Forem: SIMON MAFANY E.

Strategic AWS Infrastructure: Engineering for Scalability, Security, and Cost

SIMON MAFANY E. — Wed, 11 Jun 2025 13:43:36 +0000

As a Cloud DevOps Engineer, my role extends beyond just deploying code. It's about engineering robust, secure, and cost-efficient cloud systems that directly solve business challenges and unlock new opportunities. This post details how I designed and implemented a production-ready AWS infrastructure for a Django application, transforming common startup pains into a highly optimized, resilient, and secure solution.

The Business Problem: Beyond the Technical Worries
Many rapidly scaling startups face common, yet critical, infrastructure hurdles that stifle innovation and profitability. My project directly addressed these challenges:

Unpredictable Scaling: Handling sudden traffic spikes without service degradation or manual intervention.
Persistent Security Risks: Mitigating vulnerabilities arising from misconfigured cloud resources and evolving threat landscapes.
Uncontrolled Budget Overruns: Avoiding wasteful spending on idle or over-provisioned infrastructure.
Operational Bottlenecks: Shifting from reactive "firefighting" to proactive, automated operations, freeing up valuable time for strategic development.

My approach was not to simply chase the latest "shiny tool," but to architect a solution grounded in fundamental principles that deliver tangible business value.

The Strategic Solution: Core Cloud Principles
Every architectural decision was guided by these well-recognized strategic pillars:

1. Cost-as-Architecture: Proactive infrastructure cost forecasting and transparent reporting were integrated before implementation, providing superiors with critical visibility for informed decision-making. We move from reactive budget reviews to predictive financial modeling.
2. Security by Default: Implemented a stringent security posture encompassing least privilege access, Zero Trust networking principles, layered defense mechanisms, granular network segmentation/isolation, and continuous attack surface minimization. Security can not be over-emphasized; it's at the core of every good infrastructure.
3. Automated Resilience & High Availability: Engineered for unwavering availability and rapid recovery. This involved multi-AZ deployments, intelligent Auto-Scaling Groups, and Elastic Load balancer to dynamically manage unpredictable traffic spikes, balancing traffic load for improved performance, ensuring near-zero downtime, low latency, and robust disaster recovery capabilities.
4. Operational Efficiency & Scalability (Leveraging Serverless): Prioritized automation and adopted a serverless-first mindset where appropriate. This reduced manual operational overhead, enabled seamless auto-scaling across multiple Availability Zones, and significantly enhanced overall agility.

Architecture Overview: Engineered for Performance and Protection (for Dev/Test Environment)
I. Foundational Networking & Isolation:

Virtual Private Cloud (VPC): The secure and isolated backbone of the entire architecture, providing a logically isolated section of the AWS Cloud.
Multi-AZ Deployment: Spanning 3 Availability Zones to achieve superior fault tolerance, ensuring business continuity and high resilience against regional disruptions.
Public & Private Subnets:
- Public Subnets: Securely host Application Load Balancers (ALBs) acting as the primary entry point for traffic, hardened against direct exposure of backend resources.
- Private Subnets: Crucially isolate all sensitive resources, including EC2 web servers and the PostgreSQL database, from direct public internet access, significantly reducing the attack surface.

II. Robust Security Posture:

Network Segmentation: Implemented strict network segmentation with Private Subnets for web servers and databases, completely restricting direct public internet access.
S3 & CloudFront Access Control: Employed Origin Access Identity (OAI) for CloudFront to securely access S3 buckets, combined with IAM Roles (least privilege) for backend access. All data at rest and in transit is protected with server-side encryption (SSL/TLS), coupled with bucket versioning and explicit accidental deletion protection.
Secure Instance Access (SSM Session Manager): Eliminated the need for bastion hosts, NAT gateways, or open SSH ports. SSM Session Manager provides secure, auditable, and keyless access to EC2 instances, minimizing credential exposure.
Secrets Management (SSM Parameter Store Secure-Strings): All sensitive configuration data and environment variables are securely stored as Secure-Strings within SSM Parameter Store, preventing hardcoding and enhancing compliance.
Granular Security Groups: Configured precise Security Group rules to allow only necessary inbound/outbound traffic on specified ports, safeguarding ALBs, EC2 instances, and the PostgreSQL database.

III. High Availability & Resilience: Zero Downtime & Continuous Operation:

Multi-AZ Deployment: Ensured active-active redundancy across multiple Availability Zones, critical for near zero-downtime operations.
Application Load Balancer (ALB): Intelligently distributes incoming application traffic, performs continuous health checks on backend instances, and can route traffic based on geographical proximity for optimal user experience.
Amazon CloudFront: Caches content at edge locations globally, significantly reducing latency for end-users, improving content delivery speed, and decreasing load on origin servers.
Serverless Database & Caching: Leveraged Aurora Serverless (PostgreSQL) as the primary database and ElastiCache Redis Serverless for caching. This choice is ideal for unpredictable workloads, minimizing database load, reducing operational overhead (no manual provisioning), and offering automatic scaling with built-in Multi-AZ capabilities.

IV. Dynamic Scalability:

Auto Scaling Groups (ASG): Dynamically scales application servers across all provisioned Availability Zones based on predefined thresholds and real-time performance monitoring metrics, ensuring consistent performance under varying loads.
Serverless Services: Aurora Serverless and ElastiCache Serverless automatically right-size their compute and memory to meet real-time demand, seamlessly handling unpredictable traffic patterns and supporting automatic multi-AZ scaling without manual intervention.

V. Proactive Cost Optimization:

Aurora Serverless: Optimizes compute costs by automatically scaling database capacity based on actual demand, resulting in significant savings for variable workloads by eliminating charges for idle capacity.
ElastiCache Serverless for Redis: Dramatically reduces database-overloaded queries by caching frequently accessed data. This offloads the primary database, potentially allowing for downsizing the database instance and directly reducing costs associated with I/O requests, data transfers, and storage. The "pay-for-what-you-use" model with no idle capacity costs is a game-changer.
Amazon CloudFront: Beyond latency reduction, performance improvement, and enhanced availability, CloudFront also significantly reduces the number of direct requests hitting S3 buckets. This translates to substantial Cost Savings on network transfer charges from S3, directly impacting the bottom line.

The Tool Stack: Minimalist & Purposeful for Maximum Impact
My selection of tools reflects a strategic focus on efficiency, transparency, and security:
i. Infrastructure as Code (IaC) with Terraform:

Implemented modular infrastructure provisioning for enhanced reusability, simplified management, and clear architectural structuring across environments.
Enabled robust environment-specific configurations for seamless promotion through development, staging, and production.
Adhered to best practices for secure and reusable infrastructure code, ensuring maintainability and reducing human error.

ii. Infracos - Strategic Cost Visibility:

Integrated cost forecasting and reporting directly into the CI/CD pipeline, prior to deployment. This empowers upper-level management with immediate visibility into proposed infrastructure costs, significantly improving decision-making regarding resource allocation and budget adherence.
Generated human-readable HTML-based reports and professional PDF portal reports for clear stakeholder communication.

iii. Terrascan - Shift-Left Security:

Employed shift-left security scanning to identify potential vulnerabilities and compliance issues in IaC templates before deployment, minimizing security risks early in the development lifecycle.

iv. AWS CLI: Leveraged for efficient and programmatic interaction with AWS services, vital for scripting and automation.

v. Ubuntu & VS Code Editor (with extentions)
vi. Bash Scripting (User-Data Script) for Initial Deployment Automation and Configuration.

Conclusion: Beyond the Code, Delivering Value
This project exemplifies my commitment to not just executing technical tasks, but to deeply understanding business challenges and architecting strategic, value-driven cloud solutions. This architecture is an evolving system, with continuous evaluation for new tools and optimizations, always upholding the core objectives of cost-effectiveness, reduced operational overhead, enhanced resilience, and uncompromising security.

NOTE: This solution ran on a Dev environment. Meanwhile, in the Production environment so many add-ons were deployed to meet requirements.

Also, this is just an overview of the "Evolving" architecture, for detailed implementation (showing code snippets and full workflows), I will share everything in Four(4) series as implemented in the Production environment.

Level up your AWS Cloud Skills with Free AWS Learning Knowledge Badges

SIMON MAFANY E. — Tue, 07 Jan 2025 22:59:50 +0000

Knowledge is valuable but it can be cheap and even free at times. Either you pay a fee or get it for free, the rule remains the same; “You must pay attention to succeed”.
AWS is so liberal and so eager to see that knowledge sharing is a culture. In so doing, AWS has come up with programs that require us to pay only ATTENTION, no fee but still get rewarded for your hard work. Isn’t that amazing?

