Courses/CLF-C02/Domain 3: Cloud Technology and Services
Practice questions →
AWSCLF-C02

Domain 3: Cloud Technology and Services

Topic 3 of 4 · Study notes

AWS Certified Cloud Practitioner (CLF-C02) — Domain 3: Cloud Technology and Services

Exam Code: CLF-C02  |  Level: Foundational
Domain Weight: 34%  |  Total Domains: 4  |  Passing Score: 700 / 1000

Table of Contents

  1. Compute Services
  2. Storage Services
  3. Database Services
  4. Networking and Content Delivery
  5. Developer Tools and Deployment
  6. Analytics Services
  7. Machine Learning and AI Services
  8. Application Integration
  9. Management and Governance
  10. Migration and Transfer Services
  11. Exam Tips and Quick Reference

1. Compute Services

1.1 Amazon EC2

Amazon Elastic Compute Cloud (EC2) provides resizable virtual servers (instances) in the cloud. It is the foundational compute service — the equivalent of renting a virtual machine with full control over the operating system.

Core concepts:

Concept Description
Instance A virtual server running in the AWS cloud
AMI (Amazon Machine Image) Template containing the OS, application server, and applications used to launch an instance
Instance Type The hardware profile specifying CPU, memory, storage, and network capacity
Key Pair Public/private key pair used for SSH access to Linux instances or decrypting Windows passwords
Elastic IP A static public IPv4 address you can associate with an instance; persists through stop/start cycles
User Data Scripts or commands that run automatically when an instance first starts

1.2 EC2 Instance Types and Families

Instance types are grouped into families based on workload optimization:

Family Optimized For Example Types Typical Use Cases
General Purpose Balanced CPU, memory, and network t3, t4g, m5, m6i Web servers, small databases, development environments
Compute Optimized High-performance processors c5, c6i, c7g Batch processing, high-performance web servers, gaming
Memory Optimized Large in-memory datasets r5, r6i, x2, u-* In-memory databases, real-time big data analytics, SAP HANA
Storage Optimized High sequential read/write throughput i3, i4i, d3, h1 OLTP databases, data warehouses, distributed file systems
Accelerated Computing Hardware accelerators and GPUs p3, g4dn, inf1, trn1 Machine learning training, video encoding, graphics rendering

Instance naming convention:

c6i.xlarge
│ │  └─ Size (nano, micro, small, medium, large, xlarge, 2xlarge, ...)
│ └─── Generation (6)
└───── Family (c = compute optimized)

1.3 EC2 Pricing Models

Model Commitment Savings vs On-Demand Best Suited For
On-Demand None; pay per hour or second None (baseline) Unpredictable workloads; short-term; new applications
Reserved Instances (Standard) 1 or 3 years; specific instance type Up to 72% Steady-state applications with predictable usage
Reserved Instances (Convertible) 1 or 3 years; can change instance family Up to 66% Steady-state with potential future flexibility needs
Savings Plans (Compute) 1 or 3 years; commit to $/hour spend Up to 66% Flexible savings applying to any EC2, Lambda, or Fargate usage
Savings Plans (EC2 Instance) 1 or 3 years; specific instance family Up to 72% Consistent use of a specific instance family in one Region
Spot Instances None; can be interrupted with 2-minute notice Up to 90% Fault-tolerant, flexible workloads: batch jobs, data analysis, CI/CD
Dedicated Hosts On-Demand or 1/3-year reservation Varies Software licenses bound to physical cores (Oracle, Windows BYOL)

Exam Tip: The three key attributes of Spot Instances are: up to 90% savings, can be interrupted by AWS with a 2-minute warning, and suitable only for fault-tolerant workloads. Do not use Spot for databases, web servers serving user traffic, or anything that cannot tolerate interruption.

Reserved Instance Payment Options (affects discount level):

Payment Option Discount Level Description
All Upfront Highest Full payment at purchase
Partial Upfront Middle Partial payment upfront; rest billed monthly
No Upfront Lowest Monthly billing only; no payment at purchase

1.4 EC2 Auto Scaling

Auto Scaling automatically adds or removes EC2 instances to match demand, ensuring availability and reducing costs during low-traffic periods.

Scaling directions:

Type Description Requires Downtime
Vertical scaling (Scale Up/Down) Increase or decrease instance size (e.g., t3.micro → t3.large) Yes
Horizontal scaling (Scale Out/In) Add or remove instances from the group No

Key Concept: AWS recommends horizontal scaling for high availability. Adding more smaller instances across multiple AZs is more resilient than making one instance larger.

