Log In
Log In
Led by Vogelsian Cloud Architecture Simulacrum
Twelve tutorials covering the full AWS Certified Cloud Practitioner CLF-C02 specification — the four domains of Cloud Concepts, Security and Compliance, Cloud Technology and Services, and Billing, Pricing, and Support — taught by four contemporary simulacra who between them built the cloud, its security discipline, its economics, and the pragmatic craft of using it.
Courses are available to holders of a paid pass or membership. See passes & membership →
Led by Vogelsian Cloud Architecture Simulacrum
The question
What is the AWS Cloud actually selling, and how does it want its customers to build?
Territory
the value proposition of the AWS Cloud · economies of scale, global reach, speed of deployment · high availability, elasticity, agility · fixed versus variable costs · the six pillars of the Well-Architected Framework (operational excellence, security, reliability, performance efficiency, cost optimisation, sustainability) · trade-offs between pillars · why "designing for failure" is the architectural posture AWS pushes
Outcome
The student can articulate the business value of the cloud in plain language, name the six pillars of the Well-Architected Framework, and give examples of decisions each pillar drives. (CLF-C02 Domain 1.1, 1.2)
Led by Cockroftian Cloud Economics Simulacrum
The question
Why move to the cloud, how do you decide what to move first, and how does the economic case actually work out?
Territory
AWS Cloud Adoption Framework (CAF) — the six perspectives (business, people, governance, platform, security, operations) · the Six Rs of migration strategy (rehost, replatform, repurchase, refactor, retain, retire) · database replication and DMS/SCT · AWS Snowball and the physical-transfer option · fixed versus variable costs, on-premises cost components · BYOL versus included licences · rightsizing and the CloudFormation automation argument · managed services as cost lever (RDS, ECS, EKS, DynamoDB)
Outcome
The student can describe the CAF's six perspectives, name and distinguish the Six Rs, identify appropriate migration strategies for given workloads, and reason from first principles about when the cloud is economically superior to owned infrastructure (and when it is not). (CLF-C02 Domain 1.3, 1.4)
Led by Schneierian Security Thinking Simulacrum
The question
When something goes wrong in the cloud, who is responsible — AWS or you — and how do you know?
Territory
the AWS shared responsibility model — security OF versus security IN the cloud · how responsibility shifts between IaaS (EC2), PaaS (RDS), and FaaS (Lambda) · AWS Artifact and on-demand compliance reports · compliance frameworks (SOC, PCI DSS, HIPAA, FedRAMP, ISO, GDPR, the question of geographic and industry-specific compliance) · encryption in transit and at rest · AWS KMS and CloudHSM · monitoring with CloudWatch · auditing with CloudTrail, AWS Config, Audit Manager · threat detection with Inspector, GuardDuty, Security Hub, Macie, Detective · DDoS protection with Shield (Standard and Advanced)
Outcome
The student can apply the shared responsibility model to a specific service and correctly assign who is responsible for what, name the compliance and auditing services and what each is for, and identify encryption options for data at rest and in transit. (CLF-C02 Domain 2.1, 2.2)
Led by Schneierian Security Thinking Simulacrum
The question
How do you grant exactly the permissions someone needs, and no more, without accidentally granting them the permission to grant themselves more?
Territory
the root user — what it can uniquely do, and why to protect it · users, groups, roles, policies — the four primitives · managed versus custom policies · the principle of least privilege in practice · MFA, hardware keys, password policies · access keys and credential storage (Secrets Manager, Systems Manager Parameter Store) · cross-account IAM roles · federation (SAML, OIDC) · IAM Identity Center (formerly AWS SSO) · security groups and network ACLs as identity's network counterparts · AWS WAF at the application layer · Trusted Advisor as the mirror
Outcome
The student can design a minimal-privilege IAM policy for a given task, explain the difference between users and roles and when to use each, articulate what the root user can uniquely do and why to protect it, and name the services that sit adjacent to IAM at the network and application layers. (CLF-C02 Domain 2.3, 2.4)
Led by Vogelsian Cloud Architecture Simulacrum
The question
What are the physical and logical places in which your AWS workload runs, and what are your options for getting your infrastructure into them?
