AWS Certified Cloud

Practitioner CLF-C02
Cert Guide
Companion Website and Pearson Test Prep Access Code
Access interactive study tools on this book’s companion website, including practice test
software, review exercises, Key Term flash card application, a study planner, and more!
To access the companion website, simply follow these steps:
1. Go to pearsonitcertification.com.
2. Enter the print book ISBN: 9780138285999.
3. Answer the security question to validate your purchase.
4. Go to your account page.
5. Click on the Registered Products tab.
6. Under the book listing, click on the Access Bonus Content link.

When you register your book, your Pearson Test Prep practice test access code will auto-
matically be populated with the book listing under the Registered Products tab. You will
need this code to access the practice test that comes with this book. You can redeem the
code at PearsonTestPrep.com. Simply choose Pearson IT Certification as your product
group and log into the site with the same credentials you used to register your book. Click
the Activate New Product button and enter the access code. More detailed instructions on
how to redeem your access code for both the online and desktop versions can be found on
the companion website.
If you have any issues accessing the companion website or obtaining your Pearson Test
Prep practice test access code, you can contact our support team by going to pearsonitp
.echelp.org.
This page intentionally left blank
AWS Certified Cloud
Practitioner CLF-C02
Cert Guide

Anthony Sequeira, CCIE No. 15626

Hoboken, New Jersey

AWS Certified Cloud Practitioner CLF-C02 Cert Guide GM K12, Early Career
Copyright © 2025 by Pearson Education, Inc. and Professional
Learning
All rights reserved. This publication is protected by copyright, and
Soo Kang
permission must be obtained from the publisher prior to any prohibited
reproduction, storage in a retrieval system, or transmission in any form or Director, ITP Product
by any means, electronic, mechanical, photocopying, recording, or likewise. Management
For information regarding permissions, request forms, and the appropri-
Brett Bartow
ate contacts within the Pearson Education Global Rights & Permissions
Department, please visit www.pearson.com/permissions. Executive Editor
No patent liability is assumed with respect to the use of the information Nancy Davis
contained herein. Although every precaution has been taken in the prepa-
Managing Editor
ration of this book, the publisher and author assume no responsibility for
Sandra Schroeder
errors or omissions. Nor is any liability assumed for damages resulting
from the use of the information contained herein. Development Editor
Microsoft and/or its respective suppliers make no representations about the Christopher Cleveland
suitability of the information contained in the documents and related graph-
ics published as part of the services for any purpose all such documents and Senior Project Editor
related graphics are provided “as is” without warranty of any kind. Microsoft Mandie Frank
and/or its respective suppliers hereby disclaim all warranties and conditions
Copy Editor
with regard to this information, including all warranties and conditions of
Kitty Wilson
merchantability, whether express, implied or statutory, fitness for a particular
purpose, title and non-infringement. In no event shall Microsoft and/or its Technical Editor
respective suppliers be liable for any special, indirect or consequential dam- John Stuppi
ages or any damages whatsoever resulting from loss of use, data or profits,
whether in an action of contract, negligence or other tortious action, arising Editorial Assistant
out of or in connection with the use or performance of information available Cindy Teeters
from the services.
Designer
The documents and related graphics contained herein could include
Chuti Prasertsith
technical inaccuracies or typographical errors. Changes are periodically
added to the information herein. Microsoft and/or its respective suppliers Composition
may make improvements and/or changes in the product(s) and/or the codeMantra
program(s) described herein at any time. Partial screen shots may be
viewed in full within the software version specified. Indexer
Timothy Wright
Microsoft® Windows®, and Microsoft Office® are registered trademarks
of the Microsoft Corporation in the U.S.A. and other countries. This Proofreader
book is not sponsored or endorsed by or affiliated with the Microsoft Jennifer Hinchliffe
Corporation.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.
ISBN-13: 978-0-13-828599-9
ISBN-10: 0-13-828599-3
Library of Congress Cataloging-in-Publication Data: 2024906720
$PrintCode

Trademarks
All terms mentioned in this book that are known to be trademarks or ser-
vice marks have been appropriately capitalized. Pearson IT Certification
cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service
mark.
Warning and Disclaimer
This book is designed to provide information about the AWS Certified
Cloud Practitioner CLF-C02 exam. Every effort has been made to make
this book as complete and accurate as possible, but no warranty or fitness
is implied. The information provided is on an “as is” basis. The author and
the publisher shall have neither liability nor responsibility to any person
or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the supplemental online content
or programs accompanying it.

Special Sales
For information about buying this title in bulk quantities, or for special
sales opportunities (which may include electronic versions; custom cover
designs; and content particular to your business, training goals, marketing
focus, or branding interests), please contact our corporate sales department
at corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
vi AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Contents at a Glance

Introduction xxii

Part I: Domain 1: Cloud Concepts

CHAPTER 1 The AWS Cloud Defined 3
CHAPTER 2 Some Benefits of the AWS Cloud 23
CHAPTER 3 Design Principles of the AWS Cloud 37
CHAPTER 4 Strategies for Migration to the AWS Cloud 53
CHAPTER 5 Concepts of Cloud Economics 65
CHAPTER 6 Creating and Using an AWS Free Tier Account 75

Part II: Domain 2: Security and Compliance

CHAPTER 7 The AWS Shared Responsibility Model 93
CHAPTER 8 AWS Cloud Security, Governance, and Compliance 103
CHAPTER 9 AWS Access Management 113
CHAPTER 10 Components and Resources for Security 127

Part III: Domain 3: Cloud Technology and Services

CHAPTER 11 Methods of Deploying and Operating in AWS 139
CHAPTER 12 The AWS Global Infrastructure 151
CHAPTER 13 AWS Compute Services 165
CHAPTER 14 AWS Database Services 177
CHAPTER 15 AWS Network Services 187
CHAPTER 16 AWS Storage Services 197
CHAPTER 17 AWS Artificial Intelligence and Data Analytics Services 211
CHAPTER 18 Other AWS Services 223

Part IV: Domain 4: Billing, Pricing, and Support

CHAPTER 19 AWS Pricing Models Compared 241
CHAPTER 20 Resources for Billing, Budgets, and Cost Management 255
CHAPTER 21 AWS Technical Resources and AWS Support Options 265
 Contents vii

Part V: Final Preparation

CHAPTER 22 Final Preparation 279

Part VI: Appendixes

Glossary of Key Terms 285
APPENDIX A Answers to the “Do I Know This Already?” Quizzes and Q&A
Sections 299
APPENDIX B AWS Certified Cloud Practitioner CLF-C02 Cert Guide Exam
Updates 313
Index 315
APPENDIX C Online only
viii AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Table of Contents

Introduction xxii

Part I: Domain 1: Cloud Concepts

Chapter 1 The AWS Cloud Defined 3
“Do I Know This Already?” Quiz 3
Foundation Topics 5
Introduction to the Cloud 5
Introduction to the AWS Cloud 8
Compute Service 8
Storage Services 11
Network Services 12
Database Services 14
Security Services 15
Automation and Application Support 17
Management Tools 17
Monitoring 18
Exam Preparation Tasks 20
Review All Key Topics 20
Define Key Terms 20
Q&A 20
Chapter 2 Some Benefits of the AWS Cloud 23
“Do I Know This Already?” Quiz 23
Foundation Topics 25
Economic Benefits 25
The Benefits of the Global Infrastructure 26
High Availability, Elasticity, and Agility 28
High Availability (HA) 29
Elasticity 29
Agility 30
 Contents ix

Exam Preparation Tasks 33

Review All Key Topics 33
Define Key Terms 33
Q&A 33
Chapter 3 Design Principles of the AWS Cloud 37
“Do I Know This Already?” Quiz 37
Foundation Topics 41
The AWS Well-Architected Framework 41
Operational Excellence 43
Security 44
Reliability 46
Performance Efficiency 47
Cost Optimization 48
Sustainability 49
Exam Preparation Tasks 51
Review All Key Topics 51
Define Key Terms 51
Q&A 51
Chapter 4 Strategies for Migration to the AWS Cloud 53
“Do I Know This Already?” Quiz 53
Foundation Topics 55
The AWS Cloud Adoption Framework 55
Foundational Capabilities 56
Cloud Transformation Journey 58
Resources for Migration Support 59
Database Migration Service 59
Snowball 61
Exam Preparation Tasks 63
Review All Key Topics 63
Define Key Terms 63
Q&A 63
Chapter 5 Concepts of Cloud Economics 65
“Do I Know This Already?” Quiz 65
Foundation Topics 67
Cloud Economics 67
x AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Fixed Costs Versus Variable Costs 67

