DevOps Engineering on AWS Certification Cheat Sheet 2026
The 30 highest-yield DevOps Engineering on AWS Certification facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
- Which AWS CodeDeploy deployment type is supported for AWS Lambda functions? → Blue/green
- Which AWS Global Accelerator feature improves availability by routing traffic to the nearest healthy endpoint across AWS regions? → Anycast IP with health-based routing
- Which S3 feature allows you to automatically replicate objects to buckets in other AWS regions for disaster recovery? → Cross-Region Replication
- Which CodeDeploy lifecycle event hook runs BEFORE the application revision is downloaded to the instance? → BeforeInstall
- A CodeBuild project needs to cache Maven dependencies between builds. Which cache type should be configured? → Amazon S3 cache
- In AWS CodeDeploy, what deployment configuration gradually shifts traffic from the original to the replacement environment? → Blue/green deployment
- What AWS IAM feature allows you to set permission boundaries that limit the maximum permissions an IAM entity can have? → Permission boundaries
- Which AWS service aggregates and visualizes logs from EC2, Lambda, ECS, and other AWS resources? → Amazon CloudWatch Logs
- What does the appspec.yml file control in an AWS CodeDeploy deployment? → How CodeDeploy maps source files to destinations and lifecycle event hooks
- Which buildspec.yml phase in CodeBuild is used to run the actual build commands? → build
- In AWS CDK, which construct type represents opinionated, multi-resource patterns for common architectural use cases? → L3 constructs
- Which ELB type is optimized for handling millions of requests per second with ultra-low latency at the TCP layer? → Network Load Balancer
- Which AWS service records API calls made in your AWS account, providing a full audit trail? → AWS CloudTrail
- Which feature of AWS CodeBuild allows you to cache dependencies to speed up future builds? → Build caching
- In AWS CodeDeploy for ECS, what resource type defines the routing of traffic to the blue and green task sets? → Application Load Balancer listener rule
- What is the purpose of an approval action in AWS CodePipeline? → Pauses the pipeline and waits for manual approval before proceeding
- Which AWS policy type can be applied to an entire AWS Organization or OU to restrict the maximum permissions available to member accounts? → Service Control Policy (SCP)
- What does Amazon CloudWatch Real User Monitoring (RUM) collect? → Performance data from real user browser sessions
- Which CloudWatch feature automatically detects unusual patterns in metrics without requiring you to set static thresholds? → CloudWatch Anomaly Detection
- Which metric dimension in CloudWatch helps you track the latency of individual Lambda function invocations? → Duration
- Which AWS service is used to create fully managed continuous delivery pipelines? → AWS CodePipeline
- Which AWS Config resource type is used to create custom compliance rules using Lambda functions? → AWS::Config::ConfigRule with type CUSTOM_LAMBDA
- Which AWS service can be used as a source stage in CodePipeline to store and version Git repositories? → AWS CodeCommit
- Which AWS service continuously monitors AWS resource configurations and evaluates them against desired configurations? → AWS Config
- What CloudFormation function retrieves the value of a parameter or resource output from the same template? → Ref
- Which AWS KMS key type allows key material to be imported by the customer? → Customer managed key with imported key material
- What is the anticipated behavior when Ansible is called with 'ansible-playbook -i localhost playbook.yml'? → Ansible won\\'t run, this is invalid command line syntax
- Which AWS Config rule type uses AWS-managed logic to evaluate resource configurations against best practices? → AWS managed rules
- Which AWS CodeBuild environment type provides the highest isolation for builds? → Linux container
- Which AWS Config conformance pack provides a pre-built set of Config rules mapped to a specific compliance standard like CIS or PCI DSS? → AWS Config conformance packs
Turn these facts into recall: