Browse by topic
Explore AWS concepts grouped by domain
Recent Articles
Fresh learning content updated regularly
Exam Day Tips & Question Strategy
If English is NOT your native language, you can request an extra 30 minutes at no cost. Request the "ESL +30" accommodation through your AWS Certification account BEFORE scheduling the exam. This gives you valuable extra time to read and process longer scenario questions.
How to Study for AWS Certifications
Start: Cloud Practitioner (build foundation). Next: Solutions Architect Associate (most valuable, broadest coverage). Then: specialize based on your role — Developer, SysOps, Data, ML, or Security. Professional and Specialty exams are advanced — get Associate first.
Amazon Bedrock — Foundation Models
Amazon Bedrock is a fully managed service that provides access to high-performing foundation models (FMs) from leading AI companies through a single API. It is the easiest way to build and scale generative AI applications on AWS.
SageMaker Studio & Notebooks
SageMaker Studio is a web-based integrated development environment (IDE) for machine learning. It provides a single interface for the entire ML workflow.
Generative AI Concepts
Generative AI refers to AI models that can create new content — text, images, code, audio, video — based on patterns learned from training data. Unlike traditional ML that classifies or predicts, GenAI generates.
AI, ML, and Deep Learning Concepts
These terms are often confused but represent nested concepts with increasing specificity.
Amazon EMR
Amazon EMR (Elastic MapReduce) is a managed big data platform for processing vast amounts of data using open-source frameworks like Apache Spark, Hadoop, Hive, Presto, HBase, and Flink.
AWS Lake Formation
A data lake is a centralized repository that stores all your structured and unstructured data at any scale. On AWS, S3 is the foundation of the data lake — you store raw data in S3 and use various services to process, catalog, and analyze it.
AWS Migration Hub & Application Discovery
AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS tools and partner solutions.
AWS Application Migration Service (MGN)
AWS defines 7 migration strategies, commonly called the "7 Rs." Choosing the right strategy depends on your application’s complexity, business requirements, and desired outcome.
AWS Audit Manager
AWS Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. It automates evidence collection and maps it to audit frameworks.
AWS Pricing Models & Free Tier
AWS uses a pay-as-you-go pricing model.
AWS Health Dashboard & EventBridge
The AWS Health Dashboard provides personalized information about AWS service health and events that affect your account’s resources.
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that inspects your AWS environment and provides real-time recommendations to help you follow AWS best practices across five categories: cost optimization, performance, security, fault tolerance, and service limits.
AWS SAM (Serverless Application Model)
AWS SAM is an open-source framework for building serverless applications.
AWS CDK (Cloud Development Kit)
The AWS Cloud Development Kit (CDK) is an open-source framework that lets you define AWS infrastructure using familiar programming languages.
AWS CloudFormation
AWS CloudFormation is an Infrastructure as Code (IaC) service that lets you define your entire AWS infrastructure in a declarative template file (JSON or YAML).
AWS CodePipeline
Orchestrates Source → Build → Test → Deploy into automated workflow.
AWS CodeDeploy
Automated deployment to EC2, on-premises, Lambda, ECS.
AWS CodeBuild
Managed build service: compile, test, produce artifacts.
Amazon CloudWatch — Metrics & Alarms
Amazon CloudWatch is a monitoring and observability service for AWS resources and applications. It collects metrics, logs, and events, providing a unified view of operational health.
AWS Config
AWS Config is a service that tracks resource configuration changes over time and evaluates configurations against desired rules. It provides a detailed view of how your AWS resources are configured, how they relate to each other, and how configurations have changed.
Amazon Macie
Amazon Macie is a fully managed data security and privacy service that uses machine learning and pattern matching to discover and protect sensitive data stored in Amazon S3.
Amazon Inspector
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
AWS Security Hub
AWS Security Hub provides a comprehensive view of your security state across AWS. It aggregates, organizes, and prioritizes security findings from multiple AWS services and third-party tools in a single dashboard.
AWS Secrets Manager & Parameter Store
Manages, retrieves, and rotates secrets (DB credentials, API keys). Eliminates hardcoded credentials.
AWS Certificate Manager (ACM)
ACM provisions, manages, and deploys SSL/TLS certificates for AWS services. Public certificates are FREE with automatic renewal.
AWS KMS (Key Management Service)
AWS KMS is a managed service for creating and controlling encryption keys used to encrypt your data across AWS services.
Amazon MQ & Amazon MSK
Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ. It is designed for migrating existing on-premises message broker workloads to AWS without rewriting application code.
Amazon Kinesis
Amazon Kinesis is a platform for real-time streaming data. It enables you to collect, process, and analyze data streams in real time. Kinesis has four services.
