Back to Blog
AWSCloud PractitionerCLF-C02CertificationStudy Guide

AWS Cloud Practitioner (CLF-C02) Study Guide: Pass the Exam in 30 Days (2026)

April 12, 202620 min read

AWS Cloud Practitioner (CLF-C02) Study Guide: Pass the Exam in 30 Days (2026)

The AWS Certified Cloud Practitioner (CLF-C02) is the most popular entry-level cloud certification in the world — and for good reason. It's the fastest way to prove foundational cloud knowledge, open doors at companies requiring AWS credentials, and start the certification path toward the more advanced Solutions Architect and DevOps Professional exams.

This guide gives you everything you need to pass CLF-C02 in 30 days, including the exam structure, every domain you'll be tested on, the services you must know, a study schedule, and proven test-taking strategies.

What Is the AWS Cloud Practitioner Exam?

The CLF-C02 is a 90-minute, 65-question exam that tests foundational knowledge of AWS. You don't need to be technical to pass it — but you do need to understand what cloud computing is, how AWS services work at a conceptual level, and the AWS shared responsibility model.

Exam details (2026):

  • Exam code: CLF-C02
  • Questions: 65 (50 scored, 15 unscored pilot questions)
  • Time: 90 minutes
  • Passing score: 700/1000 (70%)
  • Cost: $100 USD
  • Format: Multiple choice and multiple response
  • Delivery: Testing center or online proctored

The exam is genuinely accessible. A motivated beginner can pass with 2-4 weeks of focused study.

The 4 Domains You'll Be Tested On

AWS structures the CLF-C02 around four domains with different weightings:

DomainWeightTopics
Cloud Concepts24%Cloud benefits, economics, deployment models
Security and Compliance30%IAM, compliance, shared responsibility, security services
Cloud Technology & Services34%Core AWS services across compute, storage, database, networking, etc.
Billing, Pricing & Support12%Pricing models, cost tools, support plans

Security and Cloud Technology make up 64% of the exam — focus your energy here.

Domain 1: Cloud Concepts (24%)

What Is Cloud Computing?

Cloud computing is on-demand delivery of IT resources (compute, storage, databases, networking) over the internet with pay-as-you-go pricing. Instead of buying and maintaining physical servers, you rent capacity from AWS and only pay for what you use.

The 5 characteristics of cloud computing (NIST definition):

  1. On-demand self-service
  2. Broad network access
  3. Resource pooling
  4. Rapid elasticity
  5. Measured service

Cloud Deployment Models

  • Public cloud: Resources owned and operated by AWS, delivered over the internet (most AWS services)
  • Private cloud: Cloud infrastructure used exclusively by a single organization (on-premises)
  • Hybrid cloud: Combination of public and private — data on-premises, applications on AWS

Cloud Service Models

  • IaaS (Infrastructure as a Service): You manage the OS, middleware, applications. AWS manages hardware/virtualization. Example: EC2
  • PaaS (Platform as a Service): You manage applications/data. AWS manages everything else. Example: Elastic Beanstalk, RDS
  • SaaS (Software as a Service): You use the software. AWS manages everything. Example: Amazon WorkSpaces, Chime

Six Advantages of Cloud Computing (Know These)

  1. Trade fixed expense for variable expense — pay only for what you use
  2. Benefit from massive economies of scale — AWS buys hardware at huge discounts
  3. Stop guessing capacity — scale up or down as needed
  4. Increase speed and agility — provision resources in minutes, not weeks
  5. Stop spending money on data centers — focus on business, not infrastructure
  6. Go global in minutes — deploy in any AWS region with a few clicks

Domain 2: Security and Compliance (30%)

The Shared Responsibility Model

This is the single most tested concept in the entire exam. You will see 5-10 questions on this topic.

AWS is responsible for security OF the cloud:

  • Physical data centers and hardware
  • Networking infrastructure
  • Virtualization layer
  • Managed service infrastructure

You are responsible for security IN the cloud:

  • Your data and encryption
  • Identity and access management (IAM)
  • Operating system patches (for EC2)
  • Application security
  • Network/firewall configuration

The line shifts by service type: For EC2, you patch the OS. For Lambda, AWS patches everything — you're only responsible for your function code.

AWS Identity and Access Management (IAM)

IAM is how you control who can do what in your AWS account. It's tested heavily on the CCP exam.

