An ultra-concise, tabular reference guide for the AWS Certified Cloud Practitioner exam (CLF-C02).
| Domain |
Weight |
Core Focus |
| Domain 1: Cloud Concepts |
|
|
| 24% |
Benefits of cloud, economics (CapEx/OpEx), architecture, and CAF. |
|
| Domain 2: Security and Compliance |
|
|
| 30% |
Shared Responsibility, IAM, infrastructure security, and compliance. |
|
| Domain 3: Cloud Technology and Services |
|
|
| 34% |
Core services (Compute, Storage, Database, Network, Developer, ML, Integration). |
|
| Domain 4: Billing, Pricing, and Support |
|
|
| 12% |
Pricing models, cost management tools, and Support Plans. |
|
Exam Details: 65 Questions | 90 Minutes | Passing Score: 700 / 1000 | Format: Multiple Choice / Multiple Response.
| Concept |
Key Keywords / Definition |
Exam Focus / Use Case |
| High Availability |
|
|
| No single point of failure; running in multiple AZs. |
System remains operational even if hardware fails. |
|
| Fault Tolerance |
|
|
| System survives component failures without degradation. |
Critical apps needing zero downtime. |
|
| Scalability |
|
|
| Grow/shrink system capacity based on workload. |
Handling traffic spikes (vertical/horizontal scaling). |
|
| Elasticity |
|
|
| Automated scaling; match resource supply to demand. |
Auto Scaling scale-out/scale-in based on CPU usage. |
|
| Agility |
|
|
| Reduce time to spin up resources from weeks to minutes. |
Rapid experimentation and faster time-to-market. |
|
| Economy of Scale |
|
|
| Lower pay-as-you-go prices as AWS grows and buys bulk. |
Massive cost savings compared to private data centers. |
|
| CapEx vs. OpEx |
|
|
CapEx: Upfront physical assets. OpEx: Pay-as-you-go costs. |
Cloud changes CapEx (buying servers) into OpEx (utility bills). |
Total Cost of Ownership (TCO) |
Compare on-premises vs. AWS costs. Includes both direct (hardware, labor) and indirect (power, cooling, space) costs. |
Used to build a financial business case for migrating to the cloud. |
Cloud Adoption Framework (CAF) |
Structure to migrate workloads. 6 Perspectives:
|
Business, People, Governance (Business); Platform, Security, Operations (Technical). |
Deployment Models |
Public: Fully AWS. Private: On-premises. Hybrid: Combined. |
Use Direct Connect / VPN to connect Hybrid clouds. |
AWS Responsibility (Security OF the Cloud) |
Customer Responsibility (Security IN the Cloud) |
|---|---|
| Physical infrastructure, data centers, host virtualization OS. | Customer data, application code, identity management (IAM). |
| Global Infrastructure (Edge locations, AZs, Regions). | Guest Operating Systems (patching EC2 virtual machines). |
| Managed databases (RDS OS patching, hardware failures). | Firewall configurations (Security Groups, Network ACLs). |
| Physical security, security audits, server destruction. | Encryption settings (At-rest using KMS, In-transit using SSL/TLS). |
| Pillar |
Key Design Principle |
Exam Focus / Keyword |
| Operational Excellence |
|
|
| Perform operations as code, make frequent, small, reversible changes. |
Continuous improvement, post-mortems, automating deployment. |
|
| Security |
|
|
| Implement a strong identity foundation, protect data at rest/transit. |
Principle of Least Privilege, traceability (logging), encrypt everything. |
|
| Reliability |
|
|
| Automatically recover from failure, scale horizontally. |
Test recovery procedures, Multi-AZ design, fault tolerance. |
|
| Performance Efficiency |
|
|
| Use serverless architectures, go global in minutes. |
Democratizing advanced technologies, mechanical sympathy. |
|
| Cost Optimization |
|
|
| Measure overall efficiency, stop spending money on undifferentiated work. |
