Version 1.0 CLF-C02 4 | PAGE
Domain 1: Cloud Concepts
Task Statement 1.1: Define the benefits of the AWS Cloud.
Knowledge of:
• Value proposition of the AWS Cloud
Skills in:
• Understanding the economies of scale (for example, cost savings)
• Understanding the benefits of global infrastructure (for example, speed of
deployment, global reach)
• Understanding the advantages of high availability, elasticity, and agility
Task Statement 1.2: Identify design principles of the AWS Cloud.
Knowledge of:
• AWS Well-Architected Framework
Skills in:
• Understanding the pillars of the Well-Architected Framework (for example,
operational excellence, security, reliability, performance efficiency, cost
optimization, sustainability)
• Identifying differences between the pillars of the Well-Architected
Framework
Task Statement 1.3: Understand the benefits of and strategies for migration to the
AWS Cloud.
Knowledge of:
• Cloud adoption strategies
• Resources to support the cloud migration journey
Skills in:
• Understanding the benefits of the AWS Cloud Adoption Framework (AWS
CAF) (for example, reduced business risk; improved environmental, social,
and governance (ESG) performance; increased revenue; increased
operational efficiency)
• Identifying appropriate migration strategies (for example, database
replication, use of AWS Snowball)
Version 1.0 CLF-C02 5 | PAGE
Task Statement 1.4: Understand concepts of cloud economics.
Knowledge of:
• Aspects of cloud economics
• Cost savings of moving to the cloud
Skills in:
• Understanding the role of fixed costs compared with variable costs
• Understanding costs that are associated with on-premises environments
• Understanding the differences between licensing strategies (for example,
Bring Your Own License [BYOL] model compared with included licenses)
• Understanding the concept of rightsizing
• Identifying benefits of automation (for example, provisioning and
configuration management with AWS CloudFormation)
• Identifying managed AWS services (for example, Amazon RDS, Amazon
Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service
[Amazon EKS], Amazon DynamoDB)
Domain 2: Security and Compliance
Task Statement 2.1: Understand the AWS shared responsibility model.
Knowledge of:
• AWS shared responsibility model
Skills in:
• Recognizing the components of the AWS shared responsibility model
• Describing the customer’s responsibilities on AWS
• Describing AWS responsibilities
• Describing responsibilities that the customer and AWS share
• Describing how AWS responsibilities and customer responsibilities can shift,
depending on the service used (for example, Amazon RDS, AWS Lambda,
Amazon EC2)
Version 1.0 CLF-C02 6 | PAGE
Task Statement 2.2: Understand AWS Cloud security, governance, and compliance
concepts.
Knowledge of:
• AWS compliance and governance concepts
• Benefits of cloud security (for example, encryption)
• Where to capture and locate logs that are associated with cloud security
Skills in:
• Identifying where to find AWS compliance information (for example, AWS
Artifact)
• Understanding compliance needs among geographic locations or industries
(for example, AWS Compliance)
• Describing how customers secure resources on AWS (for example, Amazon
Inspector, AWS Security Hub, Amazon GuardDuty, AWS Shield)
• Identifying different encryption options (for example, encryption in transit,
encryption at rest)
• Recognizing services that aid in governance and compliance (for example,
monitoring with Amazon CloudWatch; auditing with AWS CloudTrail, AWS
Audit Manager, and AWS Config; reporting with access reports)
• Recognizing compliance requirements that vary among AWS services
Task Statement 2.3: Identify AWS access management capabilities.
Knowledge of:
• Identity and access management (for example, AWS Identity and Access
Management [IAM])
• Importance of protecting the AWS root user account
• Principle of least privilege
• AWS IAM Identity Center (AWS Single Sign-On)
Version 1.0 CLF-C02 7 | PAGE
Skills in:
• Understanding access keys, password policies, and credential storage (for
example, AWS Secrets Manager, AWS Systems Manager)
• Identifying authentication methods in AWS (for example, multi-factor
authentication [MFA], IAM Identity Center, cross-account IAM roles)
• Defining groups, users, custom policies, and managed policies in compliance
with the principle of least privilege
• Identifying tasks that only the account root user can perform
• Understanding which methods can achieve root user protection
• Understanding the types of identity management (for example, federated)
Task Statement 2.4: Identify components and resources for security.
Knowledge of:
• Security capabilities that AWS provides
• Security-related documentation that AWS provides
Skills in:
• Describing AWS security features and services (for example, security groups,
network ACLs, AWS WAF)
• Understanding that third-party security products are available from AWS
Marketplace
• Identifying where AWS security information is available (for example, AWS
Knowledge Center, AWS Security Center, AWS Security Blog)
• Understanding the use of AWS services for identifying security issues (for
example, AWS Trusted Advisor)
Domain 3: Cloud Technology and Services
Task Statement 3.1: Define methods of deploying and operating in the AWS Cloud.
