AWS-DOP-C02 & AWS CERTIFICATION | Tricky Distinctions & Common Pitfalls - AWS Certified DevOps Engineer

4.2.7. Tricky Distinctions & Common Pitfalls

First Principle: Focusing on each service's core purpose and operational model cuts through ambiguity, enabling nuanced understanding.

The AWS DOP-C02 exam tests nuanced understanding, leading to "tricky distinctions" and common pitfalls. A First Principles approach helps clarify these.

Common Areas of Confusion:

CloudWatch vs. CloudTrail vs. X-Ray: CloudWatch (metrics, logs, alarms for operational health); CloudTrail (API call logging for governance/auditing); X-Ray (distributed tracing for performance/debugging).
Blue/Green vs. Canary Deployments: Blue/Green (new version alongside old, instant traffic switch, quick rollback); Canary (gradual rollout to small user subset, minimizes issue impact).
IAM Roles vs. Users vs. Groups: Users (human identities); Groups (collections of users); Roles (temporary permissions for entities).
Security Groups vs. Network ACLs: Security Groups (stateful, instance-level firewalls); Network ACLs (stateless, subnet-level firewalls).
AWS Systems Manager vs. AWS Config: Systems Manager (active operational management, patching, state enforcement); Config (passive monitoring, auditing, compliance evaluation).
AWS CodePipeline vs. AWS Step Functions: CodePipeline (orchestrates software delivery, CI/CD stages); Step Functions (orchestrates general complex workflows, manages state).

Scenario: You are presented with an exam question that asks for the best way to monitor API calls for auditing purposes, and another that asks to manage server configuration drift. You're considering CloudWatch vs. CloudTrail and Systems Manager vs. Config.

Reflection Question: How do you apply a First Principles approach to differentiate between CloudWatch and CloudTrail (for monitoring vs. auditing), and between Systems Manager and Config (for active management vs. passive monitoring), to cut through ambiguity and select the correct service for each specific use case?

💡 Tip: Create a personal "cheat sheet" of these distinctions. For each, define its core purpose, where it operates (e.g., instance vs. subnet), and its statefulness.