AWS Certified Cloud Practitioner (CLF-C02) 2026 Cheat Sheet
An ultra-concise, tabular reference guide for the AWS Certified Cloud Practitioner exam (CLF-C02).
1. Exam Overview & Domains
| Domain | Weight | Core Focus |
|---|---|---|
| Domain 1: Cloud Concepts | 24% | Benefits of cloud, economics (CapEx/OpEx), architecture, and CAF. |
| Domain 2: Security and Compliance | 30% | Shared Responsibility, IAM, infrastructure security, and compliance. |
| Domain 3: Cloud Technology and Services | 34% | Core services (Compute, Storage, Database, Network, Developer, ML, Integration). |
| Domain 4: Billing, Pricing, and Support | 12% | Pricing models, cost management tools, and Support Plans. |
Exam Details: 65 Questions | 90 Minutes | Passing Score: 700 / 1000 | Format: Multiple Choice / Multiple Response.
2. Cloud Concepts & Economics
| Concept | Key Keywords / Definition | Exam Focus / Use Case |
|---|---|---|
| High Availability | No single point of failure; running in multiple AZs. | System remains operational even if hardware fails. |
| Fault Tolerance | System survives component failures without degradation. | Critical apps needing zero downtime. |
| Scalability | Grow/shrink system capacity based on workload. | Handling traffic spikes (vertical/horizontal scaling). |
| Elasticity | Automated scaling; match resource supply to demand. | Auto Scaling scale-out/scale-in based on CPU usage. |
| Agility | Reduce time to spin up resources from weeks to minutes. | Rapid experimentation and faster time-to-market. |
| Economy of Scale | Lower pay-as-you-go prices as AWS grows and buys bulk. | Massive cost savings compared to private data centers. |
| CapEx vs. OpEx | CapEx: Upfront physical assets. OpEx: Pay-as-you-go costs. | Cloud changes CapEx (buying servers) into OpEx (utility bills). |
| Total Cost of Ownership (TCO) | Compare on-premises vs. AWS costs. Includes both direct (hardware, labor) and indirect (power, cooling, space) costs. | Used to build a financial business case for migrating to the cloud. |
| Cloud Adoption Framework (CAF) | Structure to migrate workloads. 6 Perspectives: | Business, People, Governance (Business); Platform, Security, Operations (Technical). |
| Deployment Models | Public: Fully AWS. Private: On-premises. Hybrid: Combined. | Use Direct Connect / VPN to connect Hybrid clouds. |
3. Shared Responsibility Model
| AWS Responsibility (Security OF the Cloud) | Customer Responsibility (Security IN the Cloud) |
|---|---|
| Physical infrastructure, data centers, host virtualization OS. | Customer data, application code, identity management (IAM). |
| Global Infrastructure (Edge locations, AZs, Regions). | Guest Operating Systems (patching EC2 virtual machines). |
| Managed databases (RDS OS patching, hardware failures). | Firewall configurations (Security Groups, Network ACLs). |
| Physical security, security audits, server destruction. | Encryption settings (At-rest using KMS, In-transit using SSL/TLS). |
4. AWS Well-Architected Framework (6 Pillars)
| Pillar | Key Design Principle | Exam Focus / Keyword |
|---|---|---|
| Operational Excellence | Perform operations as code, make frequent, small, reversible changes. | Continuous improvement, post-mortems, automating deployment. |
| Security | Implement a strong identity foundation, protect data at rest/transit. | Principle of Least Privilege, traceability (logging), encrypt everything. |
| Reliability | Automatically recover from failure, scale horizontally. | Test recovery procedures, Multi-AZ design, fault tolerance. |
| Performance Efficiency | Use serverless architectures, go global in minutes. | Democratizing advanced technologies, mechanical sympathy. |
| Cost Optimization | Measure overall efficiency, stop spending money on undifferentiated work. | Analyze spend, use managed services, pay-as-you-go matching. |
| Sustainability | Maximize utilization, minimize resources required. | Shared responsibility for environmental impact, reduction of waste. |
5. Core Technology Services
Compute Services
| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|---|
| Amazon EC2 | Virtual Servers | IaaS, resizable capacity, full OS access. | Legacy apps, custom software needing specific OS config. |
| AWS Lambda | Serverless | FaaS, event-driven, runs code max 15 mins. | Run code without managing servers; pay only for execution time. |
