AWS Cloud Practitioner — Top 50 Must-Know Points (CLF-C02)

✅ AWS Cloud Practitioner — Top 25 Must-Know Points (CLF-C02)

(Official exam weightage-based topics)

1. IAM (Identity & Access Management) – AWS permissions, users, groups, roles, MFA, least privilege.
2. EC2 (Elastic Compute Cloud) – Virtual servers, pricing (On-Demand, Reserved, Spot), security groups.
3. Lambda – Serverless compute, event-driven, pay per request.
4. S3 (Simple Storage Service) – Object storage, 11 9s durability, storage classes, versioning.
5. S3 Glacier – Archival storage, extremely low-cost, slow retrieval.
6. EBS (Elastic Block Store) – Block storage for EC2, snapshots.
7. RDS – Managed SQL databases (MySQL, PostgreSQL, Aurora).
8. DynamoDB – Serverless NoSQL, millisecond latency.
9. VPC – Networking: subnets, route tables, NAT, NACLs.
10. CloudFront – Global CDN, edge caching.
11. Route 53 – DNS, domain registration, routing policies.
12. Load Balancers (ELB) – ALB, NLB, CLB.
13. Auto Scaling – Automatic EC2 scaling.
14. SQS – Message queue, decoupling apps.
15. SNS – Push notifications, pub/sub messaging.
16. EventBridge – Event bus connecting AWS services.
17. API Gateway – Secure APIs for Lambda & services.
18. CloudWatch – Metrics, logs, alarms, dashboards.
19. CloudTrail – API activity logging.
20. AWS Organizations – Multi-account mgmt, SCPs.
21. KMS – Encryption key management.
22. WAF & Shield – Web firewall + DDoS protection.
23. Cost Explorer – Track & forecast AWS spend.
24. Trusted Advisor – Best practice checks.
25. Shared Responsibility Model – AWS vs Customer security roles.

Additional High-Value Exam Topics

26. AWS Global Infrastructure – Regions, AZs, Edge Locations.
27. Well-Architected Framework – 5 pillars.
28. Cloud Adoption Framework (CAF) – Business, People, Governance, Platform, Security, Operations.
29. AWS Budgets – Budget alerts.
30. AWS Billing Dashboard – Billing & usage tracking.
31. Free Tier Types – 12-month, Always free, Trials.
32. Amazon Cognito – User authentication & identity pools.
33. AWS Backup – Centralized backup service.
34. AWS Artifact – Compliance reports.
35. AWS Service Health Dashboard – Public AWS outages status.
36. AWS Personal Health Dashboard – Account-specific alerts.
37. Amazon Lightsail – Simple VPS & hosting.
38. AWS Outposts – On-prem AWS hardware.
39. AWS Snowball / Snowmobile – Offline data migration devices.
40. AWS Storage Gateway – Hybrid storage.
41. EFS – Serverless Linux file system.
42. Amazon FSx – High-performance file systems.
43. AWS Systems Manager – Patch, automation, session mgmt.
44. AWS Trusted Advisor Categories – Cost, Performance, Fault Tolerance, Security, Service Limits.
45. AWS IAM Identity Center (SSO) – Central login for AWS accounts.
46. AWS Marketplace – SaaS, AMIs, software marketplace.
47. AWS SAM – Serverless app framework.
48. CloudFormation – Infrastructure as code.
49. Amazon MQ – Managed message brokers.
50. AWS X-Ray – Distributed tracing.
51. AWS Global Accelerator – Improve latency.
52. Amazon Inspector – Security vulnerability scanning.
53. AWS Shield Advanced – Enterprise-grade DDoS protection.
54. Amazon AppStream 2.0 – Stream desktop apps.
55. Amazon WorkSpaces – Virtual desktops (VDI).

