AWS Certified Cloud Practitioner · CLF-C02

Domain 3
Cloud Technology
& Services

Infrastructure · Compute · Database · Networking · Storage · AI/ML · Integration
Task Statements 3.1 – 3.8
34% of Exam Score · ~17 questions on 50 scored questions

Domain 3 Overview

Eight Task Statements

3.1Deployment & Operations — ways to provision and operate (Console, CLI, SDK, IaC), deployment models (cloud, hybrid, on-premises), connectivity options
3.2Global Infrastructure — Regions, Availability Zones, edge locations, Local Zones, Wavelength Zones
3.3Compute Services — EC2, Lambda, ECS, EKS, Fargate, Auto Scaling, Elastic Load Balancing
3.4Database Services — RDS, Aurora, DynamoDB, ElastiCache, Redshift, DMS, SCT
3.5Network Services — VPC, subnets, Route 53, CloudFront, Global Accelerator, VPN, Direct Connect
3.6Storage Services — S3, EBS, EFS, FSx, Storage Gateway, Backup, S3 storage classes
3.7AI/ML & Analytics — SageMaker, Lex, Kendra, Rekognition; Athena, Kinesis, Glue, QuickSight
3.8Other Services — EventBridge, SNS, SQS, Connect, CodePipeline, WorkSpaces, IoT
📋 Strategy: Domain 3 is wide, not deep. For each service, learn: What does it do? When would you use it? What is it NOT?

Task 3.1 — Deployment & Operations

Ways to Access & Operate AWS

AWS Management Console

Web-based GUI for managing AWS services. Best for learning, one-time setup tasks, and visual monitoring. Not repeatable at scale.

AWS CLI (Command Line Interface)

Terminal-based tool for programmatic access. Write scripts to automate tasks. Useful for repeatable operations and automation.

AWS SDKs

Language-specific libraries (Python/boto3, Java, JavaScript, etc.) for calling AWS APIs from application code.

Infrastructure as Code (IaC)

Define infrastructure in config files that are version-controlled and repeatable. Two AWS-native tools:

  • AWS CloudFormation — JSON/YAML templates describing full AWS stacks. AWS manages the orchestration.
  • AWS CDK — define infrastructure using real programming languages (Python, TypeScript, etc.).
Cloud Deployment Models
  • Cloud — fully in AWS, no on-premises
  • Hybrid — part on-premises, part in AWS, connected
  • On-premises (Private Cloud) — all in your own data center

Task 3.2 — Global Infrastructure

Regions, AZs & Edge Locations

AWS Region

A geographic area containing multiple, isolated Availability Zones. Each Region is independent — data does not leave a Region without explicit permission.

Choose a Region based on: compliance, latency to users, service availability, and pricing.

Availability Zone (AZ)

One or more discrete data centers within a Region with redundant power, networking, and connectivity. AZs are physically separated to isolate failures.

Deploy across multiple AZs for high availability. Each Region has at least 2 AZs (most have 3+).

Edge Locations

Points of presence (PoPs) for AWS content delivery. More numerous than Regions — closer to end users. Used by CloudFront (CDN) and Route 53 (DNS).

400+ edge locations worldwide for low-latency content delivery.

Amazon CloudFront

Content Delivery Network (CDN). Caches content at edge locations close to users. Reduces latency and origin server load.

AWS Local Zones

Extensions of a Region placed in metro areas. Deliver compute, storage, and database closer to large population centers for single-digit millisecond latency.

AWS Wavelength Zones

Embed AWS compute within 5G telecom networks. Enables ultra-low latency for mobile edge applications.

⚡ Exam Note: Region → AZ → Data Center (hierarchy). Use multiple AZs for high availability. Use multiple Regions for disaster recovery, business continuity, data sovereignty, and low latency for global users.

