
「備考歸納2023新版|Aws certified cloud practitioner(CLF-C02)




AWS training and certification



  1. 請準備雙證件(含有英文名之證件,如:護照)
  2. 平靜的心


過去版本 (CLF-C01) 和現有版本 (CLF-C02) 的比較

{{< image src="https://cdn.jyi.io/img/028e804878bdfff5b3f903b29c37125b.png" ratio="16x9" wrapper="col-12 mx-auto" caption="圖片來源:https://d1.awsstatic.com/zh_TW/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf" title="CLF-C02考試指南">}}


領域 1: 雲端概念 (佔計分內容的 24%) 領域 2: 安全性和合規性 (佔計分內容的 30%) 領域 3: 雲端技術與服務 (佔計分內容的 34%) 領域 4: 帳單、定價和支援 (佔計分內容的 12%)



AWS(Amazon Web Services):

  • 成立於 2002 年。
  • 超過 100 萬活躍用戶。
  • 亞馬遜超過 10% 營收來自 AWS。
  • 透過互聯網以按需計價模式提供 IT 基礎設施服務,節省時間、金錢和人力。

AWS 服務分為 23 個 Service Groups: 其中最常用的是 Compute、Storage 和 Database。


  • 無需實體伺服器和接線,免除建置伺服機房和維護的麻煩。
  • 免去硬體更換和採購的困擾。

雲端計算概念: 雲端計算提供客戶可隨需使用的計算、儲存、資料庫、應用程式等 IT 資源。

雲端收費模式: 按使用量支付,靈活彈性。

虛擬機器監視器 Hypervisor: 用於建立和執行虛擬機器的軟硬體與韌體。


  • 資本支出轉為變動費用。
  • 從大規模經濟中受益。
  • 不需猜測備載容量。
  • 提升速度與靈活性。
  • 快速進入全球市場。

雲端特點: 彈性、擴展性、經濟實惠。


  • IaaS:基礎設施即服務(最大控制權)
  • PaaS:平台即服務(次大控制權)
  • SaaS:軟體即服務(最小控制權)


推薦的安全實踐: 資安責任區分模型、Well-Architected Framework 的五個支柱、最低權限原則。 {{< image src="https://cdn.jyi.io/img/d52b8a99912253ffe1ded0fa35cc840b.png" ratio="16x9" wrapper="col-12 mx-auto" caption="(圖片來源:https://aws.amazon.com/tw/compliance/shared-responsibility-model/)" title="hared-responsibility-model">}}

AWS 法遵守則:https://aws.amazon.com/compliance

AWS 法遵計畫:https://aws.amazon.com/compliance/programs

AWS 資安責任區分模型:

  • 客戶負責雲端內的安全。
  • AWS 負責雲端本身的安全。

AWS 安全服務: IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty。

Well-Architected Framework:


  • operational excellence
  • security
  • reliability
  • performance efficiency
  • cost optimization


  • IAM
  • Detective control
  • Infrastructure protection
  • Incident response
  • Data protection


  • 免費服務。
  • 最低權限原則。
  • 用於管理用戶、聯合用戶和 IAM 角色。

Security 考試重點:

  • 資安責任區分模型
  • Well-Architected Framework 的五個支柱
  • 最低權限原則
  • 安全服務(IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty)


AWS Billing and Cost Management Dashboard:

  • 估計和規劃 AWS 費用。
  • 多重帳號可合併帳單。
  • 發送費用接近臨界值的告警。
  • 使用 Cost Explorer 圖形化呈現費用。
  • 按標籤搜尋帳單。

AWS 主要的帳單費用來源:

  • Compute(每小時計費的 EC2)
  • Storage(每 GB 計費的 S3)
  • 出站資料傳輸


  • TCO 計算器:由於無需購置先期基礎設施,TCO 會降低。
  • Pricing Calculator:估算雲端解決方案的費用。

AWS 免費方案:

  • Always Free:例如 Lambda(每月 100 萬請求)。
  • 12-month Free:例如 EC2(每月 750 小時)。
  • Trials試用:例如 SageMaker(每月 250 小時)。

AWS 支援計畫:

  • Basic Support Plan:免費,僅處理帳戶和計費問題。
  • Developer Support Plan:無限次技術問題,每月 29 美元。
  • Business Support Plan:每月 100 美元或帳單的 3-10%,提供無限次且多人支援。
  • Enterprise Support Plan:全天候無限次且多人支援,15 分鐘回應。

建議的 AWS 使用計劃:

  • Basic 計劃適合免費客戶。
  • Developer 計劃適用於測試和原型製作。
  • Business 計劃適用於上線產品。
  • Enterprise 計劃提供全套 AWS Trusted Advisor 檢查。"


Category Service Explanation
Amazon Athena Interactive query service
AWS Data Exchange Easily find, subscribe to, and use third-party data
Amazon EMR Big data processing framework
AWS Glue ETL (Extract, Transform, Load) service
Amazon Kinesis Real-time data streaming
Amazon MSK Managed streaming for Apache Kafka
Amazon OpenSearch Service Managed Elasticsearch service
Amazon QuickSight Business Intelligence tool
Amazon Redshift Fully managed data warehouse
Amazon EventBridge Serverless event bus for application integration
Amazon SNS Fully managed pub/sub messaging
Amazon SQS Fully managed message queuing service
AWS Step Functions Serverless orchestration service
Amazon Connect Cloud-based contact center service
Amazon SES Email sending and receiving service
AWS Billing Conductor Automated billing and cost management
AWS Budgets Set custom cost and usage budgets
AWS Cost and Usage Report Detailed cost and usage information
AWS Cost Explorer Visualize, understand, and manage AWS costs
AWS Marketplace Online software store for buying and selling
AWS Batch Run batch computing workloads
Amazon EC2 Virtual servers in the cloud
AWS Elastic Beanstalk Easy deployment and scaling of applications
Amazon Lightsail Easy compute instances for small applications
AWS Local Zones Extend AWS to specific geographic areas
AWS Outposts Extend AWS infrastructure to on-premises
AWS Wavelength Ultra-low latency applications at the edge
Amazon ECR Docker container registry
Amazon ECS Container orchestration service
Amazon EKS Managed Kubernetes service
AWS Activate for Startups Credits, training, technical support for startups
AWS IQ Connects customers with AWS Certified freelancers
AWS Managed Services (AMS) Operate AWS infrastructure on behalf of customers
AWS Support Subscriptions for access to AWS support
Amazon Aurora MySQL and PostgreSQL-compatible relational DB
Amazon DynamoDB NoSQL database service
Amazon MemoryDB for Redis Fully managed Redis-compatible in-memory database
Amazon Neptune Fully managed graph database service
Amazon RDS Relational Database Service
AWS AppConfig Create, deploy, and manage application configurations
AWS CLI Command-line interface for AWS
AWS Cloud9 Cloud-based integrated development environment
AWS CloudShell Browser-based command-line interface
AWS CodeArtifact Software package repository service
AWS CodeBuild Fully managed build service
AWS CodeCommit Source control service using Git
AWS CodeDeploy Automated deployment service
AWS CodePipeline Continuous integration and continuous delivery
AWS CodeStar Develop, build, and deploy applications on AWS
AWS X-Ray Distributed tracing for applications
Amazon AppStream 2.0 Stream desktop applications to users
Amazon WorkSpaces Desktop-as-a-Service (DaaS)
Amazon WorkSpaces Web Web access to virtual desktops
前端 Web 和行動應用
AWS Amplify Build scalable and secure cloud-powered applications
AWS AppSync Managed GraphQL service
AWS Device Farm Test Android, iOS, and web apps on real devices
物聯網 (IoT)
AWS IoT Core Secure, scalable IoT communication
AWS IoT Greengrass Extend AWS IoT functionality to edge devices
Amazon Comprehend Natural language processing service
Amazon Kendra Enterprise search service
Amazon Lex Build chatbots and conversational interfaces
Amazon Polly Text-to-speech service
Amazon Rekognition Image and video analysis service
Amazon SageMaker Build, train, and deploy machine learning models
