{"id":12851,"date":"2026-06-21T15:00:29","date_gmt":"2026-06-21T09:30:29","guid":{"rendered":"https:\/\/www.scaler.com\/blog\/?p=12851"},"modified":"2026-06-21T15:00:32","modified_gmt":"2026-06-21T09:30:32","slug":"aws-devops-syllabus","status":"publish","type":"post","link":"https:\/\/www.scaler.com\/blog\/aws-devops-syllabus\/","title":{"rendered":"AWS DevOps Syllabus 2026 (DOP-C02): Every Domain, Every Tool, And A Very Realistic Study Plan"},"content":{"rendered":"\n

The AWS Certified DevOps Engineer Professional (DOP-C02) is not the kind of exam you pass by watching a 12-hour YouTube course the week before. It sits above the associate level, assumes you already know your way around AWS, and tests whether you can actually design and implement DevOps workflows, not just name the services. If you are treating this the same way you treated Cloud Practitioner, the exam will let you know. A very good luck!<\/p>\n\n\n\n

This guide maps the official DOP-C02 domains with their weightings, translates each into the specific AWS tools and concepts you need to know, and gives you a realistic study sequence. The information here is based on the official AWS DOP-C02 exam guide<\/a> and current AWS documentation. Verify the official page for any updates before your exam date, since AWS adjusts domain weightings occasionally.<\/p>\n\n\n\n

<\/span>DOP-C02 Exam Overview<\/strong><\/span><\/h2>\n\n\n\n
Attribute<\/strong><\/td>Details<\/strong><\/td><\/tr>
Exam code<\/td>DOP-C02<\/td><\/tr>
Level<\/td>Professional (not entry level)<\/td><\/tr>
Format<\/td>65 questions, mix of multiple choice and multiple response<\/td><\/tr>
Duration<\/td>180 minutes<\/td><\/tr>
Passing score<\/td>750 out of 1000<\/td><\/tr>
Exam fee<\/td>Approximately USD 300 (around 25,000 INR at current rates)<\/td><\/tr>
Languages available<\/td>English, Japanese, Korean, Simplified Chinese<\/td><\/tr>
Recommended prerequisites<\/td>AWS Solutions Architect Associate or Developer Associate, plus 2 or more years of hands-on AWS experience<\/td><\/tr>
Validity<\/td>3 years from exam date<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

The professional level exam does not hold your hand since the wrong answers are written to sound reasonable, sometimes more reasonable than the correct one. Memorizing service names doesn\u2019t help here either. The exam wants to know if you can think through cost, scalability, and operational trade-offs, not whether you have read the AWS glossary. Spoiler: everyone has read the AWS glossary.<\/p>\n\n\n\n

For context on exam costs relative to training costs, the AWS cloud course fees guide<\/a> covers what preparation programmes typically charge alongside official exam fees.<\/p>\n\n\n\n

<\/span>The AWS DevOps Syllabus: Domains and Weightings<\/strong><\/span><\/h2>\n\n\n\n

The DOP-C02 exam is divided into five domains. The weightings tell you where to spend your study time. A domain at 22 percent is worth more than twice the preparation time of a domain at 10 percent.<\/p>\n\n\n\n

Domain<\/strong><\/td>Weighting<\/strong><\/td>What it covers<\/strong><\/td><\/tr>
Domain 1: SDLC Automation<\/td>22%<\/td>CI\/CD pipelines, CodePipeline, CodeBuild, CodeDeploy, deployment strategies, testing integration<\/td><\/tr>
Domain 2: Configuration Management and IaC<\/td>17%<\/td>CloudFormation, CDK, SSM Parameter Store, Config, OpsWorks, Terraform integration<\/td><\/tr>
Domain 3: Resilient Cloud Solutions<\/td>15%<\/td>High availability design, Auto Scaling, ELB, multi-region architectures, disaster recovery<\/td><\/tr>
Domain 4: Monitoring and Logging<\/td>15%<\/td>CloudWatch metrics and alarms, CloudTrail, X-Ray, EventBridge, log aggregation, alerting<\/td><\/tr>
Domain 5: Incident and Event Response<\/td>14%<\/td>Automated remediation, event-driven responses, runbooks, Systems Manager Automation<\/td><\/tr>
Domain 6: Security and Compliance<\/td>17%<\/td>IAM policies, Secrets Manager, Config rules, GuardDuty, Security Hub, compliance automation<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Notice that SDLC Automation is the highest-weighted domain at 22 percent. If you are coming from a development background and feel comfortable with CI\/CD concepts generally, the AWS-specific implementation (CodePipeline, CodeBuild, CodeDeploy) is where to focus. If you are coming from infrastructure, the IaC and security domains deserve more time.<\/p>\n\n\n\n