The AWS Free Skill Builder program is an initiative that provides a comprehensive learning platform packed with free courses to equip you with in-demand AWS skills, and even free Digital Badges to showcase comprehension and expertise in diverse cloud computing areas.
These badges demonstrate your knowledge and skills on specific AWS Cloud domains and can be shared on social networks to showcase your expertise.
Whether you are a complete beginner or a seasoned professional seeking to refine your knowledge, this program offers a well-structured path to success.

NOTE: AWS offers globally recognized and high-value certifications (which, of course, are not free). However, if you have a limited budget, you can still gain valuable experience by earning Digital Badges through the completion of certain learning paths. Trust me, these badges and the knowledge gained through the learning paths are well worth the effort.

In fact, I am actively engaged in completing several handpicked learning paths to acquire Digital Badges and address some skill gaps.

In 2025, make it an agenda to tour the AWS Free Skill Builder program and obtain as many cloud skills as possible (plus Digital Badges as a reward system).

HOW DO I EARN AN AWS LEARNING BADGE?

a. The badges are free to earn and share.
b. You need to enroll in eligible Learning Plans on AWS Skill Builder and pass the associated assessment with at least 80% score to earn the badge.

Start by creating an AWS Skill Builder account
Enroll in any of the Programs (See List of programs below)

Pass the associated assessment (80%)

c. The badges are issued through Credly and can be displayed on platforms like LinkedIn to highlight your AWS skills (I personally like the design of the Badges)

d. There are currently 14 (Fourteen) different AWS Learning Badges available covering topics such as Cloud Essentials, Storage, Databases, Security, and more.

Please note that these free badges come ONLY with course contents without Practice Labs. If you wish to follow along with Practice Labs, you will have to do a pay subscription which runs at $29 per month. With this paid plan, you can learn as much as you can in a month. A fast as you learn, the less you will spend.

These learn paths are rigorous, very practical and hands-on, spanning from around 10hours+. In fact, the very first and most important Learning path (AWS Technology Cloud Essentials) is about 10.17 hours.
Please, don’t feel discourage with the length. Throughout the journey, you will enjoy the process. Always remember that the goal is not just to complete the learning path and obtain a Digital Badge, but gain real-world practical industry skills.

There are many benefits of Using AWS Free Skill Builder:

Cost-Effective Learning: Enhance your cloud skillset without breaking the bank.
Flexible Learning: Learn at your own pace, whenever and wherever it suits you.
In-Demand Skills: Gain knowledge in highly sought-after cloud technologies.
Industry Recognition: Earn Badges that validate your AWS expertise.
Career Advancement: Boost your resume and stand out to potential employers.

Conclusion:
AWS Free Skill Builder is an exceptional platform for anyone seeking to elevate their cloud computing knowledge and capabilities. With its extensive course library, engaging learning format, and valuable badges, this program empowers you to become a proficient AWS professional without any financial constraints. So, what are you waiting for? Sign up today and unlock a world of cloud possibilities!

AWS CLOUD/DEVOPS OBSERVABILITY

SIMON MAFANY E. — Fri, 15 Nov 2024 00:43:29 +0000

“What cannot be measure, cannot be managed” __Peter Drucker.
Improvements come from observability (monitoring, measurements, troubleshooting and controls). Practically, effective management involves consistent observability.
Observability being a core principle in the DevOps Culture.
Observability provides the tools and techniques to measure various aspects of cloud infrastructure and applications. By quantifying performance, availability and user experience, we can effectively manage and optimize your systems.
The truth is, applications are becoming increasingly complex, distributed, and cloud-native. Optimal performance, reliability and best user experience are among the core need of organizations. Ensuring comprehensive approach to monitor and troubleshoot systems.
In this article, I will discuss the concept of Observability, its importance and how AWS can be used to effectively implement observability solutions in your projects.

AGENDA
a. What is Cloud/DevOps Observability?
b. Why is Observability Important?
c. Benefits of Observability
d. Tools and Technologies (Open-source, Commercial and Cloud)
e. Leveraging AWS for Cloud/DevOps Observability

WHAT IS OBSERVABILITY?
In the context of Cloud/DevOps, Observability refers to the practice of collecting, processing, and analyzing telemetry data from various components of a system to gain deep insights into its behavior, health and performance.
Proceed, I must first make sure we understand the Key Concepts in that definition (Telemetry Data).
Telemetry Data includes the various metrices, logs and traces generated by a system (software application, network or infrastructure)

Metrics: Numerical measurements of system performance, such as CPU utilization, memory usage, and network traffic.
Logs: Textual records of events and errors generated by applications and infrastructure components.
Traces: Time-stamped records of requests as they propagate through a distributed system.