Amazon SQS (Simple Queue Service)
Amazon SQS is a fully managed message queuing service that enables you to decouple and scale distributed systems. Producers send messages to a queue, and consumers poll the queue to process them.
AWS Global Accelerator
AWS Global Accelerator is a networking service that improves the availability and performance of your applications by using the AWS global network. It provides two static anycast IP addresses that route traffic to the optimal AWS endpoint based on health, geography, and routing policies.
VPC Flow Logs (Deep Dive)
VPC Flow Logs capture metadata about IP traffic flowing through network interfaces in your VPC. They are essential for security monitoring, troubleshooting connectivity issues, and compliance auditing.
VPC Endpoints (Gateway & Interface)
VPC Endpoints = private access to AWS services. Traffic stays on the AWS backbone network. No IGW, NAT Gateway, or internet required. Improves security (no internet exposure) and reduces cost (no NAT Gateway data processing charges for AWS service traffic).
VPC Peering
VPC Peering creates a private networking connection between two VPCs. Instances in either VPC can communicate as if they are in the same network, using private IP addresses. Traffic stays on the AWS backbone and never traverses the public internet.
Network ACLs vs Security Groups
Traffic to/from an instance passes through BOTH the NACL (at the subnet boundary) AND the Security Group (at the instance). Both must allow the traffic. Think: NACL = the building’s front door security. Security Group = the apartment’s door lock. You need to pass both to get in.
NAT Gateway & NAT Instance
NAT allows private instances to INITIATE connections to the internet (outbound), but the internet CANNOT initiate connections to the private instances (inbound). This is the key security benefit: your private instances can reach the internet, but the internet cannot reach them directly.
VPC, Subnets, Route Tables, Internet Gateway
A VPC is your private network in AWS. Every resource you launch (EC2, RDS, Lambda in VPC, etc.) lives inside a VPC. You control who can access it, how traffic flows, and how it connects to the internet or other networks. Think of a VPC as your own data center network in the cloud.
Amazon Keyspaces, Neptune, QLDB, Timestream, MemoryDB
QLDB is NOT blockchain. QLDB is centralized — one trusted authority (your organization) owns and controls the ledger. Blockchain is decentralized — no single authority. If the exam asks about decentralized ledger or multi-party trust, the answer is Amazon Managed Blockchain, NOT QLDB.
Amazon DocumentDB
Amazon DocumentDB is a fully managed document database service designed for JSON workloads. It is compatible with the MongoDB API and drivers, making it easy to migrate existing MongoDB applications to AWS.
Amazon DynamoDB Fundamentals
Amazon DynamoDB is a fully managed, serverless, key-value and document NoSQL database. It delivers single-digit millisecond performance at any scale with built-in security, backup, and in-memory caching.
Amazon RDS Fundamentals
Amazon Relational Database Service (RDS) is a fully managed service that makes it easy to set up, operate, and scale relational databases in the cloud. AWS handles provisioning, patching, backup, recovery, failure detection, and repair.
AWS Backup
AWS Backup is a fully managed, centralized backup service that automates and manages backups across AWS services. Instead of managing backups separately for each service, AWS Backup provides a single place to configure, schedule, and monitor all your backups.
AWS Snow Family
The AWS Snow Family is a collection of physical devices for transferring large amounts of data into and out of AWS, or running compute in edge locations where there is limited or no network connectivity.
AWS Storage Gateway
AWS Storage Gateway is a hybrid cloud storage service that connects your on-premises environment to AWS cloud storage. It provides a local cache for low-latency access while seamlessly integrating with S3, EBS, and Glacier.
Amazon FSx
Amazon FSx provides fully managed third-party high-performance file systems on AWS. It offers four file system options, each optimized for specific workloads and protocols.
Amazon EFS (Elastic File System)
Amazon Elastic File System is a fully managed, serverless, elastic NFS (Network File System) that can be shared across multiple EC2 instances, Lambda functions, and ECS/EKS containers simultaneously.
S3 Replication (CRR & SRR)
S3 Replication allows you to automatically copy objects between S3 buckets. It can work across AWS Regions (Cross-Region Replication) or within the same Region (Same-Region Replication).
S3 Lifecycle Rules & Transitions
S3 Lifecycle rules automate the transition of objects between storage classes and the expiration (deletion) of objects. They help optimize costs by automatically moving data to cheaper storage as it ages.
S3 Storage Classes
S3 offers multiple storage classes designed for different use cases. Each class has different pricing, availability, durability, and retrieval time characteristics. Choosing the right class is key to cost optimization.
S3 Basics — Buckets, Objects, Keys
Amazon Simple Storage Service (S3) is an object storage service that offers virtually unlimited storage with industry-leading durability, availability, security, and performance. It is one of the oldest and most important AWS services.
