AWS CP CLF-02 Cheat Sheet

A developer published an ultra-concise tabular reference guide for the AWS Certified Cloud Practitioner exam (CLF-C02). The guide covers key domains including Cloud Concepts, Security and Compliance, Cloud Technology and Services, and Billing, Pricing, and Support, with exam details and core concepts like High Availability, Fault Tolerance, and the Shared Responsibility Model.

An ultra-concise, tabular reference guide for the AWS Certified Cloud Practitioner exam CLF-C02 . | Domain | Weight | Core Focus | |---|---|---| Domain 1: Cloud Concepts | 24% | Benefits of cloud, economics CapEx/OpEx , architecture, and CAF. | Domain 2: Security and Compliance | 30% | Shared Responsibility, IAM, infrastructure security, and compliance. | Domain 3: Cloud Technology and Services | 34% | Core services Compute, Storage, Database, Network, Developer, ML, Integration . | Domain 4: Billing, Pricing, and Support | 12% | Pricing models, cost management tools, and Support Plans. | Exam Details: 65 Questions | 90 Minutes | Passing Score: 700 / 1000 | Format: Multiple Choice / Multiple Response. | Concept | Key Keywords / Definition | Exam Focus / Use Case | |---|---|---| High Availability | No single point of failure; running in multiple AZs. | System remains operational even if hardware fails. | Fault Tolerance | System survives component failures without degradation. | Critical apps needing zero downtime. | Scalability | Grow/shrink system capacity based on workload. | Handling traffic spikes vertical/horizontal scaling . | Elasticity | Automated scaling; match resource supply to demand. | Auto Scaling scale-out/scale-in based on CPU usage. | Agility | Reduce time to spin up resources from weeks to minutes. | Rapid experimentation and faster time-to-market. | Economy of Scale | Lower pay-as-you-go prices as AWS grows and buys bulk. | Massive cost savings compared to private data centers. | CapEx vs. OpEx | CapEx: Upfront physical assets. OpEx: Pay-as-you-go costs. | Cloud changes CapEx buying servers into OpEx utility bills . | Total Cost of Ownership TCO | Compare on-premises vs. AWS costs. Includes both direct hardware, labor and indirect power, cooling, space costs. | Used to build a financial business case for migrating to the cloud. | Cloud Adoption Framework CAF | Structure to migrate workloads. 6 Perspectives: | Business, People, Governance Business ; Platform, Security, Operations Technical . | Deployment Models | Public: Fully AWS. Private: On-premises. Hybrid: Combined. | Use Direct Connect / VPN to connect Hybrid clouds. | AWS Responsibility Security OF the Cloud | Customer Responsibility Security IN the Cloud | |---|---| | Physical infrastructure, data centers, host virtualization OS. | Customer data, application code, identity management IAM . | | Global Infrastructure Edge locations, AZs, Regions . | Guest Operating Systems patching EC2 virtual machines . | | Managed databases RDS OS patching, hardware failures . | Firewall configurations Security Groups, Network ACLs . | | Physical security, security audits, server destruction. | Encryption settings At-rest using KMS, In-transit using SSL/TLS . | | Pillar | Key Design Principle | Exam Focus / Keyword | |---|---|---| Operational Excellence | Perform operations as code, make frequent, small, reversible changes. | Continuous improvement, post-mortems, automating deployment. | Security | Implement a strong identity foundation, protect data at rest/transit. | Principle of Least Privilege, traceability logging , encrypt everything. | Reliability | Automatically recover from failure, scale horizontally. | Test recovery procedures, Multi-AZ design, fault tolerance. | Performance Efficiency | Use serverless architectures, go global in minutes. | Democratizing advanced technologies, mechanical sympathy. | Cost Optimization | Measure overall efficiency, stop spending money on undifferentiated work. | Analyze spend, use managed services, pay-as-you-go matching. | Sustainability | Maximize utilization, minimize resources required. | Shared responsibility for environmental impact, reduction of waste. | | Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---|---| Amazon