Passing the AWS Certified Cloud Practitioner (CLF-C02) exam doesn’t require months of preparation — with a focused study plan, most people can be exam-ready in 4 weeks. The key is studying the right topics in the right order, testing yourself consistently, and concentrating your effort on the highest-weighted domains.
This guide provides a day-by-day, week-by-week roadmap that’s been refined based on feedback from thousands of learners who passed the CLF-C02 on their first attempt.
Before You Begin: Baseline Assessment
Before diving into study, take a 15-minute diagnostic to understand your starting point:
- Take a sample quiz: Try 20 questions from Sailor.sh’s AWS Cloud Practitioner practice exams to identify your baseline
- Score your strengths and weaknesses: Note which domains (Cloud Concepts, Security, Technology, Billing) you’re strongest and weakest in
- Adjust the plan accordingly: If you already know AWS basics, you can compress Weeks 1-2 and spend more time on mock exams
What You’ll Need
- Time commitment: 8-12 hours per week (roughly 1.5-2 hours per day)
- Free resources: AWS Cloud Practitioner Essentials on Skill Builder, AWS Documentation
- Practice exams: Sailor.sh CLF-C02 Mock Exam Bundle (5 full exams, 325+ questions)
- Optional: AWS Free Tier account for hands-on exploration
Week 1: Cloud Concepts and AWS Foundations (24% of exam)
The first week focuses on building your understanding of cloud computing fundamentals and AWS’s value proposition. This domain accounts for 24% of the exam.
Day 1-2: Cloud Computing Fundamentals
Topics to cover:
- What is cloud computing? (NIST definition: on-demand, broad network access, resource pooling, rapid elasticity, measured service)
- Cloud deployment models: Public cloud, Private cloud, Hybrid cloud, Multi-cloud
- Cloud service models: IaaS (Infrastructure), PaaS (Platform), SaaS (Software)
- Six advantages of cloud computing per AWS:
- Trade fixed expense for variable expense
- Benefit from massive economies of scale
- Stop guessing capacity
- Increase speed and agility
- Stop spending money running and maintaining data centers
- Go global in minutes
Study resource: AWS Cloud Practitioner Essentials — Module 1 (free on Skill Builder)
Day 3-4: AWS Global Infrastructure
Topics to cover:
- Regions: Geographic areas with multiple data centers (e.g., us-east-1, eu-west-1). Choose based on compliance, latency, cost, and service availability
- Availability Zones (AZs): Isolated data center groups within a region. Each region has 2-6 AZs. Design for multi-AZ for high availability
- Edge Locations: CDN endpoints for CloudFront and Route 53. More edge locations than regions
- Local Zones and Wavelength Zones: Extensions of regions for low-latency applications
- AWS Outposts: AWS infrastructure on-premises for hybrid workloads
Key fact to remember: AWS has 30+ regions and 100+ Availability Zones globally (numbers grow frequently — know the concept, not the exact count).
Day 5: AWS Well-Architected Framework
The six pillars (memorize these — they appear frequently):
- Operational Excellence: Run and monitor systems, improve processes
- Security: Protect information, systems, and assets
- Reliability: Recover from failures, meet demand
- Performance Efficiency: Use resources efficiently
- Cost Optimization: Avoid unnecessary costs
- Sustainability: Minimize environmental impact
Day 6: Migration Strategies and Cloud Economics
The 7 Rs of migration:
- Rehost (lift and shift): Move as-is to AWS
- Replatform (lift, tinker, and shift): Minor optimizations during migration
- Repurchase: Move to a SaaS solution (e.g., CRM to Salesforce)
- Refactor/Re-architect: Redesign for cloud-native (most effort, most benefit)
- Retire: Decommission unused applications
- Retain: Keep on-premises for now
- Relocate: Move to AWS without changes (VMware Cloud on AWS)
Cloud economics concepts: TCO (Total Cost of Ownership), CapEx vs OpEx, right-sizing, elasticity vs scalability
Day 7: Week 1 Review and Practice
- Review all notes from the week
- Take 20-30 Cloud Concepts practice questions
- Target: 75%+ correct on this domain before moving on
Week 2: Security and Compliance (30% of exam)
This is the most heavily weighted domain. Invest serious time here — it’s worth 30% of your score.