| Amazon ECS | Container Orchestration | AWS-native, runs Docker containers. | Running microservices in Docker at scale. |
| Amazon EKS | Container Orchestration | Managed Kubernetes standard. | Migrating existing Kubernetes workloads to AWS. |
| Amazon ECR | Container Registry | Secure storage and sharing of container images. | Private Docker registry to store container images for ECS or EKS. |
| AWS Fargate | Serverless Compute | Container-only compute; no EC2 to manage. | Serverless Docker containers for ECS or EKS. |
| Elastic Beanstalk | PaaS | Quick deploy, upload code, AWS handles infrastructure. | Developers who want to deploy web apps without configuring infrastructure. |
| Amazon Lightsail | Virtual Servers | VPS, simple, low cost, predictable monthly pricing. | Simple websites, blogs, test environments, small business apps. |
| AWS Batch | Compute | Runs batch jobs at any scale. | High-throughput, automated large-scale batch processing. |
| AWS Outposts | Hybrid Compute | Run native AWS services on-premises. | Extremely low latency or local data residency requirements. |
| AWS Wavelength | Edge Compute | Connects to 5G networks, ultra-low latency. | Mobile edge applications (video streaming, gaming, IoT). |
| AWS Local Zones | Edge Compute | Places compute/storage near large cities. | Running low-latency applications close to end-users. |
| VMware Cloud on AWS | Hybrid Compute | Runs VMware workloads natively on AWS. | Migrating on-premises VMware vSphere environments without modifying workloads. |
Storage Services
| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|---|
| Amazon S3 | Object Storage | Key-value store, 99.999999999% durability, static hosting. | Unstructured files, backups, static websites, data lake storage. |
| S3 Glacier | Archive | Glacier Instant/Flexible/Deep Archive (up to 12h retrieval). | Long-term backup/compliance archiving at ultra-low cost. |
| Amazon EBS | Block Storage | Persistent volume, tied to single AZ, attached to EC2. | Database storage or boot volumes for individual EC2 instances. |
| Amazon EFS | File Storage | Shared network file system, Linux, scalable, multi-AZ. | Shared storage for multiple EC2 instances simultaneously. |
| Amazon FSx | File Storage | Native Windows (FSx for Windows) or Lustre (high-perf). | High-performance computing or Windows server migration. |
| Storage Gateway | Hybrid | File Gateway, Volume Gateway (Cached/Stored), Tape Gateway. | Connects on-premises environments to cloud storage. |
| AWS Backup | Backup | Managed, centralized, automated backup across services. | Automating backup policies for EBS, RDS, S3, etc. |
Database Services
| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|---|
| Amazon RDS | Relational | Managed SQL (MySQL, PostgreSQL, SQL Server, Oracle). | OLTP applications, complex queries, traditional databases. |
| Amazon Aurora | Relational | Proprietary RDS, MySQL/PostgreSQL compatible, 3-5x performance. | High-throughput, self-healing relational database requirements. |
| Amazon DynamoDB | NoSQL | Key-value, serverless, single-digit millisecond latency. | Shopping carts, user profiles, high-speed read/write web apps. |
| Amazon ElastiCache | In-Memory | Redis or Memcached compatible. | Caching frequently read database queries to reduce load. |
| Amazon Redshift | Relational | Columnar data warehouse, OLAP. | Large-scale data analytics, business intelligence (BI) reports. |
| Amazon DocumentDB | NoSQL | Managed MongoDB compatible. | Storing JSON data structures and content management. |
| Amazon Neptune | Graph DB | Managed graph database. | Social networks, fraud detection, recommendation engines. |
Networking & Content Delivery
| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|
| Amazon VPC | Isolated virtual network, Subnets, Internet Gateway, NAT Gateway. | Logically isolating your AWS resources in a private network. |
| Security Group | Stateful, instance-level firewall. | Controlling inbound and outbound traffic for individual EC2 instances. |
| Network ACL (NACL) | Stateless, subnet-level firewall. | Securing entire VPC subnets with explicit allow/deny rules. |
| Route 53 | Global DNS, health checks, domain registration, latency routing. | Mapping domain names to IP addresses; routing users to closest resources. |