Task 3.3 — Compute Services

AWS Compute Options

ServiceTypeWhen to Use
Amazon EC2Virtual machines (IaaS)Full OS control needed; persistent long-running workloads; lift-and-shift migrations
AWS LambdaServerless functionsEvent-driven, short-lived functions; no server management; pay only when code runs; scales to zero
Amazon ECSContainer orchestration (AWS-native)Run Docker containers without managing Kubernetes; AWS-managed control plane
Amazon EKSManaged KubernetesRun Kubernetes workloads; existing K8s expertise or portability required
AWS FargateServerless containersRun containers without managing EC2 instances; works with ECS or EKS
Auto ScalingElasticityAutomatically add/remove EC2 instances based on demand; ensures right capacity
Elastic Load Balancing (ELB)Traffic distributionDistribute traffic across multiple EC2 instances/AZs; eliminates single point of failure
⚡ Exam Note: Lambda = no servers, event-driven, max 15 min runtime. EC2 = full control, long-running. Fargate = serverless containers. ECS = AWS containers. EKS = Kubernetes containers.

Task 3.4 — Database Services

AWS Database Services

ServiceTypeWhen to Use
Amazon RDSManaged relational DB (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB)Structured data with relationships; existing SQL workloads; managed patching and backups
Amazon AuroraAWS-native relational DB (MySQL & PostgreSQL compatible)High performance relational workloads; up to 5x faster than MySQL; serverless option available
Amazon DynamoDBManaged NoSQL (key-value & document)Massive scale, single-digit millisecond latency, flexible schema, serverless
Amazon ElastiCacheIn-memory cache (Redis, Memcached)Sub-millisecond reads; caching database query results; session stores
Amazon RedshiftData warehouse (columnar SQL)Analytics on large datasets; business intelligence; OLAP (not OLTP)
AWS DMSDatabase Migration ServiceMigrate databases to AWS; ongoing replication; minimal downtime migration
⚡ Exam Note: RDS/Aurora = relational (SQL). DynamoDB = NoSQL (fast, flexible, serverless). ElastiCache = fastest (memory, microseconds). Redshift = analytics/reporting (not operational databases). DMS = migration tool.

Task 3.5 — Network Services

AWS Networking Services

Amazon VPC (Virtual Private Cloud)

Logically isolated section of AWS for your resources. Define your own IP address range, subnets, route tables, and network gateways.

  • Public subnet — resources accessible from the internet (web servers)
  • Private subnet — resources not directly accessible (databases, app servers)
  • Internet Gateway — enables internet access for public subnets
  • NAT Gateway — allows private subnet resources to access internet (outbound only)
Connectivity to AWS
  • AWS VPN — encrypted tunnel over public internet. Quick to set up, lower cost.
  • AWS Direct Connect — dedicated private physical connection to AWS. Consistent latency, higher throughput, higher cost.
Amazon Route 53

AWS's managed DNS service. Translates domain names to IP addresses. Also provides health checks and routing policies (latency, geolocation, failover).

Amazon CloudFront

CDN that caches content at 400+ global edge locations. Reduces latency for users worldwide. Integrates with S3, ALB, and custom origins.

AWS Global Accelerator

Routes user traffic through the AWS global network to optimize performance. Provides static anycast IP addresses — traffic goes to the nearest healthy endpoint.

Task 3.6 — Storage Services

AWS Storage Options

ServiceTypeKey Facts
Amazon S3Object storageUnlimited storage. Accessed via URL. Great for files, backups, static websites, data lakes. 11 nines durability.
Amazon EBSBlock storage (EC2 attached)Persistent volumes attached to one EC2 instance (AZ-specific). Like a hard drive. Survives instance stop/start.
Instance StoreEphemeral block storagePhysically attached to EC2 host. Extremely fast. Data LOST when instance stops or terminates.
Amazon EFSManaged file storage (NFS)Shared file system mountable by multiple EC2 instances simultaneously across AZs. Auto-scales.
Amazon FSxManaged file systemsFSx for Windows File Server (SMB/Active Directory), FSx for Lustre (high-performance computing).
AWS Storage GatewayHybrid storageConnects on-premises environments to AWS storage. Use for backups to S3 from on-premises.
AWS BackupCentralized backupCentrally manage and automate backups across AWS services (EC2, RDS, EFS, DynamoDB).
⚡ S3 Storage Classes: Standard (frequent access) → Standard-IA (infrequent) → One Zone-IA → Glacier Instant Retrieval → Glacier Flexible Retrieval → Glacier Deep Archive (cheapest, hours to retrieve). Use S3 Lifecycle policies to automate transitions.

