Definitions and pro-tips for the CLF-C02 certification.
Amazon CloudFront is a globally distributed content delivery network (CDN) service designed to accelerate the delivery of static and dynamic web content. It caches data at strategically located edge locations, reducing latency and improving performance for end-users worldwide, enhancing application responsiveness.
Amazon CloudWatch is a monitoring and observability service providing metrics, logs, and alarms for AWS resources and applications. It enables real-time monitoring of performance, resource utilization, and operational health, facilitating proactive identification and resolution of issues within the AWS environment.
Amazon DynamoDB is a fully managed, serverless NoSQL database service providing fast and predictable performance with seamless scalability. It supports both key-value and document data models, offering high availability and automatic replication across multiple Availability Zones for data durability.
Amazon Elastic Block Storage (EBS) provides persistent block storage volumes for use with Amazon EC2 instances. These volumes act as virtual hard drives, offering various types optimized for different workloads, including general purpose, throughput, and IOPS intensive applications. Data is preserved when the EC2 instance is stopped.
Amazon Elastic Compute Cloud (EC2) provides scalable compute capacity in the AWS cloud. It allows users to rent virtual machines (instances) with various operating systems, storage, networking, and security configurations. EC2 supports diverse workloads, from web servers to high-performance computing.
Amazon GuardDuty is a continuous threat detection service that intelligently monitors for malicious activity and unauthorized behavior. It analyzes CloudTrail event logs, VPC Flow Logs, and DNS logs using machine learning and threat intelligence feeds to identify potential security threats.
Amazon Macie is a fully managed data security service that uses machine learning to discover, classify, and protect sensitive data stored in Amazon S3. It automatically identifies Personally Identifiable Information (PII) and other sensitive data types, helping organizations meet compliance requirements and prevent data breaches.
Amazon Relational Database Service simplifies relational database setup, operation, and scaling in the AWS cloud. It automates administrative tasks like patching, backup, and recovery, supporting multiple database engines. RDS offers options for both on-demand and reserved instance pricing models for cost optimization.
Amazon Route 53 is a scalable and highly available cloud Domain Name System (DNS) web service. It translates human-readable domain names into the IP addresses required to access AWS resources and applications, supporting a variety of routing policies for increased reliability and performance.
Amazon Simple Storage Service (S3) is a highly scalable, durable, and secure object storage service. It stores data as objects within buckets, offering 99.999999999% (11 nines) durability. S3 is ideal for data backup, archiving, content distribution, and application data storage.
Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service enabling application-to-application (A2A) and application-to-person (A2P) communication. It allows you to send notifications via various protocols, including email, SMS, and mobile push notifications, facilitating event-driven architectures.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service. It facilitates decoupling application components, improving scalability and resilience. SQS enables asynchronous communication by storing messages until processed, ensuring reliable message delivery without requiring producers and consumers to be available simultaneously.
Amazon Virtual Private Cloud (VPC) allows you to create a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including IP address ranges, subnets, route tables, and network gateways.
API Gateway is a fully managed service that facilitates the creation, publication, maintenance, monitoring, and security of APIs at scale. It acts as a reverse proxy, handling tasks like authentication, authorization, rate limiting, and request transformation, enabling secure access to backend services.
Auto Scaling automatically adjusts the number of EC2 instances in your AWS account to maintain application availability and respond to changes in demand. It monitors application performance metrics and dynamically scales capacity by adding or removing instances based on defined policies and thresholds.
An Availability Zone is a physically distinct location within an AWS Region. Each AZ is isolated from failures in other AZs, providing fault tolerance. They are connected by low-latency networks, enabling high-bandwidth, low-latency connectivity for applications requiring high availability.
AWS Artifact is a service providing on-demand access to AWS’s compliance reports and certifications. It delivers pre-configured, auditable reports like SOC, PCI DSS, ISO, and HIPAA, simplifying the compliance process for AWS customers and enabling them to meet regulatory requirements.
AWS Athena is an interactive query service that enables analysis of data directly in Amazon S3 using standard SQL. It is serverless, requiring no infrastructure management, and charges per query, making it cost-effective for ad-hoc data exploration and analysis of large datasets.
