CS-First Service Map
AWS explained through systems concepts you already know
Compute
EC2
A virtual computer you rent by the hour
Pick your CPU and RAM. Boot from a disk image (AMI). You own everything from the OS up. Auto Scaling adds or removes instances based on load automatically.
Lambda
Code that runs only when triggered. No server to manage.
Write a function. Attach a trigger. It runs, you pay per millisecond. Max 15 minutes. When nothing runs, cost is zero. Cold start adds latency on first call.
ECS / Fargate
Docker containers without managing servers
ECS orchestrates containers. Fargate removes the need to manage EC2 nodes entirely. You just define CPU and memory. Pay per second of container runtime.
Storage
S3
A giant online file bucket with a web address
Store any file up to 5TB with a unique key. 11 nines of durability. No actual folders, just key prefixes that look like paths. Static website hosting built in.
EBS
A network-attached hard drive for one EC2 instance
Format it, mount it, use it like a local disk. Stays in one AZ. Snapshots go to S3. Types range from general SSD to high-IOPS provisioned for databases.
EFS / Glacier
EFS = shared NFS drive. Glacier = deep archive with a delay.
EFS mounts to many EC2s at once across AZs. Glacier Deep Archive costs near zero but takes 12 to 48 hours to retrieve. Use it for compliance data you rarely need.
Databases
RDS
A managed SQL database. You write SQL. AWS handles the server.
Supports MySQL, PostgreSQL, MariaDB, Oracle, SQL Server. Multi-AZ adds a standby for automatic failover. Read Replicas scale reads up to 15 copies. The standby does not serve traffic.
DynamoDB
A super-fast key-value store. Any scale, millisecond reads.
No SQL, no joins, no schema. Design around access patterns. Global Tables add active-active replication across regions. DAX adds microsecond caching on top.
Redshift
A data warehouse. Built for analytics, not transactions.
Columnar storage makes aggregation queries fast. Petabyte scale. If the question says analytics, business intelligence, or data warehouse, the answer is Redshift. Never RDS.
Networking
VPC
Your own private network inside AWS
Security Groups are stateful. Return traffic is allowed automatically. NACLs are stateless. You must allow both directions. Transit Gateway connects many VPCs at once.
CloudFront
A global CDN. Content cached close to your users.
400 plus edge locations worldwide. Serves S3, EC2, and custom origins. Reduces latency by caching near users. Lambda at Edge runs code at the PoP itself.
ELB
A load balancer that splits traffic across servers
ALB handles HTTP and routes by path or host. NLB handles TCP and UDP with very low latency and a static IP. GLB routes to third party firewall appliances. Never use CLB for new apps.
Well-Architected Framework
6 pillars. Sustainability was added in 2021. Always answer 6, never 5.
MnemonicSecurity, Cost, Operations, Reliability, Performance, Sustainability. Think SCORPS.
01
Security
IAM, encryption, data integrity, incident response. Zero Trust model.
Least privilege. Defense in depth.
02
Cost Optimization
Right-size, use Reserved Instances, delete unused resources, measure ROI.
Tools: Cost Explorer, Budgets, Trusted Advisor
03
Operational Excellence
IaC, runbooks, game days, small reversible changes, frequent deployments.
Fail fast. Automate everything.
04
Reliability
Multi-AZ, backups, auto scaling, circuit breakers, chaos engineering.
RTO = recovery speed. RPO = data loss window.
05
Performance Efficiency
Right instance type, serverless, CDN, caching, use managed services.
Democratize advanced technology.
06
Sustainability
Minimize environmental impact. Right-size, maximize utilization, efficient regions.
Added 2021. Always answer 6 pillars.
Exam Traps
Sustainability is the 6th pillar, added in 2021. Old study guides say 5. The exam expects 6.
Reliability and Availability are different. Reliability means you can recover. Availability is your uptime percentage.
Runbooks and game days belong to Operational Excellence, not Reliability.
Carbon footprint questions map to the Sustainability pillar.
The Well-Architected Tool is a free console service that evaluates workloads against all 6 pillars.
99.9 percent availability equals 8.7 hours of downtime per year. 99.99 is 52 minutes.
Cloud Adoption Framework
Business capabilities (first 3) and Technical capabilities (last 3). CAF is not WAF.
Key PointCAF is about how an organization changes to adopt cloud. WAF is about how you architect systems on cloud. Different frameworks. Different exam questions.
Business
Business Capability
IT investments align with business outcomes. ROI, business cases, risk management.
CEOs, CFOs, COOs
People
Business Capability
Organizational change management. Culture, cloud training, workforce transitions.
CHROs, CLOs, Managers
Governance
Business Capability
Cloud initiative management, compliance, risk management, portfolio governance.
CIO, CTO, Enterprise Architects
Platform
Technical Capability
Build scalable platforms. Architecture standards, IaC templates, CI/CD pipelines.