By combining these three data sources, organizations can identify and resolve issues quickly, optimize system performance, and proactively prevent unwanted scenarios. One of the main goals of Observability is to improve overall reliability.

IMPORTANCE OF OBSERVABILITY
Honestly, we really cannot underestimate the power and importance of observability especially in the Cloud space where business objectives of system reliability, enhance security, rapid deployment, cost reduction, resilience, scalability and optimized performance held up in high esteem. Among many, I have highlighted some 5-core importance of Observability. (Feel free to extend the list. These are just my personal preference)

Cost Optimization: Observability can equally optimize cost by identifying inefficiencies in resources, optimize resource utilization thereby controlling costs.
Enhanced Reliability and Security: Proactive monitoring can help detect and address potential issues before they escalate into major challenges. Security threats can be detected and addressed, security compliances also can be monitored and reinforced.
Accelerated Incident Response: Observability tools can help identify the root cause of issues, enabling faster resolution times.
Faster Feedback Loop: Observability enables Devops teams to receive immediate feedback on the impact of changes which helps to ensure faster iterations in the devops cycle.
Data-Driven Decision Making: Observability data can provide valuable insights to inform strategic decisions. There are many more advantages which I might not be aware of yet, but I am sharing my experience from projects.

TOOLS AND TECHNOLOGIES
I understand that after reading all the literature about, a hands-on person like myself will be eager to know what tools are used to implement this amazing concept in an organization’s IT system as a whole. I will breakdown the tools into 3 (Open-source, Commercial and Cloud Provider based tools):
a. Open-Source Tools:

Prometheus
Grafana
OpenTelemetry

b. Commercial Platforms:
Datadog, Splunk

c. Cloud Provider Solutions:

AWS: CloudWatch,
GCP: Logging and Monitoring
Azure: Monitor

Both Open-source and Commercial solutions are cloud-agnostic. While specific Cloud-provider tools work only for the parent Cloud provider.

NOTE: In this article, I will only dive deeper into AWS Observability offerings.

LEVERAGING AWS FOR CLOUD/DEVOPS OBSERVABILITY
While Prometheus and Grafana are becoming the most popular choices for observability, AWS hosts a suite of observability tools which satisfy different needs/requirements. You already know the very first tool I am going to mention;
1. AWS CloudWatch:
When you hear Monitory and Logging in AWS, CloudWatch should be the very first thing that should come to mind. It Comprises of a collection of features performing different tasks to ensure a smooth experience. These Features include:
CloudWatch Unified Agent: A plugging or driver you must run in your EC2/on-premise machines to enable capturing and sending of logs to CloudWatch Logs. Captures logs and metrics including RAM, CPU usage, etc.
CloudWatch Alarms: Use to trigger alarms based on certain metrics, when thresholds are met. An alarm can trigger certain actions on a target e.g SNS Notification.
CloudWatch Logs: A perfect place to store logs (Logs can be stored in S3 as well). Captures different types of logs including: application logs, OS logs, Access logs and AWS managed logs. This feature alone provides plenty of flexibility with inbuild sub-features for various Log manipulation. I will just mention 4 of those. To get a full picture of AWS CloudWatch Logs, checkout this link: aws-cloudwatch-log

CW Logs Insight: used to query and analyze logs
CW Logs Subscriptions: used to create realtime exports which can be sent to Amazon Kinesis or Lambda for analyses.
CW Logs Metric Filter: Used to Filter expressions in logs. E.g filter our “ERROR” log messages.
CW Logs S3 Export: used to perform batch exports of logs to s3 for long-term storages or analysis.

CloudWatch Metrics: These are numeric/non-numeric values captured (a variable to monitor). Metrics belong to namespace (services). CW Metric contains metrics and dimensions (attributes describing metrics). From a group of metrics, we can create a Dashboard.

CloudWatch Events (Now EventBridge): This a power standalone service which helps building event-driven applications. It responds to events within AWS Cloud. It can be used for realtime invent handling; tracking events history and routes.

CloudWatch Dashboard: In interactive dashboard created from metrics.

CloudWatch Synthetic Canaries: A proactive tool used to test automation. Here, you write scripts (canaries) that simulate read user interactions. Best used for Testing web app UX and API behavior.