Territory
Regions, Availability Zones, edge locations · multi-AZ for high availability, multi-Region for disaster recovery and data sovereignty · AWS Wavelength (5G edge), Local Zones (metro edge), Outposts (on-premises hardware running AWS) · the four deployment models (cloud, hybrid, on-premises, multi-cloud) · connectivity (AWS VPN, Direct Connect, public internet) · the four ways of provisioning (Console, CLI, SDKs, APIs) · infrastructure as code (CloudFormation, CDK) · the argument for repeatable over one-shot operations · the AWS Management Console
Outcome
The student can describe the relationship between Regions, AZs, and edge locations; identify when to architect across multiple AZs versus multiple Regions; choose among deployment models and provisioning methods for a given scenario; and articulate why IaC is the default for production AWS work. (CLF-C02 Domain 3.1, 3.2)
Led by Vogelsian Cloud Architecture Simulacrum
The question
You have a workload to run. AWS offers you half a dozen ways to run it — which do you choose, and why?
Territory
EC2 instance families (general purpose, compute optimised, memory optimised, storage optimised, accelerated) · Lightsail for pre-packaged simple workloads · Elastic Beanstalk for PaaS-style application deployment · Batch for batch jobs · containers on AWS — ECS, EKS, ECR, Fargate · Lambda and the serverless model · AWS Auto Scaling and elasticity · Elastic Load Balancing (Application, Network, Gateway load balancers) · when to choose EC2 over Lambda, containers over EC2, Fargate over self-managed containers
Outcome
The student can name the AWS compute services, map each to a typical use case, explain the trade-offs between IaaS and serverless, and describe how Auto Scaling and ELB work together to provide elastic capacity. (CLF-C02 Domain 3.3)
Led by Vogelsian Cloud Architecture Simulacrum
The question
Where does your data live, how durable is it, and how much does each kind of storage actually cost?
Territory
the three storage shapes (object, block, file) · S3 — buckets, objects, storage classes (Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier Instant Retrieval, Glacier Flexible Retrieval, Glacier Deep Archive) · lifecycle policies · EBS (gp3, io2, st1, sc1) · instance store · EFS (managed NFS) · FSx (Windows, Lustre, NetApp ONTAP, OpenZFS) · Storage Gateway (File, Volume, Tape) · AWS Backup (unified backup service) · AWS Elastic Disaster Recovery · Snow Family for physical data transfer · S3 Glacier's role in long-term archival
Outcome
The student can match a workload to the right storage shape, distinguish between S3 storage classes by cost and retrieval characteristics, design a lifecycle policy for a given data-access pattern, and identify the right hybrid service for a given on-premises-to-cloud storage requirement. (CLF-C02 Domain 3.6)
Led by Willisonian Applied LLM Engineering Simulacrum
The question
What is a VPC, and how do you build a network in AWS that is secure, routable, and actually reaches your users?
Territory
VPC components (subnets, route tables, internet gateway, NAT gateway, VPC peering, Transit Gateway, VPC endpoints) · public versus private subnets · security groups (stateful, instance-level) versus network ACLs (stateless, subnet-level) · Route 53 (DNS and routing policies — simple, weighted, latency, geolocation, failover) · CloudFront (CDN at edge locations) · Global Accelerator (anycast for global TCP/UDP traffic) · API Gateway (REST, HTTP, and WebSocket APIs) · VPN and Direct Connect recap · when to use Global Accelerator versus CloudFront
Outcome
The student can describe the components of a VPC and what each is for, distinguish security groups from NACLs, name the edge services and the use cases they address, and reason about how a request from a user reaches a workload running on AWS. (CLF-C02 Domain 3.5)
Led by Willisonian Applied LLM Engineering Simulacrum
The question
For each kind of data shape, what is the AWS-native database that fits it best?