EC2 | Virtual Servers | IaaS, resizable capacity, full OS access. | Legacy apps, custom software needing specific OS config. | AWS Lambda | Serverless | FaaS, event-driven, runs code max 15 mins. | Run code without managing servers; pay only for execution time. | Amazon ECS | Container Orchestration | AWS-native, runs Docker containers. | Running microservices in Docker at scale. | Amazon EKS | Container Orchestration | Managed Kubernetes standard. | Migrating existing Kubernetes workloads to AWS. | Amazon ECR | Container Registry | Secure storage and sharing of container images. | Private Docker registry to store container images for ECS or EKS. | AWS Fargate | Serverless Compute | Container-only compute; no EC2 to manage. | Serverless Docker containers for ECS or EKS. | Elastic Beanstalk | PaaS | Quick deploy, upload code, AWS handles infrastructure. | Developers who want to deploy web apps without configuring infrastructure. | Amazon Lightsail | Virtual Servers | VPS, simple, low cost, predictable monthly pricing. | Simple websites, blogs, test environments, small business apps. | AWS Batch | Compute | Runs batch jobs at any scale. | High-throughput, automated large-scale batch processing. | AWS Outposts | Hybrid Compute | Run native AWS services on-premises. | Extremely low latency or local data residency requirements. | AWS Wavelength | Edge Compute | Connects to 5G networks, ultra-low latency. | Mobile edge applications video streaming, gaming, IoT . | AWS Local Zones | Edge Compute | Places compute/storage near large cities. | Running low-latency applications close to end-users. | VMware Cloud on AWS | Hybrid Compute | Runs VMware workloads natively on AWS. | Migrating on-premises VMware vSphere environments without modifying workloads. | | Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---|---| Amazon S3 | Object Storage | Key-value store, 99.999999999% durability, static hosting. | Unstructured files, backups, static websites, data lake storage. | S3 Glacier | Archive | Glacier Instant/Flexible/Deep Archive up to 12h retrieval . | Long-term backup/compliance archiving at ultra-low cost. | Amazon EBS | Block Storage | Persistent volume, tied to single AZ, attached to EC2. | Database storage or boot volumes for individual EC2 instances. | Amazon EFS | File Storage | Shared network file system, Linux, scalable, multi-AZ. | Shared storage for multiple EC2 instances simultaneously. | Amazon FSx | File Storage | Native Windows FSx for Windows or Lustre high-perf . | High-performance computing or Windows server migration. | Storage Gateway | Hybrid | File Gateway, Volume Gateway Cached/Stored , Tape Gateway. | Connects on-premises environments to cloud storage. | AWS Backup | Backup | Managed, centralized, automated backup across services. | Automating backup policies for EBS, RDS, S3, etc. | | Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---|---| Amazon RDS | Relational | Managed SQL MySQL, PostgreSQL, SQL Server, Oracle . | OLTP applications, complex queries, traditional databases. | Amazon Aurora | Relational | Proprietary RDS, MySQL/PostgreSQL compatible, 3-5x performance. | High-throughput, self-healing relational database requirements. | Amazon DynamoDB | NoSQL | Key-value, serverless, single-digit millisecond latency. | Shopping carts, user profiles, high-speed read/write web apps. | Amazon ElastiCache | In-Memory | Redis or Memcached compatible. | Caching frequently read database queries to reduce load. | Amazon Redshift | Relational | Columnar data warehouse, OLAP. | Large-scale data analytics, business intelligence BI reports. | Amazon DocumentDB | NoSQL | Managed MongoDB compatible. | Storing JSON data structures and content management. | Amazon Neptune | Graph DB | Managed graph database. | Social networks, fraud detection, recommendation engines. | | Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---| Amazon VPC | Isolated virtual network, Subnets, Internet Gateway, NAT Gateway. | Logically isolating your AWS resources in a private network. | Security Group | Stateful, instance-level firewall. | Controlling inbound and outbound traffic for individual EC2 instances. | Network ACL NACL | Stateless, subnet-level firewall. | Securing entire VPC subnets with explicit allow/deny rules. | Route 53 | Global DNS, health checks, domain registration, latency routing. | Mapping domain names to IP addresses; routing users to closest resources. | CloudFront | Global Content Delivery Network CDN , Edge Locations, caching. | Fast content delivery images, videos, APIs to users worldwide. | Direct Connect | Dedicated physical cable, bypasses the internet, secure, consistent. | Establishing a high-speed, private connection from on-prem to AWS. | AWS VPN | Site-to-Site IPsec VPN, Client VPN OpenVPN endpoint . | Securely connecting on-premises data centers or remote employees to VPC. | Transit Gateway | Hub-and-spoke network router. | Connecting thousands of VPCs and on-premises networks together. | Global Accelerator | Optimizes IP routing using the AWS global network. | Improving global user latency by up to 60% via Static IPs. | API Gateway | Managed API creation, hosting, and protection. | Exposing serverless backends Lambda as REST/WebSocket APIs. | | Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---|---| Amazon Athena | Serverless Query | Query S3 files directly using standard SQL. | Querying logs/data stored in S3 without loading them into a database. | Amazon EMR | Big Data / Hadoop | Elastic MapReduce, Spark, Hadoop, HBase. | Running and scaling petabyte-scale distributed data processing frameworks. | Amazon MSK | Streaming / Kafka | Managed Apache Kafka cluster. | Building and running real-time streaming data applications. | Amazon Kinesis | Streaming | Real-time data ingestion, processing, and analysis. | Ingesting real-time application logs or IoT device sensor data. | AWS Glue | ETL Service | Extract, Transform, Load; serverless data catalog. | Discovering schemas and preparing data for database/analytics platforms. | Amazon QuickSight | Business Intelligence | Serverless BI dashboards, ML-powered visualizations. | Creating interactive business reports and dashboards for stakeholders. | | Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---|---| Amazon WorkSpaces | End User Computing | DaaS, persistent virtual desktops Windows/Linux . | Providing employees with remote access to virtual office desktops. | Amazon AppStream 2.0 | End User Computing | Non-persistent desktop application streaming. | Streaming high-performance desktop apps to a web browser on any device. | Amazon Connect | Business App | Omnichannel cloud contact center, customer service helpdesk. | Setting up a scalable customer support phone system and chat center. | Amazon SES | Business App | Simple Email Service, marketing and transaction emails. | Automatically sending order confirmation or newsletter emails to customers. | AWS Amplify | Frontend & Mobile | Full-stack web/mobile app build tools and hosting. | Rapidly building and hosting mobile and web frontends on AWS. | AWS IoT Core | IoT | Secure device-to-cloud connection, message broker. | Connecting and routing messages from millions of IoT sensors to AWS. | | Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---| AWS IAM | Users, Groups, Roles, Policies, MFA, Access Analyzer. | Control who can access what in your AWS account Least Privilege . | IAM Identity Center | Single Sign-On SSO . | Centrally manage SSO access to multiple AWS accounts. | AWS STS | Security Token Service, temporary credentials. | Granting temporary access to resources e.g., federation, IAM role assumption . | Amazon Cognito | Sign-up, Sign-in, Guest Access. | Identity provider for web/mobile apps Google/Facebook login . | AWS KMS | Envelope encryption, customer managed keys CMKs , shared hardware. | Creating, deleting, and rotating cryptographic encryption keys. | AWS Secrets Manager | Database credentials, automatic rotation. | Securely storing and rotating sensitive API/DB keys. | AWS Directory Service | Managed Active Directory. | Integrates AWS resources with existing on-premises AD. | AWS Certificate Manager ACM | SSL/TLS certificates, free public certificates. | Provisioning, managing, and deploying SSL/TLS encryption certificates. | | Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---| AWS WAF | Layer 7 Web