AWS Budgets enables cost management by allowing users to define spending limits and receive notifications when actual or forecasted AWS costs exceed those defined thresholds. Budgets support cost, usage, and reservation scenarios, providing granular control over cloud expenditure.
The AWS Command Line Interface (CLI) is a unified tool enabling interaction with AWS services through command-line commands. It facilitates scripting, task automation, and integration with other development tools, offering programmatic control over AWS resources.
AWS CloudFormation is an Infrastructure as Code (IaC) service enabling you to model and provision AWS resources using declarative template files. These templates, written in JSON or YAML, define your infrastructure, automating creation, updates, and deletion for consistent and repeatable deployments.
AWS CloudTrail records API calls made to your AWS account, providing an audit trail of user activity and changes to AWS resources. This service enables security analysis, resource change tracking, and compliance auditing, helping to identify and investigate potential security incidents.
AWS Elastic Beanstalk is a Platform as a Service (PaaS) offering simplifying web application and service deployment. It automatically handles capacity provisioning, load balancing, auto-scaling, and application health monitoring, allowing developers to focus on code rather than infrastructure management.
AWS Glue is a fully managed ETL (Extract, Transform, Load) service designed to discover, prepare, and integrate data for analytics. It provides a data catalog, automatically detects schemas, and generates ETL code, simplifying data preparation for data warehouses and analytics applications.
AWS Identity and Access Management (IAM) provides secure control of access to AWS services and resources. IAM enables you to create and manage users, groups, and roles, and to define granular permissions using policies. It is fundamental to enforcing the principle of least privilege and securing your AWS environment.
AWS Key Management Service (KMS) is a managed service that facilitates the creation and control of cryptographic keys used for encrypting data. It supports symmetric and asymmetric encryption, allowing you to generate, store, and manage keys used with other AWS services and your applications.
AWS Lambda is a serverless compute service that executes code in response to events without requiring server management. Developers upload code as functions, and Lambda automatically scales and manages the infrastructure. Billing is based on the number of requests and execution duration, offering a pay-per-use model.
The AWS Management Console is a web-based graphical user interface (GUI) providing access to AWS services. It allows users to provision, configure, and manage AWS resources without requiring command-line expertise or coding, serving as a primary entry point for cloud administration.
AWS Marketplace is a curated digital catalog offering software, services, and data products from third-party vendors. It streamlines the procurement and deployment of solutions compatible with AWS, eliminating complex contract negotiations and simplifying software management.
AWS Organizations enables centralized management and governance of multiple AWS accounts. It facilitates policy creation, resource grouping, and consolidated billing across an organization, improving security and cost control as AWS usage scales. It’s foundational for enterprise-level cloud deployments.
AWS Professional Services delivers specialized consulting, implementation, and training services to assist customers with complex cloud adoption initiatives. They provide expertise in areas like migration, security, and application modernization, accelerating cloud transformation.
AWS QuickSight is a cloud-native, business intelligence (BI) service providing fast, scalable, and embedded analytics capabilities. It allows users to create interactive dashboards and visualizations from various data sources, enabling data-driven decision-making and business insights.
AWS Software Development Kits (SDKs) are libraries and tools that allow developers to programmatically access AWS services from various programming languages like Python, Java, and JavaScript. They enable integration of AWS functionality into custom applications and automated workflows.
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service designed to mitigate attacks targeting applications running on AWS. Shield Standard is automatically enabled for all AWS customers, while Shield Advanced provides enhanced protection and 24/7 access to the DDoS Response Team.
The AWS Snow Family provides secure, portable devices for transferring large datasets into and out of AWS. Snowcone is for edge computing and smaller transfers, Snowball is for terabyte-scale data, and Snowmobile is an exabyte-scale data transfer service utilizing a physically transported storage appliance.
AWS Snowball is a physical data transport service for moving large datasets (petabytes) into and out of AWS. It utilizes secure, ruggedized appliances shipped to your location, offering a cost-effective alternative to internet-based data transfer when network bandwidth is limited or transfer times are prohibitive.
