{"slug": "aws-cp-clf-02-cheat-sheet", "title": "AWS CP CLF-02 Cheat Sheet", "summary": "A developer published an ultra-concise tabular reference guide for the AWS Certified Cloud Practitioner exam (CLF-C02). The guide covers key domains including Cloud Concepts, Security and Compliance, Cloud Technology and Services, and Billing, Pricing, and Support, with exam details and core concepts like High Availability, Fault Tolerance, and the Shared Responsibility Model.", "body_md": "An ultra-concise, tabular reference guide for the AWS Certified Cloud Practitioner exam (CLF-C02).\n\n| Domain | Weight | Core Focus |\n|---|---|---|\nDomain 1: Cloud Concepts |\n24% | Benefits of cloud, economics (CapEx/OpEx), architecture, and CAF. |\nDomain 2: Security and Compliance |\n30% | Shared Responsibility, IAM, infrastructure security, and compliance. |\nDomain 3: Cloud Technology and Services |\n34% | Core services (Compute, Storage, Database, Network, Developer, ML, Integration). |\nDomain 4: Billing, Pricing, and Support |\n12% | Pricing models, cost management tools, and Support Plans. |\n\n**Exam Details:** 65 Questions | 90 Minutes | Passing Score: 700 / 1000 | Format: Multiple Choice / Multiple Response.\n\n| Concept | Key Keywords / Definition | Exam Focus / Use Case |\n|---|---|---|\nHigh Availability |\nNo single point of failure; running in multiple AZs. | System remains operational even if hardware fails. |\nFault Tolerance |\nSystem survives component failures without degradation. | Critical apps needing zero downtime. |\nScalability |\nGrow/shrink system capacity based on workload. | Handling traffic spikes (vertical/horizontal scaling). |\nElasticity |\nAutomated scaling; match resource supply to demand. | Auto Scaling scale-out/scale-in based on CPU usage. |\nAgility |\nReduce time to spin up resources from weeks to minutes. | Rapid experimentation and faster time-to-market. |\nEconomy of Scale |\nLower pay-as-you-go prices as AWS grows and buys bulk. | Massive cost savings compared to private data centers. |\nCapEx vs. OpEx |\nCapEx: Upfront physical assets. OpEx: Pay-as-you-go costs. |\nCloud changes CapEx (buying servers) into OpEx (utility bills). |\nTotal Cost of Ownership (TCO) |\nCompare on-premises vs. AWS costs. Includes both direct (hardware, labor) and indirect (power, cooling, space) costs. |\nUsed to build a financial business case for migrating to the cloud. |\nCloud Adoption Framework (CAF) |\nStructure to migrate workloads. 6 Perspectives:\n|\nBusiness, People, Governance (Business); Platform, Security, Operations (Technical). |\nDeployment Models |\nPublic: Fully AWS. Private: On-premises. Hybrid: Combined. |\nUse Direct Connect / VPN to connect Hybrid clouds. |\n\nAWS Responsibility (Security OF the Cloud) |\nCustomer Responsibility (Security IN the Cloud) |\n|---|---|\n| Physical infrastructure, data centers, host virtualization OS. | Customer data, application code, identity management (IAM). |\n| Global Infrastructure (Edge locations, AZs, Regions). | Guest Operating Systems (patching EC2 virtual machines). |\n| Managed databases (RDS OS patching, hardware failures). | Firewall configurations (Security Groups, Network ACLs). |\n| Physical security, security audits, server destruction. | Encryption settings (At-rest using KMS, In-transit using SSL/TLS). |\n\n| Pillar | Key Design Principle | Exam Focus / Keyword |\n|---|---|---|\nOperational Excellence |\nPerform operations as code, make frequent, small, reversible changes. | Continuous improvement, post-mortems, automating deployment. |\nSecurity |\nImplement a strong identity foundation, protect data at rest/transit. | Principle of Least Privilege, traceability (logging), encrypt everything. |\nReliability |\nAutomatically recover from failure, scale horizontally. | Test recovery procedures, Multi-AZ design, fault tolerance. |\nPerformance Efficiency |\nUse serverless architectures, go global in minutes. | Democratizing advanced technologies, mechanical sympathy. |\nCost Optimization |\nMeasure overall efficiency, stop spending money on undifferentiated work. | Analyze spend, use managed services, pay-as-you-go matching. |\nSustainability |\nMaximize utilization, minimize resources required. | Shared responsibility for environmental impact, reduction of waste. |\n\n| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|---|\nAmazon EC2 |\nVirtual Servers | IaaS, resizable capacity, full OS access. | Legacy apps, custom software needing specific OS config. |\nAWS Lambda |\nServerless | FaaS, event-driven, runs code max 15 mins. | Run code without managing servers; pay only for execution time. |\nAmazon ECS |\nContainer Orchestration | AWS-native, runs Docker containers. | Running microservices in Docker at scale. |\nAmazon EKS |\nContainer Orchestration | Managed Kubernetes standard. | Migrating existing Kubernetes workloads to AWS. |\nAmazon ECR |\nContainer Registry | Secure storage and sharing of container images. | Private Docker registry to store container images for ECS or EKS. |\nAWS Fargate |\nServerless Compute | Container-only compute; no EC2 to manage. | Serverless Docker containers for ECS or EKS. |\nElastic Beanstalk |\nPaaS | Quick deploy, upload code, AWS handles infrastructure. | Developers who want to deploy web apps without configuring infrastructure. |\nAmazon Lightsail |\nVirtual Servers | VPS, simple, low cost, predictable monthly pricing. | Simple websites, blogs, test environments, small business apps. |\nAWS Batch |\nCompute | Runs batch jobs at any scale. | High-throughput, automated large-scale batch processing. |\nAWS Outposts |\nHybrid Compute | Run native AWS services on-premises. | Extremely low latency or local data residency requirements. |\nAWS Wavelength |\nEdge Compute | Connects to 5G networks, ultra-low latency. | Mobile edge applications (video streaming, gaming, IoT). |\nAWS Local Zones |\nEdge Compute | Places compute/storage near large cities. | Running low-latency applications close to end-users. |\nVMware Cloud on AWS |\nHybrid Compute | Runs VMware workloads natively on AWS. | Migrating on-premises VMware vSphere environments without modifying workloads. |\n\n| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|---|\nAmazon S3 |\nObject Storage | Key-value store, 99.999999999% durability, static hosting. | Unstructured files, backups, static websites, data lake storage. |\nS3 Glacier |\nArchive | Glacier Instant/Flexible/Deep Archive (up to 12h retrieval). | Long-term backup/compliance archiving at ultra-low cost. |\nAmazon EBS |\nBlock Storage | Persistent volume, tied to single AZ, attached to EC2. | Database storage or boot volumes for individual EC2 instances. |\nAmazon EFS |\nFile Storage | Shared network file system, Linux, scalable, multi-AZ. | Shared storage for multiple EC2 instances simultaneously. |\nAmazon FSx |\nFile Storage | Native Windows (FSx for Windows) or Lustre (high-perf). | High-performance computing or Windows server migration. |\nStorage Gateway |\nHybrid | File Gateway, Volume Gateway (Cached/Stored), Tape Gateway. | Connects on-premises environments to cloud storage. |\nAWS Backup |\nBackup | Managed, centralized, automated backup across services. | Automating backup policies for EBS, RDS, S3, etc. |\n\n| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|---|\nAmazon RDS |\nRelational | Managed SQL (MySQL, PostgreSQL, SQL Server, Oracle). | OLTP applications, complex queries, traditional databases. |\nAmazon Aurora |\nRelational | Proprietary RDS, MySQL/PostgreSQL compatible, 3-5x performance. | High-throughput, self-healing relational database requirements. |\nAmazon DynamoDB |\nNoSQL | Key-value, serverless, single-digit millisecond latency. | Shopping carts, user profiles, high-speed read/write web apps. |\nAmazon ElastiCache |\nIn-Memory | Redis or Memcached compatible. | Caching frequently read database queries to reduce load. |\nAmazon Redshift |\nRelational | Columnar data warehouse, OLAP. | Large-scale data analytics, business intelligence (BI) reports. |\nAmazon DocumentDB |\nNoSQL | Managed MongoDB compatible. | Storing JSON data structures and content management. |\nAmazon Neptune |\nGraph DB | Managed graph database. | Social networks, fraud detection, recommendation engines. |\n\n| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|\nAmazon VPC |\nIsolated virtual network, Subnets, Internet Gateway, NAT Gateway. | Logically isolating your AWS resources in a private network. |\nSecurity Group |\nStateful, instance-level firewall. | Controlling inbound and outbound traffic for individual EC2 instances. |\nNetwork ACL (NACL) |\nStateless, subnet-level firewall. | Securing entire VPC subnets with explicit allow/deny rules. |\nRoute 53 |\nGlobal DNS, health checks, domain registration, latency routing. | Mapping domain names to IP addresses; routing users to closest