Auto Scaling Group configuration:

Parameter Description
Minimum capacity Lowest number of instances that must always run
Desired capacity Number of instances to run under normal conditions
Maximum capacity Upper limit — Auto Scaling will not exceed this

Scaling policy types:

Policy Trigger Example
Target Tracking Maintain a metric at a target value Keep average CPU utilization at 50%
Step Scaling Scale by defined amounts based on alarm severity Add 2 instances when CPU > 70%; add 4 when CPU > 90%
Scheduled Scaling Scale at a specific time Add 10 instances every weekday at 8 AM
Predictive Scaling ML-based forecast and proactive scaling Scale based on predicted demand pattern

1.5 AWS Lambda

Lambda is a serverless compute service that runs code in response to events without requiring server provisioning or management.

How Lambda works:

Event Source (S3, API Gateway, SQS, etc.)
    │
    ▼
Lambda provisions compute automatically
    │
    ▼
Your function code executes
    │
    ▼
Resources released; you pay only for execution time

Key specifications:

Parameter Value
Maximum execution time 15 minutes per invocation
Memory allocation 128 MB to 10,240 MB
Billing Per invocation + per millisecond of duration
Supported runtimes Node.js, Python, Java, Go, Ruby, .NET, and custom runtimes
Automatic scaling Scales concurrently based on request volume; no configuration required

Common Lambda event sources:

  • API Gateway (HTTP requests)
  • Amazon S3 (object events: created, deleted)
  • Amazon DynamoDB Streams (table change events)
  • Amazon SQS (message arrival)
  • Amazon SNS (notifications)
  • Amazon EventBridge (scheduled events, AWS service events)
  • Amazon Kinesis (streaming data)

EC2 vs Lambda comparison:

Aspect EC2 Lambda
Server management Customer manages OS and runtime No server management required
Scaling Manual or Auto Scaling configuration required Automatic, instant, concurrent
Billing Per hour (running or stopped if EBS attached) Per invocation + per millisecond
Maximum runtime Unlimited 15 minutes
State Stateful — instance persists Stateless — function runs and exits
Best for Long-running applications, stateful workloads Short-duration, event-driven, stateless tasks

1.6 Container Services

Core concepts:

Term Definition
Container Lightweight, portable unit of software that packages code and its dependencies
Docker The most widely used container runtime and image format
Kubernetes (K8s) Open-source container orchestration platform for automating deployment and scaling
Container Orchestration Automated management of containerized applications across a cluster

AWS container services:

Service Description When to Use
Amazon ECS Fully managed container orchestration service for Docker containers AWS-native container orchestration; simpler than Kubernetes
Amazon EKS Fully managed Kubernetes control plane Team already uses Kubernetes; need Kubernetes compatibility
AWS Fargate Serverless compute engine for containers (works with ECS and EKS) Run containers without managing EC2 instances
Amazon ECR Fully managed Docker container image registry Store, manage, and deploy container images

Key Concept: Fargate eliminates the need to provision or manage EC2 instances for containers. You define only the CPU and memory requirements; AWS handles the underlying infrastructure. It works with both ECS and EKS.

1.7 Additional Compute Services

Service Description Primary Use Case
AWS Elastic Beanstalk PaaS — upload code and AWS handles deployment, scaling, load balancing, and health monitoring Developers who want to focus on code without managing infrastructure
Amazon Lightsail Simplified compute with fixed monthly pricing (VMs, storage, networking bundled) Simple websites, WordPress, small applications; predictable low-cost budget
AWS Batch Fully managed batch computing; automatically provisions optimal compute for batch jobs ML training jobs, financial risk models, genomics, media transcoding
AWS Outposts AWS-managed physical racks installed in your on-premises data center Ultra-low latency requirements; strict data residency compliance

2. Storage Services

2.1 Amazon S3

Amazon Simple Storage Service (S3) is object storage that stores any amount of data accessible from anywhere. It is not a file system or block storage — data is stored as objects (file + metadata) within buckets.

Core characteristics:

Property Value
Maximum object size 5 TB
Bucket name scope Globally unique across all AWS accounts
Bucket location Regional — data does not leave the Region unless explicitly transferred
Durability 99.999999999% (11 nines) — data is replicated across multiple AZs within a Region
Availability 99.99% (S3 Standard)
Access method HTTP/HTTPS REST API

2.2 S3 Storage Classes

Storage Class Min. Storage Duration Retrieval Availability Best For
S3 Standard None Instant 99.99% Frequently accessed data; general-purpose storage
S3 Intelligent-Tiering None Instant 99.9% Unknown or changing access patterns; auto-moves objects between tiers
S3 Standard-IA 30 days Instant 99.9% Infrequently accessed data that must be retrieved immediately
S3 One Zone-IA 30 days Instant 99.5% Non-critical, infrequently accessed data (stored in one AZ only)
S3 Glacier Instant Retrieval 90 days Instant (milliseconds) 99.9% Archives accessed occasionally (quarterly), needs immediate retrieval
S3 Glacier Flexible Retrieval 90 days Minutes to hours 99.99% Archive data accessed 1–2 times per year; retrieval time flexible
S3 Glacier Deep Archive 180 days 12–48 hours 99.99% Long-term archive; accessed once per year or less; lowest cost

Exam Tip: S3 Intelligent-Tiering is the best choice when you cannot predict access patterns. It automatically moves objects between access tiers based on usage — there are no retrieval fees, only a small per-object monitoring fee.

