Domain 2: Configuration Management and IaC (17% of the exam content)

This domain accounts for 17% of the exam content.

Task 2.1: Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle

Knowledge of:

Skills in:

Composing and deploying IaC templates (for example, Serverlos Application Model [ SAM], CloudFormation, Cloud Development Kit [ CDK])
Applying CloudFormation StackSets across multiple accounts and Regions
Determining optimal configuration management services (for example, Systems Manager, AppConfig)
Implementing infrastructure and application configuration management
Implementing IaC lifecycle management (for example, drift detection, stack updates)
Implementing IaC security controls (for example, CloudFormation Guard)

Knowledge of:

Skills in:

Implementing configuration management services (for example, Systems Manager State Manager, Config)
Implementing patch management (for example, Systems Manager Patch Manager)
Implementing application configuration management (for example, AppConfig)
Implementing desired state management (for example, Systems Manager State Manager)
Implementing infrastructure and application configuration management

Knowledge of:

Skills in:

Implementing compliance scanning tools (for example, Config, Security Hub, Amazon Inspector)
Implementing automated remediation (for example, Config, Systems Manager)
Implementing security scanning tools (for example, Amazon Inspector, Security Hub)
Implementing infrastructure security scanning (for example, cfn-nag, CloudFormation Guard)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Domain 1: SDLC Automation (22% of the exam conten)

Domain 3: Resilient Cloud Solutions (15% of the exam content)