Costs Associated with On-Premises Environments 69
Other Benefits 70
Benefits of Automation 70
Benefits of Managed Services 71
Exam Preparation Tasks 72
Review All Key Topics 72
Define Key Terms 72
Q&A 72
Chapter 6 Creating and Using an AWS Free Tier Account 75
“Do I Know This Already?” Quiz 75
Foundation Topics 77
Creating Your Free Tier Account 77
Lab: Creating Your Free Tier Account 82
Building a Web Server with the Free Tier 85
Lab: Building a Web Server with the Free Tier 86
Exam Preparation Tasks 91
Review All Key Topics 91
Define Key Term 91
Q&A 91

Part II: Domain 2: Security and Compliance

Chapter 7 The AWS Shared Responsibility Model 93
“Do I Know This Already?” Quiz 93
Foundation Topics 96
Understanding the Shared Responsibility Model 96
AWS Responsibilities 97
Customer Responsibilities 98
Exam Preparation Tasks 100
Review All Key Topics 100
Define Key Terms 100
Q&A 100
 Contents xi

Chapter 8 AWS Cloud Security, Governance, and Compliance 103

“Do I Know This Already?” Quiz 103
Foundation Topics 105
An Introduction to AWS Security 105
AWS Security Compliance Programs 108
Exam Preparation Tasks 111
Review All Key Topics 111
Define Key Terms 111
Q&A 111
Chapter 9 AWS Access Management 113
“Do I Know This Already?” Quiz 113
Foundation Topics 115
Identity and Access Management 115
Best Practices with IAM 118
Other Access Management-Related AWS Services 122
Exam Preparation Tasks 124
Review All Key Topics 124
Define Key Terms 124
Q&A 124
Chapter 10 Components and Resources for Security 127
“Do I Know This Already?” Quiz 127
Foundation Topics 129
Some AWS Security Features 129
Security Groups 129
Network ACLs (NACLs) 130
Web Application Firewall (WAF) 130
Tools for Security Support 132
AWS Knowledge Center 132
AWS Security Center 132
AWS Security Blog 133
Additional Security Support Resources 133
AWS Trusted Advisor 133
Lab: Using the Trusted Advisor 134
AWS Marketplace 135
xii AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Exam Preparation Tasks 136

Review All Key Topics 136
Define Key Terms 136
Q&A 136

Part III: Domain 3: Cloud Technology and Services

Chapter 11 Methods of Deploying and Operating in AWS 139
“Do I Know This Already?” Quiz 139
Foundation Topics 142
Automation 142
Orchestration 143
Management Options 145
Deployment and Connectivity Options 147
Exam Preparation Tasks 149
Review All Key Topics 149
Define Key Terms 149
Q&A 149
Chapter 12 The AWS Global Infrastructure 151
“Do I Know This Already?” Quiz 151
Foundation Topics 154
Regions 154
Availability Zones 156
Other Global Infrastructure Components 157
AWS Local Zones 157
AWS Wavelength Zones 157
AWS CloudFront 158
AWS Global Accelerator 159
AWS Direct Connect 160
VPC Endpoints 160
Interface Endpoints 161
Gateway Endpoints 161
VPC Peering 162
Exam Preparation Tasks 163
 Contents xiii

Review All Key Topics 163

Define Key Terms 163
Q&A 163
Chapter 13 AWS Compute Services 165
“Do I Know This Already?” Quiz 165
Foundation Topics 167
EC2 167
Container Options 170
Elastic Container Service (ECS) 170
Elastic Kubernetes Service (EKS) 171
Serverless Compute 172
Lambda 172
Elastic Beanstalk 173
Exam Preparation Tasks 175
Review All Key Topics 175
Define Key Terms 175
Q&A 175
Chapter 14 AWS Database Services 177
“Do I Know This Already?” Quiz 177
Foundation Topics 179
Relational Database Services 179
Relational Database Service (RDS) 179
Aurora 180
Other Database Services 181
DynamoDB 181
ElastiCache 183
Redshift 184
Exam Preparation Tasks 185
Review All Key Topics 185
Define Key Terms 185
Q&A 185
xiv AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Chapter 15 AWS Network Services 187

“Do I Know This Already?” Quiz 187
Foundation Topics 190
Fundamental Network Services 190
Virtual Private Cloud (VPC) 190
Other Network Services 192
Route 53 192
CloudFront 192
Exam Preparation Tasks 194
Review All Key Topics 194
Define Key Terms 194
Q&A 194
Chapter 16 AWS Storage Services 197
“Do I Know This Already?” Quiz 197
Foundation Topics 199
Fundamental Storage Services 199
Simple Storage Service (S3) 199
S3 Storage Classes 201
S3 Lifecycles 202
Elastic Block Store (EBS) 203
Elastic File System (EFS) 205
Other Storage Services 205
FSx 205
Storage Gateway 206
AWS Backup 207
Exam Preparation Tasks 208
Review All Key Topics 208
Define Key Terms 208
Q&A 208
Chapter 17 AWS Artificial Intelligence and Data Analytics Services 211
“Do I Know This Already?” Quiz 211
Foundation Topics 214
Artificial Intelligence/Machine Learning Services 214
 Contents xv

SageMaker 214
Lex 215
Kendra 216
Data Analytics Services 217
Athena 217
Glue 217
QuickSight 218
Kinesis 219
Exam Preparation Tasks 221
Review All Key Topics 221
Define Key Terms 221
Q&A 221
Chapter 18 Other AWS Services 223
“Do I Know This Already?” Quiz 223
Foundation Topics 226
Business Application Services 226
Amazon Connect 226
Simple Email Service (SES) 227
EventBridge 227
Simple Notification Service (SNS) 227
Simple Queue Service (SQS) 228
Customer Engagement Services 228
Activate for Startups 228
AWS IQ 229
AWS Managed Services 229
Developer Services 230
AppConfig 230
Cloud9 230
CloudShell 230
CodeArtifact 231
CodeBuild 232
CodeCommit 232
xvi AWS Certified Cloud Practitioner CLF-C02 Cert Guide

CodeDeploy 232
CodePipeline 233
CodeStar 233
AWS X-Ray 233
AWS Amplify 234
AppSync 234
End-User Compute Services 234
AppStream 2.0 235
AWS WorkSpaces 235
WorkSpaces Web 236
IoT Services 236
IoT Core 237
IoT Greengrass 238
Exam Preparation Tasks 239
Review All Key Topics 239
Define Key Terms 239
Q&A 239

Part IV: Domain 4: Billing, Pricing, and Support

Chapter 19 AWS Pricing Models Compared 241
“Do I Know This Already?” Quiz 241
Foundation Topics 244
General AWS Pricing Practices 244
Fundamentals of Compute Pricing 245
On-Demand Instance Pricing 245
Reserved Instance Pricing 246
Savings Plan Pricing 246
Spot Instance Pricing 247
Dedicated Host Pricing 248
Dedicated Instance Pricing 249
On-Demand Capacity Reservation Pricing 250
Exam Preparation Tasks 252
Review All Key Topics 252
 Contents xvii

Define Key Terms 252

Q&A 252
Chapter 20 Resources for Billing, Budgets, and Cost Management 255
“Do I Know This Already?” Quiz 255
Foundation Topics 257
AWS Billing and Cost Management 257
Budgets 258
Cost Explorer 258
Billing Conductor 259
Pricing Calculator 259
Cost and Usage Reports 259
Cost Allocation Tags 260
AWS Organizations 260
Exam Preparation Tasks 262
Review All Key Topics 262
Define Key Terms 262
Q&A 262
Chapter 21 AWS Technical Resources and AWS Support Options 265
“Do I Know This Already?” Quiz 265
Foundation Topics 268
AWS Technical Resources 268
Documentation, Whitepapers, and Blogs 268
Other AWS Technical Resources 272
AWS Support Options 273
Comparing the Plans 276
Exam Preparation Tasks 277
Review All Key Topics 277
Define Key Terms 277
Q&A 277
xviii AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Part V: Final Preparation

Chapter 22 Final Preparation 279
Exam Information 279
Getting Ready 281
Suggested Plan for Final Review/Study 282
Summary 283

Part VI: Appendixes

Glossary of Key Terms 285
Appendix A Answers to the “Do I Know This Already?” Quizzes
and Q&A Sections 299
Appendix B AWS Certified Cloud Practitioner CLF-C02 Cert Guide
Exam Updates 313
Index 315

Appendix C Online only

 Acknowledgments xix

About the Author

Anthony Sequeira, CCIE No. 15626, is a seasoned trainer and author regarding
various levels and tracks of Cisco, Microsoft, and AWS certifications. Anthony
formally began his career in the information technology industry in 1994 with IBM
in Tampa, Florida. He quickly formed his own computer consultancy, Computer
Solutions, and then discovered his true passion—teaching and writing about
information technologies.
Anthony joined Mastering Computers in 1996 and lectured to massive audiences
around the world about the latest in computer technologies. Mastering Computers
became the revolutionary online training company KnowledgeNet, and Anthony
trained there for many years.
Anthony is currently a full-time instructor with ACI Learning. ACI Learning is a
leader in audit, cybersecurity, and IT professional training.