resources. |\nCloudFront |\nGlobal Content Delivery Network (CDN), Edge Locations, caching. | Fast content delivery (images, videos, APIs) to users worldwide. |\nDirect Connect |\nDedicated physical cable, bypasses the internet, secure, consistent. | Establishing a high-speed, private connection from on-prem to AWS. |\nAWS VPN |\nSite-to-Site (IPsec) VPN, Client VPN (OpenVPN endpoint). | Securely connecting on-premises data centers or remote employees to VPC. |\nTransit Gateway |\nHub-and-spoke network router. | Connecting thousands of VPCs and on-premises networks together. |\nGlobal Accelerator |\nOptimizes IP routing using the AWS global network. | Improving global user latency by up to 60% via Static IPs. |\nAPI Gateway |\nManaged API creation, hosting, and protection. | Exposing serverless backends (Lambda) as REST/WebSocket APIs. |\n\n| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|---|\nAmazon Athena |\nServerless Query | Query S3 files directly using standard SQL. | Querying logs/data stored in S3 without loading them into a database. |\nAmazon EMR |\nBig Data / Hadoop | Elastic MapReduce, Spark, Hadoop, HBase. | Running and scaling petabyte-scale distributed data processing frameworks. |\nAmazon MSK |\nStreaming / Kafka | Managed Apache Kafka cluster. | Building and running real-time streaming data applications. |\nAmazon Kinesis |\nStreaming | Real-time data ingestion, processing, and analysis. | Ingesting real-time application logs or IoT device sensor data. |\nAWS Glue |\nETL Service | Extract, Transform, Load; serverless data catalog. | Discovering schemas and preparing data for database/analytics platforms. |\nAmazon QuickSight |\nBusiness Intelligence | Serverless BI dashboards, ML-powered visualizations. | Creating interactive business reports and dashboards for stakeholders. |\n\n| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|---|\nAmazon WorkSpaces |\nEnd User Computing | DaaS, persistent virtual desktops (Windows/Linux). | Providing employees with remote access to virtual office desktops. |\nAmazon AppStream 2.0 |\nEnd User Computing | Non-persistent desktop application streaming. | Streaming high-performance desktop apps to a web browser on any device. |\nAmazon Connect |\nBusiness App | Omnichannel cloud contact center, customer service helpdesk. | Setting up a scalable customer support phone system and chat center. |\nAmazon SES |\nBusiness App | Simple Email Service, marketing and transaction emails. | Automatically sending order confirmation or newsletter emails to customers. |\nAWS Amplify |\nFrontend & Mobile | Full-stack web/mobile app build tools and hosting. | Rapidly building and hosting mobile and web frontends on AWS. |\nAWS IoT Core |\nIoT | Secure device-to-cloud connection, message broker. | Connecting and routing messages from millions of IoT sensors to AWS. |\n\n| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|\nAWS IAM |\nUsers, Groups, Roles, Policies, MFA, Access Analyzer. | Control who can access what in your AWS account (Least Privilege). |\nIAM Identity Center |\nSingle Sign-On (SSO). | Centrally manage SSO access to multiple AWS accounts. |\nAWS STS |\nSecurity Token Service, temporary credentials. | Granting temporary access to resources (e.g., federation, IAM role assumption). |\nAmazon Cognito |\nSign-up, Sign-in, Guest Access. | Identity provider for web/mobile apps (Google/Facebook login). |\nAWS KMS |\nEnvelope encryption, customer managed keys (CMKs), shared hardware. | Creating, deleting, and rotating cryptographic encryption keys. |\nAWS Secrets Manager |\nDatabase credentials, automatic rotation. | Securely storing and rotating sensitive API/DB keys. |\nAWS Directory Service |\nManaged Active Directory. | Integrates AWS resources with existing on-premises AD. |\nAWS Certificate Manager (ACM) |\nSSL/TLS certificates, free public certificates. | Provisioning, managing, and deploying SSL/TLS encryption certificates. |\n\n| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|\nAWS WAF |\nLayer 7 Web Application Firewall, SQL injection, XSS protection. | Blocking malicious web attacks targeting HTTP/HTTPS apps. |\nAWS Shield |\nLayer 3/4 DDoS protection, Standard (free) and Advanced. | Protecting applications from massive Distributed Denial of Service attacks. |\nAWS Firewall Manager |\nCentralized security rules across accounts. | Configuring and deploying firewall rules (WAF, Shield, Security