This chapter introduces the fundamental concepts of cloud computing and the AWS global infrastructure. It explains why businesses are migrating to the cloud and how AWS delivers on-demand IT resources over the internet. For the CLF-C02 exam, this objective falls under Domain 1: Cloud Concepts, which carries approximately 24% of the total exam weight. Mastering these basics is essential because every other AWS service builds on this foundation.
Jump to a section
Imagine you need electricity to run your home. You could buy a generator, fuel it, maintain it, and replace it when it breaks. That's on-premises IT: you own all the hardware and bear all the cost and risk. Alternatively, you can connect to the city power grid. The utility company owns the massive power plants, transformers, and transmission lines. You pay only for the electricity you consume (per kilowatt-hour), with no upfront investment. If you need more power for a holiday party, the grid supplies it instantly—you don't buy a second generator. If demand drops, you pay less. AWS works exactly like this: it owns vast data centers full of servers, storage, and networking equipment. You provision virtual servers (EC2 instances) and storage (S3 buckets) on demand, paying per hour or per gigabyte. You never touch physical hardware. Scaling up or down is automatic and immediate. The 'meter' is your AWS bill, which itemizes every service used. Just as the utility company handles power outages and upgrades, AWS handles hardware failures and software patching. This analogy captures the core mechanism: shared infrastructure, elastic capacity, and pay-as-you-go pricing.
What is Cloud Computing?
Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you access technology services from a cloud provider like AWS as you need them. The National Institute of Standards and Technology (NIST) defines five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. AWS meets all five. You provision resources via a web console, CLI, or API without human interaction. Resources are accessible over the network by standard protocols. AWS pools its compute, storage, and networking capacity to serve multiple customers, with physical and virtual isolation. You can scale resources up or down almost instantly, and AWS meters your usage for billing.
The Problem Cloud Computing Solves
Before cloud computing, organizations had to estimate their IT capacity needs in advance. They purchased servers, installed them in data centers, and paid for power, cooling, and staff. This led to either over-provisioning (wasting money on idle resources) or under-provisioning (losing revenue due to poor performance). Cloud computing eliminates this guesswork. You can provision exactly the resources you need, when you need them, and pay only for what you use. AWS also handles the undifferentiated heavy lifting of IT: patching operating systems, replacing failed disks, and managing network cables. This frees your team to focus on building applications that create business value.
AWS Global Infrastructure
AWS operates in geographic regions around the world. A region is a physical location with multiple Availability Zones (AZs). An AZ is one or more discrete data centers with redundant power, networking, and connectivity. AZs are isolated from each other but connected by low-latency links. This design enables high availability and fault tolerance. For example, you can run an application in two AZs so that if one AZ fails, the other takes over. As of 2025, AWS has over 30 regions worldwide, each with at least three AZs. You choose a region based on proximity to customers, compliance requirements, and service availability. Edge locations are separate from regions and are used by Amazon CloudFront (CDN) to cache content closer to users, reducing latency.
Key AWS Services Overview
Amazon EC2 (Elastic Compute Cloud): Virtual servers in the cloud. You choose an instance type (CPU, memory, storage) and an operating system. You pay per second (or per hour) while the instance is running. You can stop, start, or terminate instances at any time.
Amazon S3 (Simple Storage Service): Object storage for any type of file. Data is stored in buckets and is highly durable (99.999999999% durability). You pay per GB stored per month plus data transfer costs.
Amazon VPC (Virtual Private Cloud): A logically isolated network within AWS where you launch resources. You define IP address ranges, subnets, route tables, and gateways.
AWS IAM (Identity and Access Management): Securely manage access to AWS services and resources. Create users, groups, roles, and policies.
AWS Lambda: Serverless compute. You upload code, and AWS runs it in response to events (e.g., an S3 upload) without provisioning servers. You pay only for compute time consumed.
Pricing Models
AWS offers several pricing models: - On-Demand: Pay for compute or storage by the hour/second with no long-term commitments. Ideal for unpredictable workloads. - Reserved Instances (RIs): Reserve capacity for 1 or 3 years and receive a discount (up to 72%) compared to on-demand. Best for steady-state workloads. - Savings Plans: Similar to RIs but more flexible. You commit to a consistent amount of compute usage ($/hour) for 1 or 3 years and get discounts. - Spot Instances: Purchase unused EC2 capacity at up to 90% off. Instances can be terminated by AWS with two minutes notice. Good for fault-tolerant, flexible workloads like batch processing. - Free Tier: New AWS customers get free usage of certain services for 12 months (e.g., 750 hours of EC2 t2.micro per month, 5 GB of S3 storage).