Truth is, you can actually feel overwhelmed with many services and tools AWS offers but with time, you will get to know which is best for specific use cases. These are the main tools you would like see and use when working with AWS CloudWatch for monitoring and logging.

2. Amazon X-Ray
Another powerful offering by AWS for tracing distributed applications. Best for Microservices.

3. AWS CloudTrail
Provides governance, compliance and auditing for AWS accounts. It records all API calls and events in an AWS account. It is a good tool for monitory and troubleshooting. Records 3 kinds of events:

Management Events: operations performed on resources in an AWS account.
Data Events: logs data operations (operations that create, destroy or modify data) and lambda execution activities.
Insight Events: analyzed data events aimed at detecting unusual activities in a Account.

4. AWS Distro for OpenTelemetry
OpenTelemetry is an open source tool observability tool, just as we I have seen above.
AWS Distro for OpenTelemetry is AWS’s configure version of the open-source tool. This provides flexibility to those who are already using OpenTelemetry, making them easily integrate it into their AWS environment.

5. AWS Managed Service for Grafana
6. AWS Managed Service for Prometheus

It is worth noting that there are many other services that connect with these identified services to help build powerful observability solutions. For example, use Amazon Athena to query log data stored in S3, used Amazon QuickSight to create powerful dashboards from analyzed log data.
Integrating Lambda, EventBridge and SNS services can help you build very powerful serverless monitoring, observability and event responses solutions.
To this effect, I can say I have tried my very best demystify the powerful concept of Observability.
Please, note that what I have shared here is my personal knowledge and experience. The AWS Documentation provides the best information need. If you fine value in this my experience shared, kindly hit a like and/or drop a comment.

Additional Resources
https://aws.amazon.com/cloudops/monitoring-and-observability/
https://www.servicenow.com/products/observability.html

Agile and DevOps Transformation: a Successor

SIMON MAFANY E. — Fri, 18 Oct 2024 18:40:17 +0000

About 3 years ago, I received an email from a network requesting a 30-minute Zoom meeting to discuss a project. For privacy purposes, I will call the person Steve. Our meeting extended to about 57 minutes. Steve had a good project idea and had already assembled a team of 5. He expressed the need for someone to lead the remote team and project.
I was curious and asked about the challenges they were facing. I discovered two significant issues:
1. Endless development cycle: The team was stuck in a continuous loop of development, acceptance, and changes as requirements became clearer.
2. Manual processes: All development and deployment processes were manual.
While they intended to use a non-waterfall, incremental approach, their practices resembled a disguised waterfall. This was evident in the numerous dependencies, lack of time-bound iterations, excessive meetings, fewer working features, and constant technical debt.
Although communication was valued, there were inconsistencies in timing and frequency, which hindered the project's progress.

The Project
The project involved creating and maintaining a mobile and web application solution. It was divided into two phases: development and maintenance. The same team was responsible for handling both phases.

The Team
The team was cross-functional, with each member specializing in different areas of the project. This, however, led to high dependencies among team members.
Despite the limited budget, Steve was determined to see this project through. I recognized the project's challenges but found it intriguing.
I believed that the primary issue wasn't the team's competence but rather the approach used for development and delivery. To address these challenges, I proposed a strategy combining Agile Scrum and DevOps.
Agile, more than just a methodology, is a mindset that embraces flexibility, adaptability, and continuous learning. DevOps, similarly, isn't just about technology but a culture that breaks down silos, eliminates waste, and streamlines the software delivery lifecycle.
Given the limited budget and resources, I felt that this combined approach could be a valuable solution to the project's challenges.

Before the Transformation
Development
The project initially followed a traditional, unstructured approach. Meetings were held as needed, led by Steve, who shared his vision with the development team.
Key Challenges:
Sequential Development: Documentation of the System’s requirements show all required features and interfaces was created.
A design blueprint of the entire system was designed by a frontend developer. The team operated in a sequential manner, with one phase (design) preceding the next (development).
Limited Collaboration and high dependencies: Sub-team A's work often stalled the progress of sub-team B. While all these activities were waged on a set of team members, the other team members were waiting for sub-team A to finish before a kickstart with sub-team B.
Lack of Agile Practices: The project lacked the iterative and incremental approach of Agile methodologies. In fact, the entire designed system was planned, designed, developed before testing took place.

Technical Debt: A significant amount of technical debt accumulated due to delayed testing and compromised quality.
Evolving Requirements: The project faced challenges adapting to changing requirements.