| CloudFront | Global Content Delivery Network (CDN), Edge Locations, caching. | Fast content delivery (images, videos, APIs) to users worldwide. |
| Direct Connect | Dedicated physical cable, bypasses the internet, secure, consistent. | Establishing a high-speed, private connection from on-prem to AWS. |
| AWS VPN | Site-to-Site (IPsec) VPN, Client VPN (OpenVPN endpoint). | Securely connecting on-premises data centers or remote employees to VPC. |
| Transit Gateway | Hub-and-spoke network router. | Connecting thousands of VPCs and on-premises networks together. |
| Global Accelerator | Optimizes IP routing using the AWS global network. | Improving global user latency by up to 60% via Static IPs. |
| API Gateway | Managed API creation, hosting, and protection. | Exposing serverless backends (Lambda) as REST/WebSocket APIs. |
Analytics Services
| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|---|
| Amazon Athena | Serverless Query | Query S3 files directly using standard SQL. | Querying logs/data stored in S3 without loading them into a database. |
| Amazon EMR | Big Data / Hadoop | Elastic MapReduce, Spark, Hadoop, HBase. | Running and scaling petabyte-scale distributed data processing frameworks. |
| Amazon MSK | Streaming / Kafka | Managed Apache Kafka cluster. | Building and running real-time streaming data applications. |
| Amazon Kinesis | Streaming | Real-time data ingestion, processing, and analysis. | Ingesting real-time application logs or IoT device sensor data. |
| AWS Glue | ETL Service | Extract, Transform, Load; serverless data catalog. | Discovering schemas and preparing data for database/analytics platforms. |
| Amazon QuickSight | Business Intelligence | Serverless BI dashboards, ML-powered visualizations. | Creating interactive business reports and dashboards for stakeholders. |
End User Computing, Business Applications, & IoT
| Service | Type | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|---|
| Amazon WorkSpaces | End User Computing | DaaS, persistent virtual desktops (Windows/Linux). | Providing employees with remote access to virtual office desktops. |
| Amazon AppStream 2.0 | End User Computing | Non-persistent desktop application streaming. | Streaming high-performance desktop apps to a web browser on any device. |
| Amazon Connect | Business App | Omnichannel cloud contact center, customer service helpdesk. | Setting up a scalable customer support phone system and chat center. |
| Amazon SES | Business App | Simple Email Service, marketing and transaction emails. | Automatically sending order confirmation or newsletter emails to customers. |
| AWS Amplify | Frontend & Mobile | Full-stack web/mobile app build tools and hosting. | Rapidly building and hosting mobile and web frontends on AWS. |
| AWS IoT Core | IoT | Secure device-to-cloud connection, message broker. | Connecting and routing messages from millions of IoT sensors to AWS. |
6. Security, Identity, & Compliance
Core Security & Identity
| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|
| AWS IAM | Users, Groups, Roles, Policies, MFA, Access Analyzer. | Control who can access what in your AWS account (Least Privilege). |
| IAM Identity Center | Single Sign-On (SSO). | Centrally manage SSO access to multiple AWS accounts. |
| AWS STS | Security Token Service, temporary credentials. | Granting temporary access to resources (e.g., federation, IAM role assumption). |
| Amazon Cognito | Sign-up, Sign-in, Guest Access. | Identity provider for web/mobile apps (Google/Facebook login). |
| AWS KMS | Envelope encryption, customer managed keys (CMKs), shared hardware. | Creating, deleting, and rotating cryptographic encryption keys. |
| AWS Secrets Manager | Database credentials, automatic rotation. | Securely storing and rotating sensitive API/DB keys. |
| AWS Directory Service | Managed Active Directory. | Integrates AWS resources with existing on-premises AD. |
| AWS Certificate Manager (ACM) | SSL/TLS certificates, free public certificates. | Provisioning, managing, and deploying SSL/TLS encryption certificates. |
Security Protection & Auditing
| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|
| AWS WAF | Layer 7 Web Application Firewall, SQL injection, XSS protection. | Blocking malicious web attacks targeting HTTP/HTTPS apps. |
| AWS Shield | Layer 3/4 DDoS protection, Standard (free) and Advanced. | Protecting applications from massive Distributed Denial of Service attacks. |
