Use this file to discover all available pages before exploring further.
Beyond the core compute, storage, networking, and database layers, AWS provides a rich ecosystem of services that help you connect application components, add intelligence to your workloads, automate deployments, and gain operational visibility. This page covers the four supporting categories most frequently tested in the CLF-C02 exam: application integration, AI and machine learning, developer and DevOps tools, and management and monitoring.
Modern cloud architectures rely on loosely coupled, asynchronous communication between components. AWS provides a set of managed messaging and orchestration services that let you build resilient, scalable, event-driven applications without managing the underlying messaging infrastructure.
Amazon SQS (Simple Queue Service)
Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Producers write messages to a queue; consumers poll the queue and process messages independently.
Visibility Timeout — Time a message is hidden from other consumers after being received (prevents duplicate processing)
Dead-Letter Queue (DLQ) — Captures messages that fail processing after a configurable number of retries
Message retention — Up to 14 days
Max message size — 256 KB
SQS is the foundational service for decoupling producers from consumers — if the downstream service is slow or temporarily unavailable, messages queue up safely rather than causing upstream failures.
Amazon SNS (Simple Notification Service)
Amazon SNS is a fully managed pub/sub (publish-subscribe) messaging service. A publisher sends one message to an SNS topic, and SNS fans that message out to all subscribed endpoints simultaneously.
A common architecture combines SNS with SQS: publish one event to an SNS topic and fan out to multiple SQS queues. Each queue is processed independently — enabling parallel processing pipelines from a single event source.
Amazon EventBridge
Amazon EventBridge is a serverless event bus that connects AWS services, SaaS applications, and your own custom applications using events. It routes events based on rules that you define, enabling event-driven architectures without custom integration code.
Event Bus — Receives events from sources (default AWS bus, custom buses, SaaS partner buses)
Rules — Match incoming events and route them to one or more targets
Targets — Lambda, SQS, SNS, Step Functions, EC2 Run Command, Kinesis, and more
Schema Registry — Automatically discovers and documents event schemas
EventBridge is the evolution of Amazon CloudWatch Events and is the recommended service for building event-driven integrations between AWS services and third-party SaaS applications.
AWS Step Functions
AWS Step Functions is a serverless workflow orchestration service that lets you coordinate multiple AWS services into serverless workflows using visual state machines. Each step in the workflow is a state; Step Functions manages retries, error handling, branching, and parallel execution automatically.
Amazon API Gateway is a fully managed service that makes it easy to create, publish, maintain, monitor, and secure REST, HTTP, and WebSocket APIs at any scale. It acts as the “front door” for applications to access data, business logic, or functionality from your backend services.
AWS provides a spectrum of AI/ML services — from high-level pre-built AI capabilities (no ML knowledge required) to full ML platform services for data scientists. The CLF-C02 exam focuses primarily on the pre-built AI services and SageMaker at a conceptual level.
Pre-Built AI Services (No ML Experience Required)
These services expose trained machine learning models via simple API calls — you don’t need any ML expertise to use them.
Intelligent enterprise search powered by ML — understands natural language queries across diverse data sources
Amazon Personalize
Build real-time personalization and recommendation systems (same technology as Amazon.com)
Amazon Forecast
Time-series forecasting using ML — demand planning, inventory management
Amazon SageMaker
Amazon SageMaker is a fully managed end-to-end machine learning platform for data scientists and ML engineers to build, train, and deploy ML models at scale.
AWS provides a suite of developer tools for source control, build automation, deployment pipelines, and infrastructure as code — enabling teams to implement CI/CD workflows entirely within AWS.
A fully managed source control service that hosts secure, private Git repositories in AWS. Integrates with IAM for access control and supports standard Git workflows. Note: AWS is transitioning new customers to third-party Git providers; CodeCommit is closed to new customers as of July 2024.
A fully managed continuous integration service that compiles source code, runs unit tests, and produces deployment-ready artifacts. You pay only for the build minutes consumed — no servers to manage.
A fully managed deployment service that automates application deployments to EC2 instances, Lambda functions, and on-premises servers. Supports in-place and blue/green deployment strategies with automatic rollback on failure.
A fully managed CI/CD pipeline orchestration service that automates the steps required to release software changes. Pipelines can chain CodeCommit, CodeBuild, CodeDeploy, and third-party tools (GitHub, Jenkins) into a complete release workflow.
AWS CloudFormation lets you model and provision all your AWS infrastructure resources using JSON or YAML template files. A CloudFormation template describes the desired state of your infrastructure; CloudFormation handles creation, updates, and deletion in the correct dependency order.
Stack — A collection of AWS resources managed as a single unit
Change Sets — Preview the impact of a stack update before applying it
Drift Detection — Identify resources that have been modified outside of CloudFormation
The AWS CDK lets you define cloud infrastructure using familiar programming languages — TypeScript, Python, Java, C#, and Go — and synthesizes CloudFormation templates. It provides higher-level constructs (L2/L3) that encode AWS best practices by default.