Dedication

This book is dedicated to my dear friend Pierre Smith, who has provided many decades of advice,
banter, and, of course, laughs. Pierre will most likely never certify in AWS, but he certainly could
if he wanted to—in record time.

Acknowledgments

This update to the text was made possible by Nancy Davis of Pearson. Nancy, thank
you so much for this opportunity!
Thank you, John Stuppi, for the intense technical review. Your work helped this text
tremendously.
Finally, I would also like to express my gratitude to Chris Cleveland, development
editor of this book and of the previous edition. I was so incredibly lucky to work
with him again on this text. Like John, he helped make this book several cuts above
the rest.
xx AWS Certified Cloud Practitioner CLF-C02 Cert Guide

About the Technical Reviewer

John Stuppi, CCIE No. 11154, is an Engineering Program Manager in the

Security & Trust Organization (S&TO) at Cisco, where he works with Cisco cus-
tomers to investigate suspected compromises in their network environment as well
as to protect their networks against existing and emerging cybersecurity threats,
risks, and vulnerabilities. Current projects include working with newly acquired
entities to integrate them into Cisco’s PSIRT Vulnerability Management processes
and advising some of Cisco’s most strategic customers on vulnerability management
and risk assessment.
John has presented multiple times on various network security topics at Cisco Live,
Black Hat, and other customer-facing cyber security conferences. John is also the
co-author of the Official Certification Guide for CCNA Security 210-260, published by
Cisco Press. Additionally, John has contributed to the Cisco Security Portal through
the publication of white papers, Security Blog posts, and Cyber Risk Report articles.
Prior to joining Cisco, John worked as a network engineer for JPMorgan and then
as a network security engineer at Time, Inc., with both positions based in New York
City. John is also a CISSP (#25525) and holds AWS Cloud Practitioner and Infor-
mation Systems Security (INFOSEC) professional certifications. In addition, John
has a BSEE from Lehigh University and an MBA from Rutgers University. John
splits his time between Eatontown, New Jersey, and Clemson, South Carolina, with
his wife, son, and daughter.
 Reader Services xxi

We Want to Hear from You!

As the reader of this book, you are our most important critic and commentator. We
value your opinion and want to know what we’re doing right, what we could do bet-
ter, what areas you’d like to see us publish in, and any other words of wisdom you’re
willing to pass our way.
We welcome your comments. You can email or write to let us know what you did or
didn’t like about this book—as well as what we can do to make our books better.
Please note that we cannot help you with technical problems related to the topic of this book.
When you write, please be sure to include this book’s title and author as well as your
name and email address. We will carefully review your comments and share them
with the author and editors who worked on the book.
Email: community@informit.com

Reader Services
Register your copy of AWS Certified Cloud Practitioner CLF-C02 Cert Guide for con-
venient access to downloads, updates, and corrections as they become available. To
start the registration process, go to www.pearsonitcertification.com/register and log
in or create an account*. Enter the product ISBN 9780138285999 and click Submit.
When the process is complete, you will find any available bonus content under
Registered Products.
*Be sure to check the box that you would like to hear from us to receive exclusive
discounts on future editions of this product.
xxii AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Introduction
The AWS Certified Cloud Practitioner exam tests candidates’ overall understanding
of the AWS Cloud and many of its critical services. This certification also serves to
validate candidates’ knowledge with an industry-recognized credential. This exam
covers four domains:
■■ Cloud Concepts
■■ Security and Compliance
■■ Cloud Technology and Services
■■ Billing, Pricing, and Support

Obtaining the AWS Certified Cloud Practitioner certification is a recommended

path to achieving further specialty certifications or can be a start toward associate
certifications in various disciplines, such as solutions architect, SysOps administra-
tor, and developer.

The Goals of the AWS Certified Cloud Practitioner Program

After a candidate studies this text carefully, they should be more than ready for their
certification exam. The exam validates a candidate’s ability to do the following:
■■ Explain the value of the AWS Cloud.
■■ Understand and explain the AWS shared responsibility model.
■■ Understand security best practices.
■■ Understand AWS Cloud costs, economics, and billing practices.
■■ Describe and position the core AWS services, including compute, network,
database, and storage services.
■■ Identify AWS services for common use cases.

Ideal Candidates
While this text provides you with the information required to pass this exam,
Amazon considers ideal candidates to be those who possess the following:
■■ Six months of exposure to AWS Cloud design, implementation, and/or
operations
■■ AWS knowledge in the following areas:
■■ AWS Cloud concepts
■■ Security and compliance in the AWS Cloud
 Introduction xxiii

■■ Core AWS services

■■ Economics of the AWS Cloud

The Exam Objectives (Domains)

The AWS Certified Cloud Practitioner CLF-C02 exam is broken down into four
major domains. The contents of this book cover each of the domains and the sub-
topics included in them, as illustrated in the following descriptions.
The following table lists those domains and the percentage of the exam dedicated to
each of them:

Domain Percentage of Representation in Exam

1: Cloud Concepts 24%
2: Security and Compliance 30%
3: Cloud Technology and Services 34%
4: Billing, Pricing, and Support 12%
Total 100%

Domain 1: Cloud Concepts

Chapters 1 through 6 of this book cover Domain 1: Cloud Concepts. This domain
covers critical topics such as the services and categories of services provided by
AWS. It also covers important information on how AWS can save your IT team
large sums of money. It comprises 24% of the exam and includes the following
topics:
■■ Task Statement 1.1: Define the benefits of the AWS Cloud.
■■ Task Statement 1.2: Identify design principles of the AWS Cloud.
■■ Task Statement 1.3: Understand the benefits of and strategies for migration to
the AWS Cloud.
■■ Task Statement 1.4: Understand concepts of cloud economics.

Domain 2: Security and Compliance

Chapters 7 through 10 cover Domain 2: Security and Compliance. This domain covers
security in general with AWS, and it also provides details on the implementation of
xxiv AWS Certified Cloud Practitioner CLF-C02 Cert Guide

strong security with AWS services such as IAM and a wide variety of management
tools. This domain makes up 30% of the exam and includes the following topics:
■■ Task Statement 2.1: Understand the AWS shared responsibility model.
■■ Task Statement 2.2: Understand AWS Cloud security, governance, and
compliance concepts.
■■ Task Statement 2.3: Identify AWS access management capabilities.
■■ Task Statement 2.4: Identify components and resources for security.

Domain 3: Cloud Technology and Services

Chapters 11 through 18 cover Domain 3: Cloud Technology and Services. This
domain digs into the “nuts and bolts” of AWS, such as the global infrastructure and
core services of AWS. It encompasses 34% of the exam and includes the following
topics:
■■ Task Statement 3.1: Define methods of deploying and operating in the AWS
Cloud.
■■ Task Statement 3.2: Define the AWS global infrastructure.
■■ Task Statement 3.3: Identify AWS compute services.
■■ Task Statement 3.4: Identify AWS database services.
■■ Task Statement 3.5: Identify AWS network services.
■■ Task Statement 3.6: Identify AWS storage services.
■■ Task Statement 3.7: Identify AWS artificial intelligence and machine learning
(AI/ML) services and analytics services.
■■ Task Statement 3.8: Identify services from other in-scope AWS service
categories.

Domain 4: Billing, Pricing, and Support

Chapters 19 through 21 cover Domain 4: Billing, Pricing, and Support. In these
chapters, you’ll learn about the tools and techniques for controlling costs inside
AWS as well as the resources that are available to assist you. This domain accounts
for 12% of the exam and includes the following topics:
■■ Task Statement 4.1: Compare AWS pricing models.
■■ Task Statement 4.2: Understand resources for billing, budget, and cost
management.
■■ Task Statement 4.3: Identify AWS technical resources and AWS Support
options.
 Introduction xxv

Steps to Becoming an AWS Certified Cloud Practitioner

To become an AWS Certified Cloud Practitioner, a test candidate should meet cer-
tain prerequisites and follow specific procedures. Once they deem themselves ready,
a test candidate can sign up for the exam.

Signing Up for the Exam

The steps required to sign up for the AWS Certified Cloud Practitioner exam are as
follows:
Step 1. To schedule your exam, first create an AWS Certification account at
https://www.aws.training/certification
Step 2. Complete the Examination Agreement, attesting to the truth of your
assertions regarding professional experience and legally committing to
adhering to the testing policies.
Step 3. Submit the examination fee.

Facts About the Exam

The exam is a computer-based test. The exam consists of multiple-choice questions
only. You must bring a government-issued identification card. No other forms of ID
will be accepted.

TIP Refer to the AWS Certification site at https://aws.amazon.com/certification/ for

more information regarding the AWS Certified Cloud Practitioner and other AWS
certifications.

