S3 Lifecycle. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/storage/simplify-your-data-lifecycle-by-using-object-tags-with-amazon-s3-lifecycle/ [Accessed 8 August 2021].
  15. Chapman, C., 2020. Creating a secure DevOps pipeline for AWS Service Catalog. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/mt/creating-a-secure-devops-pipeline-for-aws-service-catalog/ [Accessed 8 August 2021].
  16. Cowan, J., Sharma, A. and Dalbhanjan, P., 2017. Blue/Green Deployments with Amazon Elastic Container Service. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/compute/bluegreen-deployments-with-amazon-ecs/ [Accessed 18 July 2021].
  17. DeJong, K., 2020. Introducing AWS CloudFormation modules. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/mt/introducing-aws-cloudformation-modules/ [Accessed 28 July 2021].
  18. Docker Inc., 2021. Configure logging drivers. [online] Docker Documentation. Available at: https://docs.docker.com/config/containers/logging/configure/ [Accessed 31 July 2021].
  19. Dodge, C. and Quigg, S., 2018. A simpler way to assess the network exposure of EC2 instances: AWS releases new network reachability assessments in Amazon Inspector. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/security/amazon-inspector-assess-network-exposure-ec2-instances-aws-network-reachability-assessments/ [Accessed 1 August 2021].
  20. Hochstein, L., Prytoegrian, Siqueira, D., Basgall, S., Smith, S., Harvey, A. and Berry, C., 2016. Netflix/chaosmonkey: Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures. [online] GitHub. Available at: https://github.com/netflix/chaosmonkey [Accessed 31 July 2021].
  21. Houlihan, R., 2018. Amazon DynamoDB Deep Dive: Advanced Design Patterns for DynamoDB (DAT401). [video] Available at: https://youtu.be/HaEPXoXVf2k [Accessed 8 August 2021].
  22. Jayendra’s Cloud Certification Blog. 2021. AWS Certified DevOps Engineer — Professional (DOP-C01) Exam Learning Path. [online] Available at: https://jayendrapatil.com/aws-certified-devops-engineer-professional-exam-learning-path/ [Accessed 24 May 2021].
  23. Idziorek, J., 2017. Amazon DynamoDB Accelerator (DAX): A Read-Through/Write-Through Cache for DynamoDB. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/database/amazon-dynamodb-accelerator-dax-a-read-throughwrite-through-cache-for-dynamodb/ [Accessed 8 August 2021].
  24. Intellipaat, 2019. Puppet Tutorial for Beginners | Puppet Tutorial | Intellipaat. [video] Available at: https://www.youtube.com/watch?v=kHD4KQKKP5Y [Accessed 3 August 2021].
  25. Ismail, M. and Bentzen, M., 2021. Secure your Amazon VPC DNS resolution with Amazon Route 53 Resolver DNS Firewall. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/networking-and-content-delivery/secure-your-amazon-vpc-dns-resolution-with-amazon-route-53-resolver-dns-firewall/ [Accessed 7 August 2021].
  26. Lempka, R., 2021. Improve monitoring of AWS Systems Manager Agent. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/mt/improve-monitoring-of-aws-systems-manager-agent/ [Accessed 7 August 2021].
  27. Lewis, J. and Fowler, M., 2014. Microservices. [online] martinfowler.com. Available at: https://martinfowler.com/articles/microservices.html [Accessed 31 July 2021].
  28. Liu, F., 2021. Model serving in Java with AWS Elastic Beanstalk made easy with Deep Java Library. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/machine-learning/model-serving-in-java-with-aws-elastic-beanstalk-made-easy-with-deep-java-library/ [Accessed 2 August 2021].
  29. Malhotra, S. and Mathur, R., 2020. How to get notified on specific Lambda function error patterns using CloudWatch. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/mt/get-notified-specific-lambda-function-error-patterns-using-cloudwatch/ [Accessed 9 August 2021].