Analyze spend, use managed services, pay-as-you-go matching. |
|
| Sustainability |
|
|
| Maximize utilization, minimize resources required. |
Shared responsibility for environmental impact, reduction of waste. |
|
| Service |
Type |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon EC2 |
|
|
|
| Virtual Servers |
IaaS, resizable capacity, full OS access. |
Legacy apps, custom software needing specific OS config. |
|
| AWS Lambda |
|
|
|
| Serverless |
FaaS, event-driven, runs code max 15 mins. |
Run code without managing servers; pay only for execution time. |
|
| Amazon ECS |
|
|
|
| Container Orchestration |
AWS-native, runs Docker containers. |
Running microservices in Docker at scale. |
|
| Amazon EKS |
|
|
|
| Container Orchestration |
Managed Kubernetes standard. |
Migrating existing Kubernetes workloads to AWS. |
|
| Amazon ECR |
|
|
|
| Container Registry |
Secure storage and sharing of container images. |
Private Docker registry to store container images for ECS or EKS. |
|
| AWS Fargate |
|
|
|
| Serverless Compute |
Container-only compute; no EC2 to manage. |
Serverless Docker containers for ECS or EKS. |
|
| Elastic Beanstalk |
|
|
|
| PaaS |
Quick deploy, upload code, AWS handles infrastructure. |
Developers who want to deploy web apps without configuring infrastructure. |
|
| Amazon Lightsail |
|
|
|
| Virtual Servers |
VPS, simple, low cost, predictable monthly pricing. |
Simple websites, blogs, test environments, small business apps. |
|
| AWS Batch |
|
|
|
| Compute |
Runs batch jobs at any scale. |
High-throughput, automated large-scale batch processing. |
|
| AWS Outposts |
|
|
|
| Hybrid Compute |
Run native AWS services on-premises. |
Extremely low latency or local data residency requirements. |
|
| AWS Wavelength |
|
|
|
| Edge Compute |
Connects to 5G networks, ultra-low latency. |
Mobile edge applications (video streaming, gaming, IoT). |
|
| AWS Local Zones |
|
|
|
| Edge Compute |
Places compute/storage near large cities. |
Running low-latency applications close to end-users. |
|
| VMware Cloud on AWS |
|
|
|
| Hybrid Compute |
Runs VMware workloads natively on AWS. |
Migrating on-premises VMware vSphere environments without modifying workloads. |
|
| Service |
Type |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon S3 |
|
|
|
| Object Storage |
Key-value store, 99.999999999% durability, static hosting. |
Unstructured files, backups, static websites, data lake storage. |
|
| S3 Glacier |
|
|
|
| Archive |
Glacier Instant/Flexible/Deep Archive (up to 12h retrieval). |
Long-term backup/compliance archiving at ultra-low cost. |
|
| Amazon EBS |
|
|
|
| Block Storage |
Persistent volume, tied to single AZ, attached to EC2. |
Database storage or boot volumes for individual EC2 instances. |
|
| Amazon EFS |
|
|
|
| File Storage |
Shared network file system, Linux, scalable, multi-AZ. |
Shared storage for multiple EC2 instances simultaneously. |
|
| Amazon FSx |
|
|
|
| File Storage |
Native Windows (FSx for Windows) or Lustre (high-perf). |
High-performance computing or Windows server migration. |
|
| Storage Gateway |
|
|
|
| Hybrid |
File Gateway, Volume Gateway (Cached/Stored), Tape Gateway. |
Connects on-premises environments to cloud storage. |
|
| AWS Backup |
|
|
|
| Backup |
Managed, centralized, automated backup across services. |
Automating backup policies for EBS, RDS, S3, etc. |
|
| Service |
Type |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon RDS |
|
|
|
| Relational |
Managed SQL (MySQL, PostgreSQL, SQL Server, Oracle). |
OLTP applications, complex queries, traditional databases. |
|
| Amazon Aurora |
|
|
|
| Relational |