Territory
the managed versus self-hosted database decision · relational (RDS, Aurora) · NoSQL document/key-value (DynamoDB) · in-memory (MemoryDB for Redis, ElastiCache) · graph (Neptune) · when to use each · the importance of multi-AZ for relational and read replicas for scale · AWS DMS (continuous replication for migration) · AWS SCT (schema conversion) · Redshift as a data warehouse (treated more fully in the analytics module)
Outcome
The student can name the AWS-native databases and match each to a data shape and workload, distinguish managed from self-hosted trade-offs, and identify which migration tool applies to a given scenario. (CLF-C02 Domain 3.4)
Led by Willisonian Applied LLM Engineering Simulacrum
The question
Beyond compute, storage, networking, and databases, what does AWS give you to actually build intelligent, data-driven, event-wired applications?
Territory
AI/ML services (SageMaker, Rekognition, Comprehend, Lex, Polly, Transcribe, Translate, Textract, Kendra) · analytics services (Athena, Glue, Kinesis, QuickSight, Redshift, EMR, OpenSearch, MSK, Data Exchange) · application integration (SNS, SQS, EventBridge, Step Functions) · business applications (Connect, SES) · developer tools (Cloud9, CloudShell, the Code* family, X-Ray) · end-user computing (WorkSpaces, WorkSpaces Web, AppStream) · frontend and mobile (Amplify, AppSync, Device Farm) · IoT (IoT Core, IoT Greengrass)
Outcome
The student can recognise each of the in-scope services in AI/ML, analytics, integration, developer tools, end-user computing, frontend, and IoT; and match a use case to the right service without needing to know its implementation details. (CLF-C02 Domain 3.7, 3.8)
Led by Cockroftian Cloud Economics Simulacrum
The question
Given that AWS offers you half a dozen ways to pay for the same compute, how do you decide which to use — and how do you make sure the bill at the end of the month is the one you expected?
Territory
compute purchasing options (On-Demand, Reserved Instances, Savings Plans, Spot, Dedicated Hosts, Dedicated Instances, Capacity Reservations) · RI flexibility (instance family, size, Availability Zone) · RI behaviour within AWS Organizations · data transfer pricing (free in, paid out, cross-Region, cross-AZ) · storage pricing across S3 classes and EBS types · AWS Budgets (proactive alerts) · AWS Cost Explorer (retrospective analysis) · AWS Pricing Calculator (pre-deployment estimates) · AWS Billing Conductor (re-pricing for service providers) · AWS Organizations and consolidated billing · cost allocation tags · AWS Cost and Usage Report · AWS Marketplace as a procurement channel
Outcome
The student can match a workload to the right compute purchasing option, reason about data-transfer cost implications of a given architecture, name the AWS-native cost-management tools and what each is for, and use consolidated billing and cost allocation tags to attribute spend. (CLF-C02 Domain 4.1, 4.2)
Led by Vogelsian Cloud Architecture Simulacrum
The question
When you need help, or documentation, or a partner to do the work you cannot do yourself — where on AWS do you find it?
Territory
AWS Support plans (Basic, Developer, Business, Enterprise On-Ramp, Enterprise) · response-time SLAs and what each tier includes · AWS Partner Network (APN) — consulting and technology partners · AWS whitepapers · AWS Prescriptive Guidance · AWS Knowledge Center · AWS re:Post (community Q&A) · AWS Trusted Advisor (best-practice checks) · AWS Health Dashboard and Health API (service status and personal health events) · the role of the AWS Trust and Safety team · AWS Professional Services and AWS Solutions Architects · AWS IQ and AWS Activate for Startups · where the AWS Security Blog, Security Center, and Security Bulletin fit
Outcome
The student can name the five AWS Support plans and articulate what each adds, identify the appropriate technical resource for a given kind of question, describe the role of the AWS Partner Network, and know where to go in the ecosystem for architecture guidance, security information, and health monitoring. (CLF-C02 Domain 4.3)