AWS Cloud Practitioner — Top 55 Must-Know Points (CLF-C02)

56 – 135: Core AWS Services, Security, Networking, Cost & AI

56. AWS Control Tower – Multi-account setup with guardrails (best practice governance).
57. AWS Landing Zone – Initial secure enterprise account blueprint (older concept).
58. Multi-AZ vs Multi-Region – Multi-AZ → high availability | Multi-Region → disaster recovery.
59. AWS Backup Vault Lock – Prevents backups from being deleted (ransomware protection).
60. AWS Elastic Disaster Recovery (DRS) – Fast recovery of servers from on-prem/AWS to AWS.
61. AWS Migration Hub – Central place for migration tracking.
62. AWS Application Migration Service (MGN) – Lift-and-shift migration tool.
63. AWS Database Migration Service (DMS) – Move databases between engines (e.g., Oracle → Aurora).
64. Amazon Aurora Serverless v2 – Auto-scales instantly, SQL-compatible.
65. Amazon QLDB – Immutable ledger database (tamper-proof log).
66. Amazon Neptune – Graph database for relationships (social graphs).
67. Amazon OpenSearch Service – Search, logs, analytics (replacement for Elasticsearch).
68. AWS Step Functions – Serverless orchestration of Lambda / SQS / APIs.
69. AWS Batch – Run large batch workloads without managing servers.
70. AWS Glue – Serverless ETL service for data processing (data catalog).
71. Amazon Athena – Query S3 data using SQL — serverless analytics.
72. Amazon QuickSight – Visualization and BI dashboards.
73. Amazon Kinesis – Real-time data streaming analytics.
74. Amazon EMR – Big data processing (Spark, Hadoop, Hive).
75. AWS IQ – Hire certified AWS experts for on-demand work.
76. AWS CodeCommit – Private Git repositories service.
77. AWS CodeBuild – Fully managed CI build service.
78. AWS CodeDeploy – Deploy to EC2, Lambda, on-prem servers.
79. AWS CodePipeline – Orchestrate CI/CD pipelines.
80. AWS AppRunner – Easy way to run containerized apps (fully managed).
81. AWS Elastic Beanstalk – Deploy applications without managing servers (PaaS).
82. AWS Amplify – Frontend/mobile hosting + backend APIs + Auth.
83. AWS GameLift – Deploy and scale multiplayer game servers.
84. AWS IoT Core – Connect and manage IoT devices securely.
85. AWS Greengrass – Run Lambda + ML on edge (IoT gateway).
86. IAM Policies – JSON format, Allow/Deny rules, identity-based + resource-based.
87. IAM Permission Boundaries – Maximum permissions allowed to a user/role.
88. IAM Access Analyzer – Detects public or cross-account access.
89. AWS GuardDuty – Threat detection using machine learning.
90. AWS Macie – Finds & protects sensitive S3 data (PII detection).
91. AWS Detective – Investigates security incidents using AI.
92. Security Groups – Stateful firewall for EC2 instances.
93. NACL (Network ACL) – Stateless VPC security layer.
94. VPC Peering – Connect VPCs privately (one-to-one).
95. AWS Transit Gateway – Central hub connecting thousands of VPCs.
96. VPC Endpoints – Private AWS service connections.
97. Direct Connect – Dedicated fiber link to AWS.
98. AWS Certificate Manager (ACM) – Free SSL/TLS certificates.
99. AWS Secrets Manager – Store & rotate secrets.
100. AWS Parameter Store – Configuration storage (SSM).
101. Public vs Private Subnet – Public → IGW | Private → NAT.
102. Route Tables – Control traffic flow between subnets.
103. NAT Gateway – Secure internet access for private subnets.
104. Internet Gateway – Public internet access.
105. AWS Global Infrastructure Benefits – Fault tolerance, availability, low latency.
106. Availability Zones Failure Independence – One AZ failure won’t affect others.
107. Edge Caching in CloudFront – Improves speed, reduces origin load.
108. S3 Object Lock – Prevents deletion of objects.
109. MFA Delete – Extra layer for S3 delete protection.
110. AWS Resilience Hub – Automatic workload resilience evaluation.
111. AWS Support Plans – Basic, Developer, Business, Enterprise On-Ramp, Enterprise.
112. Business Plan Features – 24/7 support, full Trusted Advisor, fast response.
113. Enterprise Support Features – Architect, TAM, concierge billing.
114. AWS Cost Anomaly Detection – Alerts on unusual usage spikes.
115. AWS Savings Plans – 1 or 3-year compute commitments.
116. Compute Savings Plan – EC2 + Lambda + Fargate.
117. EC2 Instance Savings Plan – EC2 only.
118. Spot Instances Best Use Cases – Batch & flexible workloads.
119. Reserved Instances – Capacity commitment for discounts.
120. AWS TCO Calculator – On-prem vs cloud cost comparison.
121. AWS Pricing Calculator – Estimate AWS architecture cost.
122. AWS Billing Alarms – Cost threshold alerts.
123. AWS Glue Data Catalog – Central metadata store.
124. S3 Replication – Cross-region / same-region replication.
125. S3 Pre-Signed URLs – Temporary secure access URLs.
126. Athena Partitioning – Faster & cheaper queries.
127. Redshift Spectrum – Query S3 data from Redshift.
128. Kinesis Firehose – Streaming ingestion → S3 / Redshift.
129. Kinesis Data Streams – Real-time event pipeline.
130. Amazon Polly – Text-to-speech ML.
131. Amazon Rekognition – Image & video analysis.
132. Amazon Textract – OCR & document text extraction.
133. Amazon SageMaker – End-to-end ML platform.
134. AWS Snowcone – Portable 8TB edge device.
135. AWS Compute Optimizer – Cost & performance recommendations.