The full AWS Tutorial<\/a> is useful background if any service names in those domains are unfamiliar before you start domain-specific prep.<\/p>\n\n\n\n

<\/span>Domain 1: CI\/CD and SDLC Automation (22%)<\/strong><\/span><\/h2>\n\n\n\n

This is the biggest domain and the one that trips up the most people who thought they could skip hands-on practice. Knowing that CodeDeploy exists is not the same as knowing what happens during the BeforeInstall hook when a deployment fails. The exam will find out. It always does.<\/p>\n\n\n\n

Core AWS services to know<\/strong><\/h3>\n\n\n\n

\u2022        CodePipeline: Orchestrating multi-stage deployment pipelines. Know how stages, actions, and transitions work, and how to integrate with third-party tools like GitHub and Jenkins.<\/p>\n\n\n\n

\u2022        CodeBuild: Build environment configuration, buildspec.yml structure, caching strategies, environment variables, and integration with ECR for container builds.<\/p>\n\n\n\n

\u2022        CodeDeploy: Deployment configurations for EC2, Lambda, and ECS. AppSpec file structure, lifecycle hooks, and rollback behaviour.<\/p>\n\n\n\n

\u2022        CodeCommit: Git-based repository hosting. Mostly tested in the context of triggering pipelines, not for deep repository management.<\/p>\n\n\n\n

\u2022        CodeArtifact: Artifact repository for package management. Know how it integrates into build pipelines.<\/p>\n\n\n\n

Deployment strategies tested in this domain<\/strong><\/h3>\n\n\n\n
Strategy<\/strong><\/td>How it works<\/strong><\/td>When the exam expects you to choose it<\/strong><\/td><\/tr>
In-place (rolling)<\/td>Existing instances updated sequentially<\/td>When you need zero new infrastructure and can tolerate brief reduced capacity<\/td><\/tr>
Blue\/green<\/td>New environment deployed alongside old, traffic shifted<\/td>When you need instant rollback capability and zero downtime<\/td><\/tr>
Canary<\/td>Small percentage of traffic routed to new version first<\/td>When you want to validate in production with limited blast radius<\/td><\/tr>
Linear<\/td>Traffic shifted in equal increments at specified intervals<\/td>For controlled progressive rollouts with automated rollback triggers<\/td><\/tr>
All-at-once<\/td>All instances updated simultaneously<\/td>Dev and test environments only; not recommended for production<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

The exam really enjoys the blue\/green vs canary question, in multiple variations, across different services. Blue\/green gives you instant rollback but uses double the infrastructure, which is fine until someone sees the bill. Canary reduces risk incrementally but rollback is slower. Memorise when each one is the right answer. You will see this at least twice.<\/p>\n\n\n\n

-><\/strong> <\/strong>DevOps concepts and CI\/CD fundamentals<\/a><\/p>\n\n\n\n

<\/span>Domain 2: Configuration Management and IaC (17%)<\/strong><\/span><\/h2>\n\n\n\n

CloudFormation is where candidates who only read theory get exposed. The exam does not ask what CloudFormation is rather it shows you a template with a subtle problem and asks why the stack is failing. If you have never actually written a CloudFormation template with nested stacks or custom resources, that question is going to be kinda unpleasant.<\/p>\n\n\n\n

CloudFormation specifics you need to know<\/strong><\/h3>\n\n\n\n

\u2022        Template structure: AWSTemplateFormatVersion, Parameters, Mappings, Conditions, Resources, Outputs, Metadata.<\/p>\n\n\n\n

\u2022        Stack operations: create, update, delete, and what happens during rollback. Change sets are important here.<\/p>\n\n\n\n

\u2022        Nested stacks and stack sets: when to use each and how cross-stack references work with Fn::ImportValue.<\/p>\n\n\n\n

\u2022        Custom resources: using Lambda-backed custom resources when CloudFormation does not natively support something.<\/p>\n\n\n\n

\u2022        Drift detection: identifying when a stack’s actual state has diverged from its template.<\/p>\n\n\n\n

\u2022        StackSets: deploying the same stack across multiple accounts and regions. Understand how permissions work with service-managed vs self-managed StackSets.<\/p>\n\n\n\n

Other IaC and configuration services<\/strong><\/h3>\n\n\n\n

\u2022        AWS CDK: know that it is a framework for defining infrastructure in general-purpose programming languages that synthesises to CloudFormation. Not tested deeply but appears in comparison questions.<\/p>\n\n\n\n