  30. Meyer, C., 2018. Signaling AWS CloudFormation WaitConditions using AWS PrivateLink. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/mt/signaling-aws-cloudformation-waitconditions-using-aws-privatelink/ [Accessed 31 July 2021].
  31. Miguelez, B. and Chapman, C., 2020. Standardizing CI/CD pipelines for .NET web applications with AWS Service Catalog. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/devops/standardizing-cicd-pipelines-net-web-applications-aws-service-catalog/ [Accessed 3 August 2021].
  32. Mui, A. and Vlasceanu, V., 2015. (DVO401) Deep Dive into Blue/Green Deployments on AWS. [video] Available at: <https://youtu.be/aX54mhZbN58> [Accessed 17 July 2021].
  33. Munns, C., 2017. Implementing Canary Deployments of AWS Lambda Functions with Alias Traffic Shifting. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/compute/implementing-canary-deployments-of-aws-lambda-functions-with-alias-traffic-shifting/ [Accessed 5 August 2021].
  34. Peven, B., 2020. Introducing Instance Refresh for EC2 Auto Scaling. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/compute/introducing-instance-refresh-for-ec2-auto-scaling/ [Accessed 31 July 2021].
  35. Rakesh Singh, 2021. Blue/Green deployment with AWS Developer tools on Amazon EC2 using Amazon EFS to host application source code. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/devops/blue-green-deployment-with-aws-developer-tools-on-amazon-ec2-using-amazon-efs-to-host-application-source-code/ [Accessed 7 August 2021].
  36. Rathore, A., 2020. AWS Networking — ENI, ENA & EFA. [online] Medium. Available at: https://medium.com/nerd-for-tech/aws-networking-eni-ena-efa-2db316fdbf85 [Accessed 6 August 2021].
  37. Saha, M., 2020. How to visualize multi-account Amazon Inspector findings with Amazon Elasticsearch Service. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/security/how-to-visualize-multi-account-amazon-inspector-findings-with-amazon-elasticsearch-service/ [Accessed 1 August 2021].
  38. Sato, D., 2014. bliki: CanaryRelease. [online] martinfowler.com. Available at: https://martinfowler.com/bliki/CanaryRelease.html [Accessed 31 July 2021].
  39. Sharma, A., Cowan, J., Sosiak, Y., Dalbhanjan, P. and Siri, J., 2017. Reference architecture for doing blue green deployments on ECS. [online] GitHub. Available at: https://github.com/aws-samples/ecs-blue-green-deployment [Accessed 31 July 2021].
  40. Wagner, A., 2017. Automatically Archive Items to S3 Using DynamoDB Time to Live (TTL) with AWS Lambda and Amazon Kinesis Firehose. [online] Amazon Web Services. Available at: https://aws.amazon.com/tw/blogs/database/automatically-archive-items-to-s3-using-dynamodb-time-to-live-with-aws-lambda-and-amazon-kinesis-firehose/ [Accessed 8 August 2021].
  41. White, E., Horsfield, S. and Sethi, A., 2021. Introducing Native Support for Predictive Scaling with Amazon EC2 Auto Scaling. [online] Amazon Web Services. Available at: https://aws.amazon.com/blogs/compute/introducing-native-support-for-predictive-scaling-with-amazon-ec2-auto-scaling/ [Accessed 8 August 2021].
  42. Wikipedia, 2021. Conway’s law. [online] En.wikipedia.org. Available at: https://en.wikipedia.org/wiki/Conway's_law [Accessed 31 July 2021].
  43. Wiggins, A., 2017. The Twelve-Factor App. [online] 12factor.net. Available at: https://12factor.net/ [Accessed 31 July 2021].

--

--

--

10 x AWS-certified, Data Architect in the 104 Corporation. An AWS Community Builder

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Scott Hsieh (史考特)

Scott Hsieh (史考特)

10 x AWS-certified, Data Architect in the 104 Corporation. An AWS Community Builder

More from Medium

Cloud Platforms like AWS and more….!!!!!

Why do we need to move our web apps & apps to the cloud?

Automate tasks with SMS via Amazon Pinpoint

AWS re:Invent 2021 — Announcements Worth Noting