Application Firewall, SQL injection, XSS protection. | Blocking malicious web attacks targeting HTTP/HTTPS apps. | AWS Shield | Layer 3/4 DDoS protection, Standard free and Advanced. | Protecting applications from massive Distributed Denial of Service attacks. | AWS Firewall Manager | Centralized security rules across accounts. | Configuring and deploying firewall rules WAF, Shield, Security Groups for AWS Organizations. | Amazon GuardDuty | Threat detection, Machine Learning, continuously monitors logs. | Finding malicious activity e.g., bitcoin mining, compromised instances . | Amazon Inspector | Vulnerability scanner, EC2, ECR container images, Lambda. | Scanning application software packages for known security exposures. | Amazon Macie | PII discovery, S3 buckets, Machine Learning. | Identifying and alerting on sensitive data e.g., credit cards, SSNs . | AWS Artifact | Compliance portal, ISO/PCI/SOC reports. | Downloading official AWS compliance documents for audits. | AWS Security Hub | Security posture management, single dashboard. | Consolidated view of security alerts across GuardDuty, Inspector, Macie. | Amazon Detective | Security investigation. | Investigating and finding the root cause of security anomalies. | AWS CloudHSM | Dedicated hardware security module FIPS 140-2 Level 3 . | Managing encryption keys using dedicated cryptographic hardware in AWS. | | Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---| Amazon CloudWatch | Performance metrics, logs, alarms, dashboards. | Monitoring resource CPU utilization, setting alarms for high usage. | AWS CloudTrail | API auditing, user history, "Who did what, when, and where." | Reviewing which user deleted an S3 bucket or changed a route table. | AWS Config | Compliance auditing, configuration history. | Tracking changes to security group rules over time for compliance. | AWS Systems Manager | SSM, Run Command, Patch Manager, Session Manager. | Executing shell scripts or applying OS patches to hundreds of EC2s. | AWS Organizations | Multi-account management, OUs, Service Control Policies SCPs . | Centrally applying security guardrails and consolidating bills. | AWS Control Tower | Automated landing zone setup, multi-account governance. | Setting up a secure, compliant multi-account environment. | AWS Trusted Advisor | Best practices advisor: Cost, Security, Reliability, Performance, Limits. | Finding idle EC2 instances or public S3 buckets. | Well-Architected Tool | Architecture review against 6 pillars. | Evaluating workload architectures to ensure they align with best practices. | Compute Optimizer | Machine learning analysis of usage. | Recommending optimal EC2/Lambda sizes to save money/boost performance. | AWS Health Dashboard | Personalized dashboard, Service status. | Alerting you to AWS service degradation affecting your resources. | AWS Service Catalog | Managed catalog of approved IT services. | Governing resource creation by allowing users to launch only pre-approved, compliant configurations. | | Service / Tool | Primary Purpose | Key Exam Scenario | |---|---|---| AWS Billing Dashboard | Visual monthly invoice, payments. | High-level tracking of current month costs. | AWS Cost Explorer | Historic cost visualization, forecasting. | Identifying spend trends and predicting future cloud bills. | AWS Budgets | Custom cost/usage alerts. | Triggering email notifications when costs exceed 80% of budget. | Cost & Usage Report CUR | Most granular raw data S3 export . | Deep dive cost analysis with Athena/QuickSight. | AWS Pricing Calculator | Estimate infrastructure costs. | Planning costs before deploying an application to AWS. | Cost Allocation Tags | Key-value tagging Environment: Production . | Organizing and categorizing resource costs by department/project. | AWS Marketplace | Digital catalog of third-party software. | Finding, buying, and deploying software that runs on AWS with unified billing. | AWS Cost Anomaly Detection | Machine Learning cost monitors. | Automatically detecting and alerting on anomalous or unexpected billing activity. | AWS Billing Conductor | Custom pro forma billing. | Customizing billing parameters and sharing billing views with