AWS Cloud Practitioner — Top 100 Must-Know key Points (CLF-C02)

136 – 210: Compute, Storage, Database, Analytics, AI

136. EC2 Instance Families – General (t), Compute (c), Memory (r/x), Storage (i), GPU (g/p).
137. EC2 Instance Types Naming – Example: m5.large → m = family, 5 = generation, large = size.
138. Spot Fleet – Group of spot instances for cost optimization.
139. Placement Groups – Cluster, Partition, Spread (HPC & big workloads).
140. Amazon Fargate – Serverless containers; no EC2 management.
141. ECS (Elastic Container Service) – Container orchestration (AWS-native, cheaper).
142. EKS (Elastic Kubernetes Service) – Managed Kubernetes (heavy workloads).
143. ECS Anywhere – Run ECS on on-prem or hybrid.
144. Firecracker MicroVM – Technology behind Lambda & Fargate.
145. Lambda Layers – Share common code/resources across Lambda functions.
146. Lambda Provisioned Concurrency – Zero cold start.
147. Lambda Execution Role – Permissions function needs to access AWS resources.
148. Lambda Function Timeout – Max 15 minutes.
149. AWS Batch Compute Environments – Automate batch workloads on EC2/Spot/Fargate.
150. Amazon Lightsail Containers – Simple container hosting.
151. Spot Blocks – Spot instances with guaranteed run time.
152. AMI (Amazon Machine Image) – Blueprint for EC2 instances.
153. Elastic GPU – Attach GPU to EC2.
154. EC2 Hibernate – Preserves RAM to EBS.
155. ENI (Elastic Network Interface) – Multiple IPs, network cards.
156. EC2 Instance Metadata v2 – IMDSv2 more secure (mandatory in exam).
157. Instance Store – Temporary storage, data lost on stop/terminate.
158. Capacity Reservations – Guarantee EC2 capacity for a period.
159. EC2 Dedicated Host – Physical server fully dedicated to you.
160. EC2 Dedicated Instance – Runs on hardware not shared with other accounts.
161. S3 Access Points – Custom access paths for apps.
162. S3 Inventory – Report of objects & metadata.
163. S3 Object ACLs – Legacy permissions (discouraged, but exam asks).
164. S3 Block Public Access – Account-level public block.
165. S3 Bucket Policy – JSON resource-based permission.
166. S3 CORS – Cross-domain access configuration.
167. S3 Select – Query a subset of S3 object.
168. S3 Multi-Part Upload – Recommended for >100MB objects.
169. S3 Transfer Acceleration – Speeds uploads using CloudFront edge locations.
170. S3 Intelligent-Tiering – Automatically moves objects for cost saving.
171. S3 Requester Pays – Requester pays for download.
172. EFS Throughput Modes – Bursting, Provisioned.
173. EFS Storage Classes – Standard, Infrequent Access (IA).
174. EBS Volume Types – gp3, io2, sc1, st1.
175. EBS Multi-Attach – Attach to multiple EC2 at the same time.
176. EBS Snapshots Archive – Cheaper archival storage.
177. EBS Fast Snapshot Restore – High-performance restore.
178. AWS Storage Gateway Types – File, Volume, Tape.
179. AWS Snowball Edge Compute – Includes GPU, compute power.
180. AWS DataSync – Automated large-scale data transfer.
181. AWS Transfer Family – Managed SFTP/FTP/FTPS.
182. AWS Backup Policies – Backup plans, vaults, schedules.
183. Glacier Retrieval Classes – Expedited, Standard, Bulk.
184. S3 Lifecycle Policies – Automate class transitions + deletion.
185. AWS EFS One-Zone – Cheaper but less durable.
186. RDS Multi-AZ Failover – Automatic standby failover.
187. RDS Read Replicas – Read scaling.
188. RDS Automated Backups – Point-in-time recovery.
189. Aurora Global Database – Lag < 1 second between regions.
190. DynamoDB Global Tables – Multi-region active-active.
191. DynamoDB TTL – Automatic expiry of items.
192. DynamoDB Streams – Change data capture for Lambda.
193. DynamoDB Accelerator (DAX) – In-memory cache for Dynamo.
194. ElastiCache Redis – Sub-millisecond caching.
195. OpenSearch Dashboards – Visualization tool (Kibana alternative).
196. Athena Federated Query – Query other sources beyond S3.
197. Glue Crawlers – Scan data & generate schema.
198. Glue Jobs – ETL pipelines.
199. Kinesis Analytics – Real-time SQL analytics on streaming data.
200. Kinesis Shards – Unit of capacity for streams.
201. Redshift Concurrency Scaling – Handles spike workloads.
202. Redshift RA3 Nodes – Managed storage.
203. EMR Serverless – No cluster management.
204. EMR Notebooks – Data exploration with Jupyter.
205. SageMaker Ground Truth – Labeling tool for ML data.
206. SageMaker Studio – IDE for ML model lifecycle.
207. Transcribe – Speech-to-text.
208. Translate – Language translation.
209. Comprehend – NLP sentiment analysis.
210. Forecast – Time-series forecasting using ML.