2.3 S3 Key Features

Feature Description
Versioning Stores multiple versions of every object; protects against accidental deletion and overwrites. Once enabled, can only be suspended, not fully disabled.
Lifecycle Policies Automatically transition objects between storage classes or expire (delete) them after defined periods
Cross-Region Replication (CRR) Automatically replicates objects to a bucket in a different Region; requires versioning enabled on both buckets
Same-Region Replication (SRR) Replicates objects within the same Region; used for log aggregation or test environment copying
S3 Object Lock WORM (Write Once, Read Many) protection; prevents objects from being deleted or overwritten for a defined retention period
Transfer Acceleration Uses CloudFront Edge Locations to speed up uploads to S3; beneficial for geographically distant users uploading large files
Multipart Upload Recommended for objects over 100 MB; required for objects over 5 GB; uploads parts in parallel for speed and resilience
Pre-Signed URLs Temporarily grants access to a specific private S3 object without requiring AWS credentials; URL expires after a defined duration
Server-Side Encryption SSE-S3 (AWS manages keys), SSE-KMS (KMS-managed keys with audit trail), SSE-C (customer-provided keys)
Block Public Access Account-level and bucket-level setting that prevents any public access; should be enabled by default

2.4 Amazon EBS

Amazon Elastic Block Store provides block-level storage volumes for use with EC2 instances — similar to attaching a physical hard drive to a server.

Key characteristics:

  • Attached to a single EC2 instance at a time (multi-attach available for io2 volumes in limited configurations)
  • Locked to a single Availability Zone — must be in the same AZ as the EC2 instance
  • Persists independently from the EC2 instance lifecycle (survives stop, start, and reboot)
  • Supports snapshots — incremental backups stored in S3; can be used to create new volumes or share data across Regions

EBS volume types:

Type Category Max IOPS Use Case
gp3 General Purpose SSD 16,000 Default choice; boot volumes, low-latency applications
gp2 General Purpose SSD 16,000 Legacy general purpose; gp3 preferred for new deployments
io2 Block Express Provisioned IOPS SSD 256,000 Critical databases requiring maximum IOPS and durability
io1 Provisioned IOPS SSD 64,000 High-performance database workloads (legacy)
st1 Throughput Optimized HDD 500 Big data, data warehouses, log processing; sequential read/write
sc1 Cold HDD 250 Infrequently accessed data; lowest cost block storage

2.5 Amazon EFS

Amazon Elastic File System is a fully managed, elastic NFS (Network File System) that can be mounted concurrently by multiple EC2 instances across multiple AZs.

Key characteristics:

  • Shared file system — multiple instances can read and write simultaneously (unlike EBS)
  • Automatically scales — grows and shrinks without provisioning a fixed size
  • Regional service — accessible from any AZ within a Region
  • Supports Linux-based instances only (NFSv4 protocol)

EBS vs EFS comparison:

Feature Amazon EBS Amazon EFS
Storage type Block storage File system (NFS)
Concurrent access One instance at a time Multiple instances simultaneously
Scaling Fixed provisioned size Automatic, elastic
AZ scope Single AZ Multi-AZ (regional)
OS compatibility Any Linux only
Cost Lower Higher per GB

2.6 AWS Snow Family

Physical devices shipped by AWS used to migrate large volumes of data when internet bandwidth is insufficient or impractical.

Device Storage Capacity Additional Capability Use Case
Snowcone 8–14 TB Edge computing (2 vCPUs, 4 GB RAM) Small-scale data collection and migration in remote locations
Snowball Edge Storage Optimized 80 TB usable Limited compute Large-scale data migration; 1 PB with 12 Snowballs
Snowball Edge Compute Optimized 42 TB SSD 52 vCPUs, optional GPU Edge computing with ML inference; disconnected environments
Snowmobile 100 PB Truck-mounted data center Exabyte-scale migration of entire data centers

Migration process:

  1. Request the device via the AWS Console
  2. AWS ships the encrypted device to your location
  3. Connect locally and transfer data onto the device
  4. Ship the device back to AWS
  5. AWS uploads the data to your S3 bucket
  6. AWS performs a software erasure of the device after transfer

Exam Tip: If a question describes a company that would take weeks or months to transfer data over the internet, AWS Snowball is the answer. General rule: if the transfer would take more than one week over available bandwidth, use Snow Family.