How to Use This Book

This book maps directly to the topic areas of the exam and uses a number of features
to help you understand the topics and prepare for the exam.

Objectives and Methods

This book uses several key methodologies to help you discover the exam topics on
which you need more review, to help you fully understand and remember those
details, and to help you prove to yourself that you have retained knowledge of those
topics. This book does not try to help you pass the exam only by memorization; it
seeks to help you truly learn and understand the topics. This book is designed to help
you pass the AWS Certified Cloud Practitioner exam by using the following methods:
■■ Helping you discover which exam topics you have not yet become proficient in
■■ Providing explanations and information to fill in your knowledge gaps
xxvi AWS Certified Cloud Practitioner CLF-C02 Cert Guide

■■ Supplying exercises that enhance your ability to recall and deduce the answers
to test questions
■■ Providing practice exercises on the topics and the testing process via test
questions on the companion website

Book Features
To help you customize your study time using this book, the core chapters have
several features that help you make the best use of your time:
■■ Foundation Topics: These are the core sections of each chapter. They explain
the concepts for the topics in that chapter.
■■ Exam Preparation Tasks: After the “Foundation Topics” section of each
chapter, the “Exam Preparation Tasks” section lists a series of study activities
that you should do at the end of the chapter:
■■ Review All Key Topics: The Key Topic icon appears next to the most
important items in the “Foundation Topics” section of the chapter. The
“Review All Key Topics” activity lists the key topics from the chapter,
along with the page number for each one. Although the contents of the
entire chapter could be on the exam, you should definitely know the
information listed in each key topic, so you should review these.
■■ Define Key Terms: Although the Cloud Practitioner exam may be
unlikely to ask a question such as “Define this term,” the exam does
require that you learn and know a lot of AWS-related terminology. This
section lists the most important terms from the chapter, asking you to
write a short definition and compare your answer to the Glossary at the
end of the book.
■■ Q&A Questions: Confirm that you understand the content you
just covered by answering these questions and reading the answer
explanations.

■■ Web-based practice exam: The companion website includes the Pearson

Cert Practice Test engine, which allows you to take practice exams. Use it to
prepare with a sample exam and to pinpoint topics where you need more study.

How to Access the Companion Website

Register this book to get access to the Pearson IT Certification test engine and
other study materials, as well as additional bonus content. Check this site regularly
 Introduction xxvii

for new and updated postings written by the author that provide further insight into
the more troublesome topics on the exam. Be sure to check the box indicating that
you would like to hear from us to receive updates and exclusive discounts on future
editions of this product or related products.
To access this companion website, follow these steps:
Step 1. Go to www.pearsonitcertification.com/register and log in or create a
new account.
Step 2. Enter the ISBN: 9780138285999.
Step 3. Answer the challenge question as proof of purchase.
Step 4. Click the Access Bonus Content link in the Registered Products section
of your account page to be taken to the page where your downloadable
content is available.
Please note that many of our companion content files can be very large, especially
image and video files.
If you are unable to locate the files for this title by following the steps above,
please visit www.pearsonITcertification.com/contact and select the Site Problems/
Comments option. Our customer service representatives will assist you.

Pearson Test Prep Practice Test Software

As noted previously, this book comes complete with the Pearson Test Prep practice
test software, containing two full exams. These practice tests are available to you
either online or as an offline Windows application. To access the practice exams that
were developed with this book, please see the instructions below.

How to Access the Pearson Test Prep (PTP) App

You have two options for installing and using the Pearson Test Prep application: a
web app and a desktop app. To use the Pearson Test Prep application, start by find-
ing the registration code that comes with the book. You can find the code in these
ways:
■■ You can get your access code by registering the print ISBN (9780138285999)
on pearsonitcertification.com/register. Make sure to use the print book ISBN
regardless of whether you purchased an eBook or the print book. After you
register the book, your access code will be populated on your account page
under the Registered Products tab. Instructions for how to redeem the code
xxviii AWS Certified Cloud Practitioner CLF-C02 Cert Guide

are available on the book’s companion website by clicking the Access Bonus
Content link.
■■ If you purchase the Premium Edition eBook and Practice Test directly from
the Pearson IT Certification website, the code will be populated on your
account page after purchase. Just log in at pearsonitcertification.com, click
Account to see details of your account, and click the Digital Purchases tab.

NOTE After you register your book, your code can always be found in your account
on the Registered Products tab.
Once you have the access code, to find instructions about both the Pearson Test
Prep web app and the desktop app, follow these steps:
Step 1. Open this book’s companion website, as shown earlier in this Introduc-
tion, under the heading, “How to Access the Companion Website.”
Step 2. Click the Practice Test Software button.
Step 3. Follow the instructions listed there for both installing the desktop app
and using the web app.
Note that if you want to use the web app only at this point, just navigate to
pearsontestprep.com, log in using the same credentials used to register your book or
purchase the Premium Edition, and register this book’s practice tests using the
registration code you just found. The process should take only a couple of minutes.

Customizing Your Exams

Once you are in the exam settings screen, you can choose to take exams in one of
three modes:
■■ Study mode: Allows you to fully customize your exam and review answers as
you are taking the exam. This is typically the mode you use first to assess your
knowledge and identify information gaps.
■■ Practice Exam mode: Locks certain customization options, as it is presenting
a realistic exam experience. Use this mode when you are preparing to test your
exam readiness.
■■ Flash Card mode: Strips out the answers and presents you with only the
question stem. This mode is great for late-stage preparation when you really
want to challenge yourself to provide answers without the benefit of see-
ing multiple-choice options. This mode does not provide the detailed score
reports that the other two modes do, so you should not use it if you are trying
to identify knowledge gaps.
 Introduction xxix

In addition to these three modes, you will be able to select the source of your ques-
tions. You can choose to take exams that cover all of the chapters, or you can narrow
your selection to just a single chapter or the chapters that make up a specific part in
the book. All chapters are selected by default. If you want to narrow your focus to
individual chapters, simply deselect all the chapters and then select only those on
which you wish to focus in the Objectives area.
You can also select the exam banks on which to focus. Each exam bank comes com-
plete with a full exam of questions that cover topics in every chapter. The two exams
printed in the book are available to you, as are two additional exams of unique ques-
tions. You can have the test engine serve up exams from all four banks or just from
one individual bank by selecting the desired banks in the exam bank area.
There are several other customizations you can make to your exam from the exam
settings screen, such as the time of the exam, the number of questions served up,
whether to randomize questions and answers, whether to show the number of cor-
rect answers for multiple-answer questions, and whether to serve up only specific
types of questions. You can also create custom test banks by selecting only questions
that you have marked or questions for which you have added notes.

Updating Your Exams

If you are using the online version of the Pearson Test Prep software, you should
always have access to the latest version of the software as well as the exam data. If
you are using the Windows desktop version, every time you launch the software
while connected to the Internet, it checks if there are any updates to your exam data
and automatically downloads any changes that were made since the last time you
used the software.
Sometimes, due to many factors, the exam data may not fully download when you
activate your exam. If you find that figures or exhibits are missing, you may need to
manually update your exams. To update a particular exam you have already activated
and downloaded, simply click the Tools tab and click the Update Products button.
Again, this is only an issue with the desktop Windows application.
If you wish to check for updates to the Pearson Test Prep exam engine software,
Windows desktop version, simply click the Tools tab and click the Update
Application button. This ensures that you are running the latest version of the
software engine.
xxx AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Credits
Figures 1.1-1.8, 2.1-2.5, 3.1, 4.1-4.4, 5.1, 6.1-6.7, 7.2, 8.2, 8.3, 9.1-9.5, 10.1-10.3,
11.1, 11.2, 12.1-12.3, 13.1-13.4, 14.1-14.3, 15.1, 15.2, 16.1-16.4, 17.1-17.3,
18.1-18.4, 19.1-19.3, 20.1-20.3, 21.1-21.5-Amazon Web Services, Inc
Figures 6.8 & 11.3-Microsoft Corporation
This page intentionally left blank
 CHAPTER 17

AWS Artificial Intelligence

and Data Analytics Services
In this chapter, we’ll delve into the exciting realm of artificial intelligence
(AI)/machine learning (ML) services in AWS. In addition, we will explore some
amazing data analytics services offered by AWS. This is an important chapter as
it addresses some of the most popular and hyped up topics in IT today.
AWS, as you would expect, does a fantastic job of making what might be very
complex technologies quite simple to implement. This chapter covers the AWS
services available in these areas.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should
read the entire chapter. Table 17-1 lists the major headings in this chapter and
the “Do I Know This Already?” quiz questions covering the material in those
sections so you can assess your knowledge of these specific areas. The answers to
the “Do I Know This Already?” quiz questions appear in Appendix A, “Answers
to the ‘Do I Know This Already?’ Quizzes and Q&A Sections.”