business partners/clients. | | Service | Architecture | Communication Model | Primary Exam Keyword / Scenario | |---|---|---|---| Amazon SQS | Message Queue | Pull-based Consumers pull messages | Decoupling components; processing asynchronous transactions. | Amazon SNS | Pub/Sub Topic | Push-based Fan-out pattern | Broadcasting single notifications Email, SMS to multiple targets. | EventBridge | Serverless Event Bus | Push-based Event router | Routing schema-based events from AWS/SaaS apps to targets. | Step Functions | State Machine Workflow | Visual orchestration | Coordinating sequential multi-step serverless tasks Lambda . | | Service | Primary Function | Primary Exam Use Case | |---|---|---| AWS CLI | Command Line Interface | Control AWS services using text commands in a terminal. | AWS CloudShell | Browser-based shell | Executing CLI scripts directly from the AWS Console without installs. | AWS Cloud9 | Browser-based IDE | Writing and debugging code collaboratively in the cloud. | AWS CodeCommit | Git Repository | Hosting private Git repositories natively in AWS. | AWS CodeBuild | Build & Test | Compiling source code and running automated testing scripts. | AWS CodeDeploy | Code Deployment | Automating application updates onto EC2, ECS, or Lambda. | AWS CodePipeline | CI/CD Orchestration | Designing and managing the workflow from commit to deploy. | AWS X-Ray | Distributed tracing & debugging | Analyzing and debugging production, distributed serverless applications visualizing service maps . | | Service | Primary Function / Keyword | Primary Exam Scenario | |---|---|---| Amazon SageMaker | Build, Train, Deploy custom ML. | Fully custom machine learning modeling workbench. | Amazon Bedrock | Generative AI, Foundation Models. | Building generative AI apps using API-based foundation models. | Amazon Lex | Conversational chatbots Alexa tech . | Creating customer service chatbots for websites/apps. | Amazon Rekognition | Image & Video analysis. | Facial recognition, locating unsafe content, labeling objects in photos. | Amazon Transcribe | Speech-to-Text. | Generating text transcripts from audio recordings. | Amazon Polly | Text-to-Speech. | Converting written text into lifelike spoken voice. | Amazon Translate | Language translation. | Localizing application text content into multiple languages. | Amazon Comprehend | Natural Language Processing NLP . | Analyzing customer feedback text for sentiment Positive/Negative . | Amazon Textract | Document OCR + data extraction. | Extracting table structures and form data from scanned PDF invoices. | Amazon Kendra | Intelligent Document Search. | Finding answers across thousands of PDF and Word files. | | Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario | |---|---|---| Database Migration Service DMS | Minimal downtime, homogeneous/heterogeneous. | Migrating database to AWS while source remains operational. | Migration Hub | Single tracking dashboard. | Monitoring progress of application migrations across multiple tools. | Application Discovery Service | Discover inventory, profiling resources. | Cataloging on-premises server configurations to plan migrations. | Application Migration Service MGN | Lift-and-shift server replication. | Rehosting virtual/physical servers onto EC2 instances. | AWS Snow Family | Physical data transport. Snowcone < Snowball < Snowmobile. | Migrating massive datasets TB/PB-scale where internet is too slow. | AWS DataSync | Online automation, sync over WAN. | Synchronizing local NAS storage data to S3 or EFS on a schedule. | AWS Transfer Family | SFTP, FTPS, FTP wrapper. | Exposing S3 or EFS storage directly to users via SFTP protocol. | | Tier | Technical Support Response Times | Trusted Advisor Checks | Key Feature | |---|---|---|---| Basic Free | None billing/account issues only | 7 Core checks | Access to Docs, Forums. | Developer | < 24h general , < 12h system impaired | 7 Core checks | Single contact, Email support biz hours . | Business | < 4h system impaired , < 1h production down | Full checks | Unlimited contacts, 24/7 Phone/Email/Chat. | Enterprise | < 15m business critical down | Full checks | Technical Account Manager TAM , Concierge Support. |