2.7 Storage Service Comparison

Service Type Access Method Shared Access Persistence Best For
S3 Object storage HTTP/HTTPS REST API Yes (via policies) Persistent Unstructured data, backups, static content, data lakes
EBS Block storage Attached to EC2 Limited Persistent Root volumes, databases, high-performance applications
EFS Network file system NFS mount Yes — concurrent Persistent Shared files, content management, Linux workloads
Instance Store Ephemeral block storage Attached to EC2 No Lost on stop Temporary data, caches, scratch space
FSx for Windows Windows file system (SMB) SMB mount Yes Persistent Windows apps requiring Windows-native file system
FSx for Lustre High-performance file system POSIX mount Yes Persistent HPC, ML training, video rendering requiring high throughput

3. Database Services

3.1 Amazon RDS

Amazon Relational Database Service is a fully managed service for relational databases. AWS manages the database engine, hardware, OS patching, and automated backups.

Supported engines:

  • Amazon Aurora (AWS-native, discussed separately)
  • MySQL, PostgreSQL, MariaDB (open-source engines)
  • Oracle, Microsoft SQL Server (commercial engines)

What RDS manages vs what the customer manages:

RDS Manages Customer Manages
Hardware provisioning Database schema design
OS installation and patching Query optimization
Database engine installation and patching Database user and permission management
Automated backups Application connection strings
Multi-AZ failover Data (content of the database)
Read replica management

Multi-AZ Deployment vs Read Replicas:

Feature Multi-AZ Read Replicas
Primary purpose High availability — survive AZ failure Read scaling — offload read traffic from primary
Replication type Synchronous Asynchronous
Standby usability Cannot serve traffic — passive standby only Can serve read traffic directly
Failover Automatic (typically under 2 minutes) Manual promotion required
Number One standby Up to 5 (15 for Aurora)
Cross-Region No Yes — Cross-Region Read Replicas supported

Exam Tip: Multi-AZ = availability (protect against AZ failure). Read Replicas = performance (scale read traffic). These are complementary features often used together, but they serve different purposes.

RDS backup types:

Type Retention Initiated By Notes
Automated Backups 0–35 days (configurable) AWS automatically Enables Point-in-Time Recovery (PITR) to any second within the retention window
DB Snapshots Until manually deleted Customer Persist independently of the database; can be shared across accounts or Regions

3.2 Amazon Aurora

Aurora is AWS's cloud-native relational database, compatible with MySQL and PostgreSQL but designed from the ground up for cloud-scale performance.

Key advantages over standard RDS:

Feature Standard RDS MySQL Amazon Aurora
Performance Baseline Up to 5x faster (MySQL); 3x faster (PostgreSQL)
Storage scaling Manual; fixed size Automatic; starts at 10 GB, grows in 10 GB increments to 128 TB
Read replicas Up to 5 Up to 15
Data copies Varies 6 copies across 3 AZs automatically
Failover time 1–2 minutes Typically under 30 seconds
Availability 99.95% 99.99%

Aurora-specific features:

Feature Description
Aurora Global Database Spans multiple Regions; supports low-latency global reads and cross-region disaster recovery (RPO of 1 second, RTO under 1 minute)
Aurora Serverless Automatically scales database capacity based on demand; pay per second; ideal for infrequent or unpredictable workloads

3.3 Amazon DynamoDB

DynamoDB is a fully managed, serverless NoSQL key-value and document database designed for single-digit millisecond latency at any scale.

Key characteristics:

  • Serverless — no servers to provision, patch, or manage
  • Single-digit millisecond read/write latency regardless of table size
  • Highly available — data automatically replicated across 3 AZs within a Region
  • Scales to trillions of items and hundreds of TBs
  • Supports ACID transactions

Data model:

  • A table contains items (equivalent to rows)
  • Each item contains attributes (equivalent to columns)
  • Each item has a Primary Key: a Partition Key alone, or a Partition Key + Sort Key combination
  • Schema is flexible — attributes can vary between items

DynamoDB key features:

Feature Description
DynamoDB Accelerator (DAX) Fully managed in-memory cache for DynamoDB; delivers microsecond latency for read-heavy workloads; no application code changes required
Global Tables Multi-Region, multi-active replication; enables low-latency reads and writes globally with automatic conflict resolution
DynamoDB Streams Ordered stream of item-level changes (inserts, updates, deletes); can trigger Lambda functions for event-driven processing
On-Demand Capacity Pay per request; no capacity planning; automatically scales; best for unpredictable traffic
Provisioned Capacity Specify read and write capacity units; optional Auto Scaling; lower cost for predictable workloads

3.4 Amazon ElastiCache

ElastiCache is a fully managed in-memory caching service that improves application performance by retrieving data from a fast, managed cache instead of slower disk-based databases.