🔥 SET-9 (25 Points) – Developer Tools, DevOps, Monitoring, Cost, Support

211. CloudFormation Drift Detection – Checks differences between stack & deployed resources.
212. CloudFormation Change Sets – Preview changes before applying.
213. CDK (Cloud Development Kit) – Define infra using Python/TS/Java.
214. Elastic Beanstalk Health Monitoring – Green / Yellow / Red indicators.
215. AWS SAM CLI – Test Lambda / APIs locally.
216. CodeStar – Unified DevOps project setup.
217. CodeArtifact – Package dependency management (npm / pypi / maven).
218. CodeGuru Reviewer – AI code review.
219. CodeGuru Profiler – Detects performance bottlenecks.
220. CloudWatch Events – Deprecated → EventBridge.
221. CloudWatch Logs Insights – Query logs using SQL-like syntax.
222. CloudWatch Metrics Resolution – Standard: 1 min | High-resolution: 1–30 sec.
223. CloudWatch Embedded Metric Format – Send custom metrics.
224. CloudTrail Insights – Detect unusual API activity.
225. AWS Health API – Programmatic health alerts.
226. AWS Service Quotas – Manage & request service limit increases.
227. Cost Categories – Group cost data logically.
228. Reservation Utilization Report – See how RIs are used.
229. Savings Plans Utilization – Commitment utilization tracking.
230. AWS Marketplace Metering – Pay-as-you-go software usage.
231. AWS Concierge Support – Enterprise-only cost help.
232. TAM (Technical Account Manager) – Enterprise support engineer.
233. AWS Abuse Team – Report spam / misuse.
234. AWS Penetration Testing Rules – Allow list for pentesting EC2.
235. Well-Architected Tool – Checks workloads against AWS 5 pillars.

