← AWS Support & Operations – Cloud Practitioner Flashcards

AWS Cloud Practitioner Certification Study Guide

Key concepts, definitions, and exam tips organized by topic.

20 cards covered

AWS Support & Operations – Cloud Practitioner Study Guide


Overview

This study guide covers the core AWS support structures, monitoring tools, and operational services tested on the AWS Cloud Practitioner exam. You will need to understand the differences between support plan tiers, know which tools to use for auditing and monitoring, and recognize key operational services. Mastering these topics will help you answer scenario-based questions that ask you to select the right tool or right support plan for a given situation.


---


AWS Support Plans


Overview of the Four Tiers

AWS offers four support plans, escalating in cost and capability. Understanding what each plan uniquely provides is critical for the exam.


| Plan | Cost | Key Feature |

|---|---|---|

| Basic | Free | Docs, whitepapers, AWS Health Dashboard only |

| Developer | Paid | Business-hours email support, 1 primary contact |

| Business | Paid | 24/7 phone/email/chat, all Trusted Advisor checks |

| Enterprise On-Ramp | Paid | Pool of TAMs, concierge support |

| Enterprise | Paid | Dedicated TAM, fastest response times |


Plan-by-Plan Breakdown


#### Basic Support

  • Free for all AWS customers
  • • Access to: documentation, whitepapers, AWS forums, AWS Health Dashboard
  • No technical support cases
  • • Limited Trusted Advisor checks only

    • #### Developer Support

  • • Minimum paid tier
  • • Email support during business hours only
  • • General guidance response: < 24 business hours
  • • System impaired response: < 12 business hours
  • • One primary contact allowed

    • #### Business Support

  • First tier with 24/7 access to Cloud Support Engineers via phone, email, and chat
  • Unlocks ALL Trusted Advisor checks (key exam fact)
  • • Production system impaired: < 4 hours
  • • Production system down: < 1 hour
  • • Unlimited contacts

    • #### Enterprise On-Ramp Support

  • • Access to a pool of TAMs (not a dedicated one)
  • • Includes concierge support team
  • • Business-critical system down: < 30 minutes
  • • Designed for companies moving workloads to AWS

    • #### Enterprise Support

  • Designated Technical Account Manager (TAM) – only this plan provides a single dedicated TAM
  • • Business-critical system down: < 15 minutes (key exam fact)
  • • Includes concierge support team
  • • Proactive guidance and architecture reviews

    • Key Terms

  • TAM (Technical Account Manager): A designated AWS expert who proactively helps guide best practices and coordinates AWS services for your account
  • Cloud Support Engineer: Technical staff providing 24/7 support under Business and Enterprise plans
  • Concierge Support Team: A billing and account specialist team available on Enterprise and Enterprise On-Ramp plans

    • Watch Out For

    > ⚠️ Common Pitfall: Many students confuse Enterprise On-Ramp with Enterprise. Remember: Enterprise On-Ramp = pool of TAMs, Enterprise = dedicated TAM. The 15-minute SLA applies only to the full Enterprise plan.


    > ⚠️ Common Pitfall: The Business plan is the minimum tier for both 24/7 support AND full Trusted Advisor access. Developer Support does NOT include 24/7 phone support.


    > ⚠️ Common Pitfall: Basic Support is NOT "no support" – it includes the AWS Health Dashboard and a limited set of Trusted Advisor checks. It simply has no technical case support.


    ---


    AWS Trusted Advisor


    What Is Trusted Advisor?

    AWS Trusted Advisor is an automated tool that inspects your AWS environment and provides real-time recommendations based on best practices.


