AWS Certified Cloud Practitioner (CLF-C02) #6 Domain 3-1 Core Services — Compute and Storage
With #5 we finished Domain 2. Now into the domain that carries the heaviest weight on the exam — Cloud Technology and Services (34%).
Almost every question in this domain takes the shape “Which service best fits this scenario?”. Rather than memorizing every feature of every service, it’s far more efficient to classify the kind of workload each service solves.
This post covers the front half of Domain 3 — compute and storage.
Compute services at a glance #
| Service | Abstraction level | Workload |
|---|---|---|
| EC2 | Virtual machine | The most general-purpose compute. OS of your choice, install whatever software you want |
| Lightsail | EC2 + prepackaged | Simple websites or small apps, flat-rate pricing |
| ECS / EKS | Container orchestration | Container-based microservices |
| Fargate | Serverless containers | Strips the node-management burden out of ECS/EKS |
| Lambda | Function-level serverless | Event-driven, short-running code |
| Elastic Beanstalk | App deployment automation | Upload code and AWS provisions the infrastructure |
| Batch | Batch jobs | Large-scale data processing |
| Outposts | On-prem AWS hardware | Data sovereignty + API consistency with AWS |
| Local Zones / Wavelength | Geographic extension | Single-digit ms latency / 5G workloads |
EC2 — Elastic Compute Cloud #
The most basic service providing virtual machines. We covered it in Basics Track #2.
Instance families #
EC2 instance names carry a family + generation + size (m5.large, c6i.xlarge).
| Family | Use |
|---|---|
| T (Burstable) | Workloads with low day-to-day traffic and occasional spikes (dev, small web) |
| M (General Purpose) | Balanced workloads. The most common pick |
| C (Compute Optimized) | CPU-intensive (batch processing, game servers) |
| R (Memory Optimized) | Memory-intensive (in-memory DBs, caches) |
| X / Z (High Memory) | Very large memory (SAP HANA-class) |
| I (Storage Optimized) | Fast local SSD (NoSQL DBs) |
| G / P (Accelerated) | GPU (ML, graphics) |
| A (Arm-based, Graviton) | Price-performance and power efficiency |
You don’t need to memorize every family for the exam. “GPU workloads go to G/P”, “memory-heavy goes to R”, “general-purpose is M” is enough.
EC2 instance pricing models (briefly) #
We cover pricing in detail in #8. The essentials:
| Model | Character |
|---|---|
| On-Demand | Pay for what you use. Most expensive but most flexible |
| Reserved Instance | 1- or 3-year commitment. Up to 75% off |
| Savings Plans | Hourly commitment. More flexible than RIs |
| Spot Instance | Uses idle capacity. Up to 90% off. Can be interrupted at any time |
| Dedicated Host | An entire physical server. Licensing and regulatory needs |
Lambda — serverless functions #
A service that runs your code with no server management.
| Attribute | Value |
|---|---|
| Max execution time | 15 minutes |
| Memory | 128 MB to 10 GB |
| Triggers | S3, API Gateway, SQS, EventBridge, and many more |
| Pricing | Request count + execution time (in milliseconds) |
| Free tier | 1M requests + 400,000 GB-seconds per month |
Exam patterns #
- “Automatically generate a thumbnail whenever an image is uploaded to S3” → Lambda + S3 events
- “Run a REST API with no server management” → Lambda + API Gateway
- “Data processing that takes more than an hour” → Lambda doesn’t fit (15-minute limit). Use ECS/Batch
- “Highly irregular usage, only fires occasionally” → Lambda (charged only for what you use)
ECS, EKS, Fargate — containers #
| Service | Meaning |
|---|---|
| ECS (Elastic Container Service) | AWS-native container orchestration |
| EKS (Elastic Kubernetes Service) | Managed Kubernetes |
| Fargate | The serverless mode for ECS/EKS — removes the node (EC2) management burden |
ECS’s two launch modes #
| Mode | Meaning |
|---|---|
| ECS on EC2 | You manage the EC2 nodes yourself |
| ECS on Fargate | No node management. Billed per container |
Exam patterns #
- “Run Docker containers without managing nodes” → Fargate
- “Use the standard Kubernetes interface and have AWS manage it” → EKS
- “Just run containers on AWS, nothing fancy” → ECS
- “We use Kubernetes on-prem and want the same tooling on AWS” → EKS (portability)
Elastic Beanstalk #
A service that deploys apps as a PaaS. Upload your code as a zip and AWS provisions EC2, ELB, and Auto Scaling automatically.