Comparison to On-Premises
| Aspect | On-Premises | AWS Cloud | |--------|-------------|-----------| | Capital Expenditure | High upfront hardware cost | No upfront cost; operational expense | | Scalability | Fixed capacity; slow to scale | Elastic; scale up/down in minutes | | Maintenance | You handle all maintenance | AWS handles hardware and facility | | Availability | Single site risk | Multi-AZ, multi-region options | | Security | Physical control but limited expertise | Shared responsibility model |
When to Use AWS vs Alternatives
AWS is best when you need a broad range of services, global reach, and deep integration. Alternatives include Microsoft Azure (better for Microsoft-centric shops) and Google Cloud (strong in data analytics and Kubernetes). For the CLF-C02 exam, you must know that AWS is the largest public cloud provider by market share and offers the most services. The exam tests your understanding of the cloud computing model, not comparisons between providers.
Shared Responsibility Model
Security and compliance are shared between AWS and the customer. AWS is responsible for the security OF the cloud: physical data centers, hardware, software, networking, and facilities. The customer is responsible for security IN the cloud: customer data, encryption, operating system patches, firewall configurations, and IAM. This model is a key exam topic. For example, if an EC2 instance is compromised due to an unpatched OS, that's the customer's fault, not AWS's. If an AWS data center experiences a breach, that's AWS's responsibility.
Create an AWS Account
Go to aws.amazon.com and click 'Create an AWS Account'. Provide your email, password, and contact information. You must enter a credit card for billing, even if you only use the Free Tier. AWS verifies your identity via a phone call or SMS. Once created, you have a root user with full access. For security, enable Multi-Factor Authentication (MFA) on the root account immediately. The root user should not be used for daily tasks; instead, create IAM users with limited permissions.
Set Up IAM Users and Groups
Open the IAM console. Create an IAM user for yourself (e.g., 'admin-user'). Attach the 'AdministratorAccess' policy to grant full permissions. Also create a group called 'Developers' and attach policies like 'AmazonEC2FullAccess'. Add the user to the group. Generate an access key and secret key for programmatic access (CLI/SDK). Store credentials securely. Never share your root user credentials. IAM is global; you manage users from any region.
Launch an EC2 Instance
Navigate to the EC2 console. Click 'Launch Instance'. Choose an Amazon Machine Image (AMI) like Amazon Linux 2 (free tier eligible). Select an instance type, e.g., t2.micro (1 vCPU, 1 GB RAM). Configure instance details: default VPC, subnet, and auto-assign public IP. Add storage: default 8 GB gp2 root volume. Add tags (e.g., Name=WebServer). Configure security group: allow SSH (port 22) from your IP only. Review and launch. Select an existing key pair or create a new one to download the .pem file. The instance will start in a few minutes.
Connect to the EC2 Instance
From your terminal, use SSH to connect: `ssh -i /path/to/key.pem ec2-user@<public-ip>`. The default user for Amazon Linux is 'ec2-user'. Once connected, you can install software, update packages, or configure the server. For Windows instances, use Remote Desktop Protocol (RDP). The instance has a public IP and DNS name. If you stop and start the instance, the public IP may change (unless you allocate an Elastic IP). Remember to terminate the instance when done to avoid charges.
Store a File in Amazon S3
Open the S3 console. Click 'Create bucket'. Enter a globally unique name (e.g., 'my-first-bucket-2025'). Choose a region (e.g., US East (N. Virginia)). Keep default settings for block public access. Click 'Create'. Then upload a file: click the bucket name, then 'Upload', add a file (e.g., a text file), and click 'Upload'. By default, objects are private. To make it public, modify the bucket policy or object ACL. S3 offers 99.999999999% durability; data is replicated across multiple devices. You pay for storage per GB per month and for requests (GET, PUT, etc.).
Monitor Usage with AWS Billing
Go to the Billing and Cost Management console. View the 'Dashboard' for a summary of current month charges. Set up a billing alarm via CloudWatch: create a metric filter for 'EstimatedCharges' and set a threshold (e.g., $10). You'll receive an email alert if costs exceed the threshold. Use AWS Cost Explorer to analyze historical spending. Enable Budgets to set custom budgets and receive alerts. Always check the Free Tier usage to avoid unexpected charges. The exam may ask about the 'AWS Free Tier' limits, such as 750 hours of EC2 t2.micro per month for 12 months.