    The Five Pillars (Categories)

    1. Cost Optimization – Identify idle resources, underutilized instances, and savings opportunities

    2. Performance – Improve throughput and efficiency of your resources

    3. Security – Identify security gaps (open ports, missing MFA, S3 permissions)

    4. Fault Tolerance – Increase resiliency and availability

    5. Service Limits (Service Quotas) – Flag resources approaching AWS account limits


    Access by Support Plan

  • Basic & Developer: Access to a core subset of checks only

    • - S3 bucket permissions

    - Security groups with unrestricted ports

    - IAM use check

    - MFA on root account

  • Business, Enterprise On-Ramp, Enterprise: Access to ALL Trusted Advisor checks

    • Service Quota Warnings

  • • Trusted Advisor flags resources that have exceeded 80% of a service quota
  • • Displays a yellow (warning) indicator
  • • Prompts you to request a quota increase before hitting the hard limit

    • Key Terms

  • Service Quota (Service Limit): The maximum number of resources or operations allowed for your AWS account in a given region
  • Core Checks: The limited set of Trusted Advisor checks available free to all customers

    • Watch Out For

    > ⚠️ Common Pitfall: The exam frequently tests that Business Support is the minimum plan for all Trusted Advisor checks. This is one of the most-tested facts in this domain.


    > ⚠️ Common Pitfall: Trusted Advisor is not a monitoring tool like CloudWatch – it provides recommendations and best practice checks, not real-time performance metrics.


    ---


    AWS Health & Monitoring


    AWS Health Dashboard

  • Formerly called: Personal Health Dashboard (PHD)
  • Purpose: Provides personalized, account-specific alerts when AWS events may affect your resources
  • • Sends proactive notifications about:

    • - Scheduled maintenance

    - Service disruptions

    - Resource-level impacts


    #### Service Health Dashboard vs. AWS Health Dashboard


    | Feature | Service Health Dashboard | AWS Health Dashboard |

    |---|---|---|

    | Scope | Global – all AWS services | Account-specific – your resources |

    | Personalized? | No | Yes |

    | Use case | "Is AWS having issues?" | "Are MY resources affected?" |


    Amazon CloudWatch

  • Primary monitoring and observability service
  • • Collects metrics, logs, and events from AWS resources and applications
  • • Key capabilities:

    • - Set alarms to trigger actions (e.g., Auto Scaling, SNS notifications)

    - Create dashboards for real-time visualization

    - CloudWatch Logs – centralize and analyze log data

    - CloudWatch Events / EventBridge – respond to state changes automatically


    AWS Systems Manager

  • • Provides a unified operational interface across AWS resources
  • • Key features:

    • - Patch Manager – automate OS patching

    - Run Command – execute commands remotely without SSH

    - Parameter Store – securely store configuration and secrets

    - Session Manager – browser-based shell access without bastion hosts

  • • Used for automating operational tasks at scale

    • Key Terms

  • Metric: A time-ordered set of data points representing the value of a resource (e.g., CPU utilization)
  • Alarm: A CloudWatch feature that triggers notifications or actions when a metric crosses a threshold
  • AWS Health Event: A notification from AWS about a service issue, maintenance, or account action
  • Parameter Store: A Systems Manager feature for storing configuration data and secrets

    • Watch Out For

    > ⚠️ Common Pitfall: Don't confuse the Service Health Dashboard (global view) with AWS Health Dashboard (your account). Exam questions will describe a scenario asking which tool is personalized – that's always the AWS Health Dashboard.


    > ⚠️ Common Pitfall: CloudWatch is for monitoring and metrics. Do not confuse it with CloudTrail (API activity logging) or AWS Config (configuration compliance).


    ---


    Operational Tools & Best Practices


    AWS CloudTrail

  • • Records all API calls and account activity across your AWS environment
  • • Key uses:

    • - Security analysis – who did what, when, and from where

    - Compliance auditing – maintain an audit trail

    - Operational troubleshooting – trace the source of a change or issue

  • • Stores logs in Amazon S3
  • • Enabled by default; logs last 90 days in the event history

    • > Think of CloudTrail as your security camera for your AWS account.


    AWS Config

  • • Continuously records AWS resource configurations and tracks changes over time
  • • Evaluates resources against compliance rules (Config Rules)
  • • Key uses:

    • - "What did this resource look like last Tuesday?"

    - "Is my S3 bucket compliant with our encryption policy?"