Table 17-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section Questions
Artificial Intelligence/Machine Learning Services 1–3
Data Analytics Services 4–6

CAUTION The goal of self-assessment is to gauge your mastery of the topics

in this chapter. If you do not know the answer to a question or are only partially
sure of the answer, you should mark that question as wrong for purposes of the
self-assessment. Giving yourself credit for an answer you correctly guess skews
your self-assessment results and might provide you with a false sense of security.
212 AWS Certified Cloud Practitioner CLF-C02 Cert Guide

1. You have been tasked with training a machine-learning model for a project in
your organization. What AWS service can assist you with this?
a. Kendra
b. Athena
c. SageMaker
d. Lex

2. What AWS service helps you offer intelligent natural language searching in
your solutions?
a. Lex
b. Kendra
c. SageMaker
d. QuickSight

3. You are interested in adding AI to your customer service chat. What AWS
service should you investigate?
a. Kendra
b. SageMaker
c. Athena
d. Lex

4. What AWS service permits SQL queries against data stored in S3 buckets?
a. Athena
b. QuickSight
c. Kinesis
d. Glue

5. What is an option for ETL data services in AWS?

a. Glue
b. Athena
c. SageMaker
d. Neptune
 Chapter 17: AWS Artificial Intelligence and Data Analytics Services 213

6. What service of AWS can assist you in creating powerful data visualizations
such as charts and graphs?
a. Athena
b. QuickSight
c. Glue
d. Kinesis
214 AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Foundation Topics

Artificial Intelligence/Machine Learning Services

I don’t want to take anything for granted in this section, so let’s begin by defining AI
and ML. Artificial intelligence (AI) refers to computer systems or machines that are
designed to perform tasks that typically require human intelligence, such as learning,
reasoning, problem-solving, and decision-making. A subset of this exciting discipline
is machine learning (ML), which involves the algorithms and models that enable
computers to learn patterns from data and make predictions or decisions without
explicit programming.
AI and ML are lofty disciplines that typically require the latest and greatest tech-
nologies and lots of available resources (like CPU, memory, and storage). AWS
is perfectly positioned to help companies take advantage of these cutting-edge
technologies.

SageMaker
AWS SageMaker is a smart assistant that you can use to build and train machine
learning models without needing to be a coding expert. It provides easy-to-use tools
to help you gather and prepare data, pick the right algorithm, and then train and
deploy your model, all in one convenient place on the AWS Cloud platform.
Figure 17-1 shows AWS SageMaker in the AWS Management Console.
AWS SageMaker offers several features that simplify the ML lifecycle. Here are just
some of them:
■■ Built-in algorithms: SageMaker comes with a variety of prebuilt algorithms
for common ML tasks—such as classification, regression, and clustering—
which means you don’t need to create models from scratch.
■■ Notebook instances: SageMaker provides Jupyter notebook instances, which
allow you to create and share documents that contain live code, equations,
visualizations, and narrative text.
■■ Training jobs: You can use SageMaker to easily train your ML models at
scale, distributing the training process across multiple instances.
■■ Model hosting: Once your model is trained, SageMaker makes it simple to
deploy, host, and integrate it with your applications.
 Chapter 17: AWS Artificial Intelligence and Data Analytics Services 215

■■ Managed endpoints: SageMaker provides managed endpoints for deploying

models, making it easy to handle real-time predictions and batch processing.
■■ Autopilot: SageMaker enables you to automate the end-to-end process of
building, training, and deploying ML models with minimal effort, making it
suitable for users with limited ML expertise.

Figure 17-1 AWS SageMaker

Lex
AWS Lex makes it easy to create virtual assistants for your applications. It’s a service
that helps you build chatbots and conversational interfaces using natural language
understanding. Think of it as the brain behind a chatbot. Lex understands user
inputs, extracts key information, and can respond in a way that makes sense.
This service is handy for creating interactive experiences in your applications,
whether for answering customer queries, handling reservations, or guiding users
through processes. You can integrate Lex into various platforms, such as mobile apps
or websites, to make it easier for users to interact with your applications using just
216 AWS Certified Cloud Practitioner CLF-C02 Cert Guide

their words. Plus, Lex is powered by the same technology as Amazon Alexa, so it’s
got some serious language smarts under the hood.

Kendra
AWS Kendra is a super-smart search engine that is designed to help you find infor-
mation effortlessly. It’s a powerful search service that uses ML to understand the
context and meaning behind your queries. Instead of just matching keywords,
Kendra comprehends natural language, making it feel like you’re having a
conversation with your search engine. It’s great for handling complex searches across
vast amounts of data in documents, FAQs, or other sources. Figure 17-2 shows the
Kendra service in the AWS Management Console.

Figure 17-2 AWS Kendra

AWS Kendra includes the following features:

■■ Semantic search: Kendra uses machine learning algorithms to understand the
semantics of the content and improve the accuracy of search results by recog-
nizing nuances of and relationships between words.
 Chapter 17: AWS Artificial Intelligence and Data Analytics Services 217

■■ Relevance tuning: Kendra allows you to fine-tune search results to prioritize

certain documents or sources based on your preferences. It enables you to
ensure that the most important information is surfaced first.
■■ Rich document support: Kendra can handle a variety of document types,
including PDFs, Word documents, HTML, and more, making it versatile for
different types of content.
■■ Query suggestions: Kendra provides query suggestions to guide users and
help them refine their search queries for better results.
■■ Natural language query enhancement: Kendra assists users in constructing
more effective queries by suggesting natural language improvements, making
the search process more intuitive.

Data Analytics Services

AWS offers a suite of data analytics services that can help a small startup or a large
enterprise make informed decisions by extracting meaningful patterns from data.
AWS provides scalable and flexible solutions to analyze data efficiently. With ser-
vices like AWS Athena, and AWS Glue, you can turn raw data into actionable intel-
ligence. The AWS Cloud makes data analytics accessible, allowing you to focus on
uncovering valuable insights without the hassle of managing complex infrastructure.

Athena
When I first tried the AWS Athena service, I thought it was pure magic. Athena is
a serverless, interactive query service that makes it possible to analyze data residing
in AWS S3 buckets using standard SQL expressions. With Athena, you don’t need
complex data transformation or loading processes. You dump the data into S3, and
you are ready to directly query the data in its raw, native format.
Athena uses Trino and Presto, which are open-source distributed SQL query
engines that enable you to execute SQL queries across your data stored in S3.
Athena supports various data formats, including Avro, Parquet, ORC, JSON, and
CSV, ensuring compatibility with a wide range of data structures. In addition,
Athena integrates with the AWS Glue Data Catalog (discussed next) to streamline
the metadata management process and enhance query efficiency.

Glue
The AWS Glue service provides ETL (extract, transform, and load) services for your
data analytics. An ETL system in data analytics is like an automated data organizer
that collects information from different places, cleans it up, and arranges it neatly
218 AWS Certified Cloud Practitioner CLF-C02 Cert Guide

so that your analysts can easily make sense of it. It’s basically the behind-the-scenes
work that ensures your data is ready and polished for analysis.
The Glue Data Catalog acts as a central repository for metadata about your data
sources, transformations, and targets. AWS Glue crawlers automatically scan and
catalog data in various formats across different storage systems, creating a searchable
and organized metadata store.
The ETL process is handled by Glue Jobs, which allows you to define and execute
Python or Scala code for data transformation. Glue provides a serverless execution
environment and allows you to scale your ETL jobs based on demand without man-
aging the underlying infrastructure.
Glue features tight integration with other AWS services and supports a variety of
potential data sources and destinations, including S3, Redshift, and RDS.

QuickSight
AWS QuickSight is a business intelligence service that makes it easy to visualize and
explore your data. It allows you to create interactive dashboards and reports, provid-
ing insights from various data sources with just a few clicks.
QuickSight is designed to be user friendly, enabling both technical and nontechnical
users to derive meaningful insights from their data through intuitive and customiz-
able visualizations.
AWS QuickSight offers several key features that make it a powerful and user-
friendly business intelligence service:
■■ Easy data integration: QuickSight seamlessly connects to various data
sources, including AWS services, databases, and third-party applications, mak-
ing it convenient to analyze data from different platforms.
■■ Intuitive visualizations: QuickSight provides a wide range of customizable
and interactive visualizations, such as charts, graphs, and maps, to allow users
to represent data in ways that best communicate insights.
■■ Insights: QuickSight’s Auto Insights feature uses machine learning to auto-
matically discover hidden trends, patterns, and anomalies in data, saving users
time in the analysis process.
■■ Smart recommendations: QuickSight offers intelligent recommendations for
the most suitable visualizations based on the type of data and the analysis per-
formed, enhancing the user experience and aiding in data exploration.
■■ SPICE: QuickSight uses the Super-fast, Parallel, In-memory Calculation
Engine (SPICE), which provides high-performance data processing for quick
and responsive analytics, even with large datasets.
 Chapter 17: AWS Artificial Intelligence and Data Analytics Services 219

■■ Ad hoc analysis: Users can perform ad hoc analysis by dragging and dropping
fields to create new visualizations on the fly, enabling quick exploration and
understanding of data.
■■ Dashboard storytelling: QuickSight supports the creation of interactive
dashboards and stories that allow users to present and share insights in a narra-
tive format and enhance the communication of data-driven stories.

