AWS Cloud Practitioner Cheat Sheet (+Free PDF)

AWS Cloud Practitioner Cheat Sheet

You’ve made an excellent decision aiming for the Amazon Web Services (AWS) Certified Cloud Practitioner certification. Given the overwhelming amount of study materials and limited time to prepare for the examination, it can be challenging to decide what aspects of AWS Certified Cloud Practitioner are the most important items to review.

Our AWS Cloud Practitioner cheat sheet is handy as an overview or a refresher in such a predicament. It introduces high-level cloud computing concepts and explains AWS security and compliance, core services, billing, pricing, and support.

Keep this AWS Cloud Practitioner cheat sheet handy by downloading it here. When you’re ready, let’s dive in.

AWS Cloud Practitioner Cheat Sheet Search

Search our AWS Cloud Practitioner cheat sheet to find the right cheat for the term you're looking for. Simply enter the term in the search bar and you'll receive the matching cheats available.

About AWS Cloud Practitioner

The AWS Certified Cloud Practitioner exam (CLF-C02) is a single test that consists of 65 questions. It lasts for 90 minutes and has four domains:

AWS Cloud Practitioner Domain

The exam has no prerequisites. The passing score is 700 out of 1000. Each exam attempt costs $100 USD.

Although AWS Certified Cloud Practitioner doesn’t appear to be a vendor-neutral certification, the cloud computing concepts it covers apply to other cloud computing platforms such as Azure and Google Cloud Platform. That’s what makes it such an in-demand certification across the IT industry.

AWS Cloud Practitioner Cheat Sheet Domains

This AWS practitioner cheat sheet arranges concepts according to our course subtopics. Diagrams put concepts into a visual form, and tables compartmentalize information. Here’s a key to finding items by domain:

Hashtag (remember to type the # symbol)Domain
#cloudAWS Cloud concepts
#secSecurity and compliance in the AWS Cloud
#coreCore AWS Services
#econEconomics of the AWS Cloud

Introduction to Cloud Computing

Cloud computing allows you to access servers, storage, databases, and other IT resources on demand through a cloud services platform online with pay-as-you-go pricing.

#cloudInfrastructure as a Service (IaaS)Provides access to networking features, computers (virtual or on dedicated hardware), and data storage space
#cloudPlatform as a Service (PaaS)Provides supporting infrastructure, usually hardware and operating systems, to allow users to focus on deploying and managing applications.
#cloudSoftware as a Service (SaaS)The service provider runs and manages a completed product for end users.
#cloudPublic CloudFully deploys all parts of an application in the cloud, e.g., AWS, Microsoft Azure, and Google Cloud Platform (GCP).
#cloudHybridConnects infrastructure and applications using cloud-based and local resources.
#cloudPrivate Cloud/On-PremisesDedicates resources for specific deployment aims through virtualization and resource management tools.
#cloudAWS Availability Zone (AZ)Consists of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.
#cloudAWS RegionA physical location in the world where AWS hosts multiple AZs.

Identity and Access Management (IAM)

AWS IAM is a web service that helps you securely control access to AWS resources. It appears on every AWS exam, involving services taking on different IAM roles. A deep understanding of IAM will lay a solid foundation for the rest of your educational journey in AWS.

#secRoot UserA single sign-in identity with complete access to every AWS service and resource in an AWS account.
#secIAM UserIndividuals granted access to an AWS account. Each IAM user has three components:
  • A username.
  • A password.
  • Access permissions to various resources. Default: none.
#secGroupA collection of users with policies attached to it.
#secRoleA created identity assumed by trusted entities defines a set of permissions for making AWS service requests.
#secPolicyA JSON document defining permissions that apply to users, groups, and roles. Default: implicit deny.
#secAWS Security Token Service (AWS STS)A web service that enables you to request temporary, limited-privilege credentials for IAM users or for external users that you authenticate.

Virtual Private Clouds

AWS Virtual Private Clouds are logically isolated virtual networks hosted on AWS cloud servers. You define a VPC’s IP address space from your selected IP ranges.