Supported platforms: Node.js, Python, Java, Ruby, Go, .NET, PHP, Docker, and more.
Exam patterns #
- “Deploy a Node.js app as fast as possible with minimal infrastructure setup” → Elastic Beanstalk
- “Keep existing EC2/ELB/Auto Scaling and just automate deployment” → CodeDeploy fits better than Beanstalk
Lightsail #
Provides a simple virtual server plus prepackaged apps (WordPress, LAMP, MEAN) on flat-rate pricing.
| Item | Value |
|---|---|
| Pricing | From $3.50/month |
| Includes | EC2 instance + data transfer + static IP + DNS + load balancing (optional) |
| Use cases | Personal blogs, small business websites |
EC2 vs Lightsail #
- EC2 — Powerful and flexible, but requires infrastructure knowledge. Usage-based pricing
- Lightsail — Simple. Flat rate. For beginners and small workloads
AWS Batch #
A managed service for batch jobs. Automatically schedules and retries hundreds to tens of thousands of jobs.
Exam patterns #
- “Batch-encode hundreds of thousands of videos” → AWS Batch
- “Process massive data overnight” → Batch
- “A short, one-shot data transformation” → Lambda
Outposts, Local Zones, Wavelength #
| Service | Meaning |
|---|---|
| Outposts | AWS hardware placed inside your data center. Data sovereignty + API consistency with AWS |
| Local Zones | Small region extensions placed in metropolitan areas. Single-digit ms latency |
| Wavelength | Inside 5G telco networks. Minimizes latency for mobile 5G users |
For the exam, just map use cases:
- Data must not leave the corporate data center → Outposts
- Gaming/media needing single-digit ms latency → Local Zones
- Minimum latency for 5G mobile users → Wavelength
Compute workload mapping #
| Scenario | Recommended service |
|---|---|
| Traditional web server | EC2 or Beanstalk |
| Event-driven short code | Lambda |
| Processing that takes 1+ hours | EC2, ECS, Batch |
| Containers without managing nodes | Fargate |
| Kubernetes standard | EKS |
| Upload code and let AWS handle infrastructure | Elastic Beanstalk |
| Personal blog or small site | Lightsail |
| Large-scale batch jobs | Batch |
| Keep data on-prem but use AWS APIs | Outposts |
| GPU ML workloads | EC2 G/P family |
| Physical server required for licensing | Dedicated Host |
Storage services at a glance #
| Service | Type | Character |
|---|---|---|
| S3 | Object storage | The most general. Infinite scale. HTTP/HTTPS |
| EBS | Block storage | EC2’s disk |
| EFS | File storage (Linux) | Multiple EC2 instances mount simultaneously |
| FSx | File storage (specialized) | Windows / Lustre / NetApp / OpenZFS |
| Storage Gateway | Hybrid | Bridges on-prem ↔ AWS storage |
| Snow Family | Data transfer devices | Petabyte-scale offline transfer |
| Backup | Unified backup | Consolidates backup policies across services |
S3 (Simple Storage Service) #
The standard for object storage. Files are accessed by URL.