IAM components:

  • Users: Individual people with long-term credentials
  • Groups: Collections of users with shared permissions
  • Roles: Temporary permissions for AWS services or external users
  • Policies: JSON documents defining permissions (Allow/Deny + Action + Resource)

IAM best practices:

  • Enable Multi-Factor Authentication (MFA) on the root account and all users
  • Follow the Principle of Least Privilege — grant only the permissions needed
  • Never use root account for everyday tasks
  • Use IAM roles for EC2 instances to access other services (not access keys)

Key Security Services

  • AWS Shield: DDoS protection (Standard = free, Advanced = paid)
  • AWS WAF: Web Application Firewall — filters malicious HTTP requests
  • Amazon GuardDuty: Threat detection using ML
  • AWS Inspector: Automated vulnerability scanning for EC2 and containers
  • AWS Artifact: Compliance reports and certifications (SOC 2, ISO 27001, PCI)
  • AWS CloudTrail: Logs all API calls in your account — the audit trail
  • Amazon Macie: Uses ML to find and protect sensitive data in S3

Compliance Programs

AWS maintains compliance with dozens of certifications: SOC 1/2/3, ISO 27001, PCI DSS, HIPAA, FedRAMP. You access compliance reports through AWS Artifact (free).

Domain 3: Cloud Technology & Services (34%)

Compute Services

Amazon EC2 — Virtual servers in the cloud

  • On-Demand: Pay by the hour/second, no commitment
  • Reserved: 1-3 year commitment, 30-72% discount
  • Spot: Bid on unused capacity, up to 90% discount, can be interrupted
  • Savings Plans: Flexible discount in exchange for usage commitment

AWS Lambda — Serverless compute

  • Run code without managing servers
  • Pay only when code runs (per invocation and duration)
  • Automatically scales from 0 to thousands of concurrent executions
  • Common uses: APIs, data processing, event-driven workloads

Amazon ECS / AWS Fargate — Container services

  • ECS: Run Docker containers on AWS
  • Fargate: Serverless containers (no EC2 to manage)

AWS Elastic Beanstalk — Platform as a Service for deploying applications

  • Upload your code, Beanstalk handles provisioning

Storage Services

Amazon S3 — Object storage

  • Store and retrieve any amount of data from anywhere
  • 11 nines of durability (99.999999999%)
  • Storage classes: Standard, Infrequent Access, Glacier (archival), Intelligent-Tiering
  • Use cases: backups, static websites, data lakes, media hosting

Amazon EBS — Block storage for EC2

  • Persistent disk attached to EC2 instances
  • Like a hard drive for your virtual server

Amazon EFS — Elastic File System

  • Managed NFS file storage shared across multiple EC2 instances

AWS Storage Gateway — Hybrid storage between on-premises and AWS

Database Services

Amazon RDS — Managed relational database

  • Supports MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora
  • AWS handles patches, backups, Multi-AZ failover

Amazon Aurora — AWS-native relational database

  • Up to 5x faster than MySQL, 3x faster than PostgreSQL
  • Serverless option available

Amazon DynamoDB — Managed NoSQL database

  • Key-value and document data model
  • Single-digit millisecond performance at any scale
  • Serverless (no provisioning required)

Amazon Redshift — Data warehousing

  • Petabyte-scale analytics
  • Optimized for complex queries over large datasets

Amazon ElastiCache — In-memory caching

  • Redis or Memcached
  • Reduces database load for frequently accessed data

Networking Services

Amazon VPC — Virtual Private Cloud

  • Your own isolated network within AWS
  • Define IP ranges, subnets, route tables, security groups

Amazon CloudFront — Content Delivery Network (CDN)

  • Cache content at edge locations globally
  • Reduces latency for users worldwide

Amazon Route 53 — DNS service

  • Domain registration and DNS routing
  • Health checks and traffic policies

AWS Direct Connect — Dedicated network connection from on-premises to AWS

  • More reliable and lower latency than internet

AWS VPN — Encrypted connection between your network and AWS

Management & Monitoring

AWS CloudWatch — Monitoring and observability

  • Metrics, logs, alarms, dashboards
  • Set alarms to notify you when metrics exceed thresholds

AWS CloudTrail — API audit logging

  • Who did what, when, from where in your AWS account

AWS Config — Resource configuration tracking and compliance

AWS Systems Manager — Operational hub for AWS resources

  • Run commands, patch management, parameter store

AWS Trusted Advisor — Recommendations across cost, security, performance, fault tolerance