Specific Issues:
Unplanned Meetings: Meetings were held upon requests, without a structured approach (conveyed by Steve).
Manual Processes: The team likely relied heavily on manual processes, which can be time-consuming and error-prone.
Lack of Testing: The focus on development without adequate testing led to quality issues and technical debt.
This pushed the team back into fix bugs of the entire system and sub-system (too much waste). This cycle repeated severally even as requirements evolved.
Overall, the project faced challenges due to a lack of structure, collaboration, and quality assurance. These issues contributed to delays, increased costs, and a low-quality product.
After a serious struggle, the first version of the app was launched for a pilot test.

Deployment
The team deployed the application using a traditional approach, manually pushing and cloning Git repositories to a manually created and provisioned virtual machine. Whenever an update was made, a developer would manually log in to the system and perform a Git clone or git pull.

Agile Transformation
Scrum was introduced, establishing a strong framework for project management. The project was divided into smaller, manageable units, treated as individual projects, and subjected to time-bound iterations of various processes. This fostered continuous improvement, constant communication, and feedback. Items were prioritized based on their impact on the project outcome, and the team became self-managed with minimal coordination from a single individual. Project management software like OrangeScrum and Notion was used to maintain a centralized source of truth.
Developers took ownership of different features, reducing dependencies, waste, and improving work efficiency and focus. Daily stand-ups helped identify and resolve issues early, while feedback was received promptly. These factors contributed to a more organized and productive team.
Features that once took months to deliver were now completed as functional units within weeks, without compromising quality. Development seamlessly integrated with maintenance (operations) thanks to the introduction of DevOps.

DevOps Transformation
Manual tasks were automated by leveraging powerful DevOps technologies. As a dedicated advocate for DevOps practices, I personally implemented containerization, CI/CD pipelines, infrastructure automation, test automation, and GitOps within the project.
Our technology stack included GitHub Actions, Docker, AWS ECR, AWS Beanstalk, Docker Compose, and GitHub. This combination of tools streamlined the entire development and delivery process, making it more efficient and enjoyable.

DevOps is extremely powerful, it played a crucial role in our project's success. By automating tasks and leveraging powerful tools, we significantly improved efficiency and quality. Our technology stack at the beginning of implementation included GitHub Actions, Docker, AWS ECR, AWS Beanstalk, Docker Compose, and GitHub.
While we didn't fully utilize the full potential of DevOps, we achieved substantial benefits. We implemented containerization, CI/CD pipelines, infrastructure automation, test automation, and GitOps. This led to higher-quality software, faster time-to-market, and improved development efficiency.
A once-dispirited team became self-managed and motivated, boosting performance by over 50% (I am not kidding). This transformation was possible due to the effective implementation of Agile and DevOps practices.

Part Two: Building a Resilient, Secure, and Scalable Solution (Coming soon!)
In the second part, I will dig deep into the specific technologies and strategies we used to create a robust and reliable infrastructure. We leveraged AWS Elastic Container Service (ECS) with auto-scaling, load balancing, deployment automation, and rollback capabilities to ensure minimal downtime.
I will also discuss the security measures we implemented, such as configurations/restrictions, access controls, and vulnerability scanning. Additionally, we focused on cost optimization by utilizing cost-effective AWS services and implementing best practices.
By sharing these details, I aim to provide valuable insights into building a successful cloud-native application using DevOps principles.

Conclusion
In this article, I have shared my experience leading an Agile and DevOps transformation in a project with limited resources and a legacy approach.
By adopting Agile (Scrum) methodologies and DevOps practices and leveraging AWS, we were able to successfully transform the project, despite the initial challenges. This transformation demonstrated that even with limited resources, it's possible to achieve significant improvements in development and delivery pipeline.

How I passed the challenging AWS Certified DevOps Engineer – Professional Certification-2024.

