Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/roxsross/aws-cloud-practitioner-complete-guide/llms.txt

Use this file to discover all available pages before exploring further.

Cloud service models define how much of the technology stack a cloud provider manages for you — and how much remains your responsibility. The three models are IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Understanding where each model sits on the control-vs-convenience spectrum, which AWS services belong to which category, and how the shared responsibility model shifts across them is essential knowledge for the CLF-C02 exam.

The Pizza Analogy

The easiest way to remember the three models is with a pizza analogy. Imagine you want pizza for dinner:
ApproachWhat You DoWhat Someone Else DoesCloud Equivalent
Make at homeEverything — buy ingredients, prep, bake, serveNothingTraditional IT (On-Premises)
Grocery kitAdd toppings, bake, serveDough, sauce, packagingIaaS
Take-and-bakeJust bake and serveAll prep workPaaS
DeliveryJust eatEverythingSaaS
As you move from IaaS → PaaS → SaaS, you control less and manage less — but the provider handles more of the heavy lifting.

The Three Service Models

Infrastructure as a Service

IaaS provides virtualized computing resources over the internet. You get the raw infrastructure — compute, storage, and networking — and retain full control over everything above the hypervisor: the operating system, middleware, runtime, application code, and data.Think of it like renting an unfurnished apartment. The building exists, the plumbing and electricity work, but you furnish it, decorate it, and maintain the interior. You have maximum flexibility but also maximum responsibility.

What AWS Manages vs. What You Manage

You ManageAWS Manages
Operating System (patches, updates)Physical servers and hardware
Application runtime and middlewareData center facilities
Application code and configurationNetwork infrastructure
Data and backupsVirtualization layer (hypervisor)
Identity and access (IAM policies)Power, cooling, physical security
Network security groups and firewall rules

Key AWS IaaS Services

Amazon EC2

Virtual servers in the cloud. You choose the OS (Windows or Linux), instance type, storage, and networking. Full root/administrator access. The flagship IaaS service on AWS.

Amazon VPC

Virtual Private Cloud — your own isolated network in AWS. You configure subnets, route tables, internet gateways, and security groups. Full control over network topology.

Amazon EBS

Elastic Block Store — persistent block storage volumes for EC2 instances. You manage what’s stored on the volumes and define backup/snapshot strategies.

AWS Direct Connect

Dedicated private network connection from your on-premises environment to AWS. You manage routing and connectivity configuration on your end.

Best For

  • Migrating existing applications from on-premises to cloud without rewriting them (“lift and shift”)
  • Workloads that require a specific OS version or custom configuration
  • High-performance computing, scientific simulations, and big data processing
  • Teams with strong infrastructure expertise who need maximum control

Full Comparison: What Each Party Manages

This table shows the full technology stack and who is responsible at each layer across all three models, plus traditional on-premises for comparison.
Stack LayerOn-PremisesIaaSPaaSSaaS
Applications🟦 You🟦 You🟦 You🟧 Provider
Data🟦 You🟦 You🟦 You🟦 You*
Runtime🟦 You🟦 You🟧 Provider🟧 Provider
Middleware🟦 You🟦 You🟧 Provider🟧 Provider
Operating System🟦 You🟦 You🟧 Provider🟧 Provider
Virtualization🟦 You🟧 Provider🟧 Provider🟧 Provider
Servers🟦 You🟧 Provider🟧 Provider🟧 Provider
Storage🟦 You🟧 Provider🟧 Provider🟧 Provider
Networking🟦 You🟧 Provider🟧 Provider🟧 Provider
Data Center🟦 You🟧 Provider🟧 Provider🟧 Provider
*In SaaS, the provider stores your data — but you remain responsible for what you put into the system and how you configure access. 🟦 = Customer managed    🟧 = Provider managed

Decision Framework: Which Model to Choose?

  • You need to run a specific operating system version or custom configuration
  • You are migrating existing on-premises applications without rewriting them
  • Your team has strong infrastructure and system administration skills
  • You need maximum control over security hardening and compliance configurations
  • Your workload has performance requirements that need direct hardware tuning
  • You want to focus on writing application code, not managing servers
  • You are building a new application from scratch and have no legacy constraints
  • You want automatic scaling and high availability without configuring it yourself
  • Your team is developer-heavy but lacks dedicated infrastructure/DevOps staff
  • Time-to-market is critical and you want to reduce operational overhead
  • You need standard business functionality (email, collaboration, CRM, HR)
  • The business need is solved by an existing application — no custom development required
  • You want a predictable subscription cost with no infrastructure to maintain
  • Your users need to be productive immediately with minimal IT setup
  • You lack the technical resources to build or manage custom software
For the CLF-C02 exam, you must be able to categorize AWS services into IaaS, PaaS, or SaaS, and identify which party is responsible for security at each layer. The most commonly tested examples: EC2 = IaaS, Elastic Beanstalk = PaaS, WorkMail = SaaS, RDS = PaaS (AWS patches the database engine), Lambda = PaaS (AWS manages the execution environment).

Build docs developers (and LLMs) love