Supported engines:

Engine Characteristics Best For
Redis Supports rich data structures (lists, sets, sorted sets); persistence; replication; pub/sub Session management, leaderboards, real-time analytics, pub/sub messaging
Memcached Simple, multi-threaded, horizontal scaling; no persistence or replication Simple caching of objects; highest throughput for simple cache-aside patterns

Typical caching pattern:

Application → Check ElastiCache → Cache Hit: return data immediately
                                 → Cache Miss: query database → store result in cache → return data

3.5 Amazon Redshift

Redshift is a fully managed data warehouse service for analytical queries across petabyte-scale datasets.

Key characteristics:

  • Based on PostgreSQL but optimized for OLAP (Online Analytical Processing), not OLTP
  • Columnar storage — optimized for aggregation and analytical queries across many rows
  • Massively Parallel Processing (MPP) — distributes query execution across multiple nodes
  • Performs analytics 10x faster than traditional data warehouses at one-tenth the cost

Redshift ecosystem:

Feature Description
Redshift Serverless No infrastructure to manage; automatically scales based on workload
Redshift Spectrum Run SQL queries directly on data in S3 without loading it into Redshift first
Redshift ML Create, train, and deploy ML models using familiar SQL commands

3.6 Specialized Database Services

Service Database Type Use Case
Amazon DocumentDB Document database (MongoDB-compatible) Content management, catalogs, user profiles, real-time applications
Amazon Neptune Graph database Social networks, recommendation engines, fraud detection, knowledge graphs
Amazon QLDB Ledger database (immutable, cryptographically verifiable) Financial transaction records, supply chain audit trail, healthcare records
Amazon Timestream Time-series database IoT sensor data, application metrics, DevOps telemetry
Amazon Keyspaces Wide-column store (Apache Cassandra-compatible) High-scale applications currently using Cassandra

3.7 Database Selection Guide

Requirement Recommended Service
Relational database (MySQL, PostgreSQL, Oracle, SQL Server) Amazon RDS
Highest-performance relational database on AWS Amazon Aurora
Serverless NoSQL at massive scale with millisecond latency Amazon DynamoDB
Cache layer to reduce database load Amazon ElastiCache
Data warehousing and analytical queries at petabyte scale Amazon Redshift
MongoDB-compatible document database Amazon DocumentDB
Graph relationships and traversals Amazon Neptune
Immutable audit trail and ledger Amazon QLDB
Time-series data (IoT, metrics, telemetry) Amazon Timestream
Apache Cassandra-compatible workload Amazon Keyspaces

4. Networking and Content Delivery

4.1 Amazon VPC

A Virtual Private Cloud (VPC) is a logically isolated section of the AWS cloud where you launch resources in a virtual network that you define and control.

Core VPC components:

Component Description
Subnet A range of IP addresses within a VPC. Public subnets have a route to an Internet Gateway; private subnets do not.
Internet Gateway (IGW) Enables communication between VPC resources and the internet; one per VPC; horizontally scaled and highly available
NAT Gateway Allows instances in private subnets to initiate outbound internet connections while blocking inbound connections; placed in a public subnet
Route Table Set of rules determining where network traffic is directed; each subnet is associated with one route table
VPC Peering Private connection between two VPCs (same or different accounts/Regions); non-transitive
AWS Transit Gateway Hub-and-spoke network architecture connecting multiple VPCs and on-premises networks through a central gateway
VPC Endpoint Enables private connectivity to AWS services without internet; Gateway Endpoints (S3, DynamoDB — free); Interface Endpoints (most other services — powered by AWS PrivateLink)

4.2 Amazon Route 53

Route 53 is AWS's scalable and highly available Domain Name System (DNS) service and domain registrar.

DNS routing policies:

Policy How It Routes Traffic Use Case
Simple Returns a single resource Single-server or single-endpoint applications
Weighted Splits traffic by percentage across resources A/B testing; gradual traffic migration between versions
Latency Routes to the Region with lowest latency for the user Global applications where user experience depends on response time
Failover Routes to primary; switches to standby if primary fails health check Active-passive disaster recovery
Geolocation Routes based on the user's geographic location Content localization; regulatory compliance (e.g., EU users must stay in EU)
Geoproximity Routes based on geographic distance with optional bias Geographic load balancing with fine-tuned control
Multivalue Answer Returns multiple IP addresses with health checks Simple load balancing without a dedicated load balancer

4.3 Amazon CloudFront

CloudFront is AWS's global Content Delivery Network (CDN) that caches and delivers content with low latency through a network of 400+ Edge Locations.