Groups) for AWS Organizations. |\nAmazon GuardDuty |\nThreat detection, Machine Learning, continuously monitors logs. | Finding malicious activity (e.g., bitcoin mining, compromised instances). |\nAmazon Inspector |\nVulnerability scanner, EC2, ECR container images, Lambda. | Scanning application software packages for known security exposures. |\nAmazon Macie |\nPII discovery, S3 buckets, Machine Learning. | Identifying and alerting on sensitive data (e.g., credit cards, SSNs). |\nAWS Artifact |\nCompliance portal, ISO/PCI/SOC reports. | Downloading official AWS compliance documents for audits. |\nAWS Security Hub |\nSecurity posture management, single dashboard. | Consolidated view of security alerts across GuardDuty, Inspector, Macie. |\nAmazon Detective |\nSecurity investigation. | Investigating and finding the root cause of security anomalies. |\nAWS CloudHSM |\nDedicated hardware security module (FIPS 140-2 Level 3). | Managing encryption keys using dedicated cryptographic hardware in AWS. |\n\n| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|\nAmazon CloudWatch |\nPerformance metrics, logs, alarms, dashboards. | Monitoring resource CPU utilization, setting alarms for high usage. |\nAWS CloudTrail |\nAPI auditing, user history, \"Who did what, when, and where.\" | Reviewing which user deleted an S3 bucket or changed a route table. |\nAWS Config |\nCompliance auditing, configuration history. | Tracking changes to security group rules over time for compliance. |\nAWS Systems Manager |\nSSM, Run Command, Patch Manager, Session Manager. | Executing shell scripts or applying OS patches to hundreds of EC2s. |\nAWS Organizations |\nMulti-account management, OUs, Service Control Policies (SCPs). | Centrally applying security guardrails and consolidating bills. |\nAWS Control Tower |\nAutomated landing zone setup, multi-account governance. | Setting up a secure, compliant multi-account environment. |\nAWS Trusted Advisor |\nBest practices advisor: Cost, Security, Reliability, Performance, Limits. | Finding idle EC2 instances or public S3 buckets. |\nWell-Architected Tool |\nArchitecture review against 6 pillars. | Evaluating workload architectures to ensure they align with best practices. |\nCompute Optimizer |\nMachine learning analysis of usage. | Recommending optimal EC2/Lambda sizes to save money/boost performance. |\nAWS Health Dashboard |\nPersonalized dashboard, Service status. | Alerting you to AWS service degradation affecting your resources. |\nAWS Service Catalog |\nManaged catalog of approved IT services. | Governing resource creation by allowing users to launch only pre-approved, compliant configurations. |\n\n| Service / Tool | Primary Purpose | Key Exam Scenario |\n|---|---|---|\nAWS Billing Dashboard |\nVisual monthly invoice, payments. | High-level tracking of current month costs. |\nAWS Cost Explorer |\nHistoric cost visualization, forecasting. | Identifying spend trends and predicting future cloud bills. |\nAWS Budgets |\nCustom cost/usage alerts. | Triggering email notifications when costs exceed 80% of budget. |\nCost & Usage Report (CUR) |\nMost granular raw data (S3 export). | Deep dive cost analysis with Athena/QuickSight. |\nAWS Pricing Calculator |\nEstimate infrastructure costs. | Planning costs before deploying an application to AWS. |\nCost Allocation Tags |\nKey-value tagging (`Environment: Production` ). |\nOrganizing and categorizing resource costs by department/project. |\nAWS Marketplace |\nDigital catalog of third-party software. | Finding, buying, and deploying software that runs on AWS with unified billing. |\nAWS Cost Anomaly Detection |\nMachine Learning cost monitors. | Automatically detecting and alerting on anomalous or unexpected billing activity. |\nAWS Billing Conductor |\nCustom pro forma billing. | Customizing billing parameters and sharing billing views with business partners/clients. |\n\n| Service | Architecture | Communication Model | Primary Exam Keyword / Scenario |\n|---|---|---|---|\nAmazon SQS |\nMessage Queue | Pull-based (Consumers pull messages) | Decoupling components; processing asynchronous transactions. |\nAmazon SNS |\nPub/Sub Topic | Push-based (Fan-out pattern) | Broadcasting single notifications (Email, SMS) to multiple targets. |\nEventBridge |\nServerless Event Bus | Push-based (Event router) | Routing schema-based events from AWS/SaaS apps to targets. |\nStep Functions |\nState Machine Workflow | Visual