Overview
The AWS Cloud Practitioner exam tests your foundational knowledge of core AWS services across Compute, Storage, Databases, Networking, and Management tools. This guide organizes the most critical services, their distinctions, and common exam traps to help you confidently identify the right service for any given scenario. Understanding when to use each service is just as important as knowing what it does.
---
Compute Services
Summary
AWS offers a spectrum of compute options ranging from full control (EC2) to fully serverless (Lambda). The exam frequently tests your ability to match a workload description to the correct compute service.
Key Services
• Amazon EC2 (Elastic Compute Cloud) – Resizable virtual servers. You choose the OS, CPU, memory, and storage. Full control over the underlying instance.
• AWS Lambda – Serverless, event-driven compute. No server management; you pay only for actual execution time.
• Amazon ECS (Elastic Container Service) – Fully managed Docker container orchestration. Supports both EC2 and Fargate launch types.
• AWS Fargate – Serverless compute engine for containers (works with ECS and EKS). Removes the need to manage EC2 instances beneath containers.
• AWS Elastic Beanstalk – Platform as a Service (PaaS) that auto-handles deployment, scaling, and load balancing for web apps, while you retain full resource control.
• EC2 Auto Scaling Group – Automatically adds or removes EC2 instances based on demand to ensure availability and cost efficiency.
EC2 Purchasing Options
| Option | Discount | Best For |
|---|---|---|
| On-Demand | Baseline | Short-term, unpredictable workloads |
| Reserved Instances | Up to 75% | Steady-state, predictable workloads |
| Spot Instances | Up to 90% | Fault-tolerant, flexible workloads |
| Savings Plans | Up to 72% | Flexible commitment-based savings |
Key Terms
• Serverless – No provisioning or managing of servers; the cloud provider handles infrastructure
• Container – Lightweight, portable unit of software that packages code and dependencies
• Orchestration – Automated management of containerized applications
• Auto Scaling – Dynamic adjustment of compute capacity based on defined metrics
Watch Out For
> ⚠️ Spot Instances can be interrupted with only a 2-minute warning — never use them for critical, uninterruptible workloads.
>
> ⚠️ Fargate vs. ECS: ECS is the orchestration service; Fargate is the compute engine. Fargate removes server management; ECS can run on either EC2 or Fargate.
>
> ⚠️ Elastic Beanstalk ≠ fully managed — you still have access to and control over the underlying EC2 resources, unlike a true PaaS lock-in.
---
Storage Services
Summary
AWS provides object, block, and file storage options, each designed for specific use cases. The exam heavily tests your ability to distinguish between S3, EBS, and EFS, as well as S3 storage class tiers.
Key Services
• Amazon S3 (Simple Storage Service) – Object storage. Stores objects (0 bytes to 5 TB) in buckets. Highly durable (11 9s). Not a file system or block device.
• Amazon EBS (Elastic Block Store) – Persistent block storage for EC2 instances. Functions like a virtual hard drive. Attached to one EC2 instance at a time.
• Amazon EFS (Elastic File System) – Shared, scalable file storage. Can be mounted by multiple EC2 instances simultaneously. Scales automatically.
• AWS Snowball / Snow Family – Physical appliances for transferring petabyte-scale data into/out of AWS when internet transfer is impractical.
S3 Storage Classes (Lowest to Highest Cost)
| Storage Class | Access Frequency | Retrieval Time |
|---|---|---|
| S3 Standard | Frequent | Milliseconds |
| S3 Standard-IA | Infrequent | Milliseconds |
| S3 One Zone-IA | Infrequent, single AZ | Milliseconds |
| S3 Glacier Instant Retrieval | Quarterly | Milliseconds |
| S3 Glacier Flexible Retrieval | Semi-annual | Minutes to hours |
| S3 Glacier Deep Archive | Once or twice/year | 12–48 hours |
Key Terms
• Object Storage – Stores data as discrete objects with metadata; ideal for unstructured data
• Block Storage – Stores data in fixed-size blocks; ideal for databases and OS volumes
• File Storage – Hierarchical file system; ideal for shared access across instances
• S3 Versioning – Preserves multiple versions of an object to recover from accidental deletes or overwrites
• Bucket – Top-level container for S3 objects; must have a globally unique name
Watch Out For
> ⚠️ EBS vs. EFS: EBS = one instance at a time. EFS = multiple instances simultaneously. This distinction is a frequent exam question.
>
> ⚠️ S3 Glacier Deep Archive has the lowest cost but the longest retrieval time (12–48 hours) — not suitable for data you need quickly.
>
> ⚠️ S3 is object storage, NOT a file system — you cannot "mount" S3 like a drive.