How CloudFront reduces latency:

User (Tokyo) requests content
    │
    ▼
Route 53 directs to nearest Edge Location (Tokyo)
    │
    ├── Cache HIT: Content served from Edge Location immediately
    │
    └── Cache MISS: CloudFront fetches from Origin (e.g., S3 in us-east-1)
                    → Caches content at Edge Location
                    → Serves to user
                    → Future requests served from Edge Location (cache hit)

CloudFront origins:

Origin Type Examples
Amazon S3 bucket Static websites, media files, software downloads
EC2 instance Dynamic web application content
Application Load Balancer Dynamic content behind a fleet of EC2 instances
Custom HTTP server On-premises web server

Key CloudFront security features:

Feature Description
Origin Access Control (OAC) Restricts S3 bucket access to CloudFront only; the S3 bucket does not need to be public
AWS WAF integration Filter and block malicious requests at the Edge Location before they reach the origin
AWS Shield integration DDoS protection at the Edge Level
HTTPS enforcement Redirect HTTP to HTTPS; require HTTPS between CloudFront and origin
Geo Restriction Block or allow users from specific countries

4.4 Elastic Load Balancing

Elastic Load Balancing (ELB) automatically distributes incoming traffic across multiple targets (EC2 instances, containers, Lambda functions, IP addresses) in one or more AZs.

Load Balancer OSI Layer Protocols Key Feature Best For
Application (ALB) 7 (Application) HTTP, HTTPS, gRPC Content-based routing (path, host, headers, query strings) Web applications, microservices, containerized apps
Network (NLB) 4 (Transport) TCP, UDP, TLS Extreme performance; millions of requests per second; static IPs Low-latency, high-throughput applications; static IP requirement
Gateway (GWLB) 3 (Network) IP Deploy and scale third-party virtual appliances Inline traffic inspection (firewalls, IDS/IPS)
Classic (CLB) 4 and 7 HTTP, HTTPS, TCP Legacy; basic Layer 4/7 Existing applications only; not recommended for new deployments

4.5 Amazon API Gateway

A fully managed service to create, publish, maintain, monitor, and secure APIs at any scale.

  • Supports REST APIs, HTTP APIs (lower latency and cost), and WebSocket APIs
  • Integrated with Lambda, EC2, DynamoDB, and any HTTP endpoint
  • Built-in: throttling, rate limiting, authentication (IAM, Cognito, Lambda authorizer), usage plans, and API keys

Common serverless API pattern:

Client → API Gateway → Lambda function → DynamoDB table

5. Developer Tools and Deployment

5.1 CI/CD Services

Service Category Description
AWS CodeCommit Source control Fully managed private Git repositories hosted on AWS
AWS CodeBuild Build and test Fully managed continuous integration service; compiles code, runs tests, produces artifacts; no servers to manage
AWS CodeDeploy Deployment Automates application deployments to EC2, ECS, Lambda, and on-premises servers
AWS CodePipeline CI/CD orchestration Fully managed pipeline that automates the entire release process from source to production

Complete CI/CD pipeline flow:

CodeCommit (Source)
    │
    ▼
CodeBuild (Build and Test)
    │
    ▼
CodeDeploy (Deploy to Target)

All orchestrated by CodePipeline

5.2 Infrastructure as Code

Service Language Description
AWS CloudFormation JSON or YAML Define and provision AWS infrastructure using declarative templates; AWS manages the provisioning order; free (pay for resources created)
AWS CDK (Cloud Development Kit) Python, TypeScript, Java, C#, Go Define infrastructure using familiar programming languages; compiles to CloudFormation
AWS SAM (Serverless Application Model) YAML extension of CloudFormation Simplified syntax for defining serverless applications (Lambda, API Gateway, DynamoDB)

5.3 Observability and Debugging

Service Purpose
AWS X-Ray Distributed tracing — visualizes how requests flow through microservices; identifies bottlenecks and error sources
AWS Cloud9 Cloud-based IDE — write, run, and debug code in a browser with pre-configured AWS CLI

6. Analytics Services

Service Category Description Key Use Cases
Amazon Athena Interactive SQL query Analyze data directly in S3 using standard SQL; serverless; pay per TB scanned Ad hoc analysis, log analysis, S3 data lake queries
Amazon Kinesis Data Streams Real-time streaming Collect and process streaming data records in real time Real-time analytics, event processing, log collection
Amazon Kinesis Data Firehose Streaming delivery Load streaming data into S3, Redshift, or OpenSearch; fully managed, no consumer code required Log delivery, event data ingestion
Amazon Kinesis Data Analytics Streaming analytics Run SQL or Apache Flink on streaming data in real time Real-time dashboards, anomaly detection, metric generation
AWS Glue ETL (Extract, Transform, Load) Fully managed ETL service; discovers, catalogs, and transforms data for analytics Data lake preparation, schema discovery, data integration
Amazon OpenSearch Service Search and analytics Managed OpenSearch (successor to Elasticsearch) for search and log analytics Application search, log analytics, real-time monitoring
Amazon QuickSight Business Intelligence Cloud-native BI service for creating and sharing interactive dashboards; ML-powered insights Executive dashboards, data visualization, self-service BI

7. Machine Learning and AI Services

7.1 ML Platform

Amazon SageMaker is AWS's fully managed platform for building, training, and deploying machine learning models at any scale.