Proprietary RDS, MySQL/PostgreSQL compatible, 3-5x performance. |
High-throughput, self-healing relational database requirements. |
|
| Amazon DynamoDB |
|
|
|
| NoSQL |
Key-value, serverless, single-digit millisecond latency. |
Shopping carts, user profiles, high-speed read/write web apps. |
|
| Amazon ElastiCache |
|
|
|
| In-Memory |
Redis or Memcached compatible. |
Caching frequently read database queries to reduce load. |
|
| Amazon Redshift |
|
|
|
| Relational |
Columnar data warehouse, OLAP. |
Large-scale data analytics, business intelligence (BI) reports. |
|
| Amazon DocumentDB |
|
|
|
| NoSQL |
Managed MongoDB compatible. |
Storing JSON data structures and content management. |
|
| Amazon Neptune |
|
|
|
| Graph DB |
Managed graph database. |
Social networks, fraud detection, recommendation engines. |
|
| Service |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon VPC |
|
|
| Isolated virtual network, Subnets, Internet Gateway, NAT Gateway. |
Logically isolating your AWS resources in a private network. |
|
| Security Group |
|
|
| Stateful, instance-level firewall. |
Controlling inbound and outbound traffic for individual EC2 instances. |
|
| Network ACL (NACL) |
|
|
| Stateless, subnet-level firewall. |
Securing entire VPC subnets with explicit allow/deny rules. |
|
| Route 53 |
|
|
| Global DNS, health checks, domain registration, latency routing. |
Mapping domain names to IP addresses; routing users to closest resources. |
|
| CloudFront |
|
|
| Global Content Delivery Network (CDN), Edge Locations, caching. |
Fast content delivery (images, videos, APIs) to users worldwide. |
|
| Direct Connect |
|
|
| Dedicated physical cable, bypasses the internet, secure, consistent. |
Establishing a high-speed, private connection from on-prem to AWS. |
|
| AWS VPN |
|
|
| Site-to-Site (IPsec) VPN, Client VPN (OpenVPN endpoint). |
Securely connecting on-premises data centers or remote employees to VPC. |
|
| Transit Gateway |
|
|
| Hub-and-spoke network router. |
Connecting thousands of VPCs and on-premises networks together. |
|
| Global Accelerator |
|
|
| Optimizes IP routing using the AWS global network. |
Improving global user latency by up to 60% via Static IPs. |
|
| API Gateway |
|
|
| Managed API creation, hosting, and protection. |
Exposing serverless backends (Lambda) as REST/WebSocket APIs. |
|
| Service |
Type |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon Athena |
|
|
|
| Serverless Query |
Query S3 files directly using standard SQL. |
Querying logs/data stored in S3 without them into a database. |
|
| Amazon EMR |
|
|
|
| Big Data / Hadoop |
Elastic MapReduce, Spark, Hadoop, HBase. |
Running and scaling petabyte-scale distributed data processing frameworks. |
|
| Amazon MSK |
|
|
|
| Streaming / Kafka |
Managed Apache Kafka cluster. |
Building and running real-time streaming data applications. |
|
| Amazon Kinesis |
|
|
|
| Streaming |
Real-time data ingestion, processing, and analysis. |
Ingesting real-time application logs or IoT device sensor data. |
|
| AWS Glue |
|
|
|
| ETL Service |
Extract, Transform, Load; serverless data catalog. |
Discovering schemas and preparing data for database/analytics platforms. |
|
| Amazon QuickSight |
|
|
|
| Business Intelligence |
Serverless BI dashboards, ML-powered visualizations. |
Creating interactive business reports and dashboards for stakeholders. |
|
| Service |
Type |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon WorkSpaces |
|
|
|
| End User Computing |
DaaS, persistent virtual desktops (Windows/Linux). |
Providing employees with remote access to virtual office desktops. |
|
| Amazon AppStream 2.0 |
|
|
|
| End User Computing |