Knowledge of:
• Different ways of provisioning and operating in the AWS Cloud
• Different ways to access AWS services
• Types of cloud deployment models
• Connectivity options
Version 1.0 CLF-C02 8 | PAGE
Skills in:
• Deciding between options such as programmatic access (for example, APIs,
SDKs, CLI), the AWS Management Console, and infrastructure as code (IaC)
• Evaluating requirements to determine whether to use one-time operations
or repeatable processes
• Identifying different deployment models (for example, cloud, hybrid, on-
premises)
• Identifying connectivity options (for example, AWS VPN, AWS Direct
Connect, public internet)
Task Statement 3.2: Define the AWS global infrastructure.
Knowledge of:
• AWS Regions, Availability Zones, and edge locations
• High availability
• Use of multiple Regions
• Benefits of edge locations
• AWS Wavelength Zones and AWS Local Zones
Skills in:
• Describing relationships among Regions, Availability Zones, and edge
locations
• Describing how to achieve high availability by using multiple Availability
Zones
• Recognizing that Availability Zones do not share single points of failure
• Describing when to use multiple Regions (for example, disaster recovery,
business continuity, low latency for end users, data sovereignty)
• Describing at a high level the benefits of edge locations (for example,
Amazon CloudFront, AWS Global Accelerator)
Task Statement 3.3: Identify AWS compute services.
Knowledge of:
• AWS compute services
Version 1.0 CLF-C02 9 | PAGE
Skills in:
• Recognizing the appropriate use of different EC2 instance types (for
example, compute optimized, storage optimized)
• Recognizing the appropriate use of different container options (for
example, Amazon ECS, Amazon EKS)
• Recognizing the appropriate use of different serverless compute options
(for example, AWS Fargate, Lambda)
• Recognizing that auto scaling provides elasticity
• Identifying the purposes of load balancers
Task Statement 3.4: Identify AWS database services.
Knowledge of:
• AWS database services
• Database migration
Skills in:
• Deciding when to use EC2 hosted databases or AWS managed databases
• Identifying relational databases (for example, Amazon RDS, Amazon Aurora)
• Identifying NoSQL databases (for example, DynamoDB)
• Identifying memory-based databases
• Identifying database migration tools (for example AWS Database Migration
Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
Task Statement 3.5: Identify AWS network services.
Knowledge of:
• AWS network services
Skills in:
• Identifying the components of a VPC (for example, subnets, gateways)
• Understanding security in a VPC (for example, network ACLs, security
groups)
• Understanding the purpose of Amazon Route 53
• Identifying edge services (for example, CloudFront, Global Accelerator)
• Identifying network connectivity options to AWS (for example AWS VPN,
Direct Connect)
Version 1.0 CLF-C02 10 | PAGE
Task Statement 3.6: Identify AWS storage services.
Knowledge of:
• AWS storage services
Skills in:
• Identifying the uses for object storage
• Recognizing the differences in Amazon S3 storage classes
• Identifying block storage solutions (for example, Amazon Elastic Block Store
[Amazon EBS], instance store)
• Identifying file services (for example, Amazon Elastic File System [Amazon
EFS], Amazon FSx)
• Identifying cached file systems (for example, AWS Storage Gateway)
• Understanding use cases for lifecycle policies
• Understanding use cases for AWS Backup
Task Statement 3.7: Identify AWS artificial intelligence and machine learning (AI/ML)
services and analytics services.
Knowledge of:
• AWS AI/ML services
• AWS analytics services
Skills in:
• Understanding the different AI/ML services and the tasks that they
accomplish (for example, Amazon SageMaker, Amazon Lex, Amazon Kendra)
• Identifying the services for data analytics (for example, Amazon Athena,
Amazon Kinesis, AWS Glue, Amazon QuickSight)
Version 1.0 CLF-C02 11 | PAGE
Task Statement 3.8: Identify services from other in-scope AWS service categories.
Knowledge of:
• Application integration services of Amazon EventBridge, Amazon Simple
Notification Service (Amazon SNS), and Amazon Simple Queue Service
(Amazon SQS)
• Business application services of Amazon Connect and Amazon Simple Email
Service (Amazon SES)
• Customer engagement services of AWS Activate for Startups, AWS IQ, AWS
Managed Services (AMS), and AWS Support
• Developer tool services and capabilities of AWS AppConfig, AWS Cloud9,
AWS CloudShell, AWS CodeArtifact, AWS CodeBuild, AWS CodeCommit,
AWS CodeDeploy, AWS CodePipeline, AWS CodeStar, and AWS X-Ray
• End-user computing services of Amazon AppStream 2.0, Amazon
WorkSpaces, and Amazon WorkSpaces Web
• Frontend web and mobile services of AWS Amplify and AWS AppSync
• IoT services of AWS IoT Core and AWS IoT Greengrass
Skills in:
• Choosing the appropriate service to deliver messages and to send alerts and
notifications
• Choosing the appropriate service to meet business application needs
• Choosing the appropriate service for AWS customer support
• Choosing the appropriate option for business support assistance
• Identifying the tools to develop, deploy, and troubleshoot applications
• Identifying the services that can present the output of virtual machines
(VMs) on end-user machines
• Identifying the services that can create and deploy frontend and mobile
services
• Identifying the services that manage IoT devices