Task 3.7 — AI/ML & Analytics

AI/ML & Analytics Services

AI / Machine Learning

Amazon SageMakerEnd-to-end ML platform — build, train, and deploy custom ML models.
Amazon LexBuild conversational chatbots with voice and text (powers Alexa).
Amazon KendraIntelligent enterprise search powered by ML. Finds answers in documents.
Amazon RekognitionAnalyze images and videos — object detection, facial recognition.
Amazon PollyText-to-speech (lifelike voices in multiple languages).
Amazon TranscribeAutomatic speech recognition — convert audio to text.
Amazon TranslateNeural machine translation (75+ languages).

Analytics

Amazon AthenaQuery S3 data using SQL — serverless, pay per query. No ETL needed.
Amazon KinesisReal-time streaming data ingestion and processing.
AWS GlueServerless ETL service — extract, transform, load data for analytics.
Amazon QuickSightBusiness intelligence (BI) and data visualization dashboards.
Amazon EMRManaged big data platform (Hadoop, Spark) for large-scale processing.

Task 3.8 — Other Services

Application Integration & Developer Tools

Application Integration

Amazon SNS (Simple Notification Service)

Pub/sub messaging. One message → many subscribers (fan-out). Push-based. Used for notifications and alerts. Supports email, SMS, Lambda, SQS.

Amazon SQS (Simple Queue Service)

Message queue. Producer puts messages in; consumer pulls them out. Decouples application components. Pull-based. Handles traffic spikes by buffering.

Amazon EventBridge

Serverless event bus. Route events from AWS services, custom applications, or SaaS apps to targets (Lambda, SQS, etc.). Event-driven architecture.

Developer Tools

AWS CodePipeline / CodeBuild / CodeDeploy

CI/CD pipeline — automate build, test, and deploy. CodePipeline orchestrates; CodeBuild compiles and tests; CodeDeploy deploys to EC2/Lambda/ECS.

Amazon WorkSpaces

Managed virtual desktops (Desktop-as-a-Service). Access Windows or Linux desktops from any device.

AWS IoT Core

Connect IoT devices to AWS. Securely ingest and route device data to other services (S3, Lambda, Kinesis).

⚡ SNS vs SQS: SNS = push to many subscribers (fan-out, notifications). SQS = queue between two components (decouple, buffer). They are often used together: SNS → multiple SQS queues.

Quick Review

Domain 3 Exam Checklist

Infrastructure & Compute (3.1–3.3)
  • Console (manual), CLI (scripted), SDK (code), CloudFormation (IaC)
  • Cloud vs hybrid vs on-premises deployment models
  • VPN (internet, encrypted) vs Direct Connect (dedicated physical line)
  • Region → AZ → Data Center hierarchy
  • Multiple AZs = high availability; multiple Regions = disaster recovery
  • EC2 (VMs), Lambda (serverless functions), Fargate (serverless containers)
  • ECS (AWS containers), EKS (Kubernetes), Auto Scaling + ELB
Data, Storage & Services (3.4–3.8)
  • RDS/Aurora (relational SQL) vs DynamoDB (NoSQL) vs Redshift (analytics)
  • ElastiCache = fastest (in-memory cache)
  • DMS = database migration tool
  • S3 (object), EBS (block/one instance), EFS (file/shared), Instance Store (ephemeral)
  • S3 Glacier = archival; Lifecycle policies automate transitions
  • CloudFront (CDN cache) vs Global Accelerator (dynamic routing)
  • Route 53 = DNS service
  • SNS (push/fan-out) vs SQS (queue/pull/decouple)
  • Athena = SQL on S3. Kinesis = real-time streaming. QuickSight = dashboards.
  • SageMaker = custom ML. Lex = chatbots. Kendra = enterprise search.
Domain 3 Complete

You're ready for
Domain 3

34% of CLF-C02 · Cloud Technology & Services
Good luck on the exam!

3.1–3.2

Deploy & Infra

3.3–3.4

Compute & DB

3.5–3.6

Network & Storage

3.7–3.8

AI/ML & Integration