Non-persistent desktop application streaming. |
Streaming high-performance desktop apps to a web browser on any device. |
|
| Amazon Connect |
|
|
|
| Business App |
Omnichannel cloud contact center, customer service helpdesk. |
Setting up a scalable customer support phone system and chat center. |
|
| Amazon SES |
|
|
|
| Business App |
Simple Email Service, marketing and transaction emails. |
Automatically sending order confirmation or newsletter emails to customers. |
|
| AWS Amplify |
|
|
|
| Frontend & Mobile |
Full-stack web/mobile app build tools and hosting. |
Rapidly building and hosting mobile and web frontends on AWS. |
|
| AWS IoT Core |
|
|
|
| IoT |
Secure device-to-cloud connection, message broker. |
Connecting and routing messages from millions of IoT sensors to AWS. |
|
| Service |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| AWS IAM |
|
|
| Users, Groups, Roles, Policies, MFA, Access Analyzer. |
Control who can access what in your AWS account (Least Privilege). |
|
| IAM Identity Center |
|
|
| Single Sign-On (SSO). |
Centrally manage SSO access to multiple AWS accounts. |
|
| AWS STS |
|
|
| Security Token Service, temporary credentials. |
Granting temporary access to resources (e.g., federation, IAM role assumption). |
|
| Amazon Cognito |
|
|
| Sign-up, Sign-in, Guest Access. |
Identity provider for web/mobile apps (Google/Facebook login). |
|
| AWS KMS |
|
|
| Envelope encryption, customer managed keys (CMKs), shared hardware. |
Creating, deleting, and rotating cryptographic encryption keys. |
|
| AWS Secrets Manager |
|
|
| Database credentials, automatic rotation. |
Securely storing and rotating sensitive API/DB keys. |
|
| AWS Directory Service |
|
|
| Managed Active Directory. |
Integrates AWS resources with existing on-premises AD. |
|
| AWS Certificate Manager (ACM) |
|
|
| SSL/TLS certificates, free public certificates. |
Provisioning, managing, and deploying SSL/TLS encryption certificates. |
|
| Service |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| AWS WAF |
|
|
| Layer 7 Web Application Firewall, SQL injection, XSS protection. |
Blocking malicious web attacks targeting HTTP/HTTPS apps. |
|
| AWS Shield |
|
|
| Layer 3/4 DDoS protection, Standard (free) and Advanced. |
Protecting applications from massive Distributed Denial of Service attacks. |
|
| AWS Firewall Manager |
|
|
| Centralized security rules across accounts. |
Configuring and deploying firewall rules (WAF, Shield, Security Groups) for AWS Organizations. |
|
| Amazon GuardDuty |
|
|
| Threat detection, Machine Learning, continuously monitors logs. |
Finding malicious activity (e.g., bitcoin mining, compromised instances). |
|
| Amazon Inspector |
|
|
| Vulnerability scanner, EC2, ECR container images, Lambda. |
Scanning application software packages for known security exposures. |
|
| Amazon Macie |
|
|
| PII discovery, S3 buckets, Machine Learning. |
Identifying and alerting on sensitive data (e.g., credit cards, SSNs). |
|
| AWS Artifact |
|
|
| Compliance portal, ISO/PCI/SOC reports. |
Down official AWS compliance documents for audits. |
|
| AWS Security Hub |
|
|
| Security posture management, single dashboard. |
Consolidated view of security alerts across GuardDuty, Inspector, Macie. |
|
| Amazon Detective |
|
|
| Security investigation. |
Investigating and finding the root cause of security anomalies. |
|
| AWS CloudHSM |
|
|
| Dedicated hardware security module (FIPS 140-2 Level 3). |
Managing encryption keys using dedicated cryptographic hardware in AWS. |
|
| Service |
Key Keywords / Characteristics |
Primary Exam Use Case / Scenario |
| Amazon CloudWatch |
|
|