orchestration | Coordinating sequential multi-step serverless tasks (Lambda). |\n\n| Service | Primary Function | Primary Exam Use Case |\n|---|---|---|\nAWS CLI |\nCommand Line Interface | Control AWS services using text commands in a terminal. |\nAWS CloudShell |\nBrowser-based shell | Executing CLI scripts directly from the AWS Console without installs. |\nAWS Cloud9 |\nBrowser-based IDE | Writing and debugging code collaboratively in the cloud. |\nAWS CodeCommit |\nGit Repository | Hosting private Git repositories natively in AWS. |\nAWS CodeBuild |\nBuild & Test | Compiling source code and running automated testing scripts. |\nAWS CodeDeploy |\nCode Deployment | Automating application updates onto EC2, ECS, or Lambda. |\nAWS CodePipeline |\nCI/CD Orchestration | Designing and managing the workflow from commit to deploy. |\nAWS X-Ray |\nDistributed tracing & debugging | Analyzing and debugging production, distributed serverless applications (visualizing service maps). |\n\n| Service | Primary Function / Keyword | Primary Exam Scenario |\n|---|---|---|\nAmazon SageMaker |\nBuild, Train, Deploy custom ML. | Fully custom machine learning modeling workbench. |\nAmazon Bedrock |\nGenerative AI, Foundation Models. | Building generative AI apps using API-based foundation models. |\nAmazon Lex |\nConversational chatbots (Alexa tech). | Creating customer service chatbots for websites/apps. |\nAmazon Rekognition |\nImage & Video analysis. | Facial recognition, locating unsafe content, labeling objects in photos. |\nAmazon Transcribe |\nSpeech-to-Text. | Generating text transcripts from audio recordings. |\nAmazon Polly |\nText-to-Speech. | Converting written text into lifelike spoken voice. |\nAmazon Translate |\nLanguage translation. | Localizing application text content into multiple languages. |\nAmazon Comprehend |\nNatural Language Processing (NLP). | Analyzing customer feedback text for sentiment (Positive/Negative). |\nAmazon Textract |\nDocument OCR + data extraction. | Extracting table structures and form data from scanned PDF invoices. |\nAmazon Kendra |\nIntelligent Document Search. | Finding answers across thousands of PDF and Word files. |\n\n| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |\n|---|---|---|\nDatabase Migration Service (DMS) |\nMinimal downtime, homogeneous/heterogeneous. | Migrating database to AWS while source remains operational. |\nMigration Hub |\nSingle tracking dashboard. | Monitoring progress of application migrations across multiple tools. |\nApplication Discovery Service |\nDiscover inventory, profiling resources. | Cataloging on-premises server configurations to plan migrations. |\nApplication Migration Service (MGN) |\nLift-and-shift server replication. | Rehosting virtual/physical servers onto EC2 instances. |\nAWS Snow Family |\nPhysical data transport. Snowcone < Snowball < Snowmobile.\n|\nMigrating massive datasets (TB/PB-scale) where internet is too slow. |\nAWS DataSync |\nOnline automation, sync over WAN. | Synchronizing local NAS storage data to S3 or EFS on a schedule. |\nAWS Transfer Family |\nSFTP, FTPS, FTP wrapper. | Exposing S3 or EFS storage directly to users via SFTP protocol. |\n\n| Tier | Technical Support Response Times | Trusted Advisor Checks | Key Feature |\n|---|---|---|---|\nBasic (Free) |\nNone (billing/account issues only) | 7 Core checks | Access to Docs, Forums. |\nDeveloper |\n< 24h (general), < 12h (system impaired) | 7 Core checks | Single contact, Email support (biz hours). |\nBusiness |\n< 4h (system impaired), < 1h (production down) | Full checks |\nUnlimited contacts, 24/7 Phone/Email/Chat. |\nEnterprise |\n< 15m (business critical down) | Full checks |\nTechnical Account Manager (TAM), Concierge Support. |", "url": "https://wpnews.pro/news/aws-cp-clf-02-cheat-sheet", "canonical_source": "https://dev.to/sachin_varghese_zele/aws-cp-clf-02-cheat-sheet-3ikh", "published_at": "2026-06-18 06:01:26+00:00", "updated_at": "2026-06-18 06:21:55.771746+00:00", "lang": "en", "topics": ["developer-tools"], "entities": ["AWS", "AWS Certified Cloud Practitioner", "CLF-C02", "Cloud Adoption Framework", "IAM", "EC2", "RDS", "KMS"], "alternates": {"html": "https://wpnews.pro/news/aws-cp-clf-02-cheat-sheet", "markdown": "https://wpnews.pro/news/aws-cp-clf-02-cheat-sheet.md", "text": "https://wpnews.pro/news/aws-cp-clf-02-cheat-sheet.txt", "jsonld": "https://wpnews.pro/news/aws-cp-clf-02-cheat-sheet.jsonld"}}