#cloud #coreSubnetA segment of a VPC’s IP address range where you can place groups of isolated resources (maps to an AZ, 1:1).
#cloud #coreInternet GatewayThe Amazon VPC side of a connection to the public Internet.
#cloud #coreNAT GatewayA highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
#cloud #coreVirtual Private GatewayThe Amazon VPC side of a VPN connection.
#cloud #coreCustomer GatewayYour side of a VPN connection.
#cloud #coreRouterRouters interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets.
#cloud #corePeering ConnectionA peering connection enables you to route traffic between two peered VPCs via private IP addresses.
#cloud #coreVPC EndpointEnables private connectivity to services hosted in AWS from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.
#cloud #coreEgress-Only Internet GatewayA stateful gateway to provide egress-only access for IPv6 traffic from the VPC to the Internet.

Elastic Compute Cloud (EC2)

AWS EC2 is a web service that resizes with computational load in the cloud. With EC2, you can launch virtual servers on the AWS cloud called “instances.” You or AWS can assign IP addresses to EC2 instances.

#coreAmazon Machine Images (AMIs)Preconfigured templates for instances. Each AMI includes the information needed to launch your EC2 instance, such as the operating system and included software packages.
#coreEC2 Compute Units (ECUs)Provide the relative measure of the integer processing power of an Amazon EC2 instance.
#corePublic IP Address
  • Lost when the instance terminates
  • Used in Public Subnets
  • No charge
  • Associated with a private IP address on the instance
  • You can’t move them between instances
#corePrivate IP Address
  • Retained when the instance terminates
  • Used in Public and Private Subnets
#coreElastic IP Address
  • Static Public IP address
  • If unused, you must pay
  • Associated with a private IP address on the instance
  • You can move them between instances and Elastic Network Adapters
#coreElastic Network InterfaceA logical networking component in a VPC that represents a virtual network card.
#coreElastic Network Adapter (ENA)It enhances networking capabilities such as bandwidth, packet-per-second (PPS) performance, and inter-instance latencies.

Amazon Storage

AWS contains many cloud storage services, including S3, EBS, EFS, FSx, and Storage Gateway.

#corePersistent Data StoreData is durable and sticks around after restarts or power cyclesExamples: S3, Glacier, EBS, EFS
#coreTransient Data StoreTemporarily stored data gets passed along to another process or persistent storeExamples: SQS, SNS
#coreEphemeral Data StoreSystem stopping causes data lossExamples: EC2 Instance Store, Memcached (Elasticache)
  • A bucket contains files (objects).
  • It does not provide a hierarchy of objects.
  • You can use an object key name (prefix) to mimic folders.
#coreObjectA unique key (ID or name) helps one store and retrieve objects in a bucket.
#core #securitySub-ResourcesThese are data subordinate to objects and buckets. They include:
  • Lifecycle.
  • Website configuration for hosting static websites.
  • Versioning.
  • Access Control Lists (ACLs) to control permissions access to the bucket/object.
  • Bucket Policies.
  • Cross-Origin Resource Sharing (CORS).
  • Logging.
  • Restoring an archive of objects.
#core #securityCross-Origin Resource Sharing (CORS)(Applies to S3 buckets) Used to allow requests to a different origin when connected to the main origin.

Fault Tolerance and Elasticity

This section refers to AWS services Elastic Load Balancing and EC2 Auto Scaling. These services help ensure your AWS application can handle the load of requests for it.

High Availability and Fault Tolrence
#coreAuto ScalingAutomates launching (scaling out) and terminating (scaling in) EC2 instances based on the traffic demand for your application.
#coreAuto Scaling Group (ASG)Collections of EC2 instances defining their Auto Scaling capacity.
#coreElastic Load Balancing (ELB)Automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses.
#coreApplication Load Balancer (ALB)Operates at OSI Layer 7, for load balancing of HTTP and HTTPS traffic. Provides advanced request routing targeted at delivering modern application architectures, including microservices and containers.
#coreNetwork Load Balancer (NLB)Operates at OSI Layer 4, for load balancing of extreme TCP traffic.

DNS and Content Delivery Networks

Have you ever been to a website hosted on AWS? This section is about the backbone supporting those websites: Route 53 and CloudFront.

Amazon CloudFront
#coreRoute 53AWS Domain Name Service. It performs three main functions:
  • Domain registration
  • Domain Name Service (DNS)
  • Health checking: Route 53 sends automated requests to your application to verify that it’s reachable, available, and functional.
#core #securityCloudFrontA content delivery network (CDN) that allows you to store (cache) your content at edge locations located around the world. It has built-in Distributed Denial of Service (DDoS) attack protection.
#coreEdge LocationThe location where AWS caches content but is separate from AWS Regions or Availability Zones.
#coreRegional Edge CacheA large cache server between origin web servers and global edge locations that bring content closer to users.