AWS Step Functions is a serverless orchestration service enabling the coordination of multiple AWS services. It allows developers to build and execute state machines, defining workflows as code, to automate complex application processes without managing servers or infrastructure.
AWS Support provides technical assistance, architectural guidance, and access to resources for AWS customers. It offers various support tiers, each providing different response times, support channels, and access to AWS technical account managers.
AWS Training and Certification offers a comprehensive suite of learning resources, including digital courses, classroom training, and industry-recognized certifications. These programs are designed to validate cloud skills and expertise across various AWS services and roles.
AWS Trusted Advisor is an online tool analyzing your AWS infrastructure against best practices. It provides recommendations across five categories: Cost Optimization, Performance Improvement, Security Checks, Fault Tolerance, and Service Limits, helping to reduce risks and improve efficiency.
AWS WAF (Web Application Firewall) protects web applications and APIs from common web exploits, such as SQL injection and cross-site scripting (XSS). It operates by inspecting HTTP(S) traffic and blocking malicious requests based on configurable rules and conditions, enhancing application security.
Block storage divides data into equally-sized blocks, offering low-latency, direct access ideal for operating systems, databases, and applications requiring rapid data retrieval. Unlike object storage, it presents a volume as a raw, unformatted device to the operating system. Amazon EBS is AWS’s primary block storage service.
Cloud computing delivers on-demand access to computing resources—servers, storage, databases, networking, software, analytics, and intelligence—over the internet. It enables innovation, agility, and economies of scale by providing a pay-as-you-go model, reducing capital expenditure and operational overhead.
Compute Optimized instances (C-family) provide a high-performance processor-to-memory ratio, ideal for compute-intensive applications. These instances excel at tasks like high-volume batch processing, media transcoding, ad serving, and high-performance computing (HPC) workloads requiring significant CPU power.
A Content Delivery Network (CDN) is a distributed network of servers that caches content in multiple geographic locations. This proximity to end-users reduces latency, accelerates content delivery, and improves application performance, particularly for static assets like images and videos.
AWS Cost Explorer is a tool that visually displays AWS cost and usage data, enabling users to analyze spending patterns, identify cost drivers, and forecast future costs. It supports filtering by service, region, and tag, providing granular cost insights.
The data tier represents the application architecture component responsible for persistent data storage and retrieval. It typically utilizes database services like RDS or DynamoDB, or storage services like S3, to manage and secure application data. It’s a critical layer for data integrity and availability.
Database as a Service (DBaaS) delivers database functionality without requiring users to manage underlying infrastructure. This cloud service handles provisioning, patching, backup, and scaling, enabling developers to focus on application development and data management rather than database administration.
Disaster Recovery (DR) encompasses the strategies and processes for restoring IT infrastructure and data following a disruptive event. Effective DR planning minimizes downtime and data loss, ensuring business continuity through redundancy, backups, and failover mechanisms.
Durability represents the long-term data preservation capability of a storage system. It measures the risk of data loss over time, often expressed as a percentage of data integrity. Redundancy, data replication, and error correction mechanisms contribute to high durability, safeguarding against hardware failures.
Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses. This enhances the fault tolerance, scalability, and availability of applications by preventing any single target from becoming a point of failure.
Elasticity describes a system’s ability to automatically adjust resources to match demand. This dynamic scaling optimizes cost by provisioning resources only when needed and releasing them during periods of low activity. It’s a core cloud benefit enabling efficient resource utilization and responsiveness.
Fault Tolerance ensures continued operation despite component failures. Systems achieve this through redundancy, allowing automatic failover to backup components. It minimizes service disruption by masking errors and maintaining availability, crucial for critical applications requiring uninterrupted performance.
High Availability focuses on minimizing downtime and ensuring continuous application access. This is achieved through redundant components, automated failover mechanisms, and health checks. Systems are designed to withstand failures and maintain service operation, typically measured as a percentage of uptime.
Hybrid Cloud is a computing environment that combines on-premises infrastructure with public cloud services, enabling data and application portability. This approach allows organizations to leverage the benefits of both environments, such as scalability, cost-effectiveness, and control, while maintaining existing investments.