\u2022        AWS Systems Manager Parameter Store and Secrets Manager: differences in use cases, rotation capabilities, and cost.<\/p>\n\n\n\n

\u2022        AWS Config: recording resource configuration history, creating rules to check compliance, remediation actions.<\/p>\n\n\n\n

\u2022        OpsWorks: know what it is (Chef and Puppet managed service). It appears occasionally as a comparison option in questions where the correct answer is usually something else. AWS has been quietly letting it fade but it has not fully disappeared from the exam yet.<\/p>\n\n\n\n

-><\/strong> <\/strong>Cloud computing fundamentals for IaC context<\/a><\/p>\n\n\n\n

<\/span>Domain 3: Resilient Cloud Solutions (15%)<\/strong><\/span><\/h2>\n\n\n\n

This domain overlaps significantly with Solutions Architect content but focuses on implementation rather than design. The exam expects you to know not just what high availability looks like but how to automate it.<\/p>\n\n\n\n

\u2022        Auto Scaling Groups: scaling policies (target tracking, step scaling, scheduled), warm pools, instance refresh for rolling updates, and lifecycle hooks.<\/p>\n\n\n\n

\u2022        Elastic Load Balancing: ALB, NLB, and Gateway LB use cases. Target groups, health checks, and deregistration delay.<\/p>\n\n\n\n

\u2022        Multi-region architectures: Route 53 routing policies (failover, latency, geolocation), cross-region replication for S3 and RDS.<\/p>\n\n\n\n

\u2022        RDS and Aurora high availability: Multi-AZ configurations, read replicas, Aurora global databases for cross-region DR.<\/p>\n\n\n\n

\u2022        Disaster recovery patterns: backup and restore, pilot light, warm standby, active-active. Know the RTO\/RPO trade-offs for each.<\/p>\n\n\n\n

\u2022        ECS and EKS resilience: service auto scaling, cluster auto scaling, rolling deployment configurations.<\/p>\n\n\n\n

<\/span>Domain 4: Monitoring and Logging (15%)<\/strong><\/span><\/h2>\n\n\n\n

The exam tests whether you can design comprehensive observability, not just set up a CloudWatch alarm. Expect questions on aggregating logs from multiple sources, creating metric filters, and automating responses to operational events.<\/p>\n\n\n\n

\u2022        CloudWatch Metrics: standard vs custom metrics, metric math, anomaly detection, composite alarms.<\/p>\n\n\n\n

\u2022        CloudWatch Logs: log groups, retention policies, metric filters to create metrics from log patterns, Logs Insights for querying.<\/p>\n\n\n\n

\u2022        CloudWatch Alarms: alarm states (OK, ALARM, INSUFFICIENT_DATA), alarm actions (SNS, Auto Scaling, EC2 actions).<\/p>\n\n\n\n

\u2022        CloudWatch Dashboards: cross-account and cross-region dashboards.<\/p>\n\n\n\n

\u2022        CloudTrail: API logging, log file validation, CloudTrail Lake for analysis, multi-region trails.<\/p>\n\n\n\n

\u2022        AWS X-Ray: distributed tracing for microservices, service map, trace analysis.<\/p>\n\n\n\n

\u2022        EventBridge: event-driven automation, custom event buses, cross-account event routing, scheduled rules.<\/p>\n\n\n\n

\u2022        Container Insights: monitoring ECS and EKS clusters with CloudWatch.<\/p>\n\n\n\n

EventBridge is tested more heavily in recent exam versions. If you learned this content a few years ago and remember it as CloudWatch Events, that is fine, they are effectively the same service with a rebranded name. The exam uses EventBridge. Remember this, cause being the person who is surprised by the new name in the actual test isn\u2019t really something that can be worked through in the moment, at most times.<\/p>\n\n\n\n

<\/span>Domain 5: Incident and Event Response (14%)<\/strong><\/span><\/h2>\n\n\n\n

This domain is about automating your way out of operational problems rather than manually responding to them. The questions often describe a failure scenario and ask what automated response mechanism you should set up.<\/p>\n\n\n\n

\u2022        Systems Manager Automation: runbooks (SSM documents) for automated remediation, approval gates for human-in-the-loop workflows.<\/p>\n\n\n\n

\u2022        Systems Manager OpsCenter: aggregating operational issues, creating OpsItems from CloudWatch alarms and EventBridge events.<\/p>\n\n\n\n