Amazon Textract Extract text, forms, and tables from documents
Amazon Transcribe Automatic speech recognition service
Amazon Translate Neural machine translation service
AWS Auto Scaling Automatically adjust capacity based on demand
AWS CloudFormation Infrastructure as Code (IaC) service
AWS CloudTrail Record and monitor AWS API requests
Amazon CloudWatch Monitor resources and applications
AWS Compute Optimizer Recommend optimal AWS resources
AWS Config Assess, audit, and evaluate configurations
AWS Control Tower Set up and govern a secure, multi-account AWS environment
AWS Health Dashboard Personalized view of the status of AWS resources
AWS Launch Wizard Simplify launching AWS applications
AWS License Manager Track and manage software licenses
AWS 管理主控台 Centralized management console for AWS
AWS Organizations Consolidate multiple AWS accounts into an organization
AWS Resource Groups 和 Tag Editor Organize and manage resources using tags
AWS Service Catalog Create and manage catalogs of IT services
AWS Systems Manager Gain operational insights and take action
AWS Trusted Advisor Optimize AWS resources for performance and security
AWS Well-Architected Tool Review and improve your workload architecture
AWS Application Discovery Service Discover and understand enterprise applications
AWS Application Migration Service Migrate applications to AWS
AWS Database Migration Service (AWS DMS) Migrate databases to AWS
AWS Migration Hub Plan and track migrations
AWS Schema Conversion Tool (AWS SCT) Convert database schema to AWS-compatible format
AWS Snow Family Physical devices to transfer data to/from AWS
AWS Transfer Family Securely transfer files to and from AWS
Amazon API Gateway Create, deploy, and manage APIs
Amazon CloudFront Content delivery network (CDN)
AWS Direct Connect Dedicated network connection to AWS
AWS Global Accelerator Improve global application availability and performance
Amazon Route 53 Scalable domain name system (DNS)
Amazon VPC Isolated virtual networks for AWS resources
AWS VPN Securely connect on-premises networks to AWS
AWS Artifact On-demand access to AWS compliance reports
AWS Audit Manager Simplify the auditing process
AWS Certificate Manager (ACM) Provision, manage, and deploy SSL/TLS certificates
AWS CloudHSM Hardware-based key storage for regulatory compliance
Amazon Cognito Identity and user management for web and mobile apps
Amazon Detective Analyze, investigate, and respond to security issues
AWS Directory Service Managed Active Directory in the cloud
AWS Firewall Manager Centralized management of AWS WAF and security groups
Amazon GuardDuty Threat detection service
AWS IAM Identity and Access Management for AWS resources
AWS IAM Identity Center (AWS Single Sign-On) Cloud Single Sign-On (SSO) service
Amazon Inspector Automated security assessment service
AWS KMS Key management service for creating and controlling cryptographic keys
Amazon Macie Discover, classify, and protect sensitive data
AWS Network Firewall Managed firewall service
AWS RAM Share AWS resources with any AWS account
AWS Secrets Manager Securely store and manage sensitive information
AWS Security Hub Comprehensive view of security alerts and compliance status
AWS Shield DDoS protection service
AWS WAF Web Application Firewall service
AWS Fargate Run containers without managing the underlying infrastructure
AWS Lambda Run code without provisioning or managing servers
AWS Backup Centralized backup service for AWS resources
Amazon EBS Block-level storage volumes for EC2 instances
Amazon EFS Fully managed file storage service
AWS Elastic Disaster Recovery Cost-effective, highly scalable disaster recovery solution
Amazon FSx Fully managed file storage for Windows and Lustre
Amazon S3 Scalable object storage with data durability
Amazon S3 Glacier Low-cost archival storage with configurable retrieval times
AWS Storage Gateway Hybrid cloud storage service