| AWS Firewall Manager | Centralized security rules across accounts. | Configuring and deploying firewall rules (WAF, Shield, Security Groups) for AWS Organizations. |
| Amazon GuardDuty | Threat detection, Machine Learning, continuously monitors logs. | Finding malicious activity (e.g., bitcoin mining, compromised instances). |
| Amazon Inspector | Vulnerability scanner, EC2, ECR container images, Lambda. | Scanning application software packages for known security exposures. |
| Amazon Macie | PII discovery, S3 buckets, Machine Learning. | Identifying and alerting on sensitive data (e.g., credit cards, SSNs). |
| AWS Artifact | Compliance portal, ISO/PCI/SOC reports. | Downloading official AWS compliance documents for audits. |
| AWS Security Hub | Security posture management, single dashboard. | Consolidated view of security alerts across GuardDuty, Inspector, Macie. |
| Amazon Detective | Security investigation. | Investigating and finding the root cause of security anomalies. |
| AWS CloudHSM | Dedicated hardware security module (FIPS 140-2 Level 3). | Managing encryption keys using dedicated cryptographic hardware in AWS. |
7. Management, Governance, & Billing
Management & Monitoring
| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|
| Amazon CloudWatch | Performance metrics, logs, alarms, dashboards. | Monitoring resource CPU utilization, setting alarms for high usage. |
| AWS CloudTrail | API auditing, user history, "Who did what, when, and where." | Reviewing which user deleted an S3 bucket or changed a route table. |
| AWS Config | Compliance auditing, configuration history. | Tracking changes to security group rules over time for compliance. |
| AWS Systems Manager | SSM, Run Command, Patch Manager, Session Manager. | Executing shell scripts or applying OS patches to hundreds of EC2s. |
| AWS Organizations | Multi-account management, OUs, Service Control Policies (SCPs). | Centrally applying security guardrails and consolidating bills. |
| AWS Control Tower | Automated landing zone setup, multi-account governance. | Setting up a secure, compliant multi-account environment. |
| AWS Trusted Advisor | Best practices advisor: Cost, Security, Reliability, Performance, Limits. | Finding idle EC2 instances or public S3 buckets. |
| Well-Architected Tool | Architecture review against 6 pillars. | Evaluating workload architectures to ensure they align with best practices. |
| Compute Optimizer | Machine learning analysis of usage. | Recommending optimal EC2/Lambda sizes to save money/boost performance. |
| AWS Health Dashboard | Personalized dashboard, Service status. | Alerting you to AWS service degradation affecting your resources. |
| AWS Service Catalog | Managed catalog of approved IT services. | Governing resource creation by allowing users to launch only pre-approved, compliant configurations. |
Billing & Cost Management
| Service / Tool | Primary Purpose | Key Exam Scenario |
|---|---|---|
| AWS Billing Dashboard | Visual monthly invoice, payments. | High-level tracking of current month costs. |
| AWS Cost Explorer | Historic cost visualization, forecasting. | Identifying spend trends and predicting future cloud bills. |
| AWS Budgets | Custom cost/usage alerts. | Triggering email notifications when costs exceed 80% of budget. |
| Cost & Usage Report (CUR) | Most granular raw data (S3 export). | Deep dive cost analysis with Athena/QuickSight. |
| AWS Pricing Calculator | Estimate infrastructure costs. | Planning costs before deploying an application to AWS. |
| Cost Allocation Tags | Key-value tagging (Environment: Production). |
Organizing and categorizing resource costs by department/project. |
| AWS Marketplace | Digital catalog of third-party software. | Finding, buying, and deploying software that runs on AWS with unified billing. |
| AWS Cost Anomaly Detection | Machine Learning cost monitors. | Automatically detecting and alerting on anomalous or unexpected billing activity. |
| AWS Billing Conductor | Custom pro forma billing. | Customizing billing parameters and sharing billing views with business partners/clients. |
8. Integration, Developer, & Machine Learning
Application Integration
| Service | Architecture | Communication Model | Primary Exam Keyword / Scenario |
|---|---|---|---|