\u2022        Lambda for event-driven remediation: triggered by CloudWatch alarms, EventBridge rules, or SNS. Common pattern for automated instance restart, snapshot creation, or isolation.<\/p>\n\n\n\n

\u2022        AWS Config remediation actions: automatically fixing non-compliant resources using SSM Automation documents.<\/p>\n\n\n\n

\u2022        EventBridge + Lambda: the standard pattern for reacting to events across the AWS ecosystem.<\/p>\n\n\n\n

\u2022        Step Functions: orchestrating multi-step automated workflows, useful when remediation involves multiple sequential or parallel actions.<\/p>\n\n\n\n

<\/span>Domain 6: Security and Compliance (17%)<\/strong><\/span><\/h2>\n\n\n\n

Security questions are where people lose marks they should not lose. The concepts are not especially hard but candidates who treat security as the domain to skim after doing all the CI\/CD practice pay for it. GuardDuty, Config, Inspector, and Security Hub are different services that do different things. The exam knows this and writes questions specifically to catch candidates who think they are interchangeable.<\/p>\n\n\n\n

\u2022        IAM: roles for EC2, Lambda, and ECS tasks. Service control policies in AWS Organizations. Permission boundaries. Cross-account access patterns.<\/p>\n\n\n\n

\u2022        Secrets Manager vs Parameter Store: Secrets Manager for database credentials and API keys with automatic rotation, Parameter Store for non-sensitive configuration and encrypted strings.<\/p>\n\n\n\n

\u2022        AWS Config: compliance rules, conformance packs, aggregated compliance reporting across accounts.<\/p>\n\n\n\n

\u2022        GuardDuty: threat detection, findings categories, automated remediation via EventBridge.<\/p>\n\n\n\n

\u2022        Security Hub: aggregating findings from GuardDuty, Inspector, Macie, and third-party tools.<\/p>\n\n\n\n

\u2022        Inspector: automated vulnerability scanning for EC2 instances and ECR container images.<\/p>\n\n\n\n

\u2022        Macie: PII detection in S3.<\/p>\n\n\n\n

\u2022        KMS: envelope encryption, key policies, cross-account key access, AWS managed vs customer managed keys.<\/p>\n\n\n\n

The security domain questions often involve choosing between two approaches that are both technically valid but differ in operational overhead or compliance strictness. Know the difference between what GuardDuty does (threat detection) vs what Config does (compliance verification) vs what Inspector does (vulnerability assessment). These come up as comparison questions.<\/p>\n\n\n\n

-><\/strong> <\/strong>AWS Developer Associate syllabus for prerequisite context<\/a><\/p>\n\n\n\n

<\/span>Finally, The Study Plan and Preparation Sequence<\/strong><\/span><\/h2>\n\n\n\n

The standard preparation time for DOP-C02 is 2 to 4 months for someone with real hands-on AWS experience. People who put 2 months on their preparation plan and spend most of it watching lecture videos rather than building things in actual AWS accounts tend to extend that timeline by discovering the gap in the exam hall.<\/p>\n\n\n\n

Phase<\/strong><\/td>Duration<\/strong><\/td>What to focus on<\/strong><\/td><\/tr>
Phase 1: Foundations<\/td>2 to 3 weeks<\/td>Review associate-level content if rusty. Focus on IAM, VPC, EC2, S3, and core networking. The professional exam assumes this is already solid.<\/td><\/tr>
Phase 2: Domain 1 (CI\/CD)<\/td>2 to 3 weeks<\/td>Build an actual CodePipeline. Deploy to EC2, Lambda, and ECS using CodeDeploy. Understand each deployment strategy by testing it.<\/td><\/tr>
Phase 3: Domain 2 (IaC)<\/td>2 weeks<\/td>Write CloudFormation templates from scratch. Create nested stacks, custom resources, and StackSets. Use drift detection.<\/td><\/tr>
Phase 4: Domains 3, 4, 5 (Resilience, Monitoring, Incidents)<\/td>2 to 3 weeks<\/td>Set up multi-region architecture, CloudWatch dashboards, EventBridge rules, and SSM automation runbooks.<\/td><\/tr>
Phase 5: Domain 6 (Security)<\/td>1 to 2 weeks<\/td>Configure GuardDuty, Security Hub, Config conformance packs, and Secrets Manager rotation.<\/td><\/tr>
Phase 6: Practice exams<\/td>2 weeks<\/td>Timed practice exams under real conditions. Review every wrong answer for the concept, not just the correct option.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Hands-on lab work is not optional for this exam. This is worth saying clearly because a lot of people treat it as optional and then wonder why the scenario questions do not click. Reading about CloudFormation drift detection is not the same as setting up a stack, manually changing a resource, running drift detection, and seeing what happens. AWS provides free hands-on labs and workshops<\/a> alongside the documentation. Use them.<\/p>\n\n\n\n