---
Database Services
Summary
AWS provides purpose-built databases for relational, NoSQL, in-memory, and analytical workloads. A key exam skill is matching the workload type (OLTP, OLAP, caching, etc.) to the correct database service.
Key Services
• Amazon RDS (Relational Database Service) – Managed relational database. Handles provisioning, patching, backups, and scaling. Supports MySQL, PostgreSQL, Oracle, SQL Server, MariaDB.
• Amazon Aurora – MySQL- and PostgreSQL-compatible relational database built for the cloud. 5x faster than MySQL, 3x faster than PostgreSQL. Part of RDS family.
• Amazon Aurora Serverless – Auto-scales Aurora capacity based on actual workload. Ideal for intermittent, unpredictable workloads.
• Amazon DynamoDB – Fully managed, serverless NoSQL key-value and document database. Single-digit millisecond performance at any scale.
• Amazon Redshift – Managed data warehousing service optimized for OLAP (Online Analytical Processing). Petabyte-scale analytics.
• Amazon ElastiCache – Fully managed in-memory caching service supporting Redis and Memcached. Improves performance by caching frequently accessed data.
Relational vs. Non-Relational at a Glance
| Feature | RDS / Aurora | DynamoDB |
|---|---|---|
| Data Model | Structured tables (SQL) | Key-value / Document (NoSQL) |
| Scaling | Vertical + Read Replicas | Horizontal, automatic |
| Use Case | OLTP, structured data | High-speed, flexible schema |
| Management | Managed (not serverless) | Fully serverless |
Key Terms
• OLTP (Online Transaction Processing) – High volume of short, fast transactions (e.g., banking, e-commerce) → RDS/Aurora
• OLAP (Online Analytical Processing) – Complex queries on large datasets for analytics → Redshift
• NoSQL – Non-relational database; flexible schema, horizontal scaling
• In-Memory Cache – Stores data in RAM for microsecond retrieval speeds
• Managed Service – AWS handles patching, backups, and infrastructure
Watch Out For
> ⚠️ RDS ≠ Aurora — Aurora is a specific RDS-compatible engine with superior performance. Aurora Serverless is a deployment option of Aurora, not a separate service.
>
> ⚠️ Redshift is for analytics (OLAP), NOT for transactional workloads (OLTP) — don't confuse it with RDS.
>
> ⚠️ ElastiCache is a cache, not a primary database — it sits in front of your database to reduce read load.
---
Networking Services
Summary
AWS networking services control how your resources communicate with each other, the internet, and on-premises environments. Understanding VPC fundamentals and the differences between security layers is critical for the exam.
Key Services
• Amazon VPC (Virtual Private Cloud) – Logically isolated virtual network. You define IP ranges, subnets, route tables, and gateways.
• Amazon Route 53 – Scalable DNS service. Translates domain names to IP addresses. Also supports domain registration and health checks.
• Amazon CloudFront – Content Delivery Network (CDN). Caches content at edge locations worldwide to reduce latency.
• AWS Direct Connect – Dedicated private physical network connection from on-premises to AWS. Bypasses the public internet for consistent performance.
• Elastic Load Balancer (ELB) – Distributes incoming traffic across multiple targets (EC2, containers, IPs).
VPC Core Concepts
| Concept | Description |
|---|---|
| Public Subnet | Has a route to an Internet Gateway; resources can communicate with the internet |
| Private Subnet | No internet route; resources are isolated from direct internet access |
| Internet Gateway | Enables VPC resources to communicate with the internet |
| Security Group | Stateful, instance-level firewall; return traffic automatically allowed |
| NACL (Network ACL) | Stateless, subnet-level firewall; must explicitly allow inbound AND outbound |
Load Balancer Types
| Type | Layer | Routing Capability |
|---|---|---|
| Application Load Balancer (ALB) | Layer 7 (HTTP/HTTPS) | URL path, host headers, query strings |
| Network Load Balancer (NLB) | Layer 4 (TCP/UDP) | Ultra-low latency, static IP |
| Gateway Load Balancer | Layer 3 | Third-party virtual appliances |
Key Terms
• Edge Location – AWS data center used by CloudFront to cache and serve content closer to users
• Stateful – Tracks connection state; return traffic is automatically allowed (Security Groups)
• Stateless – Does not track connections; every packet evaluated independently (NACLs)
• CDN (Content Delivery Network) – Distributed network that delivers content from locations nearest to the user
• DNS (Domain Name System) – Translates human-readable domain names to IP addresses
Watch Out For
> ⚠️ Security Group vs. NACL: Security Groups are stateful (instance-level); NACLs are stateless (subnet-level). If return traffic isn't working, think NACL.