| Performance metrics, logs, alarms, dashboards. |
Monitoring resource CPU utilization, setting alarms for high usage. |
|
| AWS CloudTrail |
|
|
| API auditing, user history, "Who did what, when, and where." |
Reviewing which user deleted an S3 bucket or changed a route table. |
|
| AWS Config |
|
|
| Compliance auditing, configuration history. |
Tracking changes to security group rules over time for compliance. |
|
| AWS Systems Manager |
|
|
| SSM, Run Command, Patch Manager, Session Manager. |
Executing shell scripts or applying OS patches to hundreds of EC2s. |
|
| AWS Organizations |
|
|
| Multi-account management, OUs, Service Control Policies (SCPs). |
Centrally applying security guardrails and consolidating bills. |
|
| AWS Control Tower |
|
|
| Automated landing zone setup, multi-account governance. |
Setting up a secure, compliant multi-account environment. |
|
| AWS Trusted Advisor |
|
|
| Best practices advisor: Cost, Security, Reliability, Performance, Limits. |
Finding idle EC2 instances or public S3 buckets. |
|
| Well-Architected Tool |
|
|
| Architecture review against 6 pillars. |
Evaluating workload architectures to ensure they align with best practices. |
|
| Compute Optimizer |
|
|
| Machine learning analysis of usage. |
Recommending optimal EC2/Lambda sizes to save money/boost performance. |
|
| AWS Health Dashboard |
|
|
| Personalized dashboard, Service status. |
Alerting you to AWS service degradation affecting your resources. |
|
| AWS Service Catalog |
|
|
| Managed catalog of approved IT services. |
Governing resource creation by allowing users to launch only pre-approved, compliant configurations. |
|
| Service / Tool |
Primary Purpose |
Key Exam Scenario |
| AWS Billing Dashboard |
|
|
| Visual monthly invoice, payments. |
High-level tracking of current month costs. |
|
| AWS Cost Explorer |
|
|
| Historic cost visualization, forecasting. |
Identifying spend trends and predicting future cloud bills. |
|
| AWS Budgets |
|
|
| Custom cost/usage alerts. |
Triggering email notifications when costs exceed 80% of budget. |
|
| Cost & Usage Report (CUR) |
|
|
| Most granular raw data (S3 export). |
Deep dive cost analysis with Athena/QuickSight. |
|
| AWS Pricing Calculator |
|
|
| Estimate infrastructure costs. |
Planning costs before deploying an application to AWS. |
|
| Cost Allocation Tags |
|
|
Key-value tagging (Environment: Production ). |
|
|
| Organizing and categorizing resource costs by department/project. |
|
|
| AWS Marketplace |
|
|
| Digital catalog of third-party software. |
Finding, buying, and deploying software that runs on AWS with unified billing. |
|
| AWS Cost Anomaly Detection |
|
|
| Machine Learning cost monitors. |
Automatically detecting and alerting on anomalous or unexpected billing activity. |
|
| AWS Billing Conductor |
|
|
| Custom pro forma billing. |
Customizing billing parameters and sharing billing views with business partners/clients. |
|
| Service |
Architecture |
Communication Model |
Primary Exam Keyword / Scenario |
| Amazon SQS |
|
|
|
| Message Queue |
Pull-based (Consumers pull messages) |
Decoupling components; processing asynchronous transactions. |
|
| Amazon SNS |
|
|
|
| Pub/Sub Topic |
Push-based (Fan-out pattern) |
Broadcasting single notifications (Email, SMS) to multiple targets. |
|
| EventBridge |
|
|
|
| Serverless Event Bus |
Push-based (Event router) |
Routing schema-based events from AWS/SaaS apps to targets. |
|
| Step Functions |
|
|
|
| State Machine Workflow |
Visual orchestration |
Coordinating sequential multi-step serverless tasks (Lambda). |
|
| Service |
Primary Function |
Primary Exam Use Case |
| AWS CLI |