SIMON MAFANY E. — Thu, 10 Oct 2024 21:53:05 +0000

Recently, I took and passed the challenging but engaging AWS Certified DevOps Engineer – Professional Certification exam. Honestly, I feel excited saying this out, given the fact that the certification exam is held up with high value. I have put this post all together to carefully outline how I prepared and cleared the exam in my first attempt (without having the SOA or DVA certifications, though I took training for both).
However, I learnt a lot more than I already knew before taking the exam and I am thrilled at how much of my knowledge gap it has filled. My hope is that as I share with you my experience, it can help you navigate your way to acing this very challenging but rewarding exam.
I have broken down this article into smaller units to help ease your reading and comprehension, as well as give you a systematic approach of my experience;

Background
Myself
AWS Certifications
The AWS DOP-CO2
Main services covered.
Reason for taking the certification
Exam Resources
Study Experience
Exam experience
Recommendations
Bonus: Some retired services still mentioned in the Guide

a. BACKGROUND:
We all know that DevOps is not a technology but a culture, just as Agile is a mindset. The blessings of DevOps by far outweighs the cost of implementation and difficulty in acquiring value skills to become extremely competent and sought after. Gaining DevOps Certifications (globally recognized certifications) is as good as gain practical DevOps skills. Gaining a certification is more than just passing an exam.

b. ABOUT ME
After passing the AWS Certified Practitioner & Solutions Architect - Associate exams two years ago, I decided to gain practical experience with the AWS cloud space. With a strong background in Project management /Agile Scrum and software development, I picked interest in DevOps as it bridges dev teams and operations team. I spent much of time working in the dev environment either as a developer and/or scrum master. I started practicing devops “unintentionally” using easy CI/CD tools like Github Actions to automate pipelines, as well as AWS suit of developer tools. About 2years down the line, I decided to venture into practicing devops the right way in a structured and systematic manner. So, I decided to do guided studies with a trophy attached to its end (certification).

c. AWS Certifications
As of now, AWS has about 12 role-based certifications spanning from Foundational levels to specialty levels. These certifications have progressive paths which are recommended but not necessarily a strict requirement. The path to DevOps engineer also depends on individuals’ exposure to AWS Cloud.
From a cloud beginner view it is suggested to start with Cloud Practitioner (Foundation) ==> Developer Associate + SysOps Administrator ==> DevOps Engineer.
For an experienced or cloud user, either Developer Associate or SysOps Admin or both certifications are good foundations for DevOps Engineer certification.

d. The AWS DevOps CERFTIFICATION
The AWS Certified DevOps Engineer – Pro Certification is a professional level certificate.
Note: When they say “Professional”, they really mean it.
As it is on the official certification page, “it showcases an individuals’ technical expertise in provisioning, operating, and managing distributed application systems on the AWS platform, giving them increased confidence and credibility with peers, stakeholders, and customers”.
This exam tests you on almost everything DevOps, development and system administration in the AWS cloud space. The Exam Guide is guide elaborate and comprehensive, highlighting everything the exam covers, they various domains (6) and their weightings, and 19 Task Statements.
It should be worth noting that this exam costs $300 (with 50% discount only for those who previously passed any certification exam and have a valid voucher). Therefore, you forfeit $300 and more is you unfortunately fail this exam. The exam runs for 3hours with 75question to be answer (about 2.4minutes per question)

e. MAIN SERVICES COVERED.
The main features or aws services covered in no order include:
AWS Commit, CodePipeline, CodeBuild, CodeDeploy, CodeArtitifact, Amazon S3, Amazon ECR, AWS Lambda, EC2 Image Builder, Amazon ECS, Fargate, AWS CloudFormation, AWS Systems Manager, AWS Config, AWS Organization, API Gateway, CloudWatch, EventBridge, EFS, ECS, VPC, AWS Secrets Manager, Elastic Beanstalk, Elastic Load Balancers, ASG, Service Catalog, Security Hub, Control Tower, SCPs, IAM and Identity Center (SSO), RDS, Route53, DynamoDB, CloudFront, Kinesis, SNS, SQS, etc.
Understanding these services, their specific use-cases, best practices and how they integrate to produce cost effective, scalable, resilient, fault tolerant and secure solutions is the key.

f. MY REASONS FOR THE TAKING THIS EXAM.
Looking at the exam guide and seeing the numerous services one has to learn and master, it is enough to discourage or dare someone. However, I love challenges, so I decided to venture into this journey with a trophy attached to it. Given that AWS dominates the cloud market share, and my previous experience on aws, I choose DevOps Engineering over Solutions Architect pro certifications. I wanted something challenging which has immediate effect on my day-to-day operation. In fact, we were working on a project that needed holistic devops implementation. This was an opportunity for me to venture into this journey.