AWS Organizations — Manage multiple AWS accounts centrally

  • Consolidated billing, service control policies

Domain 4: Billing, Pricing & Support (12%)

AWS Pricing Models

  • Pay-as-you-go: Pay for compute, storage, and data transfer as you use them
  • Save when you commit: Reserved Instances, Savings Plans — 30-72% discounts
  • Pay less by using more: Volume discounts on S3, data transfer
  • Pay less as AWS grows: AWS passes hardware savings to customers over time

Free Tier — AWS offers three types:

  1. Always Free: Lambda (1M requests/month), DynamoDB (25GB)
  2. 12 Months Free: EC2 (750 hrs/month t2.micro), S3 (5GB)
  3. Trials: Short-term free trials for specific services

Cost Management Tools

  • AWS Cost Explorer: Visualize and analyze spending over time
  • AWS Budgets: Set spending limits and receive alerts
  • AWS Pricing Calculator: Estimate costs before deploying
  • Cost and Usage Report (CUR): Detailed billing data for analysis

Support Plans

PlanCostFeatures
BasicFreeDocumentation, forums, Trusted Advisor (7 checks)
Developer$29/monthEmail support, business hours, 12-hour response
Business$100/month24/7 phone/email/chat, 1-hour response, full Trusted Advisor
Enterprise On-Ramp$5,500/monthTAM pool, 30-minute critical response
Enterprise$15,000/monthDedicated TAM, 15-minute critical response

TAM = Technical Account Manager: A dedicated AWS expert who proactively manages your account.

30-Day Study Schedule

Week 1: Cloud Concepts + Security

  • Days 1-2: Cloud computing fundamentals, deployment models, service models
  • Days 3-4: Shared responsibility model, IAM (users, groups, roles, policies)
  • Days 5-7: Security services (Shield, WAF, GuardDuty, CloudTrail), compliance

Week 2: Core Services

  • Days 8-9: Compute (EC2, Lambda, Fargate)
  • Days 10-11: Storage (S3, EBS, EFS, Glacier)
  • Days 12-14: Databases (RDS, DynamoDB, Aurora, ElastiCache)

Week 3: Networking + Management

  • Days 15-16: VPC, CloudFront, Route 53
  • Days 17-18: CloudWatch, CloudTrail, Config, Systems Manager
  • Days 19-21: Organizations, Trusted Advisor, Well-Architected Framework

Week 4: Billing + Practice Exams

  • Days 22-23: Pricing models, Free Tier, Cost Explorer, Budgets
  • Days 24-25: Support plans, AWS Partner Network
  • Days 26-30: Practice exam after practice exam until you're consistently hitting 80%+

Test-Taking Tips

1. Know the shared responsibility model cold. It appears on 5-10 questions. When in doubt, ask: is this securing hardware/infrastructure (AWS) or securing my data/config (me)?

2. "Most cost-effective" questions. When asked for the cheapest option, Reserved Instances or Savings Plans usually win over On-Demand for long-running predictable workloads.

3. Service purpose over configuration. CCP doesn't test how to configure services. It tests what they do and when you'd use them.

4. Watch for "not" in questions. "Which of the following is NOT AWS's responsibility?" These trip up many test-takers.

5. Eliminate obviously wrong answers. On multiple-choice questions, you can usually eliminate 2 answers immediately. Then reason through the remaining two.

6. Don't overthink it. Most questions have a clearly correct answer. If you're second-guessing, go with your first instinct.

What Comes After the CCP?

The CCP is the gateway, not the destination. After passing, most cloud engineers pursue:

  • AWS Solutions Architect Associate (SAA-C03) — The most career-relevant cert, deepens architectural knowledge
  • AWS SysOps Administrator Associate — For operations-focused roles
  • AWS Developer Associate — For developer/backend-heavy cloud roles
  • AWS DevOps Engineer Professional (DOP-C02) — Senior-level CI/CD and automation

The path: CCP → SAA → specialization or Professional level. Each step opens higher-paying roles.

*CloudPath Academy's Phase 1 curriculum is built around CCP exam preparation. You'll learn the concepts, take practice quizzes, and get AI-powered help from our cloud tutor — while building toward the hands-on experience that gets you hired beyond the cert.*

Get more guides like this

Get weekly cloud engineering guides — delivered Sundays. No spam. Unsubscribe anytime.

Ready to start your cloud engineering career?

CloudPath Academy gives you real hands-on experience — Jira sprints, production deployments, Ask Atlas AI mentor, and certifications.

Start Free