Day 8-9: Shared Responsibility Model
This is arguably the single most important concept on the exam. Many questions test this directly.
AWS is responsible for (security “of” the cloud):
- Physical security of data centers
- Hardware and infrastructure (servers, networking)
- Managed services underlying infrastructure
- Hypervisor, host operating system
- Global network security
Customer is responsible for (security “in” the cloud):
- Data encryption (at rest and in transit)
- IAM configuration (users, roles, policies)
- Operating system patches on EC2
- Network configuration (security groups, NACLs)
- Application-level security
- Client-side data encryption
Shared controls: Patch management (AWS patches infrastructure, you patch your OS), configuration management, awareness and training
Day 10-11: IAM (Identity and Access Management)
IAM is tested heavily. Understand these components:
- Root account: Full access, should be secured with MFA and rarely used
- IAM Users: Individual identities with specific permissions
- IAM Groups: Collections of users with shared permissions
- IAM Roles: Temporary credentials for services, applications, or cross-account access
- IAM Policies: JSON documents defining Allow/Deny permissions (effect, action, resource)
- MFA (Multi-Factor Authentication): Always enable, especially for root
- Principle of Least Privilege: Grant only the permissions needed, nothing more
Key IAM best practices:
- Enable MFA on root account immediately
- Create individual IAM users (don’t share credentials)
- Use groups to assign permissions
- Use roles for applications and services
- Rotate credentials regularly
- Use AWS Organizations for multi-account management
Day 12-13: AWS Security Services
Learn what each security service does and when to use it:
| Service | Purpose |
|---|---|
| AWS Shield | DDoS protection (Standard is free, Advanced is paid) |
| AWS WAF | Web Application Firewall (protects against SQL injection, XSS) |
| Amazon GuardDuty | Threat detection using ML (monitors CloudTrail, VPC Flow Logs, DNS) |
| Amazon Inspector | Automated vulnerability assessment for EC2 and containers |
| Amazon Macie | Discover and protect sensitive data in S3 (PII detection) |
| AWS Security Hub | Centralized security findings dashboard |
| AWS KMS | Key management for encryption |
| AWS CloudHSM | Dedicated hardware security modules |
| AWS Secrets Manager | Manage and rotate secrets (database passwords, API keys) |
| AWS Certificate Manager | Provision and manage SSL/TLS certificates |
Day 14: Compliance and Week 2 Review
Compliance concepts:
- AWS Artifact: Self-service portal for accessing compliance reports (SOC, PCI, ISO)
- AWS Config: Tracks configuration changes and compliance status
- AWS CloudTrail: Logs all API calls for auditing (who did what, when)
- Compliance programs: SOC 1/2/3, PCI DSS, HIPAA, FedRAMP, GDPR
Take 30-40 Security and Compliance practice questions. Target: 75%+ correct.
Week 3: Cloud Technology and Services (34% of exam)
This is the broadest domain. You need to know what dozens of services do, but not how to configure them in depth.
