AWS offers over 200 services, but certification exams consistently test a core subset of 30-40 services that appear across virtually every exam level. Knowing this subset thoroughly is more valuable than having surface-level awareness of the entire catalog. This cheat sheet covers the services that appear most frequently on AWS certification exams from Cloud Practitioner (CLF-C02) through Solutions Architect Professional (SAP-C02), organized by category with exam-relevant details.
Use this as a quick-reference companion to your primary study materials. For each service, we include what it does, when the exam expects you to recommend it, and the most common exam traps.
Compute Services
Compute is the backbone of every AWS exam. The distinction between EC2, Lambda, ECS, and Fargate appears in some form on every certification.
Amazon EC2 (Elastic Compute Cloud)
Amazon EC2 -- a web service that provides resizable virtual servers (instances) in the cloud, giving users full control over the operating system, networking, and storage configuration.
Key exam facts:
- Instance families: General Purpose (T, M), Compute Optimized (C), Memory Optimized (R, X), Storage Optimized (I, D), Accelerated Computing (P, G)
- Pricing models: On-Demand, Reserved Instances (1 or 3 year), Spot Instances (up to 90% discount), Savings Plans
- Placement Groups: Cluster (low latency), Spread (high availability), Partition (large distributed workloads like Hadoop)
- Auto Scaling: Launches or terminates instances based on demand using scaling policies
| Pricing Model | Discount | Commitment | Best For |
|---|---|---|---|
| On-Demand | None | None | Short-term, unpredictable workloads |
| Reserved Instance | Up to 72% | 1 or 3 years | Steady-state, predictable workloads |
| Spot Instance | Up to 90% | None (can be interrupted) | Fault-tolerant, flexible workloads |
| Savings Plans | Up to 72% | 1 or 3 years | Flexible across instance types |
AWS Lambda
AWS Lambda -- a serverless compute service that runs code in response to events without provisioning or managing servers, charging only for the compute time consumed during execution.
- Maximum execution timeout: 15 minutes
- Memory allocation: 128 MB to 10,240 MB
- Triggers: S3 events, API Gateway, SQS, DynamoDB Streams, EventBridge, and many more
- Common exam trap: Lambda is not suitable for long-running processes (over 15 minutes) -- use ECS or Step Functions instead
Amazon ECS and AWS Fargate
- Amazon ECS (Elastic Container Service): Orchestration service for Docker containers
- AWS Fargate: Serverless compute engine for ECS and EKS -- no EC2 instances to manage
- Amazon EKS (Elastic Kubernetes Service): Managed Kubernetes service
The exam tests whether you can choose between EC2, Lambda, ECS/Fargate, and EKS based on the workload requirements. A microservices architecture with containerized applications points to ECS or EKS. A short-lived event-driven function points to Lambda. A legacy application requiring full OS control points to EC2.
Storage Services
Amazon S3 (Simple Storage Service)
S3 is the most tested AWS service across all certification levels. You must know the storage classes, lifecycle policies, versioning, and access controls.
Storage classes:
- S3 Standard: General-purpose, high availability (99.99%), low latency
- S3 Intelligent-Tiering: Automatically moves data between tiers based on access patterns
- S3 Standard-IA (Infrequent Access): Lower cost for data accessed less frequently, minimum 30-day storage
- S3 One Zone-IA: Same as Standard-IA but stored in a single AZ (lower cost, lower resilience)
- S3 Glacier Instant Retrieval: Archive storage with millisecond retrieval
- S3 Glacier Flexible Retrieval: Archive with retrieval in minutes to hours
- S3 Glacier Deep Archive: Lowest cost, retrieval in 12-48 hours
"S3 is not just storage -- it is the data lake foundation, the static website host, the backup target, and the event trigger. Understanding S3 deeply is non-negotiable for any AWS exam." -- Adrian Cantrill, AWS Certified Instructor and Course Author
Amazon EBS (Elastic Block Store)
- Block storage volumes attached to EC2 instances
- Types: gp3 (general purpose SSD), io2 (provisioned IOPS SSD), st1 (throughput-optimized HDD), sc1 (cold HDD)
- EBS volumes are AZ-specific -- they cannot be attached to instances in a different AZ
- Snapshots are stored in S3 and are region-level (can be copied across regions)
Amazon EFS (Elastic File System)
- Managed NFS file system shared across multiple EC2 instances
- Supports Linux workloads (not Windows -- use FSx for Windows File Server)