CTOs, Platform Engineers
Security
Technical Capability
CIA triad. IAM, infrastructure protection, data protection, incident response.
CISOs, Security Architects
Operations
Technical Capability
Run cloud services at agreed levels. Observability, patch management, incident management.
IT Ops Managers, SREs
Billing and Pricing
Know which pricing model fits which scenario. This is heavily tested.
On-Demand
Pay as you go
No commitment. Billed per second. Most expensive per unit, zero upfront or lock-in.
Unpredictable workloads, dev and test
Spot Instances
Up to 90% off
Spare EC2 capacity. AWS reclaims with 2-minute warning. Cheapest compute option available.
Batch jobs, ML training, fault-tolerant work
Reserved Instances
Up to 72% off
1 or 3-year commitment to instance type and region. Standard or Convertible options.
Steady production with known usage
Savings Plans
Up to 66% off
Commit to dollar-per-hour spend. Applies to EC2, Lambda, and Fargate. More flexible than RIs.
Want RI savings without instance lock-in
Cost Tools
Cost Explorer
Visualize historical spend and 12-month forecasts. Filter by service, region, or tag.
AWS Budgets
Set cost or usage alerts via email or SNS when thresholds are exceeded.
Trusted Advisor
Automated checks for cost, performance, security, fault tolerance, and service limits.
Pricing Calculator
Estimate costs before deploying. Build architecture models and see monthly estimates.
Compute Optimizer
ML-based right-sizing recommendations for EC2, Lambda, and EBS volumes.
Free Tier
12-month: 750h EC2 t2.micro, 5GB S3. Always Free: Lambda 1M requests per month, DynamoDB 25GB.
All 13 Modules
Plain language explanations. Click to expand. Archie tips appear on hover.
Service Differentiators
Services that sound similar but do completely different things. These are exam favorites.
Security: GuardDuty vs Inspector vs Macie vs Detective
| Service | What it does | Analyzes | Clue words |
|---|---|---|---|
| GuardDuty | Threat detection using ML on logs | VPC Flow Logs, DNS, CloudTrail | threat malware compromised EC2 |
| Inspector | Vulnerability scan for CVEs | EC2, Lambda, ECR container images | CVE vulnerability patching |
| Macie | Finds PII and sensitive data in S3 | S3 objects only | PII sensitive data S3 |
| Detective | Forensic investigation and root cause | GuardDuty findings, VPC logs | investigate root cause |
Monitoring: CloudWatch vs CloudTrail vs Config vs X-Ray
| Service | Purpose | Question it answers |
|---|---|---|
| CloudWatch | Metrics, logs, alarms | Is my CPU high? Did Lambda error? |
| CloudTrail | API call audit log | Who deleted the S3 bucket at 3am? |
| AWS Config | Configuration history and compliance | Was this S3 bucket public last Tuesday? |
| X-Ray | Distributed tracing across services | Which Lambda is causing the latency? |
Load Balancers: ALB vs NLB vs GLB
| Type | Layer | Protocols | Use case |
|---|---|---|---|
| ALB | 7 (HTTP) | HTTP, HTTPS, WebSocket | Web apps, path-based routing, host-based routing |
| NLB | 4 (TCP) | TCP, UDP, TLS | Ultra-low latency, static IP, gaming, financial |
| GLB | 3+ (Network) | GENEVE | Route to third-party firewalls and IDS appliances |
Messaging: SQS vs SNS vs Kinesis vs EventBridge
| Service | Pattern | Consumers | Use case |
|---|---|---|---|
| SQS | Queue (pull) | One per message | Decouple microservices, async processing |
| SNS | Pub/Sub (push) | Many subscribers | Fan-out, email and SMS notifications |
| Kinesis | Real-time stream | Multiple plus replay | Clickstream, IoT, real-time analytics |
| EventBridge | Event bus | Rules-based routing | AWS service events, SaaS integrations, cron jobs |
SM-2 Flashcards
Rate each card. The algorithm shows hard cards sooner.
0
Due Today
0
Learned
0
Streak
0
Total
TOPIC
Click to start
Click card to reveal answer
Quiz Engine
Fisher-Yates shuffle. Wrong answers get more weight next round.
0/0
0% accuracy
Loading...
14-Day Study Plan
Hover a block to expand and see the daily task. Click to mark complete.
The MethodPractice questions first. Review only wrong answers. Target specific concepts, not whole chapters. Repeat daily.
Top Resources
Tutorials Dojo — Best practice exams for around $15. The cheat sheets are excellent.
Stephane Maarek on Udemy — Most recommended video course, around $15 on sale.
ExamTopics CLF-C02 — Community-discussed exam questions, free.
AWS Skill Builder — Official 6-hour course plus 20 free practice questions.
r/AWSCertifications — Read passed today posts. Meta-strategy gold mine.
AWS Documentation FAQs — Surprisingly readable. Each service has one.