Day 15-16: Compute Services
Amazon EC2 (Elastic Compute Cloud):
- Virtual servers in the cloud
- Instance types: General Purpose (T, M), Compute Optimized (C), Memory Optimized (R, X), Storage Optimized (I, D), Accelerated Computing (P, G)
- Purchasing options: On-Demand, Reserved, Spot, Savings Plans, Dedicated
AWS Lambda:
- Serverless compute — run code without provisioning servers
- Pay only for compute time consumed
- Automatic scaling
- Supports Python, Node.js, Java, Go, .NET, and more
Other compute services:
- ECS/EKS: Container orchestration (Docker/Kubernetes)
- AWS Fargate: Serverless containers (no EC2 management)
- Elastic Beanstalk: PaaS — deploy apps without managing infrastructure
- Amazon Lightsail: Simplified compute for small applications
Day 17-18: Storage and Database Services
Storage services:
| Service | Type | Use Case |
|---|---|---|
| Amazon S3 | Object storage | Files, backups, static websites, data lakes |
| S3 Glacier / Glacier Deep Archive | Archival | Long-term archival (minutes to hours retrieval) |
| Amazon EBS | Block storage | EC2 instance volumes (like a hard drive) |
| Amazon EFS | File storage | Shared file system across multiple EC2 instances |
| AWS Storage Gateway | Hybrid | Connect on-premises storage to AWS |
S3 Storage Classes (frequently tested):
- S3 Standard: frequently accessed data
- S3 Standard-IA: infrequently accessed, rapid retrieval
- S3 One Zone-IA: infrequent access, single AZ (cheaper)
- S3 Glacier Instant Retrieval: archive with millisecond access
- S3 Glacier Flexible Retrieval: archive, minutes to hours
- S3 Glacier Deep Archive: cheapest, 12-48 hour retrieval
- S3 Intelligent-Tiering: automatic cost optimization
Database services:
| Service | Type | Use Case |
|---|---|---|
| Amazon RDS | Relational | MySQL, PostgreSQL, Oracle, SQL Server, MariaDB |
| Amazon Aurora | Relational | High-performance MySQL/PostgreSQL compatible |
| Amazon DynamoDB | NoSQL (key-value) | High-performance, serverless, millisecond latency |
| Amazon ElastiCache | In-memory | Redis/Memcached caching |
| Amazon Redshift | Data warehouse | Analytics and BI queries |
| Amazon DocumentDB | Document DB | MongoDB-compatible |
Day 19-20: Networking Services
Amazon VPC (Virtual Private Cloud):
- Your isolated network in AWS
- Subnets: Public (internet-facing) and Private (internal only)
- Internet Gateway: Connects VPC to the internet
- NAT Gateway: Allows private subnet resources to reach the internet (outbound only)
- Security Groups: Instance-level firewall (stateful, allow rules only)
- Network ACLs (NACLs): Subnet-level firewall (stateless, allow AND deny rules)
Other networking services:
- Amazon CloudFront: CDN for content delivery with edge locations
- Amazon Route 53: DNS service (domain registration, routing policies)
- AWS Direct Connect: Dedicated private connection from on-premises to AWS
- AWS VPN: Encrypted tunnel over the internet to AWS
- Elastic Load Balancing (ELB): Distribute traffic across EC2 instances (ALB, NLB, CLB)
- API Gateway: Create and manage REST/HTTP APIs
Day 21: Other Key Services and Week 3 Review
Management and monitoring:
- AWS CloudFormation: Infrastructure as Code (define resources in templates)
- AWS CloudWatch: Monitoring, logging, alarms
- AWS Systems Manager: Manage EC2 fleet, patching, parameter store
- AWS Trusted Advisor: Best practice recommendations (cost, security, performance, fault tolerance, service limits)
Application integration:
- Amazon SNS: Push notifications (pub/sub messaging)
- Amazon SQS: Message queuing (decouple applications)
- AWS Step Functions: Serverless workflow orchestration
AI/ML services (know at high level):
- Amazon SageMaker: Build and deploy ML models
- Amazon Rekognition: Image and video analysis
- Amazon Comprehend: Natural language processing
- Amazon Lex: Chatbots (powers Alexa)
- Amazon Polly: Text-to-speech
- Amazon Translate: Language translation
Take a full 65-question mock exam. Target: 70%+ overall.
