# Content Domain 2: Configuration Management and IaC
<a name="devops-engineer-professional-02-domain2"></a>

## Task Statement 2.1: Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle.
<a name="dop-02-task-2-1"></a>

### Knowledge of:
<a name="dop-02-task-2-1-knowledge"></a>
+ Infrastructure as code (IaC) options and tools for AWS
+ Change management processes for IaC-based platforms
+ Configuration management services and strategies

### Skills in:
<a name="dop-02-task-2-1-skills"></a>
+ Composing and deploying IaC templates (for example, AWS Serverless Application Model [AWS SAM], AWS CloudFormation, AWS Cloud Development Kit [AWS CDK])
+ Applying CloudFormation stack sets across multiple accounts and AWS Regions
+ Determining optimal configuration management services (for example, AWS OpsWorks, AWS Systems Manager, AWS Config, AWS AppConfig)
+ Implementing infrastructure patterns, governance controls, and security standards into reusable IaC templates (for example, AWS Service Catalog, CloudFormation modules, AWS CDK)

## Task Statement 2.2: Deploy automation to create, onboard, and secure AWS accounts in a multi-account or multi-Region environment.
<a name="dop-02-task-2-2"></a>

### Knowledge of:
<a name="dop-02-task-2-2-knowledge"></a>
+ AWS account structures, best practices, and related AWS services

### Skills in:
<a name="dop-02-task-2-2-skills"></a>
+ Standardizing and automating account provisioning and configuration
+ Creating, consolidating, and centrally managing accounts (for example, AWS Organizations, AWS Control Tower)
+ Applying IAM solutions for multi-account and complex organization structures (for example, SCPs, assuming roles)
+ Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, Service Catalog, SCPs)

## Task Statement 2.3: Design and build automated solutions for complex tasks and large-scale environments.
<a name="dop-02-task-2-3"></a>

### Knowledge of:
<a name="dop-02-task-2-3-knowledge"></a>
+ AWS services and solutions to automate tasks and processes
+ Methods and strategies to interact with the AWS software-defined infrastructure

### Skills in:
<a name="dop-02-task-2-3-skills"></a>
+ Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config)
+ Developing AWS Lambda function automations for complex scenarios (for example, AWS SDKs, Lambda, AWS Step Functions)
+ Automating the configuration of software applications to the desired state (for example, OpsWorks, Systems Manager State Manager)
+ Maintaining software compliance (for example, Systems Manager)