Scenario 1: Startup Launching a Web Application
A startup needs to launch a web application quickly with minimal upfront cost. They use AWS to provision a t3.medium EC2 instance running a Node.js app, with an RDS MySQL database in Multi-AZ for high availability. They store user uploads in S3 and serve static content via CloudFront. This setup costs about $150/month during development. As user traffic grows, they enable Auto Scaling to add instances automatically. They use Elastic Load Balancing to distribute traffic. Without AWS, they would need to buy servers, rent a data center, and hire a network engineer—costing tens of thousands upfront. The startup can scale from 100 to 100,000 users without re-architecting. A common mistake is forgetting to set up CloudWatch alarms; one startup ran up a $5,000 bill because a developer left a large EC2 instance running over a weekend.
Scenario 2: Enterprise Migrating from On-Premises
A large bank wants to migrate its legacy customer portal to AWS to reduce data center costs. They use AWS Migration Hub to track the migration. They perform a server lift-and-shift: use AWS Server Migration Service to replicate on-premises VMs to EC2. They re-host the database using AWS Database Migration Service to move from Oracle to Amazon Aurora. After migration, they decommission the on-premises hardware, saving $2 million/year in power and cooling. However, they must ensure compliance with financial regulations. They use AWS Artifact to access compliance reports and configure AWS Config rules to enforce encryption. A pitfall is underestimating the complexity of network connectivity: they need AWS Direct Connect for a dedicated private connection, which takes weeks to provision. Without proper planning, the migration timeline slips.
Scenario 3: Media Company with Variable Workloads
A video streaming service experiences huge spikes during live events. They use EC2 Spot Instances for transcoding jobs, which are fault-tolerant and can handle interruptions. During a major event, they spin up 500 Spot Instances to transcode 4K video, paying 70% less than on-demand. They store the output in S3 and serve via CloudFront. The cost for the event is $200 instead of $700. However, if the Spot price spikes or capacity becomes unavailable, the transcoding might fail. They mitigate by using a mix of Spot and On-Demand instances with a Spot Fleet. A common error is not using Spot Instance interruption notices; AWS gives a two-minute warning, and the application must save state and exit gracefully. Without that, transcoded partial files are lost and must be restarted.
What CLF-C02 Tests on Cloud Concepts
Domain 1 (Cloud Concepts) makes up 24% of the exam. The questions focus on: defining cloud computing, understanding the six advantages of cloud (trade capital expense for variable expense, benefit from massive economies of scale, stop guessing capacity, increase speed and agility, stop spending money on running and maintaining data centers, go global in minutes), and identifying AWS global infrastructure components (Regions, Availability Zones, Edge Locations). You must also know the AWS Shared Responsibility Model and the difference between CapEx and OpEx. The exam does NOT ask detailed pricing or specific instance types; it tests concepts.
Common Wrong Answers and Why
Choosing 'Regions are isolated from each other but connected by low-latency links' as false. Actually, regions are isolated (no automatic replication) but can be connected via peering or VPN. They are NOT connected by low-latency links; that's Availability Zones. Candidates confuse AZs and Regions.
Selecting 'AWS is responsible for patching the guest operating system on EC2'. This is false per the Shared Responsibility Model. AWS patches the hypervisor and physical hardware, but the customer patches the OS. Candidates think 'managed service' means AWS does everything.
Thinking 'Elasticity means you can only scale up, not down'. Elasticity means both scaling up and down automatically. Candidates focus on 'elastic' as 'stretchy' only one way.
Believing 'The Free Tier lasts forever'. It lasts 12 months for new accounts. Some services have always-free offers (e.g., 1 million Lambda requests per month), but the 12-month limit applies to introductory offers.
Specific Terms to Know
Region: A geographic area with 2+ AZs. Example: us-east-1.
Availability Zone: One or more data centers. Example: us-east-1a.
Edge Location: A site for CloudFront caching, not a full region.
CapEx vs OpEx: CapEx is upfront hardware cost; OpEx is variable usage cost.
6 Advantages of Cloud: Trade fixed for variable, economies of scale, stop guessing capacity, increase speed and agility, stop maintaining data centers, go global quickly.
Decision Rule for Multiple Choice
If a question asks about 'who is responsible for X', identify whether X is about the physical infrastructure (AWS) or customer data/OS (customer). If a question asks about 'scalability vs elasticity', scalability is the ability to handle growth; elasticity is automatic scaling in both directions. For 'high availability', look for answers mentioning multiple AZs. For 'fault tolerance', look for automatic failover. Eliminate any answer that mentions 'single point of failure' or 'manual intervention' as incorrect for high availability.