SageMaker Feature Description
SageMaker Studio Unified ML IDE with notebooks, experiments, and model management
SageMaker Autopilot AutoML — automatically builds, trains, and tunes models from tabular data
SageMaker Ground Truth Data labeling service for creating high-quality training datasets
SageMaker Endpoints Deploy trained models for real-time inference at scale
SageMaker Pipelines CI/CD for ML — automate model training, evaluation, and deployment workflows

7.2 AI API Services

Pre-built AI capabilities accessible via API — no ML expertise required.

Service Capability Input Example Use Cases
Amazon Rekognition Computer vision — image and video analysis Images, video Object detection, facial recognition, content moderation, text in images
Amazon Comprehend Natural language processing — text insights Text Sentiment analysis, entity recognition, topic modeling, language detection
Amazon Translate Neural machine translation Text Multi-language apps, content localization
Amazon Transcribe Speech to text Audio Meeting transcription, call center analytics, subtitles and captions
Amazon Polly Text to speech Text Accessibility features, voice-enabled applications, e-learning
Amazon Lex Conversational AI — chatbots and voice bots Text, voice Customer service bots, virtual agents (same technology as Alexa)
Amazon Kendra Intelligent enterprise search Documents, structured data Natural language search across SharePoint, S3, Confluence, and more
Amazon Textract Document text and data extraction Documents, PDFs, images Invoice processing, form extraction, ID document parsing
Amazon Personalize Real-time personalized recommendations User behavior data Product recommendations, content personalization, targeted marketing
Amazon Forecast Time-series forecasting Historical time-series data Demand forecasting, inventory planning, financial forecasting
Amazon Fraud Detector Fraud detection Transaction data Online payment fraud, account takeover, identity fraud

8. Application Integration

8.1 Amazon SNS

Amazon Simple Notification Service is a fully managed publish-subscribe (pub/sub) messaging service.

How it works: A publisher sends a message to a topic. The topic immediately pushes (fans out) that message to all subscribers simultaneously.

Subscriber types:

  • Amazon SQS queues
  • AWS Lambda functions
  • HTTP/HTTPS endpoints
  • Email and email-JSON
  • SMS text messages
  • Mobile push notifications (iOS, Android)

Common patterns:

Pattern Description
Fan-out One message published to SNS triggers multiple SQS queues, Lambda functions, or endpoints simultaneously
Alert notification CloudWatch Alarm → SNS topic → Email to operations team
Application decoupling Backend service publishes events; multiple downstream services subscribe independently

8.2 Amazon SQS

Amazon Simple Queue Service is a fully managed message queue service for decoupling and scaling microservices, distributed systems, and serverless applications.

How it works: A producer sends messages to a queue. One or more consumers poll the queue, process messages, and delete them upon successful processing.

Queue types:

Feature Standard Queue FIFO Queue
Throughput Unlimited Up to 3,000 messages/second (with batching)
Delivery guarantee At-least-once (occasional duplicate) Exactly-once
Message ordering Best-effort ordering Strictly preserved
Use case Maximum throughput; order not critical Financial transactions, order processing requiring strict order

Key SQS concepts:

Concept Description
Visibility Timeout Duration a message is hidden from other consumers after being retrieved; prevents duplicate processing
Dead Letter Queue (DLQ) A separate queue that captures messages that failed processing a defined number of times
Long Polling Consumer waits up to 20 seconds for messages; reduces empty responses and API costs
Message Retention Messages retained for 1 minute to 14 days (default 4 days)

SNS vs SQS comparison:

Feature Amazon SNS Amazon SQS
Pattern Publish-Subscribe (push) Point-to-point queue (pull)
Consumers Multiple simultaneously (fan-out) One consumer at a time
Message persistence Not stored after delivery Stored until consumed or expired
Primary purpose Notify multiple subscribers of an event Decouple two services; buffer requests

8.3 AWS Step Functions and EventBridge

AWS Step Functions

A serverless workflow orchestration service that coordinates multiple AWS services into a sequence using a state machine definition. Provides built-in error handling, retry logic, and parallel execution. Maximum workflow duration of one year.

Use Case Example
Order processing pipeline Validate order → charge payment → update inventory → send confirmation
ML model pipeline Preprocess data → train model → evaluate → deploy if threshold met
IT automation Backup data → verify backup → notify on completion or failure

Amazon EventBridge

A serverless event bus that routes events from AWS services, custom applications, and third-party SaaS platforms to target services.

