AWS DOP-C02 cheat sheet for deployment flow, monitoring, recovery, traps, and final review.
Use this cheat sheet for AWS Certified DevOps Engineer - Professional (DOP-C02) after you know the basics but before you start a timed practice block. The goal is not to memorize a vendor catalog; the goal is to classify the scenario and reject attractive wrong answers quickly.
Use this when the stem mixes source control, tests, deployment safety, and rollback.
flowchart LR
C["Commit / merge"] --> T["Build + test"]
T --> A{"Pass gates?"}
A -->|yes| D["Deploy with canary, blue-green, or rolling strategy"]
A -->|no| F["Fail safely and fix the pipeline"]
D --> M["Monitor, alarm, and roll back if needed"]
Use this when the question is really asking how to make delivery repeatable and safe.
flowchart TD
S["Scenario"] --> S1["Source of truth first"]
S1 --> B["Build and test gates"]
B --> P["Package artifacts and parameters"]
P --> R["Release with the right rollout strategy"]
R --> O["Observe metrics, logs, traces, alarms"]
O --> X["Rollback, retry, or promote"]
| Lane | Decision rule | Reject when |
|---|---|---|
| SDLC automation | Use pipelines, source control, testing gates, artifacts, and deployment strategies for repeatable releases. | Manual deployment steps when the scenario asks for repeatability, audit, or rollback. |
| Infrastructure as code | Manage stacks, templates, drift, parameters, cross-account rollout, and environment promotion. | Changing resources manually and losing configuration history. |
| Monitoring and incident response | Use metrics, logs, traces, alarms, events, runbooks, and automated remediation. | Collecting logs without actionable alarms or ownership. |
| Resilience and recovery | Design rollback, blue-green, canary, backups, multi-AZ, multi-Region, and game-day validation. | Assuming high availability without testing failure modes. |
| Security and governance | Apply least privilege, secrets management, policy guardrails, audit trails, and account boundaries. | Giving deployment roles broad permissions to avoid pipeline friction. |
| Trap | Better instinct |
|---|---|
| One deployment strategy for all systems | Match canary, blue-green, rolling, or immutable to risk, rollback, and traffic control. |
| No drift control | Use IaC source of truth and detection rather than manual fixes. |
| Observability after outage only | Build alarms, dashboards, traces, and runbooks into the release path. |
| Overprivileged pipelines | Scope deploy roles, secrets, KMS access, and cross-account trust carefully. |
| If the stem says | Start with |
|---|---|
| least privilege, private access, compliance, or audit | identity scope, data boundary, policy enforcement, logging, and ownership |
| least operational effort | managed service, native integration, simple workflow, and fewer moving parts |
| high availability, recovery, or outage | failure domain, recovery objective, health check, rollback, and validation |
| performance, scale, or cost | bottleneck evidence, traffic pattern, sizing, caching, batching, and quotas |
| troubleshoot, diagnose, or investigate | symptom, recent change, logs, metrics, status, dependency, and smallest safe test |
Use IT Mastery for the exact product route, practice status, spaced review when available, and close-answer explanation practice as coverage expands.
Open the exact IT Mastery route here: DOP-C02 on MasteryExamPrep.
DevOps Pro questions reward automation with guardrails: source of truth, progressive delivery, telemetry, rollback, and scoped permissions.