AWS Lightsail & App Runner
Amazon Lightsail is the simplest way to get started with AWS. It provides virtual servers (instances), storage, databases, and networking at a low, predictable monthly price. Think of it as a simplified, bundled AWS experience designed for users who don’t need the full complexity of EC2.
AWS Elastic Beanstalk
AWS Elastic Beanstalk is a Platform as a Service (PaaS) that makes it easy to deploy and manage web applications and services. You upload your code, and Beanstalk automatically handles deployment, capacity provisioning, load balancing, auto scaling, and application health monitoring.
AWS Step Functions
AWS Step Functions is a serverless orchestration service that lets you coordinate multiple AWS services into workflows. You define your workflow as a state machine using a JSON-based language called Amazon States Language (ASL).
AWS Lambda — Fundamentals
AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. You upload your code, and Lambda handles everything needed to run and scale it with high availability. You pay only for the compute time you consume.
Amazon ECR (Elastic Container Registry)
Amazon Elastic Container Registry (ECR) is a fully managed Docker container image registry that makes it easy to store, manage, and deploy Docker container images. Think of it as a private Docker Hub hosted on AWS.
EC2 Auto Scaling
Auto Scaling provides two key benefits: 1) Elasticity — automatically scale out (add instances) when demand increases and scale in (remove instances) when demand decreases. 2) High Availability — automatically replace unhealthy instances and maintain your desired instance count across AZs.
EC2 Placement Groups
EC2 Placement Groups let you control how your instances are placed on the underlying hardware. Different strategies optimize for different goals: performance, availability, or cost. There are three strategies.
AMI & EC2 Image Builder
An Amazon Machine Image (AMI) is a template that contains the software configuration (OS, application server, applications) required to launch an EC2 instance. Think of it as a snapshot of a complete server that you can use to create identical instances.
EC2 Storage (EBS, Instance Store)
EC2 instances need storage. AWS provides two main types of block storage for EC2: Amazon EBS (network-attached, persistent) and Instance Store (physically attached, ephemeral).
EC2 Pricing Models
EC2 offers multiple pricing models to optimize cost based on your workload pattern. Choosing the right model is one of the most tested topics on the exam.
EC2 Launch, Security Groups & Key Pairs
Security Groups are STATEFUL: if you allow inbound traffic, the response is automatically allowed outbound (and vice versa). You don’t need to create separate inbound and outbound rules for the same connection.
EC2 Instance Types & Families
EC2 is the foundation of AWS compute. An EC2 instance is a virtual machine running on AWS physical hardware. You choose the instance type, OS, storage, and network settings. You pay only for the compute time you use.
AWS IAM Identity Center (SSO)
IAM Identity Center provides one login portal for accessing ALL your AWS accounts in an Organization, plus third-party applications (Salesforce, Slack, Microsoft 365, etc.). One login, one set of credentials, one place to manage.
IAM Best Practices & Security
Every user, role, and application should have ONLY the minimum permissions necessary to perform their specific task. This is the most important IAM security principle and is tested extensively on the exam.
IAM Users, Groups, and Policies
IAM is about two things: Authentication (proving who you are) and Authorization (what you are allowed to do). IAM is a global service — it is not Region-specific. IAM is free to use.
AWS Management Console, CLI & SDK
AWS provides three main ways to interact with AWS services. All three are built on the same underlying AWS API. Understanding when to use each is important.
AWS Support Plans
AWS offers multiple support plans to meet different needs and budgets. Understanding the differences between each plan is essential for the exam.
AWS Shared Responsibility Model
AWS is responsible for security OF the cloud (infrastructure). The customer is responsible for security IN the cloud (data, configuration, access management).
AWS Well-Architected Framework
The Well-Architected Framework consists of 6 pillars. Each pillar represents a fundamental area of cloud architecture best practices. Memorize all 6 pillars — they are heavily tested.
AWS Global Infrastructure
AWS Global Infrastructure is built around Regions, Availability Zones (AZs), and Edge Locations. Each serves a specific purpose in delivering reliable, low-latency cloud services worldwide.
Benefits of Cloud Computing
AWS loves to test the 6 advantages. The most commonly tested are: Trade CapEx for OpEx, Stop Guessing Capacity, and Economies of Scale. If a question mentions reducing upfront costs, the answer relates to trading CapEx for variable expense (OpEx).
Cloud Service Models (IaaS, PaaS, SaaS)
Think of cloud models like getting pizza: IaaS = You buy ingredients and cook at home (you manage most things). PaaS = You buy a take-and-bake pizza (provider handles the oven/kitchen). SaaS = You order delivery (provider handles everything, you just eat).
What is Cloud Computing?
Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services (compute power, storage, databases) on an as-needed basis from a cloud