  • 90+ AWS services emit events to EventBridge natively
  • Create rules to filter events by source, detail type, or content
  • Route events to Lambda, SQS, SNS, Step Functions, API Gateway, and more
  • Supports scheduled rules (cron expressions) for time-based automation

9. Management and Governance

Service Description Key Use Case
AWS Systems Manager Operational management at scale — patching, remote access, parameter storage, and automation SSH-free EC2 access via Session Manager; automated OS patching with Patch Manager
AWS CloudFormation Infrastructure as Code — provision resources from JSON/YAML templates Reproducible environment deployments; version-controlled infrastructure
AWS Trusted Advisor Real-time best practice recommendations across cost, security, performance, fault tolerance, and service limits Identify idle resources, security misconfigurations, and approaching service quotas
AWS Health Dashboard Personalized view of AWS service events affecting your specific resources Proactive notification of planned maintenance, service degradations affecting your account
AWS Compute Optimizer ML-based recommendations for right-sizing EC2 instances, Auto Scaling groups, EBS volumes, and Lambda functions Identify over-provisioned resources; reduce costs without impacting performance
AWS License Manager Central management of software licenses (Windows Server, SQL Server, Oracle) across AWS and on-premises Prevent license violations; track BYOL compliance

10. Migration and Transfer Services

Service Category Description
AWS Application Migration Service (MGN) Server migration Lift-and-shift server replication to AWS; agent-based continuous replication; minimal downtime cutover
AWS Database Migration Service (DMS) Database migration Migrate databases to AWS with the source remaining operational; supports homogeneous and heterogeneous migrations
AWS Schema Conversion Tool (SCT) Schema conversion Converts database schema from one engine to another (e.g., Oracle stored procedures to PostgreSQL)
AWS Migration Hub Migration tracking Central dashboard to track migration progress across DMS, MGN, and other migration tools
AWS Application Discovery Service Discovery Discovers on-premises servers, collects performance data and network dependencies to plan migrations
AWS DataSync Online data transfer Automated, accelerated data transfer between on-premises storage and AWS storage services; 10x faster than open-source tools

11. Exam Tips and Quick Reference

Scenario-to-Service Mapping

Scenario or Requirement Service
Run a virtual server with full OS control Amazon EC2
Run code in response to events without managing servers AWS Lambda
Run containers without managing EC2 instances AWS Fargate
Simple web application deployment without server management AWS Elastic Beanstalk
Store any file type and access via HTTP Amazon S3
Persistent high-performance storage for a single EC2 instance Amazon EBS
Shared file storage accessed by multiple Linux EC2 instances Amazon EFS
Transfer 60 TB of data when internet bandwidth is too slow AWS Snowball Edge
Fully managed relational database with automatic failover Amazon RDS Multi-AZ
Relational database with highest performance and 15 read replicas Amazon Aurora
NoSQL database with single-digit millisecond latency at any scale Amazon DynamoDB
Cache database query results for microsecond response times ElastiCache with Redis
Run SQL analytics on petabyte-scale data warehouse Amazon Redshift
Query S3 data directly using SQL without loading into a database Amazon Athena
Process real-time streaming data from IoT devices Amazon Kinesis
Route 20% of traffic to a new application version Route 53 Weighted Routing
Distribute traffic based on URL path (/api vs /web) Application Load Balancer
Deliver cached video content globally with low latency Amazon CloudFront
Send the same alert to 5 different teams simultaneously Amazon SNS Fan-out
Decouple two microservices so one does not overwhelm the other Amazon SQS
Detect text in scanned invoice images Amazon Textract
Convert customer audio support calls to searchable text Amazon Transcribe
Build a product recommendation engine Amazon Personalize
Set up secure shell access to EC2 without opening port 22 AWS Systems Manager Session Manager

Common Exam Traps

  • EC2 vs Lambda: EC2 is for long-running, stateful, or workloads exceeding 15 minutes. Lambda is for short-duration, event-driven, stateless functions. Do not select Lambda for something that runs continuously.
  • S3 vs EBS vs EFS: S3 = object storage accessed via API (not mountable as a file system directly). EBS = block storage for one EC2 instance. EFS = shared file system for multiple Linux EC2 instances simultaneously.
  • Multi-AZ vs Read Replicas: Multi-AZ = availability (standby is not readable). Read Replicas = performance (replicas are readable).
  • SNS vs SQS: If the scenario says "notify multiple systems at once" → SNS. If it says "decouple producer from consumer" or "buffer requests" → SQS.
  • Redshift vs RDS: Redshift = analytics on historical data (OLAP). RDS = transactional operational database (OLTP). Do not use Redshift for transactional workloads.

End of Domain 3. Continue to Domain 4: Billing, Pricing, and Support →

Previous

Domain 2: Security and Compliance

Next

Domain 4: Billing, Pricing, and Support

Ready to test yourself?

Practice questions for this topic

Start Practicing →

CLF-C02 Topics

Topic 3 of 4