|
|
| Command Line Interface |
Control AWS services using text commands in a terminal. |
|
| AWS CloudShell |
|
|
| Browser-based shell |
Executing CLI scripts directly from the AWS Console without installs. |
|
| AWS Cloud9 |
|
|
| Browser-based IDE |
Writing and debugging code collaboratively in the cloud. |
|
| AWS CodeCommit |
|
|
| Git Repository |
Hosting private Git repositories natively in AWS. |
|
| AWS CodeBuild |
|
|
| Build & Test |
Compiling source code and running automated testing scripts. |
|
| AWS CodeDeploy |
|
|
| Code Deployment |
Automating application updates onto EC2, ECS, or Lambda. |
|
| AWS CodePipeline |
|
|
| CI/CD Orchestration |
Designing and managing the workflow from commit to deploy. |
|
| AWS X-Ray |
|
|
| Distributed tracing & debugging |
Analyzing and debugging production, distributed serverless applications (visualizing service maps). |
|
| Service |
Primary Function / Keyword |
Primary Exam Scenario |
| Amazon SageMaker |
|
|
| Build, Train, Deploy custom ML. |
Fully custom machine learning modeling workbench. |
|
| Amazon Bedrock |
|
|
| Generative AI, Foundation Models. |
Building generative AI apps using API-based foundation models. |
|
| Amazon Lex |
|
|
| Conversational chatbots (Alexa tech). |
Creating customer service chatbots for websites/apps. |
|
| Amazon Rekognition |
|
|
| Image & Video analysis. |
Facial recognition, locating unsafe content, labeling objects in photos. |
|
| Amazon Transcribe |
|
|
| Speech-to-Text. |
Generating text transcripts from audio recordings. |
|
| Amazon Polly |
|
|
| Text-to-Speech. |
Converting written text into lifelike spoken voice. |
|
| Amazon Translate |
|
|
| Language translation. |
Localizing application text content into multiple languages. |
|
| Amazon Comprehend |
|
|
| Natural Language Processing (NLP). |
Analyzing customer feedback text for sentiment (Positive/Negative). |
|
| Amazon Textract |
|
|
| Document OCR + data extraction. |
Extracting table structures and form data from scanned PDF invoices. |
|
| Amazon Kendra |
|
|
| Intelligent Document Search. |
Finding answers across thousands of PDF and Word files. |
|
| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|
Database Migration Service (DMS) |
Minimal downtime, homogeneous/heterogeneous. | Migrating database to AWS while source remains operational. |
Migration Hub |
Single tracking dashboard. | Monitoring progress of application migrations across multiple tools. |
Application Discovery Service |
Discover inventory, profiling resources. | Cataloging on-premises server configurations to plan migrations. |
Application Migration Service (MGN) |
Lift-and-shift server replication. | Rehosting virtual/physical servers onto EC2 instances. |
AWS Snow Family |
Physical data transport. Snowcone < Snowball < Snowmobile.
|
Migrating massive datasets (TB/PB-scale) where internet is too slow. |
AWS DataSync |
Online automation, sync over WAN. | Synchronizing local NAS storage data to S3 or EFS on a schedule. |
AWS Transfer Family |
SFTP, FTPS, FTP wrapper. | Exposing S3 or EFS storage directly to users via SFTP protocol. |
| Tier | Technical Support Response Times | Trusted Advisor Checks | Key Feature |
|---|---|---|---|
Basic (Free) |
None (billing/account issues only) | 7 Core checks | Access to Docs, Forums. |
Developer |
< 24h (general), < 12h (system impaired) | 7 Core checks | Single contact, Email support (biz hours). |
Business |
< 4h (system impaired), < 1h (production down) | Full checks |
Unlimited contacts, 24/7 Phone/Email/Chat. |
Enterprise |
< 15m (business critical down) | Full checks |
Technical Account Manager (TAM), Concierge Support. |