| Amazon SQS | Message Queue | Pull-based (Consumers pull messages) | Decoupling components; processing asynchronous transactions. |
| Amazon SNS | Pub/Sub Topic | Push-based (Fan-out pattern) | Broadcasting single notifications (Email, SMS) to multiple targets. |
| EventBridge | Serverless Event Bus | Push-based (Event router) | Routing schema-based events from AWS/SaaS apps to targets. |
| Step Functions | State Machine Workflow | Visual orchestration | Coordinating sequential multi-step serverless tasks (Lambda). |
Developer Tools
| Service | Primary Function | Primary Exam Use Case |
|---|---|---|
| AWS CLI | Command Line Interface | Control AWS services using text commands in a terminal. |
| AWS CloudShell | Browser-based shell | Executing CLI scripts directly from the AWS Console without installs. |
| AWS Cloud9 | Browser-based IDE | Writing and debugging code collaboratively in the cloud. |
| AWS CodeCommit | Git Repository | Hosting private Git repositories natively in AWS. |
| AWS CodeBuild | Build & Test | Compiling source code and running automated testing scripts. |
| AWS CodeDeploy | Code Deployment | Automating application updates onto EC2, ECS, or Lambda. |
| AWS CodePipeline | CI/CD Orchestration | Designing and managing the workflow from commit to deploy. |
| AWS X-Ray | Distributed tracing & debugging | Analyzing and debugging production, distributed serverless applications (visualizing service maps). |
Machine Learning & AI (No ML expertise required)
| Service | Primary Function / Keyword | Primary Exam Scenario |
|---|---|---|
| Amazon SageMaker | Build, Train, Deploy custom ML. | Fully custom machine learning modeling workbench. |
| Amazon Bedrock | Generative AI, Foundation Models. | Building generative AI apps using API-based foundation models. |
| Amazon Lex | Conversational chatbots (Alexa tech). | Creating customer service chatbots for websites/apps. |
| Amazon Rekognition | Image & Video analysis. | Facial recognition, locating unsafe content, labeling objects in photos. |
| Amazon Transcribe | Speech-to-Text. | Generating text transcripts from audio recordings. |
| Amazon Polly | Text-to-Speech. | Converting written text into lifelike spoken voice. |
| Amazon Translate | Language translation. | Localizing application text content into multiple languages. |
| Amazon Comprehend | Natural Language Processing (NLP). | Analyzing customer feedback text for sentiment (Positive/Negative). |
| Amazon Textract | Document OCR + data extraction. | Extracting table structures and form data from scanned PDF invoices. |
| Amazon Kendra | Intelligent Document Search. | Finding answers across thousands of PDF and Word files. |
9. Migration & Support
Migration & Transfer
| Service | Key Keywords / Characteristics | Primary Exam Use Case / Scenario |
|---|---|---|
| Database Migration Service (DMS) | Minimal downtime, homogeneous/heterogeneous. | Migrating database to AWS while source remains operational. |
| Migration Hub | Single tracking dashboard. | Monitoring progress of application migrations across multiple tools. |
| Application Discovery Service | Discover inventory, profiling resources. | Cataloging on-premises server configurations to plan migrations. |
| Application Migration Service (MGN) | Lift-and-shift server replication. | Rehosting virtual/physical servers onto EC2 instances. |
| AWS Snow Family | Physical data transport. Snowcone < Snowball < Snowmobile. | Migrating massive datasets (TB/PB-scale) where internet is too slow. |
| AWS DataSync | Online automation, sync over WAN. | Synchronizing local NAS storage data to S3 or EFS on a schedule. |
| AWS Transfer Family | SFTP, FTPS, FTP wrapper. | Exposing S3 or EFS storage directly to users via SFTP protocol. |
AWS Support Plans
| Tier | Technical Support Response Times | Trusted Advisor Checks | Key Feature |
|---|---|---|---|
| Basic (Free) | None (billing/account issues only) | 7 Core checks | Access to Docs, Forums. |
| Developer | < 24h (general), < 12h (system impaired) | 7 Core checks | Single contact, Email support (biz hours). |
| Business | < 4h (system impaired), < 1h (production down) | Full checks | Unlimited contacts, 24/7 Phone/Email/Chat. |
| Enterprise | < 15m (business critical down) | Full checks | Technical Account Manager (TAM), Concierge Support. |
For further actions, you may consider blocking this person and/or reporting abuse
