On March 7, AWS released a new version of the AWS Certified Developer Associate exam (DOP-C02), and the previous version of the exam (DOP-C01) is no longer available. If you are currently preparing for the exam, you are probably wondering what has changed.
To answer that question for you, we recently took the exam. Below is a breakdown of everything you need to know in order to be successful when taking the DOP-C02.
What’s the difference between DOP-C01 vs DOP-C02?
There have been significant changes in the exam domains and weighting of the AWS Certified Developer Associate exam. All but one of the domains has changed weighting, with the biggest change being the Policies and Standards Automation domain has changed to Security and Compliance.
This is more than just a renaming, but a major shift in focus to security, with an increased weighting from 10% to 17%, as shown in the diagram below.
Despite the changes, if you’re studying A Cloud Guru’s AWS Certified DevOps Engineer – Professional prep course, you’ve already got a strong foundation for the DOP-C02 exam – you just need to learn a bit more to cover your knowledge gaps. Thankfully, we’ve worked hard to update this prep course to help you crush the new exam version, and it is now in line with the new requirements.
New Domain: Security and Compliance
As you’d expect, this new domain is dedicated to security with a focus on applying automation for security controls and data protection. You can expect to encounter questions related to AWS Identity Center (formerly known as AWS Single Sign-on), AWS Security Token Service (STS), and other services such as AWS Network Firewall, AWS WAF, AWS Shield, Amazon Detective, Guard Duty, and Security Hub.
Some of these (Network Firewall, WAF, Shield) are important because the domain mentions applying “automation for security controls and data protection.” If you’re weak in any of these areas, I’d dedicate some time in getting to know these service offerings.
There’s a greater focus on multi-account and multi-region concepts
In your exam preparation, devote a lot of energy to services that help in multi-account and multi-region scenarios. The exam guide mentions these fifteen times across almost all of the exam domains.
Most Valuable Service for Multi-Account and Multi-Region Environments: AWS Organizations
There are a ton of AWS services to know about, so it helps where to spend the most learning bang for your buck. In sports, we have the MVP (Most Valuable Player), but in AWS, what’s the most MVS (Most Valuable Service) when it comes to the multi-account and multi-region scenarios mentioned above?
Certainly, CloudFormation StackSets are a valuable tool when deploying at scale. But as you get more experience with these diverse environments, you’ll find there is one service that’s always getting its hands dirty and helping us manage all of our accounts across multiple regions. And so, our nomination for MVS in these scenarios is AWS Organizations.
Understanding how AWS Organizations works and its features, as well as how it fits into the big picture and can be used to solve complicated scenarios, will be critical to your success in the exam. It’s a service that helps manage all accounts across multiple regions and is closely coupled with AWS Control Tower, a newer service which should also receive proper attention in your preparation.
Make sure you know about AWS Config
Sticking with the AWS Organizations theme, what’s our main tool for security in AWS Organizations? Service Control Policies (SCPs). And what about compliance across multiple accounts? Well, when we see the word compliance in AWS, the first service that should come to mind is AWS Config.
But how do we implement AWS Config in a multi-account, multi-region environment? We can use the AWS Config Aggregator. An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from multiple accounts and regions. And the aggregator can also collect data from an organization in AWS Organizations and all the accounts in that organization which have AWS Config enabled. All of this really points to AWS Config being an important player on the DevOps Pro exam.
Deployment pipelines is still a large part of the exam
Deployment Pipelines remains a big focus in the DOP-C02 exam, with an emphasis on pipeline security and performing deployments across multiple accounts. You’ll need to use the principle of least privilege for accessing various accounts, such as dev, test, and prod. Knowing how to implement least privilege as your accounts become more restrictive (with prod being the most restrictive) is crucial.
Preparing for the AWS Certified DevOps Professional Exam
So that sums up the new AWS DevOps Pro DOP-C02 exam. You still need to understand deployment pipelines, but you need to build on that and extend your knowledge to multiple accounts and regions (Hint: AWS Organizations!) and know how to apply security to our deployment pipelines across multiple accounts.
If you’re studying for the DOP-C02, we highly recommend you check out A Cloud Guru’s cert prep course for the AWS Certified DevOps Engineer – Professional. It will teach you everything you need to go in and ace the exam. Also, don’t forget to read the official exam guide to check out more about the new weightings and requirements.
We also have three practice exams you can use to make sure you’re prepared and confident to sit the real thing, which you can check out below. Note that you will need an A Cloud Guru account to take these:
We know you’ll crush the exam on the day. As always, keep being awesome, gurus!