AWS Certified Cloud Practitioner (CLF-C02) - Cheat Sheet

Coding Gears Author

AWS Cloud Practitioner (CLF-C02) Master Cheat Sheet

Advanced Comprehensive Guide for 2026 Certification

1. Identity & Access Management (IAM)

IAM is global and allows you to manage access to AWS services and resources securely.

Users: Physical persons. Have passwords for Console or Access Keys for CLI/SDK.

Groups: Collection of users. Permissions applied to groups are inherited by users.

Roles: Temporary permissions for EC2 instances or AWS Services (no password).

Policies: JSON documents defining permissions. Principle of Least Privilege.

Audit Tools: IAM Credential Report (User list & security status) and Access Advisor (Service permissions used).

2. EC2: Elastic Compute Cloud

Option	Best Use Case
On-Demand	Short-term, unpredictable workloads. Pay per second.
Reserved	Steady-state workloads (1 or 3 yr commitment). 75% discount.
Spot	Batch jobs, flexible start/end. Up to 90% discount (AWS can reclaim).
Dedicated Hosts	Compliance requirements/Bring Your Own License (BYOL).

Security Groups: Stateful virtual firewalls for EC2 instances. Default: All outbound allowed, All inbound blocked.

3. Storage: EBS, EFS, and Instance Store

EBS (Elastic Block Store): Network drive for one instance. Tied to one AZ. Use Snapshots for backups.
Instance Store: Physical disk on the host. High performance but ephemeral (data lost if instance stops).
EFS (Elastic File System): Managed network file system. Can be shared by hundreds of EC2s across AZs.
FSx: High-performance third-party file systems (Lustre for HPC, Windows File Server).

4. Scalability & High Availability

ELB (Elastic Load Balancer): Distributes traffic. Application (L7 - HTTP), Network (L4 - TCP/UDP), Gateway (L3).

ASG (Auto Scaling Group): Adds/removes EC2s based on demand. Replaces unhealthy instances automatically.

5. S3: Simple Storage Service

Infinite object storage. Buckets are global, but content is regional. 99.999999999% (11 9's) durability.

Class	Use Case
Standard	General purpose, high availability.
Intelligent-Tiering	Automatic cost saving based on access patterns.
Standard-IA	Infrequent access, needs millisecond retrieval.
Glacier Deep Archive	Long-term archive (retrieval in 12 hours). Cheapest.

6. Databases & Analytics

RDS: Managed SQL (MySQL, Postgres, SQL Server). Multi-AZ for DR; Read Replicas for performance.

Aurora: AWS-optimized SQL. 5x faster than MySQL. Serverless option available.

DynamoDB: Managed NoSQL. Single-digit millisecond latency. Global Tables for replication.

Redshift: OLAP Data Warehouse for complex SQL analytics.

Athena: Serverless SQL to query data directly on S3.

7. Global Application Delivery

Route 53: Managed DNS. Routing: Simple, Weighted, Latency, Failover, Geolocation.
CloudFront: CDN using Edge Locations to cache content closer to users.
Global Accelerator: Uses AWS private network to route traffic (fixed IP) for 60% performance boost.
Transfer Acceleration: Faster S3 uploads via Edge Locations.

8. Application Integration

SQS (Simple Queue Service): Decouple applications. Asynchronous. Messages kept for 14 days.
SNS (Simple Notification Service): Pub/Sub model. Send one message to many subscribers (Email, Lambda, SQS).
Kinesis: Real-time data streaming and big data ingestion.
Amazon MQ: Managed broker for RabbitMQ and ActiveMQ (traditional protocols).

9. Monitoring, Audit, and Governance

CloudWatch: Performance monitoring (Metrics, Logs, Alarms).

CloudTrail: Governance and audit. Records every API call made in the account.

Config: Records resource configurations and compliance against rules.

Systems Manager: Patching, configuration, and running commands at scale.

10. Security & Compliance

Shield: Automatic DDoS protection (Advanced includes 24/7 DRT support).
WAF: Protects web apps from SQL Injection and Cross-Site Scripting.
Inspector: Vulnerability scans for EC2 and ECR images.
GuardDuty: ML-powered threat detection (VPC, DNS, CloudTrail logs).
Macie: Uses ML to discover sensitive data (PII) in S3.

11. AWS Machine Learning (High-Level)

AWS provides pre-trained AI services for developers without ML expertise.

Rekognition: Image and video analysis (Face/Object detection).

Polly: Text-to-Speech.

Lex: Build conversational chatbots (same tech as Alexa).

SageMaker: Fully managed platform for building/training/deploying ML models.

12. Billing, Cost, and Support

Organizations: Manage multiple accounts with Consolidated Billing and SCPs.
Cost Explorer: View history and forecast future spending.
Budgets: Create custom alerts for costs, usage, or RI utilization.
Trusted Advisor: Checks for Cost, Performance, Security, Fault Tolerance, and Service Limits.

🧠 Exam Ready Practice

Question: A company needs a hybrid storage solution that allows their on-premises applications to seamlessly use S3 as a backup target. Which service should they use?

Categories: : AWS, AWS Certified Cloud Practitioner, Certification, Cheatsheet