Characteristics #
- Infinite scale — Practically no limit on object count or total capacity
- Up to 5 TB per object
- 99.999999999% (11 9s) durability — Automatically replicated across multiple facilities
- Bucket names are globally unique
- Looks global, but data lives in a region
S3 Storage Classes #
The most frequently tested area. Tiers based on access frequency.
| Class | Character | Use case |
|---|---|---|
| S3 Standard | Immediate access, multi-AZ | Frequently accessed data |
| S3 Intelligent-Tiering | Auto-tiers data | Irregular or unpredictable access patterns |
| S3 Standard-IA (Infrequent Access) | Immediate access, lower GB cost, retrieval fees apply | Less than once a month |
| S3 One Zone-IA | IA + single AZ. Cheaper, lower availability | Reproducible backups |
| S3 Glacier Instant Retrieval | Immediate access, archive pricing | About once a quarter |
| S3 Glacier Flexible Retrieval | Minutes-to-hours retrieval | Once or twice a year |
| S3 Glacier Deep Archive | 12-hour retrieval, cheapest of all | Legal retention (7+ years) |
Exam patterns #
- “Accessed about once a month but must be retrieved immediately” → S3 Standard-IA
- “Access pattern is unpredictable, optimize automatically” → Intelligent-Tiering
- “7-year legal retention, almost never accessed, lowest cost possible” → Glacier Deep Archive
- “Reproducible backup, minimize cost” → One Zone-IA
S3 Lifecycle Policy #
A rule that automatically moves objects to another class after a time threshold.
Object created → after 30 days move to Standard-IA → after 90 days to Glacier → after 1 year deleteS3 security #
| Feature | Description |
|---|---|
| Block Public Access | Account/bucket/object-level public block |
| Bucket Policy | Bucket-level access policy (JSON) |
| ACL (Access Control List) | Object-level permissions (legacy, not recommended) |
| Encryption | SSE-S3 / SSE-KMS / SSE-C / client-side |
| Versioning | Keeps versions of objects; recovers from accidental deletes or overwrites |
| MFA Delete | Requires MFA to delete objects (only root can enable) |
Common S3 scenarios on the exam #
- “Static website hosting” → S3 (Static Website Hosting)
- “Upload a single object larger than 5 GB” → Multipart Upload
- “Grant temporary download access to a third party” → Pre-signed URL
- “Replicate S3 objects to another region” → Cross-Region Replication (CRR)
- “Replication within the same region” → Same-Region Replication (SRR)
EBS (Elastic Block Store) #
EC2’s disk.
| Attribute | Value |
|---|---|
| Mount | Mounts to a single EC2 instance (Multi-Attach option exists) |
| AZ-bound | An EBS volume is bound to one AZ. EC2 in another AZ cannot use it |
| Snapshots | Stored in S3, can be copied to other regions |
| Types | gp3 (general-purpose SSD), io2 (high-performance SSD), st1 (throughput HDD), sc1 (low-cost HDD) |
Exam patterns #
- “EC2’s boot disk” → EBS
- “EC2 in another AZ mounts the same disk” → Not possible. Use EFS
- “EBS backup” → Snapshot (stored in S3)
EFS (Elastic File System) #
File storage that multiple EC2 instances mount simultaneously. Linux only (NFS).
| Attribute | Value |
|---|---|
| Concurrent mounts | Thousands of EC2 instances on the same filesystem |
| Auto-scaling | Grows automatically as you use it |
| Multi-AZ | A single EFS is usable from EC2 instances in multiple AZs |
| Classes | Standard / Infrequent Access |
Exam patterns #
- “Multiple EC2 instances share files with read/write” → EFS
- “Shared files for Windows servers” → EFS doesn’t fit. FSx for Windows
FSx #
Managed file systems for specialized workloads.
| Type | Use |
|---|---|
| FSx for Windows File Server | SMB for Windows environments |
| FSx for Lustre | HPC and ML high-performance compute |
| FSx for NetApp ONTAP | NetApp compatibility |
| FSx for OpenZFS | OpenZFS workloads |
For the exam, just map:
- Windows SMB share → FSx for Windows
- HPC, ML → FSx for Lustre
Storage Gateway — hybrid storage #
A gateway that bridges on-prem and AWS storage.
| Type | Use |
|---|---|
| File Gateway | On-prem NFS/SMB ↔ S3 |
| Volume Gateway | Block volume backup |
| Tape Gateway | Virtual tape backup → S3 / Glacier |
Exam scenario: “Move on-prem backup tape systems to the cloud” → Tape Gateway.