AWS Cloud Practitioner — Top 76 Must-Know Points (CLF-C02)

236 – 260: Edge, Networking & Hybrid

236. Edge Locations Count – CloudFront POPs worldwide (exam sometimes asks conceptually).
237. Regional Edge Caches – Bigger caches between origin and POP.
238. AWS Local Zones – Compute closer to users in metro cities.
239. Wavelength Zones – For 5G ultra-low latency edge compute.
240. AWS Outposts Rack – Smaller on-prem AWS hardware.
241. AWS Outposts Server – Even smaller, fits in standard IT rack.
242. AWS Egress Fees – Cost for data leaving AWS.
243. Public vs Elastic IP – Elastic IP → fixed, account-owned.
244. ENA (Elastic Network Adapter) – High-performance networking for EC2.
245. Global Accelerator vs CloudFront – GA → TCP/UDP app acceleration | CF → content delivery & caching.
246. VPC Flow Logs – Capture network traffic metadata.
247. VPC Reachability Analyzer – Find connectivity issues.
248. IPv6 in VPC – Dual-stack possible.
249. AWS Shield Standard – Free DDoS protection.
250. AWS Route 53 Health Checks – Monitor endpoints & failover.
251. Route 53 Routing Policies – Simple, Weighted, Latency, Geolocation, Failover, Multi-value.
252. AWS IoT Fleet Hub – Monitor IoT devices fleet-wide.
253. AWS IoT Device Defender – Security audits for IoT devices.
254. AWS IoT Device Management – Scale registration + remote actions.
255. AWS RoboMaker – Robotics simulation & deployment.
256. Direct Connect Gateway – Connect DC to multiple VPCs across regions.
257. Transit Gateway Multicast – Support multicast traffic.
258. Cloud WAN – Global wide-area networking managed by AWS.
259. PrivateLink – Private access to services via interface endpoints.
260. Hybrid DNS with Route 53 Resolver – On-prem ↔ AWS DNS integration.

🔥 SET-11 (25 Points) – Data, AI, Application Integration, Messaging

261. Kinesis Enhanced Fan-Out – 1 MB/s per shard throughput for consumers.
262. Kinesis Extended Retention – Store streams up to 1 year.
263. Kinesis Shard Splitting – Increase capacity.
264. Kinesis Shard Merging – Reduce capacity.
265. SQS Delay Queue – Delay messages up to 15 min.
266. SQS Long Polling – Reduces empty responses → lowers cost.
267. SQS FIFO Throughput – Per-message ordering guaranteed.
268. SNS Mobile Push – Push to APNS / FCM.
269. SNS SMS Types – Promotional vs Transactional.
270. EventBridge Pipes – Point-to-point event flow.
271. EventBridge Schedule – Cron-based serverless jobs.
272. Step Functions Express Workflow – High-throughput rapid workflows.
273. Glue DataBrew – Visual data preparation without coding.
274. Glue Elastic Views – Unified view of multiple data stores.
275. Lake Formation – Data lake permission control.
276. Redshift Spectrum Pricing – Pay only per scanned TB.
277. Redshift Materialized Views – Precomputed data for performance.
278. OpenSearch UltraWarm Storage – Warm storage tier.
279. OpenSearch Domain – Cluster of search nodes.
280. Forecast Use-Cases – Retail sales, cloud capacity, traffic prediction.
281. Personalize – Recommendation engine.
282. Lookout for Metrics – Detect anomalies using ML.
283. Lookout for Equipment – Predict equipment failures.
284. Textract Queries – Search for specific fields in documents.
285. Rekognition Custom Labels – Train custom image models.
286. Transcribe Call Analytics – Contact-center call analysis.
287. Polly Neural TTS – More natural speech.
288. Amazon Lex V2 – Chatbot building (NLP + intent slots).
289. Amazon Bedrock – Foundation models for GenAI (conceptual).
290. AWS HealthLake – Healthcare data processing (HIPAA-ready).