>
> ⚠️ CloudFront ≠ Route 53 — CloudFront caches content; Route 53 resolves domain names. They often work together but serve different purposes.
>
> ⚠️ Direct Connect provides private, consistent connectivity to AWS — it does NOT automatically encrypt traffic. Add a VPN for encryption.
>
> ⚠️ ALB routes at Layer 7 (application-aware) — use it when you need path-based or host-based routing.
---
Management & Developer Tools
Summary
AWS management tools handle monitoring, compliance, automation, and messaging. The exam tests your ability to identify the right tool for auditing, alerting, infrastructure deployment, and application decoupling.
Key Services
• AWS CloudFormation – Infrastructure as Code (IaC). Define and provision resources using JSON or YAML templates for consistent, repeatable deployments.
• Amazon CloudWatch – Monitors metrics, logs, and events for AWS resources. Can trigger alarms, Auto Scaling actions, and SNS notifications.
• AWS CloudTrail – Records API calls and user activity across your account. Primary tool for auditing, governance, and compliance.
• AWS Trusted Advisor – Real-time recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.
• AWS Systems Manager – Operational management for EC2 fleets. Run scripts, patch instances, and store configuration data at scale.
• AWS Config – Continuously records resource configuration changes and evaluates them against compliance rules.
Messaging Services
| Service | Model | Pattern |
|---|---|---|
| Amazon SNS | Pub/Sub | Push: one message to many subscribers simultaneously |
| Amazon SQS | Message Queue | Pull: consumers retrieve messages one at a time; decouples components |
| Amazon Kinesis | Streaming | Real-time ingestion and processing of large-scale data streams |
Monitoring vs. Auditing vs. Compliance
| Tool | Primary Purpose |
|---|---|
| CloudWatch | Real-time monitoring of metrics, logs, and alarms |
| CloudTrail | Who did what, when? API call audit log |
| AWS Config | What does my resource look like? Configuration compliance tracking |
| Trusted Advisor | Am I following AWS best practices? |
Key Terms
• Infrastructure as Code (IaC) – Managing infrastructure through machine-readable definition files rather than manual processes
• Pub/Sub (Publish/Subscribe) – Messaging pattern where publishers send messages to a topic and all subscribers receive them
• Message Queue – Buffer that stores messages until a consumer retrieves and processes them
• Streaming Data – Continuous, real-time data flow (IoT sensors, clickstreams, logs)
• Audit Trail – Chronological record of events for compliance and forensic analysis
Watch Out For
> ⚠️ CloudWatch vs. CloudTrail: CloudWatch = what is happening now (metrics/performance). CloudTrail = who did what (API history/auditing). These are commonly confused.
>
> ⚠️ SNS vs. SQS: SNS pushes to multiple subscribers at once (fan-out). SQS queues messages for consumers to pull one at a time. They can be used together.
>
> ⚠️ CloudFormation ≠ Elastic Beanstalk: CloudFormation is pure IaC for any AWS resource. Beanstalk abstracts infrastructure specifically for web applications.
>
> ⚠️ AWS Config tracks configuration state over time — it answers "what changed?" CloudTrail answers "who changed it?"
>
> ⚠️ Kinesis is the answer when you see "real-time streaming," "IoT telemetry," or "clickstream analysis" in an exam scenario.
---
Quick Review Checklist
Use this before your exam to confirm you can answer each item confidently:
• [ ] Explain the difference between EC2, Lambda, Fargate, and Elastic Beanstalk and when to use each
• [ ] Recall that Spot Instances offer up to 90% savings but can be interrupted with a 2-minute warning
• [ ] Distinguish S3 (object), EBS (block, single instance), and EFS (file, multi-instance) storage types
• [ ] Know that S3 Glacier Deep Archive = lowest cost, 12–48 hour retrieval
• [ ] Explain S3 versioning and its purpose
• [ ] Match RDS/Aurora → OLTP, Redshift → OLAP, DynamoDB → NoSQL, ElastiCache → caching
• [ ] Know that Aurora is up to 5x faster than MySQL and is part of the RDS family
• [ ] Differentiate public vs. private subnets in a VPC
• [ ] Explain Security Groups (stateful, instance-level) vs. NACLs (stateless, subnet-level)
• [ ] Know that ALB operates at Layer 7 and supports content-based routing
• [ ] Recall that Route 53 = DNS, CloudFront = CDN/caching
• [ ] Know Direct Connect = dedicated private link to AWS (not encrypted by default)
• [ ] Distinguish CloudWatch (monitoring), CloudTrail (auditing), and AWS Config (compliance)
• [ ] Explain SNS (push/pub-sub) vs. SQS (pull/queue) and when to use each
• [ ] Identify CloudFormation as the IaC service for repeatable