Operational visibility is critical in cloud environments. AWS provides a layered monitoring and governance toolset — from real-time metrics and log analysis, to API-level audit trails and architectural best-practice reviews.
Amazon CloudWatch
Amazon CloudWatch is the central monitoring and observability service for AWS. It collects and tracks metrics, collects and monitors log files, sets alarms, and automatically reacts to changes in your AWS resources.
Collect and track numerical measurements from AWS services (CPU utilization, network traffic, etc.)
Logs
Centralize log ingestion from EC2, Lambda, ECS, and applications via the CloudWatch Agent
Alarms
Trigger notifications (SNS) or actions (Auto Scaling, EC2 actions) when metrics cross thresholds
Dashboards
Customizable visual displays of your key metrics and alarms
Logs Insights
Interactive log querying using a purpose-built query language
Synthetics
Canary scripts that simulate user flows to monitor APIs and URLs
Container Insights
Metrics and logs for ECS, EKS, and Kubernetes workloads
CloudWatch is the answer whenever an exam question asks about monitoring, metrics, logs, or alerts for AWS resources.
AWS CloudTrail
AWS CloudTrail provides governance, compliance, operational auditing, and risk auditing of your AWS account by recording all API calls made within the account — who made the call, from which IP address, at what time, and what the response was.
Records API activity from the AWS Management Console, CLI, SDKs, and AWS services
Events are delivered to an S3 bucket for long-term storage and analysis
CloudTrail Insights — Detects unusual API activity (e.g., a sudden spike in IAM CreateUser calls)
Event history — 90 days of management event history available in the console at no cost
Multi-region trails — Capture activity across all regions in a single trail
CloudWatch vs CloudTrail: CloudWatch monitors what is happening in your infrastructure (metrics, logs, performance). CloudTrail records who did what (API calls, user activity, changes to resources). Both are frequently tested together — know the distinction.
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that provides real-time guidance across five categories to help you follow AWS best practices and optimize your environment:
MFA on root account, unrestricted security group ports, public S3 buckets
Fault Tolerance
EC2 instances not in multiple AZs, RDS without Multi-AZ, missing EBS snapshots
Service Limits
Alert when you are approaching AWS service quotas
The number of Trusted Advisor checks available depends on your AWS Support plan. Basic and Developer plans include a limited set of core security and service limit checks. Business and Enterprise plans unlock all checks.
AWS Well-Architected Tool
The AWS Well-Architected Tool is a free service that helps you review and improve your cloud workloads based on the six pillars of the AWS Well-Architected Framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
Describe the workload you want to review — its purpose, team, and associated AWS regions and accounts.
2
Answer Questions
Work through a set of questions for each pillar, selecting the best-practice choices that apply to your workload.
3
Review Findings
The tool generates a report identifying High Risk and Medium Risk issues with improvement recommendations.
4
Improve and Track
Create improvement plans and track your progress over time as you address identified risks.
AWS Health Dashboard
The AWS Health Dashboard provides a personalized view of the health of AWS services and your specific account:
Service Health (formerly Service Health Dashboard) — Displays the current status and history of all AWS services in all regions. Anyone can access it at status.aws.amazon.com.
Your Account Health (formerly Personal Health Dashboard) — Provides proactive notifications about AWS events that may affect the specific resources in your account, along with remediation guidance and scheduled maintenance alerts.
The Account Health view is surfaced in the AWS Console and can send notifications via EventBridge or SNS so your operations team is alerted automatically.
SQS is a pull-based queue — one consumer processes each message. SNS is push-based pub/sub — one message fans out to all subscribers simultaneously. They are often combined in the fan-out pattern.
CloudWatch vs CloudTrail
CloudWatch monitors operational metrics and logs (what is happening). CloudTrail records API activity (who did what, when). Use CloudTrail for security audits and compliance; use CloudWatch for performance monitoring and alerting.
CloudFormation vs CDK
CloudFormation uses JSON/YAML templates for infrastructure as code. CDK uses programming languages (Python, TypeScript, etc.) and compiles down to CloudFormation. CDK offers higher-level abstractions; CloudFormation is the underlying engine.
Trusted Advisor vs Well-Architected
Trusted Advisor gives real-time, automated checks against AWS best practices. Well-Architected Tool guides structured architectural reviews against the six Well-Architected pillars — more strategic and workload-specific.
SQS vs SNS — the exam’s favorite distinction:
SQS decouples a producer from a consumer — messages wait in the queue until pulled. Perfect when you need to buffer requests or level out traffic spikes.
SNS fans out one message to many subscribers at once — email, SMS, Lambda, and SQS queues can all receive the same notification simultaneously.
When you see both used together, it is the classic fan-out pattern: SNS publishes → multiple SQS queues subscribe → independent consumers process in parallel.