Use this file to discover all available pages before exploring further.
A cloud deployment model describes where your infrastructure lives and who controls it. Understanding the three core models — public, private, and hybrid — is essential for the CLF-C02 exam, which regularly presents scenarios where you must select the appropriate deployment strategy based on regulatory requirements, cost sensitivity, latency constraints, or existing on-premises investments.
Exam shortcut: Unless a question explicitly mentions on-premises requirements, regulatory data residency rules, or existing legacy infrastructure, the correct answer almost always involves the public cloud. Public cloud is the AWS default.
Public cloud resources are owned and operated by a third-party cloud provider — like AWS — and delivered over the internet. The infrastructure is shared among multiple customers (multi-tenancy), but each customer’s data and workloads are logically isolated and secure.Think of public cloud like staying in a hotel. The building and amenities are shared by all guests, but your room is private. You pay only for the nights you stay. Housekeeping and maintenance are handled for you.
Private cloud resources are used exclusively by a single organization. The infrastructure may be physically located on-premises at the organization’s own data center, hosted at a colocation facility, or run on dedicated hardware within a cloud provider’s facility.Think of private cloud like owning your own home. You have complete control — you can renovate any room, set your own rules, and no one else has a key. But you’re also responsible for every repair, every utility bill, and every upgrade.
Financial institutions with strict data locality regulations
Healthcare organizations handling protected health information (PHI/HIPAA)
Government agencies managing classified or sensitive national data
Large enterprises with existing data center investments they cannot abandon
Industries with regulatory requirements that prohibit third-party data hosting
In the CLF-C02 context, “private cloud” often refers to an organization’s own on-premises infrastructure. Don’t confuse this with Amazon VPC (Virtual Private Cloud), which is a networking isolation feature within AWS’s public cloud.
Hybrid cloud combines public and private cloud environments, connected in a way that allows data and applications to move between them. It’s a deliberate architecture that uses each environment for what it does best.Think of hybrid cloud like owning a home in the suburbs (private cloud) while also having a membership at a coworking space downtown (public cloud). You do focused, sensitive work at home where you have full control and privacy. You use the coworking space when you need to scale up quickly, meet collaborators, or access facilities you can’t afford to own.
AWS provides two primary mechanisms to connect your on-premises environment to the AWS cloud securely:
AWS Direct Connect
A dedicated, private network connection from your data center to AWS. Bypasses the public internet for consistent, low-latency performance. Ideal for large data transfers and latency-sensitive workloads.
AWS VPN
An encrypted tunnel over the public internet connecting your on-premises network to your AWS VPC. Lower cost than Direct Connect, quick to set up, suitable for moderate data volumes.
Cloud Bursting: Run normal operations on-premises. When demand spikes beyond private capacity, automatically “burst” overflow workloads to AWS. Example: a retailer handling Black Friday traffic surges.Data Tiering: Keep frequently accessed, sensitive data on-premises. Archive cold data to Amazon S3 Glacier. Process analytics workloads in the cloud where compute is cheaper.Gradual Migration: Migrate one application or workload at a time to AWS while keeping the rest on-premises. Reduce risk and pace the transition to match organizational readiness.Regulatory Compliance: Store regulated data (e.g., patient records, financial transactions) on-premises while running customer-facing applications in AWS for global performance.
You are a startup or small business without existing infrastructure
Your workloads are variable and benefit from elastic scaling
Speed-to-market is a priority
Your compliance requirements are met by AWS’s certifications (most industries are)
You want to minimize operational burden on your IT team
Your data has no strict geographic residency requirements
Choose Private Cloud when…
Regulations explicitly require data to remain on your own infrastructure
Your industry has the strictest data privacy laws (certain government, defense, or financial use cases)
You have significant existing data center investment that cannot be abandoned
You need absolute control over hardware configuration and supply chain
Network latency to any external provider is unacceptable for your workload
Choose Hybrid Cloud when…
You have legacy on-premises systems that cannot be migrated immediately
You want to gradually move workloads to the cloud without a big-bang migration
Different workloads have different compliance requirements (some can be in AWS, some cannot)
You want cloud bursting — using AWS for demand overflow beyond on-premises capacity
You are in a regulated industry that allows cloud for non-sensitive data but requires on-premises for sensitive data
For the CLF-C02 exam, multi-cloud (using multiple cloud providers like AWS + Azure + GCP simultaneously) is not one of the three primary deployment models you need to know, but it may appear as a distractor. Focus your study on Public, Private, and Hybrid.