Snow Family — bulk data transfer #
| Device | Capacity |
|---|---|
| Snowcone | 8 TB SSD / 14 TB HDD |
| Snowball Edge | 80 TB or 210 TB |
| Snowmobile | 100 PB (an actual truck) |
Petabyte-scale data is shipped on physical devices rather than over the internet.
Exam scenario: “Move 500 TB from the corporate data center to AWS in one shot, internet is slow” → Snowball Edge.
AWS Backup — unified backup #
Consolidates backups across services (EBS, RDS, EFS, DynamoDB, FSx, and more) into a single policy.
Storage workload mapping #
| Scenario | Recommended service |
|---|---|
| General object storage (files, images, logs) | S3 |
| EC2 boot disk or DB disk | EBS |
| Shared files across Linux EC2 instances | EFS |
| Windows shared files (SMB) | FSx for Windows |
| HPC/ML high-performance file system | FSx for Lustre |
| Accessed about once a month | S3 Standard-IA |
| Quarterly, but must be immediate | S3 Glacier Instant Retrieval |
| Almost never accessed, cheapest possible | S3 Glacier Deep Archive |
| On-prem backups into the cloud | Storage Gateway (Tape) |
| Petabyte-scale data transfer | Snowball Edge, Snowmobile |
| Unified backup management | AWS Backup |
Common traps #
1) Picking Lambda as the answer to everything compute #
Lambda has a 15-minute limit. Long jobs go to ECS/Batch.
2) EBS Multi-AZ #
EBS is bound to a single AZ by default. EC2 in another AZ cannot mount the same disk. For sharing, use EFS.
3) EFS and Windows #
EFS is Linux NFS only. For Windows, use FSx for Windows.
4) Assuming all S3 Glacier classes are instantly retrievable #
Glacier classes have different retrieval times. Only Instant Retrieval is immediate; the others take minutes to hours.
5) Trying to memorize every EC2 instance family #
T, M, C, R, G, and P are plenty. You don’t need to memorize every generation and size.
6) Dismissing Lightsail #
In small-scale, flat-rate scenarios, Lightsail is the right answer more often than you’d expect.
Wrap-up #
What this post locked in:
- Compute — EC2 (VM) / Lambda (serverless) / ECS, EKS, Fargate (containers) / Beanstalk (PaaS) / Lightsail (small flat-rate) / Batch (batch jobs) / Outposts (hybrid)
- Workload → service mapping is the core
- EC2 instance families — T, M, C, R, G, P and friends classified by purpose
- Storage — S3 (object) / EBS (block) / EFS (Linux file) / FSx (specialized file) / Storage Gateway (hybrid) / Snow (offline transfer)
- S3 Storage Classes — Standard / Intelligent-Tiering / Standard-IA / One Zone-IA / three Glacier flavors (Instant, Flexible, Deep Archive)
- Lifecycle Policies for automatic tier transitions
- Traps — Lambda’s 15-minute limit, EBS’s AZ binding, EFS being Linux-only, Glacier retrieval times, over-memorizing instance families
Next — Domain 3-2 Networking and Databases #
On to the back half of Domain 3.
#7 Domain 3-2 Core Services — Networking and Databases covers VPC, Subnet, Route 53, CloudFront, the four flavors of ELB, VPN, Direct Connect, and Global Accelerator, plus the classification and use-case mappings for RDS, Aurora, DynamoDB, ElastiCache, and Redshift.