AWS Cloud Practitioner — Top 55 Must-Know Points (CLF-C02)

56 – 135: Core AWS Services, Security, Networking, Cost & AI

56. AWS Control Tower – Multi-account setup with guardrails (best practice governance).
57. AWS Landing Zone – Initial secure enterprise account blueprint (older concept).
58. Multi-AZ vs Multi-Region – Multi-AZ → high availability | Multi-Region → disaster recovery.
59. AWS Backup Vault Lock – Prevents backups from being deleted (ransomware protection).
60. AWS Elastic Disaster Recovery (DRS) – Fast recovery of servers from on-prem/AWS to AWS.
61. AWS Migration Hub – Central place for migration tracking.
62. AWS Application Migration Service (MGN) – Lift-and-shift migration tool.
63. AWS Database Migration Service (DMS) – Move databases between engines (e.g., Oracle → Aurora).
64. Amazon Aurora Serverless v2 – Auto-scales instantly, SQL-compatible.
65. Amazon QLDB – Immutable ledger database (tamper-proof log).
66. Amazon Neptune – Graph database for relationships (social graphs).
67. Amazon OpenSearch Service – Search, logs, analytics (replacement for Elasticsearch).
68. AWS Step Functions – Serverless orchestration of Lambda / SQS / APIs.
69. AWS Batch – Run large batch workloads without managing servers.
70. AWS Glue – Serverless ETL service for data processing (data catalog).
71. Amazon Athena – Query S3 data using SQL — serverless analytics.
72. Amazon QuickSight – Visualization and BI dashboards.
73. Amazon Kinesis – Real-time data streaming analytics.
74. Amazon EMR – Big data processing (Spark, Hadoop, Hive).
75. AWS IQ – Hire certified AWS experts for on-demand work.
76. AWS CodeCommit – Private Git repositories service.
77. AWS CodeBuild – Fully managed CI build service.
78. AWS CodeDeploy – Deploy to EC2, Lambda, on-prem servers.
79. AWS CodePipeline – Orchestrate CI/CD pipelines.
80. AWS AppRunner – Easy way to run containerized apps (fully managed).
81. AWS Elastic Beanstalk – Deploy applications without managing servers (PaaS).
82. AWS Amplify – Frontend/mobile hosting + backend APIs + Auth.
83. AWS GameLift – Deploy and scale multiplayer game servers.
84. AWS IoT Core – Connect and manage IoT devices securely.
85. AWS Greengrass – Run Lambda + ML on edge (IoT gateway).
86. IAM Policies – JSON format, Allow/Deny rules, identity-based + resource-based.
87. IAM Permission Boundaries – Maximum permissions allowed to a user/role.
88. IAM Access Analyzer – Detects public or cross-account access.
89. AWS GuardDuty – Threat detection using machine learning.
90. AWS Macie – Finds & protects sensitive S3 data (PII detection).
91. AWS Detective – Investigates security incidents using AI.
92. Security Groups – Stateful firewall for EC2 instances.
93. NACL (Network ACL) – Stateless VPC security layer.
94. VPC Peering – Connect VPCs privately (one-to-one).
95. AWS Transit Gateway – Central hub connecting thousands of VPCs.
96. VPC Endpoints – Private AWS service connections.
97. Direct Connect – Dedicated fiber link to AWS.
98. AWS Certificate Manager (ACM) – Free SSL/TLS certificates.
99. AWS Secrets Manager – Store & rotate secrets.
100. AWS Parameter Store – Configuration storage (SSM).
101. Public vs Private Subnet – Public → IGW | Private → NAT.
102. Route Tables – Control traffic flow between subnets.
103. NAT Gateway – Secure internet access for private subnets.
104. Internet Gateway – Public internet access.
105. AWS Global Infrastructure Benefits – Fault tolerance, availability, low latency.
106. Availability Zones Failure Independence – One AZ failure won’t affect others.
107. Edge Caching in CloudFront – Improves speed, reduces origin load.
108. S3 Object Lock – Prevents deletion of objects.
109. MFA Delete – Extra layer for S3 delete protection.
110. AWS Resilience Hub – Automatic workload resilience evaluation.
111. AWS Support Plans – Basic, Developer, Business, Enterprise On-Ramp, Enterprise.
112. Business Plan Features – 24/7 support, full Trusted Advisor, fast response.
113. Enterprise Support Features – Architect, TAM, concierge billing.
114. AWS Cost Anomaly Detection – Alerts on unusual usage spikes.
115. AWS Savings Plans – 1 or 3-year compute commitments.
116. Compute Savings Plan – EC2 + Lambda + Fargate.
117. EC2 Instance Savings Plan – EC2 only.
118. Spot Instances Best Use Cases – Batch & flexible workloads.
119. Reserved Instances – Capacity commitment for discounts.
120. AWS TCO Calculator – On-prem vs cloud cost comparison.
121. AWS Pricing Calculator – Estimate AWS architecture cost.
122. AWS Billing Alarms – Cost threshold alerts.
123. AWS Glue Data Catalog – Central metadata store.
124. S3 Replication – Cross-region / same-region replication.
125. S3 Pre-Signed URLs – Temporary secure access URLs.
126. Athena Partitioning – Faster & cheaper queries.
127. Redshift Spectrum – Query S3 data from Redshift.
128. Kinesis Firehose – Streaming ingestion → S3 / Redshift.
129. Kinesis Data Streams – Real-time event pipeline.
130. Amazon Polly – Text-to-speech ML.
131. Amazon Rekognition – Image & video analysis.
132. Amazon Textract – OCR & document text extraction.
133. Amazon SageMaker – End-to-end ML platform.
134. AWS Snowcone – Portable 8TB edge device.
135. AWS Compute Optimizer – Cost & performance recommendations.