Kinesis
AWS Kinesis is a fully managed platform designed for real-time processing of
streaming data at scale. It enables an organization to ingest, process, and analyze
large volumes of real-time data from diverse sources, such as Internet of Things
(IoT) devices, applications, and logs. Figure 17-3 shows AWS Kinesis in the AWS
Management Console.

Figure 17-3 AWS Kinesis

220 AWS Certified Cloud Practitioner CLF-C02 Cert Guide

Kinesis offers a suite of services that cater to specific aspects of streaming data
workflows:
■■ Kinesis Data Streams: This service allows you to collect and process real-
time data streams. It enables you to scale the number of streaming data shards
based on the volume of data, ensuring efficient handling of varying workloads.
With Data Streams, developers can build applications that rapidly respond to
changing data and extract valuable insights in real time.
■■ Kinesis Data Firehose: This service simplifies the process of loading stream-
ing data into other AWS services or external destinations and eliminates the
need for manual intervention. It automates data delivery, transformation,
and compression, streamlining the data pipeline and reducing management
overhead.
■■ Kinesis Data Analytics: This service facilitates the real-time analysis of
streaming data. It enables you to run SQL queries on streaming data, extract
meaningful information, and derive insights on the fly. Kinesis Data Analytics
enables an organization to gain actionable intelligence from its streaming data
in order to make informed decisions and drive innovation.

As you can see, AWS Kinesis is a comprehensive and scalable solution for managing
the entire lifecycle of your streaming data, from ingestion and processing to analysis
and delivery.
 Chapter 17: AWS Artificial Intelligence and Data Analytics Services 221

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have
a few choices for exam preparation: the exercises here, Chapter 22, “Final Prepara-
tion,” and the exam simulation questions in the Pearson Test Prep Software Online.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topics icon in
the outer margin of the page. Table 17-2 lists these key topics and the page number
on which each is found.

Table 17-2 Key Topics for Chapter 17

Key Topic Element Description Page Number
List SageMaker features 214
Overview Lex 215
Overview Athena 217
Overview Kinesis 219

Define Key Terms

Define the following key terms from this chapter and check your answers in the
Glossary:
SageMaker, Lex, Kendra, Athena, Glue, QuickSight, Kinesis

Q&A
The answers to these questions appear in Appendix A. For more practice with exam
format questions, use the Pearson Test Prep Software Online.
1. Name and briefly describe the AWS AI/ML service that is powered by the
same technology as Amazon Alexa.
2. Name and briefly describe the AWS technology that aims to manage your data
streaming lifecycle from ingestion to analysis.
This chapter covers the following subjects:

■■ Business Application Services: This section of the chapter describes

several services that provide key business needs, like email and customer
service. It also covers AWS tools that foster integration between services.
■■ Customer Engagement Services: In this section of the chapter, you will
learn about several different services that aim to improve the AWS customer
experience.
■■ Developer Services: AWS has many tools and services designed to thrill
your developers. In this section of the chapter, you will learn about many
important developer services.
■■ End-User Compute Services: In this section of the chapter, you will learn
about methods of making applications and even entire desktops available via
remote access.
■■ IoT Services: IoT is a growing trend in modern compute. In this section of
the chapter, you’ll learn about two fundamental IoT services of AWS.
Index

A Aurora, 180–181
automation, 17, 42, 142
accessibility options, IAM (Identity and Access
API, 142
Management), 117
script, 142
Activate for Startups, 228, 285
AZ (availability zone), 27
agility, 30–33, 285
Backup, 286
AI (artificial intelligence), 214
benefits of using
AI/ML services
agility, 30–33
Kendra, 216–217
automation, 70–71
Lex, 215–216
economic, 25
SageMaker, 214–215
elasticity, 29–30
align phase, cloud transformation journey, 59
global infrastructure, 26–28
Amazon Connect, 226
HA (high availability), 29
Amazon GuardDuty, 107, 285
managed services, 71–72
Amazon Inspector, 106, 285
Billing and Cost Management, 257
Amplify, 234, 285
Billing Conductor, 259
AMS (AWS Managed Services), 229
Budgets, 258
anycast IP addressing, 159
Cost Allocation Tags, 260
API (application programming interface), 147,
Cost and Usage Reports, 259
285
Cost Explorer, 258–259
automation, 142
Pricing Calculator, 259
Health, 292
CAF (Cloud Adoption Framework), 55–56
API Gateway, 14, 285
CLI (command-line interface), 47, 146–147
AppConfig, 230, 285
Cloud Adoption Framework, 59
AppStream 2.0, 235, 285
cloud transformation journey, 58–59
AppSync, 234, 285
perspectives, 57
Artifact, 286
cloud transformation value chain, 55–56
Athena, 217, 286
CloudFormation, 17
Aurora, 180–181, 286
CloudFront, 158–159
authentication, multifactor, 115, 121
CloudTrail, 18
Auto Scaling, 29, 46–47, 70, 286
CodeDeploy, 17, 143–144
automation, 42, 45, 46, 47, 70–71, 142, 286
compliance support, 105
API, 142
compute service, 8
CloudFormation, 17
EC2 (Elastic Compute Cloud), 8–9,
CodeDeploy, 17
167–170
OpsWorks, 17
ECS (Elastic Container Service), 10–11
versus orchestration, 143
Elastic Beanstalk, 10
script, 142
Lambda, 8–9
availability, 286
Config, 110
Availability Zones, 156
connectivity options, 148–149
AWS. See also service/s
container management
Artifact, 109
ECS (Elastic Container Service), 170–171
Audit Manager, 110, 286
EKS (Elastic Kubernetes Service), 171–172
Auditor Learning Path, 286
cost dashboard, 25–26
316 AWS

database service shared responsibility model, 96–97, 105–106, 287

DynamoDB, 14 AWS responsibilities, 97
ElasticCache, 15 customer responsibilities, 98–100, 109
RDS (Relational Database Service), 14–15 IT controls, 97
Redshift, 15 Shield, 108, 287
deployment models, 147–148 Snowball, 61–63
Direct Connect, 148, 159–160 Support
DMS (Database Migration Service), 59–60 goals, 274–275
documentation. See documentation plans, 276–277
Edge Location, 27 Systems Manager, 18, 122, 287
experimentation, 31, 47 technical resources, 272–273
Fargate, 171 Trusted Advisor, 18, 133–135
foundational capabilities, 56 Well-Architected Framework, 41, 287. See also
Free Tier account Well-Architected Framework
building a web server with, 85–91 design recommendations, 41–42
components, 77–79 goals, 41
creating, 82–85 pillars, 41
services, 79–82 Well-Architected Tool, 42
Global Accelerator, 159 Whitepapers & Guides, 271
global infrastructure, 31, 286 AZ (availability zone), 27, 286
Availability Zones, 156
Edge Location, 156
Local Zones, 157 B
Regions, 154–156 backup and recovery. See also storage service
Wavelength Zones, 157–158 AWS Backup, 207
IAM Identity Center, 122 testing, 46
infrastructure, 105 basic support plan, 288
innovation, 105 benefits of using AWS
IQ, 229 agility, 30–33
IT controls, 97 automation, 70–71
Knowledge Center, 132, 286 economic, 25
Lambda, 47, 172–173 elasticity, 29–30
managed services, 50 global infrastructure, 26–28
Management Console, 85, 146 HA (high availability), 29
Marketplace, 106, 135, 287 managed services, 71–72
NACL (network access control list), 130–131 Billing Conductor, 259, 288
network service, 12 Budgets, 258, 288
API Gateway, 14 business application services
CloudFront, 13–14 Amazon Connect, 226
Direct Connect, 14 EventBridge, 227
Route 53, 13 SES (Simple Email Service), 227
VPC (Virtual Private Cloud), 12–13 SNS (Simple Notification Service), 227
OpsWorks, 17, 146 SQS (Simple Queue Service), 228
orchestration, 143–144 business perspective, 57
Organizations, 260–262 Business Support Plan, 288
Partner Network, 287
pay-as-you-go pricing, 25–26, 105
Professional Services, 287 C
Regions, 26–28 CAF (Cloud Adoption Framework), 55–56, 288
root account, 118 capacity, estimation, 46–47
Secrets Manager, 122, 287 CapEx (capital expenditures), 25, 31, 67, 288
Security Blog, 133, 287 CDN (content delivery network), 47. See also
Security Center, 132–133, 287 CloudFront
security groups, 129–130 CFM (cloud financial management), 48, 288
Security Hub, 107, 287 CIA (confidentiality, integrity, and availability),
Service Catalog, 17–18 57, 105
 database service 317