Cloud computing delivers on-demand IT resources over the internet with pay-as-you-go pricing.
AWS global infrastructure consists of Regions, Availability Zones, and Edge Locations.
The Shared Responsibility Model: AWS secures the cloud; customers secure what's in the cloud.
The six advantages of cloud computing include trade capital expense for variable expense and benefit from economies of scale.
Elasticity is the ability to automatically scale resources up and down based on demand.
The Free Tier offers 12 months of free usage for new accounts with specific limits.
IAM users and groups should be used instead of the root account for daily operations.
These come up on the exam all the time. Here's how to tell them apart.
Region
A geographic area with 2 or more AZs
Resources in different regions are isolated from each other
Latency between regions is tens of milliseconds
Used for disaster recovery across geographic distances
Example: us-east-1 (N. Virginia)
Availability Zone
One or more data centers within a region
AZs are connected by low-latency, high-bandwidth links
Latency between AZs is under 10 milliseconds
Used for high availability and fault tolerance within a region
Example: us-east-1a
Mistake
The cloud is always cheaper than on-premises.
Correct
Cloud can be cheaper for variable workloads but may be more expensive for steady-state, high-utilization workloads. AWS pricing models like Reserved Instances can reduce cost, but you must analyze total cost of ownership (TCO).
Mistake
AWS owns all the data you store in S3.
Correct
You own your data. AWS is a custodian. The Shared Responsibility Model states you control access and encryption. AWS cannot access your data without your permission.
Mistake
An Availability Zone is a single data center.
Correct
An AZ can consist of multiple data centers, but they are treated as a single failure domain. AWS does not disclose the exact number of data centers per AZ.
Mistake
You can use the root user for daily administrative tasks.
Correct
AWS strongly discourages this. The root user has unrestricted access and cannot be limited by IAM policies. Use IAM users with least privilege instead.
Mistake
The Free Tier gives you unlimited usage of all services.
Correct
The Free Tier has specific limits: e.g., 750 hours of EC2 t2.micro per month, 5 GB of S3 storage, 1 million Lambda requests. Exceeding these limits incurs charges.
Scalability is the ability of a system to handle increased load by adding resources, either manually or automatically. Elasticity is a specific type of scalability where resources are automatically provisioned and de-provisioned in real-time to match demand. For example, an Auto Scaling group that adds EC2 instances during a traffic spike and removes them when traffic drops demonstrates elasticity. The exam tests that elasticity includes scaling both up and down automatically.
Every region has at least two Availability Zones (AZs), and most have three or more. For example, US East (N. Virginia) has six AZs. AZs are isolated from each other to prevent single points of failure. The exam may ask you to identify that a region must have at least two AZs to enable high availability.
The AWS Free Tier provides new customers free usage of select services for 12 months after account creation. It includes 750 hours of EC2 t2.micro per month, 5 GB of S3 storage, 1 million Lambda requests per month, and more. Some services have an 'always free' tier (e.g., 10 GB of CloudWatch logs per month). Exceeding the limits incurs standard charges. The exam may ask about the duration and limits of the Free Tier.
According to the AWS Shared Responsibility Model, the customer is responsible for patching the guest operating system and applications on EC2 instances. AWS is responsible for patching the hypervisor and physical hardware. The exam tests this distinction: AWS manages 'security of the cloud' (physical), while customers manage 'security in the cloud' (OS, apps, data).
A Region is a full AWS data center location with multiple AZs, offering a wide range of services. An Edge Location is a smaller site used primarily by Amazon CloudFront to cache content closer to users, reducing latency. Edge Locations do not run compute or storage services like EC2 or S3 (except for specific services like Lambda@Edge). The exam expects you to know that Edge Locations are for content delivery, not general computing.
No. AWS recommends creating IAM users with minimal permissions for daily tasks. The root user has unrestricted access and cannot be limited by policies. If the root user credentials are compromised, the entire account is at risk. Enable MFA on the root account and store its credentials securely. The exam often includes a question about best practices for securing the root user.
It defines the division of security responsibilities between AWS and the customer. AWS is responsible for the security 'of' the cloud: physical data centers, hardware, software, networking, and facilities. The customer is responsible for security 'in' the cloud: customer data, encryption, OS patching, firewall rules, and IAM. The exam tests this model extensively, often with scenarios asking who is responsible for a specific security task.
You've just covered AWS Cloud Overview — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?