Infrastructure as code (IaC) options and tools for AWS
AWS account structures, best practices, and related AWS services
Analyzing logs with AWS services (for example, Amazon Athena, CloudWatch Logs Insights)
Configuring AWS Config rules to remediate issues
Replication and failover methods for stateful services
Security auditing services and features (for example, CloudTrail, AWS Config, VPC Flow Logs, CloudFormation drift detection)
Remediating a non-desired system state
Using version control to integrate pipelines with application environments
Common CloudWatch metrics and logs (for example, CPU utilization with Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer [ALB])
Running builds or tests when generating pull requests or code merges (for example, AWS CodeCommit, CodeBuild)
Associating CloudWatch alarms with CloudWatch metrics (standard and custom)
Alert notification and action capabilities (for example, CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery)
Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, AWS Service Catalog, SCPs)
Combining security controls to apply defense in depth (for example, AWS Certificate Manager [ACM], AWS WAF, AWS Config, AWS Config rules, Security Hub, GuardDuty, security groups, network ACLs, Amazon Detective, Network Firewall)
Common cloud security threats (for example, insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)
Automating Amazon EC2 instance and container image build processes (for example, EC2 Image Builder)