- Scales automatically, no pre-provisioning required
- Can be accessed across multiple AZs within a region
Storage Comparison
| Service | Type | Access | Use Case |
|---|---|---|---|
| S3 | Object | HTTP/HTTPS | Backups, data lakes, static hosting |
| EBS | Block | Attached to EC2 | Databases, boot volumes |
| EFS | File (NFS) | Shared across EC2 | Shared application data, CMS |
| FSx | File (Windows/Lustre) | SMB/Lustre | Windows apps, HPC |
Database Services
Amazon RDS (Relational Database Service)
- Managed relational databases: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Amazon Aurora
- Multi-AZ deployment for high availability (synchronous standby replica)
- Read Replicas for read scaling (asynchronous replication, up to 15 for Aurora)
- Automated backups with point-in-time recovery
Amazon Aurora
- MySQL and PostgreSQL compatible, designed for the cloud
- Up to 5x throughput of standard MySQL, 3x throughput of standard PostgreSQL
- Storage auto-scales up to 128 TB
- 6 copies of data across 3 AZs by default
Amazon DynamoDB
- Fully managed NoSQL key-value and document database
- Single-digit millisecond performance at any scale
- Capacity modes: On-Demand (pay per request) and Provisioned (specify read/write capacity units)
- DynamoDB Streams: Captures changes to items for event-driven processing
- Global Tables: Multi-region, multi-active replication
- DAX (DynamoDB Accelerator): In-memory cache for DynamoDB, microsecond response times
Amazon ElastiCache
- Managed in-memory caching service
- Supports Redis and Memcached
- Use cases: session management, real-time leaderboards, caching frequently accessed database queries
Neal Davis, the founder of Digital Cloud Training, frequently emphasizes the importance of knowing when to choose RDS vs. DynamoDB on AWS exams. The decision typically comes down to whether the data model is relational (RDS) or requires flexible schema and extreme scalability (DynamoDB).
Networking and Content Delivery
Amazon VPC (Virtual Private Cloud)
- Isolated virtual network within AWS
- Components: Subnets (public/private), Route Tables, Internet Gateway, NAT Gateway, Security Groups, NACLs
- Security Groups: Stateful, instance-level firewall (allow rules only)
- NACLs (Network ACLs): Stateless, subnet-level firewall (allow and deny rules)
Stateful vs. Stateless firewalls -- stateful firewalls (Security Groups) automatically allow return traffic for an allowed inbound connection, while stateless firewalls (NACLs) evaluate inbound and outbound traffic independently, requiring explicit rules for both directions.
Elastic Load Balancing
Three types of load balancers:
- Application Load Balancer (ALB): Layer 7 (HTTP/HTTPS), path-based and host-based routing
- Network Load Balancer (NLB): Layer 4 (TCP/UDP), ultra-low latency, millions of requests per second
- Gateway Load Balancer (GWLB): Layer 3, for deploying third-party virtual appliances
Amazon CloudFront
- Global content delivery network (CDN)
- Caches content at edge locations worldwide (over 450 edge locations)
- Integrates with S3, ALB, EC2, and Lambda@Edge
- Supports custom SSL certificates and geo-restriction
Amazon Route 53
- Managed DNS service
- Routing policies: Simple, Weighted, Latency-based, Failover, Geolocation, Geoproximity, Multivalue
- Health checks for automated failover
- Domain registration
Security, Identity, and Compliance
AWS IAM (Identity and Access Management)
- Users, Groups, Roles, Policies
- Policy types: Identity-based, Resource-based, Permission boundaries, SCPs (Service Control Policies)
- IAM Roles: Temporary credentials for cross-account access, EC2 instance profiles, Lambda execution roles
- MFA (Multi-Factor Authentication): Strongly recommended for root account and privileged users
AWS KMS (Key Management Service)
- Create and manage encryption keys
- Integrates with S3, EBS, RDS, and most AWS services
- Customer Managed Keys (CMK) vs. AWS Managed Keys
- Automatic key rotation available
AWS CloudTrail
- Records API calls across your AWS account
- Governance, compliance, and operational auditing
- Logs who did what, when, and from where
- Can deliver logs to S3 and CloudWatch Logs
Other Security Services
- AWS WAF: Web Application Firewall for ALB, CloudFront, API Gateway
- AWS Shield: DDoS protection (Standard is free, Advanced is paid)
- Amazon GuardDuty: Threat detection using ML on CloudTrail, VPC Flow Logs, DNS logs
- AWS Config: Tracks resource configurations and compliance over time
- Amazon Inspector: Automated vulnerability assessment for EC2 and ECR images
Management and Monitoring
Amazon CloudWatch