    - Triggers remediation actions when non-compliant resources are detected

  • • Complements CloudTrail: Config = what changed, CloudTrail = who changed it

    • CloudTrail vs. AWS Config vs. CloudWatch


    | Service | Primary Focus | Key Question Answered |

    |---|---|---|

    | CloudTrail | API activity & user actions | Who made this change? |

    | AWS Config | Resource configuration history & compliance | What changed and is it compliant? |

    | CloudWatch | Metrics, logs, performance monitoring | How is my resource performing? |


    AWS IQ

  • • A marketplace connecting customers with AWS Certified third-party experts
  • • Use case: On-demand project help (migrations, architecture reviews, custom builds)
  • • Customers can find, engage, and pay experts directly through AWS
  • • Experts are vetted and AWS Certified

    • AWS Partner Network (APN)

  • • A global community of technology and consulting companies that build on AWS
  • • Two main categories:

    • - Technology Partners: Software and tools built on or integrated with AWS

    - Consulting Partners: Professional services firms that help customers design, build, migrate, and manage on AWS

  • • APN Partners help customers at every stage of their cloud journey

    • Amazon Connect & IT Service Management

  • Amazon Connect = cloud-based customer contact center (customer-facing)
  • • For internal IT support/ticketing, the ecosystem uses:

    • - AWS Service Management Connector – integrates AWS with ITSM tools (ServiceNow, Jira)

    - AWS Systems Manager – operational automation and internal IT management

    - AWS Service Catalog – manage approved IT service offerings internally


    Key Terms

  • API Call: Any action taken in AWS via the console, CLI, or SDK that CloudTrail can record
  • Compliance Rule (Config Rule): A rule in AWS Config that checks whether resources meet a defined configuration requirement
  • AWS Certified Expert (IQ): A vetted third-party professional connected to customers through AWS IQ
  • APN (AWS Partner Network): The formal program for AWS technology and consulting partners

    • Watch Out For

    > ⚠️ Common Pitfall: CloudTrail ≠ CloudWatch. CloudTrail records who did what (API logs). CloudWatch records how things are performing (metrics and logs). A question about "auditing" or "compliance" almost always points to CloudTrail or AWS Config.


    > ⚠️ Common Pitfall: AWS IQ is for connecting with third-party AWS experts. It is not an AWS managed support service – it's a self-service marketplace. Don't confuse it with AWS Support plans.


    > ⚠️ Common Pitfall: AWS Config requires setup and is not free – it charges per configuration item recorded and per rule evaluation. This is a common distractor in cost-related questions.


    ---


    Quick Review Checklist


    Use this checklist to confirm you're exam-ready on every key point:


  • • [ ] Basic Support is free and includes no technical support cases
  • • [ ] Developer Support provides business-hours email support only (< 24 hours for general guidance)
  • • [ ] Business Support is the minimum tier for 24/7 support AND all Trusted Advisor checks
  • • [ ] Enterprise On-Ramp provides a pool of TAMs, not a dedicated one
  • • [ ] Enterprise Support provides a dedicated TAM and < 15-minute critical response time
  • • [ ] Trusted Advisor covers 5 pillars: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits
  • • [ ] All plans get core Trusted Advisor checks (S3 permissions, security groups, IAM, MFA on root)
  • • [ ] Trusted Advisor flags service quotas at 80% with a yellow warning
  • • [ ] AWS Health Dashboard = personalized, account-specific event alerts
  • • [ ] Service Health Dashboard = global AWS service status (not account-specific)
  • • [ ] CloudWatch = metrics, logs, alarms, real-time monitoring
  • • [ ] CloudTrail = API call logging, who did what, audit trail
  • • [ ] AWS Config = resource configuration history and compliance evaluation
  • • [ ] CloudTrail vs. Config: CloudTrail = who changed it; Config = what changed and is it compliant
  • • [ ] AWS Systems Manager = unified operational interface, patch management, run command, parameter store
  • • [ ] AWS IQ = marketplace to connect with AWS Certified third-party experts
  • • [ ] APN = global partner ecosystem (technology + consulting partners)
  • • [ ] Amazon Connect = customer contact center service (external/customer-facing)

    • ---


    Good luck on your AWS Cloud Practitioner exam! Focus especially on support plan tier comparisons and the distinctions between CloudTrail, CloudWatch, and AWS Config – these are among the most frequently tested topics in this domain.

    📝

    Take a Practice Test

    Test yourself with multiple choice questions
    📇

    Study with Flashcards

    Flip through all 20 cards

    Want more study tools?

    Subscribe for $7.99/mo and turn your own notes into personalized flashcards and study guides.

    View Pricing