g. RESOURCES USED
The AWS DevOps Engineering exam is no easy exam. It requires more of Practical Experience than theory and memorizing concepts. It will dare your guts and test your first-hand experience in the AWS cloud space. To this effect, gain very useful study materials is as important as passing the exam.
TIPS: Study to know, practice retain and not just to memorized for the exam.
Here, I will share with you the resources I used to clear this exam in the very first attempt without the recommended proceeding certifications.
To be honest, I start by taking a course of the two recommended certifications (DVA and SOA). Thought I did not take the exams, I took certifications courses to build the solid foundations and gain hands-on.
• 1. Official Exam Guide + Official Sample Exam Questions.
• 2. UDEMY - AWS Certified Developer Associate DVA-C02 (Neal Davis)
• 3. UDEMY - AWS Certified SysOps Administrator Associate SOA-C02 (Neal Davis)
• 4. UDEMY - AWS Certified DevOps Engineer Professional D0P-C02 (Stephane Maarek)
• 5. UDEMY - AWS Certified DevOps Engineer Professional D0P-C02 Practice Exam (Jon Bonso)
• 6. The AWS DevOps & Developer Productivity Blog and Official Documentation (Best Resource)
• 7. The AWS Skill Builder – Exam Readiness course (Very very important)
• 8. Hands-on!

h. MY STUDY EXPERIENCE
With my fulltime job, it took me 2months + to prepare for this exam.
It should be worth noting that I valued the experience more than the certification. I looked at the certification as a support trophy to my structured and systematic guided learning journey. I took two things very seriously.

Practical experience: My goal was to study and know, and practice and become confident to implement.
Practice exams: I took plenty of practice exams, question analyses and exam simulations only after understanding concepts and applications. The learning process was a peaceful journey to build competence and confidence, not a marathon to complete a course and a certification. Tips: Take enough time to learn concepts and practice them. Make sure you follow along, know why things work and why they don’t. Also ask questions in case of doubts. Tips: Make good use of AI assistant, but don’t trust them 100%. Tech is evolving and info easily gets obsolete offensively.

i. MY EXAM EXPERIENCE
Honestly, the exam is a challenging one (I don’t why I keep repeating this).
Questions are very lengthy, and you have practically 2.4minutes to read a question, understand it, read the options, analyze them, eliminate distractors, before selected the best option.
The questions are scenario based and they will definitely test your experience and proficiency.
After the first hour, I felt tired already but still had almost 2/3 of the questions. At the end of the send hour, I almost lost my concentration. What helped was the practical hands-on experience I have. Questions seem so boring and irritating, options were all the same, but I could remember how I successful ran cfn init scripts, how the cfn signal halted cloudformation till I got a signal of successful run of the init scripts, how the deployment hooks failed, etc.
Fortunately, I could answer 74 questions out of 75, with one forgotten question flagged.
Tips: Time management is very crucial. Practice reading fast and highlighting keywords in the questions.
Tips: Don’t ever underestimate the power of hands-on practice.

j. RECOMMENDATIONS
I will make the following recommendations based on my experience and best practices highlighted by AWS certificate team.
• · Consider taking either DVA or SysOps exam or both. At least, take the certification courses and one of those certifications. I will highly recommend SysOps exam for people with development background.
• · Study to know and implement correctly, not just to pass the exam.
• · Make practice and hands-on something you seriously enjoy.
• · Make good use of plenty of practice exams as much as possible.
• · Make extremely good use of AWS’s Blogs and documentations. There lies the everything.
• · Set a goal and a timeframe. Also, put something at stake/Trophy as a motivation to not derail from purpose.

k. BONUS
Here is a list of some AWS services retired but are still in the Exam guide and might still appear in the exam;
• a. OpsWorks
• b. CloudWatch Event (now EventBridge)
• c. AWS CodeStar

FINAL THOUGHTS
The AWS DevOps Engineer Exam is not an exam to underestimate. It is a professional level exam and they mean it. Don’t make the mistake of take that for granted. Instead, challenge yourself and challenge what is challenging you. Take the time to study not just for the exam but to get equipped for a promising career in cloud/devops, building competence and capacity which will help in the real-world.
While certifications are valuable, real-world experience and implementation are very much respected.
Consider it a journey and not a destination. Set priorities, set goals, attach trophic and stakes to keep your focused and motivated. Never ignore the power of practice, for it is what turns dummies to legends.
The feeling you will get after seeing “Congratulations! You have passed the AWS Certified DevOps Engineer - Professional certification” is quite reward. I hope my experience sheds some light on your path and guides you towards achieving your certification.
Thank you for reading my experience, and I wish you all the very best of luck.
The cloud is your companion!