- Metrics, alarms, logs, dashboards
- Custom metrics for application-specific monitoring
- CloudWatch Logs: Centralized log collection and analysis
- CloudWatch Events/EventBridge: Event-driven automation
AWS CloudFormation
- Infrastructure as Code (IaC) using JSON or YAML templates
- Stacks: Collection of AWS resources managed as a single unit
- Change Sets: Preview changes before applying
- Drift Detection: Identify resources that have been modified outside CloudFormation
AWS Systems Manager
- Operational hub for managing AWS resources
- Session Manager: Secure shell access without SSH keys
- Parameter Store: Centralized configuration and secrets management
- Patch Manager: Automated patching for EC2 instances
Application Integration
- Amazon SQS (Simple Queue Service): Fully managed message queuing. Standard queues (at-least-once delivery) vs. FIFO queues (exactly-once, ordered delivery)
- Amazon SNS (Simple Notification Service): Pub/sub messaging for fan-out patterns. Sends notifications via email, SMS, HTTP, SQS, Lambda
- Amazon EventBridge: Serverless event bus connecting applications using events from AWS services, SaaS, and custom apps
- AWS Step Functions: Serverless workflow orchestration for coordinating multiple AWS services into business-critical applications
The exam frequently tests the difference between SQS and SNS. SQS is pull-based (consumers poll for messages), while SNS is push-based (messages are pushed to subscribers). Many architectures combine both: SNS fans out to multiple SQS queues.
According to a 2024 AWS re:Invent presentation, over 65% of AWS customers use at least five core services (EC2, S3, RDS, Lambda, and VPC), and understanding these five services alone covers approximately 60% of questions on the Solutions Architect Associate exam.
Migration and Transfer Services
Migration questions appear on every exam from CLF-C02 through SAP-C02. Understanding when to use each service is critical.
- AWS Migration Hub: Central dashboard for tracking migration progress across multiple AWS tools
- AWS Database Migration Service (DMS): Migrates databases to AWS with minimal downtime. Supports homogeneous (Oracle to Oracle) and heterogeneous (Oracle to Aurora) migrations
- AWS Schema Conversion Tool (SCT): Converts database schemas from one engine to another, used alongside
DMSfor heterogeneous migrations - AWS Snow Family: Physical devices for offline data transfer
- Snowcone: 8 TB usable storage, edge computing
- Snowball Edge: 80 TB usable storage, compute capability
- Snowmobile: Up to 100 PB, literal shipping container truck
Snowball Edge -- a physical data transfer device provided by AWS for moving large volumes of data (up to 80 TB per device) when network transfer would be too slow or costly, also capable of running EC2 instances and Lambda functions at the edge for local processing.
The exam often tests the break-even point for choosing Snow Family devices over network transfer. For datasets over 10 TB, Snow devices are generally faster and cheaper than transferring over the internet. For datasets over 80 TB, multiple Snowball Edge devices or a Snowmobile may be appropriate.
Stephane Maarek, whose AWS certification courses on Udemy have enrolled over 2 million students, emphasizes that migration questions on the Solutions Architect exams are becoming more frequent with each exam update. He notes that understanding the full migration toolkit, not just individual services, is necessary for the associate and professional exams.
Cost Management Services
Cost optimization questions appear on every AWS exam and carry increasing weight at higher certification levels.
- AWS Cost Explorer: Visualize, understand, and manage AWS costs and usage over time
- AWS Budgets: Set custom budgets with alerts when costs exceed thresholds
- AWS Pricing Calculator: Estimate the cost of AWS services before deployment
- AWS Trusted Advisor: Provides recommendations across five categories -- cost optimization, performance, security, fault tolerance, and service limits
- AWS Savings Plans: Flexible pricing model offering up to 72% savings in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for 1 or 3 years
A real-world example: Netflix, one of the largest AWS customers, uses a combination of Reserved Instances, Savings Plans, and Spot Instances to optimize costs across their massive infrastructure. According to published case studies, Netflix runs thousands of EC2 instances and uses Spot Instances for fault-tolerant encoding workloads, achieving cost savings of up to 90% on those specific tasks compared to On-Demand pricing.