Monitoring, Auditing, and Alerts

AWS provides several tools to monitor running services and alert you when they fail: Amazon CloudWatch, AWS CloudTrail, Amazon Simple Notification Service (SNS), and Amazon Config.

#security #coreAmazon CloudWatchFor performance monitoring, it collects and tracks metrics, creates log files, and sets alarms.
#security #coreAWS CloudTrailFor auditing, it records activity made on your account and delivers log files to an Amazon S3 bucket.
#security #coreAmazon Simple Notification Service (SNS)For sending messages to different devices and platforms.
#security #coreAmazon ConfigA tool for assessing, auditing, and evaluating the configurations and relationships of your resources.


AWS provides a variety of database services. Here are their names and when to use them:

DomainNameUse cases
#coreDatabase on EC2
  • Full control over instance and database
  • Preferred DB not available under RDS
  • Need a traditional relational database for online transaction processing (OLTP)
  • Your data is well-formed and structured
  • Existing applications requiring RDBMS
  • Name/value pair data
  • Unpredictable data structure
  • In-memory performance with persistence
  • High I/O needs
  • Require dynamic scaling
  • Data warehouse for large volumes of aggregated data
  • Primarily, online analytical processing (OLAP) workloads
  • Relationships between objects are of high-value
  • Fast temporary storage for small amounts of data
  • Highly volatile data (non-persistent)
  • Binary large objects (BLOBs)
  • Static websites

Serverless Computing

This section focuses on the AWS Lambda service.

#coreLambdaYou run code on this platform as functions without provisioning or managing servers.
#coreSynchronous InvocationYou wait for the Lambda function to process the event and return a response.
#coreAsynchronous InvocationLambda places the event in a queue and returns a “success” response without additional information.
#coreEvent SourceAn AWS service or developer-created application that produces events that trigger an AWS Lambda function to run.
#coreVersioningHaving multiple versions of your function.
#coreAliasesPointers to a specific Lambda version.

Security and Compliance

The section is about how Amazon and you manage the cyber security posture of your virtual environment on AWS.

#securityShared Responsibility ModelName of the shared responsibility between AWS and the customer in security and compliance.
#securitySecurity of the CloudAWS is responsible for protecting the infrastructure that runs all the services offered in the AWS Cloud.
#securitySecurity in the CloudThe AWS Cloud services you choose determines the amount of configuration work you must perform as part of your security responsibilities.
#securityKey Management Service (KMS)For easy data encryption, to centrally manage and securely store your keys.
#securityKMS Key
  • Alias.
  • Creation date.
  • Description.
  • Key state.
  • Key material (either provided by you or AWS).
#securityAWS-Managed KMS keysUsed by AWS services that interact with KMS to encrypt data.
#securityCustomer-Managed KMS KeysYou have full control over these KMS keys.

AWS Pricing, Billing, and Support Services

This final section briefly touches upon the economics of AWS usage.

#econOrganizationsConsolidation of multiple AWS accounts into an organization for central management.
#econPricing Model
  • On-demand
  • Dedicated hosts
  • Dedicated instances
#econPricing CalculatorGets cost estimates:


As you can see, AWS encompasses many topics broadly. Therefore, the AWS Certified Cloud Practitioner certification helps prove to employers your competence in navigating the intricacies of cloud computing and AWS. This AWS Cloud Practitioner cheat sheet is an essential checklist covering the examination syllabus, giving you a bird’s-eye view of key AWS topics to remember.

We offer a complete course (listed below) to help you prepare for the AWS Certified Cloud Practitioner exam. Don’t forget to check out our membership to access a wide range of cloud computing, security, and related courses. No matter how you prepare for the AWS Certified Cloud Practitioner exam, we wish you great success and a bright future.

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Cassandra Lee

    Cassandra is a writer, artist, musician, and technologist who makes connections across disciplines: cyber security, writing/journalism, art/design, music, mathematics, technology, education, psychology, and more. She's been a vocal advocate for girls and women in STEM since the 2010s, having written for Huffington Post, International Mathematical Olympiad 2016, and Ada Lovelace Day, and she's honored to join StationX. You can find Cassandra on LinkedIn and Linktree.