The exam particularly rewards understanding the ‘why’ behind architectural decisions. When you see a CodeDeploy question, the answer often depends on whether the scenario values instant rollback (blue\/green), minimal infrastructure cost (in-place), or gradual risk validation (canary). Practice articulating these trade-offs, not just recognising the names.<\/p>\n\n\n\n

-><\/strong> <\/strong>Scaler DevOps, Cloud & AI Platform Engineering course for structured AWS and DevOps preparation<\/a><\/p>\n\n\n\n

-><\/strong> <\/strong>Scaler Academy for broader software engineering foundations alongside certification prep<\/a><\/p>\n\n\n\n

<\/span>FAQs aka The Most Frequently Asked Questions<\/strong><\/span><\/h2>\n\n\n\n

What is the syllabus for the AWS DevOps Professional exam?<\/strong><\/h3>\n\n\n\n

The DOP-C02 exam covers six domains: SDLC Automation at 22 percent, Configuration Management and IaC at 17 percent, Security and Compliance at 17 percent, Resilient Cloud Solutions at 15 percent, Monitoring and Logging at 15 percent, and Incident and Event Response at 14 percent. Each domain maps to specific AWS services including CodePipeline, CodeBuild, CodeDeploy, CloudFormation, CloudWatch, EventBridge, Systems Manager, GuardDuty, and Security Hub, among others.<\/p>\n\n\n\n

How hard is the AWS DevOps Professional exam?<\/strong><\/h3>\n\n\n\n

It is one of the harder AWS certifications. The questions are scenario-based and test trade-off reasoning rather than service recall. Most candidates with two or more years of hands-on AWS experience and a solid associate certification find that 2 to 3 months of dedicated study is adequate. Candidates without active hands-on AWS work often need longer. The passing score is 750 out of 1000.<\/p>\n\n\n\n

Do I need the Associate certifications before the DevOps Professional?<\/strong><\/h3>\n\n\n\n

AWS does not formally require any prerequisite certifications. In practice, the exam assumes the knowledge covered by the Solutions Architect Associate and Developer Associate, so attempting DOP-C02 without that foundation is difficult. Most candidates hold at least one associate certification before sitting the professional exam. The AWS exam guide itself recommends two or more years of AWS experience.<\/p>\n\n\n\n

How long does it take to prepare for the AWS DevOps exam?<\/strong><\/h3>\n\n\n\n

Two to four months for candidates with solid associate-level knowledge and hands-on DevOps experience. Three to six months for candidates who are stronger in theory than hands-on practice. The preparation time extends significantly if you are learning the CI\/CD and IaC tools from scratch rather than having prior exposure to CodePipeline, CloudFormation, or equivalent tools from other cloud providers.<\/p>\n\n\n\n

Which tools should I master for the AWS DevOps Professional exam?<\/strong><\/h3>\n\n\n\n

The core stack: CodePipeline, CodeBuild, and CodeDeploy for CI\/CD; CloudFormation and CDK for IaC; Systems Manager (Parameter Store, Automation, OpsCenter) for configuration and incident response; CloudWatch (Metrics, Logs, Alarms, Dashboards) and CloudTrail for observability; EventBridge for event-driven automation; GuardDuty, Config, Inspector, and Security Hub for security and compliance; Auto Scaling, ELB, and Route 53 for resilience. Hands-on experience with each of these is more valuable than reading about them.<\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

The AWS Certified DevOps Engineer Professional (DOP-C02) is not the kind of exam you pass by watching a 12-hour YouTube course the week before. It sits above the associate level, assumes you already know your way around AWS, and tests whether you can actually design and implement DevOps workflows, not just name the services. If […]<\/p>\n","protected":false},"author":201,"featured_media":12852,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[38,320],"tags":[420,419],"class_list":["post-12851","post","type-post","status-publish","format-standard","has-post-thumbnail","category-devops","category-syllabus","tag-aws-devops-syllabus","tag-syllbaus"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/posts\/12851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/users\/201"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/comments?post=12851"}],"version-history":[{"count":1,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/posts\/12851\/revisions"}],"predecessor-version":[{"id":12853,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/posts\/12851\/revisions\/12853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/media\/12852"}],"wp:attachment":[{"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/media?parent=12851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/categories?post=12851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scaler.com\/blog\/wp-json\/wp\/v2\/tags?post=12851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}