Infrastructure as Code (IaC) manages and provisions cloud resources using machine-readable definition files, typically in JSON or YAML format. This approach automates infrastructure creation, updates, and deletion, ensuring consistency and repeatability across environments.
Instance Store provides temporary, ephemeral block-level storage directly attached to an EC2 instance. Data stored on instance store volumes is lost when the instance is stopped, terminated, or fails. It’s suitable for caching, temporary files, and workloads where data persistence isn’t required.
Instance Types define the virtual hardware configurations available for Amazon EC2 instances, specifying CPU, memory, storage, and networking capacity. AWS offers a diverse range of instance types optimized for various workloads, including general purpose, compute-optimized, memory-optimized, and accelerated computing.
Managed Services are cloud offerings where the provider assumes responsibility for the operational aspects of a service, including maintenance, patching, scaling, and high availability. This allows customers to offload administrative tasks and concentrate on building and deploying applications, accelerating innovation and reducing operational costs.
Memory Optimized instances (R-family and X-family) are designed for applications requiring large, fast in-memory datasets. They are well-suited for high-performance databases, in-memory caches, and real-time big data analytics, offering a high memory-to-CPU ratio for optimal performance.
Object storage stores data as objects within buckets, utilizing a flat hierarchy and metadata for identification and management. It offers high scalability, durability, and cost-effectiveness, making it ideal for storing unstructured data like images, videos, and backups.
Pay-as-you-go is an AWS pricing model offering on-demand access to cloud resources, billed only for the services consumed. This eliminates upfront costs and long-term contracts, providing scalability and cost efficiency based on actual usage. It’s a fundamental aspect of cloud economics.
An AWS Region is a geographically distinct area containing multiple, isolated Availability Zones. Regions are designed for high availability and fault tolerance, offering independent power, networking, and compliance boundaries. Selecting the correct region impacts latency, cost, and data sovereignty.
AWS Regions represent distinct geographic locations where AWS infrastructure is deployed. Each Region comprises multiple, isolated Availability Zones, providing high availability, fault tolerance, and redundancy for AWS resources. Selecting the appropriate Region impacts latency, cost, and data sovereignty.
The root account is the first AWS account created, granting unrestricted access to all AWS services and resources. It holds complete administrative privileges and is crucial for initial account setup and billing management. Secure this account diligently as compromise results in full account control.
Scalability is a system’s capacity to accommodate growing workloads. Vertical scalability increases the resources of a single instance (CPU, memory), while horizontal scalability adds more instances. Cloud environments favor horizontal scalability for its flexibility and cost-effectiveness in handling fluctuating demand.
Serverless computing enables developers to build and run applications without managing servers. The cloud provider automatically provisions and scales resources, charging only for the compute time consumed. This model abstracts infrastructure management, increasing developer productivity and reducing operational costs.
The AWS Shared Responsibility Model defines the security obligations between AWS and its customers. AWS secures the 'security of the cloud' – the underlying infrastructure. Customers are responsible for 'security in the cloud' – protecting their data, applications, operating systems, and identities.
AWS Storage Gateway is a hybrid cloud storage service enabling on-premises applications to seamlessly access AWS cloud storage. It provides low-latency access to storage through file, volume, and tape gateway types, integrating on-premises environments with AWS services like S3 and Glacier.
Virtualization creates abstract versions of physical resources—servers, operating systems, storage, and networks—allowing multiple operating systems to run concurrently on a single physical machine. This maximizes resource utilization, improves scalability, and reduces hardware costs through resource sharing and isolation.
The Well-Architected Framework provides guidance for building and operating resilient, high-performing, secure, and cost-effective systems on AWS. It’s structured around six pillars, offering a consistent approach to cloud architecture and continuous improvement through self-assessment and best practices.
We're adding new exams every week. Let us know what you're studying for, and we'll bump it up our priority list! (Typical turnaround: 2-3 days)
Your feedback has been submitted successfully. We appreciate your help in making Cert Sensei better!