Cost Optimization Decision Table
| Scenario | Recommended Approach |
|---|---|
| Steady workload, known for 1-3 years | Reserved Instances or Savings Plans |
| Variable workload, fault-tolerant | Spot Instances |
| Short-term project, unpredictable | On-Demand |
| Dev/test environments used only during business hours | Scheduled Auto Scaling + On-Demand |
| Large data transfer to AWS | Snow Family devices (avoid data transfer charges) |
Quick Reference Table: Service Selection
| Requirement | Recommended Service |
|---|---|
| Host a web application with full OS control | EC2 |
| Run code in response to events, no servers | Lambda |
| Store unlimited objects with 99.999999999% durability | S3 |
| Relational database without managing servers | RDS or Aurora |
| NoSQL database with single-digit ms latency | DynamoDB |
| Cache frequently accessed data in memory | ElastiCache |
| Distribute content globally with low latency | CloudFront |
| Decouple application components with queuing | SQS |
| Send notifications to multiple subscribers | SNS |
| Define infrastructure as code | CloudFormation |
| Monitor resources and set alarms | CloudWatch |
| Manage encryption keys | KMS |
How to Use This Cheat Sheet
This reference works best when integrated into a broader study routine:
- Review this cheat sheet at the start of your preparation to identify which services you already know and which are unfamiliar
- After each study session, return to the relevant section and verify that you can recall the key attributes of each service without looking
- In the final week before your exam, use the quick reference table above as a rapid-fire self-quiz -- cover the "Recommended Service" column and try to match each requirement to the correct service
- Create flashcards for any service where you consistently hesitate or answer incorrectly
Jeff Barr, the Chief Evangelist at Amazon Web Services and author of the AWS News Blog, has written that the most successful AWS professionals are those who understand service selection patterns rather than memorizing individual feature lists. His blog posts on architectural decision-making are recommended supplementary reading for any candidate preparing for associate or professional level exams.
Service selection pattern -- the practice of choosing the optimal combination of AWS services to meet a specific set of requirements, considering factors such as cost, performance, scalability, durability, and operational complexity.
The AWS Well-Architected Framework, which is tested across all certification levels, organizes service selection around six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. Each service in this cheat sheet connects to one or more of these pillars. For example, choosing Multi-AZ RDS deployments addresses the Reliability pillar, while selecting S3 Intelligent-Tiering addresses Cost Optimization.
This cheat sheet covers the services most likely to appear on your exam. Bookmark it, review it weekly during your study period, and use it to build flashcards for each service's key attributes.
See also: AWS certification path and recommended exam order, How to use the AWS Free Tier for exam preparation, AWS vs. Azure services comparison chart
References
- Amazon Web Services (2024). AWS Certification Exam Guides. AWS Certification.
- Amazon Web Services (2024). AWS Service Documentation. docs.aws.amazon.com.
- Cantrill, A. (2024). AWS Certified Solutions Architect Course Materials. learn.cantrill.io.
- Davis, N. (2024). AWS Cheat Sheets and Study Notes. Digital Cloud Training.
- Amazon Web Services (2024). AWS re:Invent 2024 Session Catalog. AWS Events.
- Global Knowledge (2024). IT Skills and Salary Report. Global Knowledge Training LLC.
Frequently Asked Questions
Which AWS services appear on every certification exam?
EC2, S3, VPC, IAM, and CloudWatch appear on virtually every AWS certification exam. RDS, Lambda, DynamoDB, CloudFront, and SQS/SNS are also tested frequently across Cloud Practitioner, Associate, and Professional levels.
What is the difference between S3 storage classes?
S3 Standard is for frequently accessed data. Standard-IA and One Zone-IA are for infrequent access with lower costs. Glacier tiers (Instant, Flexible, Deep Archive) are for archival storage with varying retrieval times from milliseconds to 48 hours.
When should I choose DynamoDB over RDS?
Choose DynamoDB for NoSQL workloads requiring flexible schema, single-digit millisecond performance at any scale, and key-value or document data models. Choose RDS for relational data requiring SQL queries, complex joins, and ACID transactions.