CLF-C02 exam benefits, 167–168

exam information, 279–281 instance types, 168–169
getting ready, 281–282 pricing models, 169–170
suggested plan for final review/study, 282–283 ECS (Elastic Container Service), 10–11
updates, 313–314 Elastic Beanstalk, 10
CLI (command-line interface), 47, end-user
146–147 AppStream 2.0, 235
cloud. See also AWS AWS WorkSpaces, 235–236
community, 7 Workspaces Web, 236
connectivity options, 148–149 Lambda, 8–9
definition, 5–6 pricing
on-demand self service, 5 Dedicated Hosts, 248–249
deployment models, 7–8, 147–148 Dedicated Instance, 249–250
economics, 67 On-Demand Capacity Reservation, 250–252
CapEx (capital expenditures), 67 on-demand instance, 245
costs associated with on-premises reserved instance, 246
environments, 69–70 savings plan, 246–247
OpEx (operating expenses), 67 Spot Instance, 247
pay-as-you-go pricing, 67–68 confidentiality, 289
hybrid, 7–8 configuration, template, 17
IaaS (infrastructure as a service), 7 connectivity options, 148–149, 159–160
metering, 6 consumption model, 48
orchestration, 143–144 container management, 10–11, 170
PaaS (platform as a service), 6–7 ECS (Elastic Container Service), 170–171
on-premises, 147 EKS (Elastic Kubernetes Service), 171–172
private, 7 Cost Allocation Tags, 260, 289
public, 7 Cost and Usage Reports, 259, 289
SaaS (software as a service), 6 Cost Explorer, 258–259, 289
transformation value chain, 55–56 cost optimization pillar, Well-Architected
workload, minimizing downstream impact, 50 Framework, 48–49, 290
Cloud Adoption Framework creating, Free Tier account, 82–85
cloud transformation journey, 58–59 credentials, IAM (Identity and Access Management),
perspectives, 57 121
Cloud9, 230, 288 customer
CloudFormation, 17, 145, 288 engagement services
CloudFront, 13–14, 47, 158–159, 192–194, 288 Activate for Startups, 228
CloudShell, 230–231, 288 AWS IQ, 229
CloudTrail, 18, 109, 116, 288 shared responsibility model, 96–97, 109
CloudWatch, 18–19, 109, 145, 288 -specific controls, 97
cluster, ECS (Elastic Container Service), 171
code, 8, 31, 44
CodeArtifact, 231–232, 289 D
CodeBuild, 232, 289 dashboard, cost, 25–26
CodeCommit, 232, 289 data, 45
CodeDeploy, 17, 143–144, 232, 289 data analytics services, 217
CodePipeline, 233, 289 Athena, 217
CodeStar, 233, 289 Glue, 217–218
command, sudo, 88–90 Kinesis, 219–220
community cloud, 7, 289 QuickSight, 218–219
compliance, 289 data lake, 11
PCI DSS, 116 data warehouse, Redshift, 15
security, 105, 108–110 database migration service, 59–60
tools, 109–110 database service
compute service, 8. See also serverless compute DynamoDB, 14, 181–183
EC2 (Elastic Compute Cloud), 8–9, 167 ElasticCache, 15, 183–184
318 database service

RDS (Relational Database Service), 14–15, ECS (Elastic Container Service), 10–11, 170–171,
179–181 290
Redshift, 15, 184–185 Edge Location, 27, 156, 290
Dedicated Host pricing, 248–249, 290 EFS (Elastic File System), 12, 205, 290
Dedicated Instance pricing, 249–250, 290 EKS (Elastic Kubernetes Service), 10–11, 171–172,
defense in depth, 45 290
On-Demand Capacity Reservation pricing, 250–252 Elastic Beanstalk, 10, 173–175, 291
on-demand instance Elastic Load Balancing, 291
EC2 (Elastic Compute Cloud), 169–170 ElastiCache, 15, 183–184, 291
pricing, 245 elasticity, 6, 8, 70, 291
on-demand self service, 5 ELB (Elastic Load Balancing), 29–30
deployment models, cloud, 7–8, 147–148 endpoint
design principles gateway, 161–162
cost optimization pillar, 48–49 interface, 161
operational excellence pillar, 44 VPC (Virtual Private Cloud), 160
performance efficiency pillar, 47–48 end-user compute service
reliability pillar, 46–47 AppStream 2.0, 235
security pillar, 44–45 AWS WorkSpaces, 235–236
sustainability pillar, 49–50 Workspaces Web, 236
developer services Enterprise Support Plan, 291
Amplify, 234 envision phase, cloud transformation journey, 58
AppConfig, 230 estimation, capacity, 46–47
AppSync, 234 EventBridge, 227, 291
Cloud9, 230 exam. See CLF-C02 exam
CloudShell, 230–231 experimentation, 31, 47
CodeArtifact, 231–232
CodeBuild, 232
CodeCommit, 232 F
CodeDeploy, 232 FAQs, 270–271
CodePipeline, 233 Fargate, 10–11, 171, 291
CodeStar, 233 federation, 116, 291
X-Ray, 233–234 firewall, web application, 130–131
DevOps, 71, 144 foundational capabilities, 56
Direct Connect, 14, 148, 159–160, 290 Free Tier account, 291
DMS (Database Migration Service), 59–60, 290 building a web server with, 85–86, 89
DNS (Domain Name Service), Route 53, 13, 192 EC2 instance, 87–88
Docker, 10–11 Launch an Instance page, 86–87
documentation shutting down your web server, 90
AWS Whitepapers & Guides, 271 testing the web server, 89–90
EC2 (Elastic Compute Cloud), components, 77–79
269–270 creating, 82–85
FAQs, 270–271 FSx, 205–206, 291
technical resources, 272–273
DynamoDB, 14, 181–183, 290
G
“game day” simulation, 42
E gateway endpoint, 161–162, 291
EBS (Elastic Block Store), 12, 203–204, 290 Glacier, 12, 292
EC2 (Elastic Compute Cloud), 8–9, 167, 290 Global Accelerator, 159, 292
benefits, 167–168 global infrastructure
Capacity Blocks for ML pricing plan, 251 Availability Zones, 156
documentation, 269–270 Edge Location, 156
instance types, 168–169 Regions, 154–156
pricing models, 169–170 Wavelength Zones, 157–158
economies of scale, 290 Glue, 217–218, 292
governance perspective, 57
 NIST (National Institute for Standards and Technology) 319

group/s, 292 J-K

IAM (Identity and Access Management), 117, 119
Kendra, 216–217, 293
security, 129–130
Kinesis, 219–220, 293
Knowledge Center, 132, 293
H KPI (key performance indicator), 49
Kubernetes, 10–11
HA (high availability), 29, 190, 292
Health API, 292
horizontal scaling, 46 L
hybrid cloud, 7–8, 148, 292
Lambda, 8–9, 47, 172–173, 293
launch phase, cloud transformation journey, 59
I Lex, 215–216, 293
licensing, software, 69
IaaS (infrastructure as a service), 7, 292
lifecycle, S3 (Simple Storage Service), 202
IaC (infrastructure as code), 292
lifecycle management, 71
IAM (Identity and Access Management), 16, 44–45,
Linux, sudo command, 88–90
115, 292
Local Zone, 157, 293
accessibility options, 117
logs and logging, 45, 145
best practices
create individual users, 119
credentials, 121 M
do not share access keys, 121
managed service, 50, 71–72, 146, 293
enable MFA, 121
management tools
grant the least privileges possible, 119–120
Service Catalog, 17–18
limited use of root account, 118
Systems Manager, 18, 145
review permissions, 120
Trusted Advisor, 18
store root user access keys properly, 119
Marketplace. See AWS, Marketplace
use AWS-defined policies for permissions, 119
mechanical sympathy, 48, 293
use groups to assign permissions to users, 119
Memcached, 184
use roles, 121
memory caching, ElasticCache, 184
use strong passwords, 120
metering, cloud service, 6
features, 115–117
MFA (multifactor authentication), 115, 121, 293
group/s, 117
migration to AWS. See also Cloud Adoption
identity federation, 116
Framework
MFA (multifactor authentication), 115
cloud transformation journey, 58–59
roles, 117
DMS (Database Migration Service), 59–60
service-to-service access in AWS, 115
Snowball, 61–63
user, 117
ML (machine learning), 214
IAM Identity Center, 122
monitoring, 18–20, 45, 121–122, 145
IGW (Internet gateway), 191
infrastructure. See also global infrastructure
AWS, 105 N
as code, 44 NACL (network access control list), 17, 130–131,
global, 31 190, 191, 294
as a service, 7 NAT gateway, 191, 294
inherited controls, 97 network service, 12
innovation, 32, 105 API Gateway, 14
integrity, 292 CloudFront, 13–14, 192–194
interface endpoint, 161, 292 Direct Connect, 14
Internet Gateway, 293 Route 53, 13, 192
IoT service, 236–237 VPC (Virtual Private Cloud), 12–13,
IoT Core, 237 190–191
IoT Greengrass, 238 NIST (National Institute for Standards and
IP address, anycast, 159 Technology), definition of the “cloud”,
IT controls, AWS, 97 5–6
320 operational excellence pillar