Week 4: Billing, Pricing, Final Review, and Mock Exams
Day 22-23: Billing, Pricing, and Support (12% of exam)
EC2 pricing models:
| Model | Best For | Savings |
|---|---|---|
| On-Demand | Short-term, unpredictable workloads | None (pay per second/hour) |
| Reserved Instances | Steady-state, predictable usage (1 or 3 year) | Up to 72% discount |
| Savings Plans | Flexible commitment (compute or EC2) | Up to 72% discount |
| Spot Instances | Fault-tolerant, flexible workloads | Up to 90% discount |
| Dedicated Hosts | Compliance requirements, licensing | Varies |
AWS Free Tier types:
- Always Free: Services like Lambda (1M requests/month), DynamoDB (25GB), CloudWatch (10 alarms)
- 12 Months Free: EC2 (750 hours/month t2.micro), S3 (5GB), RDS (750 hours)
- Trials: Short-term free trials for specific services
Cost management tools:
- AWS Cost Explorer: Visualize and analyze spending over time
- AWS Budgets: Set custom budgets and receive alerts
- AWS Cost and Usage Report: Most detailed billing data
- AWS Pricing Calculator: Estimate costs before deploying
- AWS Cost Anomaly Detection: ML-based unusual spend detection
AWS Support Plans:
| Plan | Cost | Key Features |
|---|---|---|
| Basic | Free | Documentation, forums, Trusted Advisor (7 checks), Health Dashboard |
| Developer | $29/month | Email support, 12-hour response for impairments |
| Business | $100/month | 24/7 phone/chat, 1-hour response for production down, full Trusted Advisor |
| Enterprise On-Ramp | $5,500/month | 30-minute response for business-critical, pool of TAMs |
| Enterprise | $15,000/month | 15-minute response for business-critical, dedicated TAM |
Day 24-25: Full Mock Exam Practice
This is the most critical part of your preparation. Take full-length timed mock exams:
- Day 24: Take Sailor.sh Mock Exam 1 (65 questions, 90 minutes). Review every wrong answer thoroughly
- Day 25: Take Mock Exam 2. Focus on understanding why correct answers are correct AND why wrong answers are wrong
Target scores:
- If scoring 80%+: You’re likely ready for the real exam
- If scoring 70-80%: Review weak domains, take one more mock exam
- If scoring below 70%: Spend another 3-5 days reviewing weak areas before attempting the exam
Day 26-27: Review Weak Areas
Based on your mock exam results:
- Identify the domains where you scored lowest
- Re-study those specific topics using this plan’s notes
- Take 20-30 domain-specific practice questions
- Create flashcards for facts you keep getting wrong
Common trouble spots:
- Confusing Security Groups vs NACLs
- Mixing up S3 storage classes and retrieval times
- Shared Responsibility Model edge cases
- Support plan features and response times
- Knowing which service solves which problem
Day 28: Final Review and Exam Logistics
Morning: Take one final 20-question quiz to build confidence Afternoon: Review your notes, especially the Shared Responsibility Model, IAM best practices, and pricing models
Exam logistics checklist:
- Schedule exam at Pearson VUE (test center or online)
- If online: test your system using the Pearson VUE system check
- Prepare two forms of valid ID
- Clear your desk/workspace (online exam)
- Get a good night’s sleep
- Arrive 15 minutes early (test center) or log in 30 minutes early (online)
Study Tips for Success
What Works
- Active recall: After reading a topic, close your notes and try to explain it from memory
- Spaced repetition: Review topics from previous days/weeks periodically
- Practice questions: Do at least 200-300 practice questions throughout the 4 weeks
- Hands-on exploration: Create a free AWS account and explore the console (S3, EC2, IAM)
- Teach someone: Explaining concepts to a colleague or study partner reinforces learning
What Doesn’t Work
- Reading passively without testing yourself
- Trying to memorize every AWS service (focus on the 30-40 most common ones)
- Cramming the night before instead of consistent daily study
- Skipping mock exams — they are the single best predictor of exam success
Frequently Asked Questions
Can I pass with less than 4 weeks of study?
Yes, if you have existing IT or cloud experience. People with AWS hands-on experience often pass in 2-3 weeks. People with no tech background may need 5-6 weeks. This plan is optimized for someone with basic IT familiarity.
How many practice questions should I do before the exam?
Aim for at least 200-300 unique practice questions. Quality matters more than quantity — spend time reviewing explanations for every wrong answer.
What if I fail?
You can retake the exam after a 14-day waiting period. There’s no limit on the number of attempts. Use the waiting period to study your weakest domains and take more practice exams.
Should I memorize AWS service names?
Focus on the top 40-50 services covered in this plan. You don’t need to memorize every AWS service (there are 200+), but you should know the key services for each category (compute, storage, database, networking, security).
Do I need hands-on AWS experience?
It helps but isn’t required. The CLF-C02 is conceptual — you won’t be asked to configure anything. However, exploring the AWS Console helps concepts stick.
Ready to Start?
Your 4-week countdown to AWS Cloud Practitioner certification begins now. Follow this plan, stay consistent, and use Sailor.sh’s CLF-C02 mock exams to track your readiness.