O region, 26–28, 154–156, 296

reliability pillar, Well-Architected Framework,
operational excellence pillar, 43–44, 294
46–47, 296
operations perspective, 57
reports, billing, 259
OpEx (operating expenses), 25, 67, 294
re:Post, 295
OpsWorks, 17, 146, 294
reserved instance pricing, 246, 296
orchestration, 143–144, 171, 294
resource
Organizations, 294
elasticity, 6
pooling, 5
P provisioning, 145
PaaS (platform as a service), 6–7, 295 ROI (return on investment), 49
passwords, strong, 120 role, 117, 121, 296
pay-as-you-go pricing, 25–26, 67–68, 105 root account, 118
PCI DSS compliance, 116 Route 53, 13, 192, 296
peering, VPC (Virtual Private Cloud), 162 route table, 191
penetration test, 109
people perspective, 57 S
performance efficiency pillar, Well-Architected
S3 (Simple Storage Service), 11, 199–201, 296
Framework, 47–48, 295
lifecycles, 202
permissions, IAM (Identity and Access
storage classes, 201–202
Management), 120
SaaS (software as a service), 6, 296
perspectives, Cloud Adoption Framework, 57
SageMaker, 214–215, 296
policy, 119
savings plan, EC2 (Elastic Compute Cloud), 170
conditions, 121
Savings Plan pricing, 246–247, 296
password, 120
scale phase, cloud transformation journey, 59
on-premises environment, 69–70, 147
scaling, horizontal, 46
prescriptive guidance, 295
script, automation, 47, 142
pricing. See also AWS, Billing and Cost Management
SDK (software development kit), 147
compute
Secrets Manager, 122
Dedicated Hosts, 248–249
security, 296. See also IAM (Identity and Access
Dedicated Instance, 249–250
Management)
On-Demand Capacity Reservation, 250–252
CIA (confidentiality, integrity, and availability),
on-demand instance, 245
105
reserved instance, 246
in the cloud, 96
savings plan, 246–247
of the cloud, 96
Spot Instance, 247
compliance programs, 108–110
EC2 (Elastic Compute Cloud),
compliance support, 105
169–170, 251
group, 16, 129–130, 190, 297
general practices, 244–245
perspective, 57
pay-as-you-go, 67–68, 105
pillar, Well-Architected Framework, 44–45
variables, 245
service
Pricing Calculator, 259, 295
IAM (Identity and Access Management), 16
private cloud, 7, 295
NACL (network access control list), 17
provisioning, CloudFormation, 145
shared responsibility model, 96–97
public cloud, 7, 295
AWS responsibilities, 97
public Internet, 148
customer responsibilities, 98–100
IT controls, 97
Q-R tools, 106–108
QuickSight, 218–219, 295 WAF (Web Application Firewall), 130–131
Security Blog, 133
Security Center, 132–133
RDS (Relational Database Service), 14–15, 59, 70,
serverless compute, 8, 47, 172
179–180, 295
Elastic Beanstalk, 173–175
recovery. See backup and recovery
Lambda, 166–173
Redis, 184
Service Catalog, 17–18, 297
Redshift, 15, 184–185, 295
 storage service 321

service/s. See also DMS (Database Migration AWS WorkSpaces, 235–236

Service) Workspaces Web, 236
AI/ML Free Tier account, 79–82
Kendra, 216–217 infrastructure as a, 7
Lex, 215–216 IoT, 236–237
SageMaker, 214–215 IoT Core, 237
AWS Artifact, 109 IoT Greengrass, 238
AWS Organizations, 260–262 managed, 50, 71–72, 146, 229
Billing and Cost Management, 257 network, 12
Billing Conductor, 259 API Gateway, 14
Budgets, 258 CloudFront, 13–14, 192–194
Cost Allocation Tags, 260 Direct Connect, 14
Cost and Usage Reports, 259 Route 53, 13, 192
Cost Explorer, 258–259 VPC (Virtual Private Cloud), 12–13, 190–191
Pricing Calculator, 259 platform as a, 6–7
business application security
Amazon Connect, 226 IAM (Identity and Access Management), 16
EventBridge, 227 NACL (network access control list), 17
SES (Simple Email Service), 227 security groups, 16
SNS (Simple Notification Service), 227 shared responsibility model, 99
SQS (Simple Queue Service), 228 software as a, 6
compute, 8. See also compute service storage, 11
EC2 (Elastic Compute Cloud), 8–9, 167–170 AWS Backup, 207
ECS (Elastic Container Service), 10–11 EBS (Elastic Block Store), 12, 203–204
Elastic Beanstalk, 10 EFS (Elastic File System), 12, 205
Lambda, 8–9 FSx, 205–206
customer engagement Glacier, 12
Activate for Startups, 228 S3 (Simple Storage Service), 11, 199–203
AWS IQ, 229 Storage Gateway, 207
data analytics, 217 WAF (Web Application Firewall), 130–131
Athena, 217 SES (Simple Email Service), 227, 297
Glue, 217–218 shared controls, 97
Kinesis, 219–220 shared responsibility model, 96–97, 105–106
QuickSight, 218–219 AWS responsibilities, 97
database. See also database service customer responsibilities, 98–100, 109
DynamoDB, 14, 181–183 IT controls, 97
ElasticCache, 15, 183–184 Simple Monthly Calendar, 297
RDS (Relational Database Service), 14–15, Snowball, 61–63, 297
179–180 SNS (Simple Notification Service), 227, 297
Redshift, 15, 184–185 software
developer licensing, 69
Amplify, 234 as a service, 6
AppConfig, 230 spot instance
AppSync, 234 EC2 (Elastic Compute Cloud), 170
Cloud9, 230 pricing, 247, 297
CloudShell, 230–231 SQS (Simple Queue Service), 228, 297
CodeArtifact, 231–232 Storage Gateway, 206–207, 297
CodeBuild, 232 storage service, 11
CodeCommit, 232 AWS Backup, 207
CodeDeploy, 232 EBS (Elastic Block Store), 12, 203–204
CodePipeline, 233 EFS (Elastic File System), 12, 205
CodeStar, 233 FSx, 205–206
X-Ray, 233–234 Glacier, 12
end-user compute S3 (Simple Storage Service), 11,
AppStream 2.0, 235 199–201
322 storage service

lifecycles, 202 automating creation of, 47

storage classes, 201–202 IAM (Identity and Access Management), 117
Storage Gateway, 207
strong passwords, 120
subnet, 190, 297 V
sudo command, 88–90 value chain, cloud transformation, 55–56
sustainability pillar, Well-Architected Framework, variable cost model, 67–68
49–51, 297 VM (virtual machine), horizontal scaling, 46
Systems Manager, 18, 122, 145, 287, 297 VPC (Virtual Private Cloud), 12–13, 190–191
endpoint, 160
peering, 162
T VPN (virtual private network), 148
technical resources, 272–273
technological obsolescence, 67
template, configuration, 17, 144 W
testing, 42, 44 WAF (Web Application Firewall),
penetration, 109 130–131, 298
recovery, 46 Wavelength Zone, 157–158, 298
web server, 89–90 web server
tool/s. See also service/s building with your Free Tier account, 85–86, 89
Auto Scaling, 29 EC2 instance, 87–88
compliance management, 109–110 Launch an Instance page, 86–87
ELB (Elastic Load Balancing), 29–30 shutting down, 90
management testing, 89–90
Service Catalog, 17–18 Well-Architected Framework, 41, 287
Systems Manager, 18, 145 cost optimization pillar, 48–49
Trusted Advisor, 18 design recommendations, 41–42
monitoring, 18–20 goals, 41
CloudWatch, 145 operational excellence pillar, 43–44
orchestration, 143–144 performance efficiency pillar, 47–48
provisioning, CloudFormation, pillars, 41
145 reliability pillar, 46–47
security, 106–108 security pillar, 44–45
Well-Architected, 42 sustainability pillar, 49–51
Trust and Safety team, 298 Whitepapers & Guides, 271
Trusted Advisor, 18, 133–135 workload, minimize downstream impact, 50
Workspaces Web, 236, 298

U
updates, CLF-C02 exam, 313–314 X-Y-Z
user account X-Ray, 233–234, 298