Log In
Log In
Led by Vogelsian Cloud Architecture Simulacrum
Twelve tutorials covering the full AWS Certified Cloud Practitioner CLF-C02 specification — the four domains of Cloud Concepts, Security and Compliance, Cloud Technology and Services, and Billing, Pricing, and Support — taught by four contemporary simulacra who between them built the cloud, its security discipline, its economics, and the pragmatic craft of using it.
If you found this course useful, consider becoming a patron and supporter. Support Universitas Scholarium →
Led by Vogelsian Cloud Architecture Simulacrum
The question
An introduction to the AWS value proposition and the Well-Architected Framework. The module covers economies of scale, global reach, speed of deployment, high availability, elasticity and agility, the move from fixed to variable costs, and the six pillars of the Well-Architected Framework (operational excellence, security, reliability, performance efficiency, cost optimisation, sustainability) — the trade-offs between them and AWS's architectural posture of designing for failure. Maps to CLF-C02 Domain 1.1 and 1.2.
Outcome
The student can articulate the business value of the cloud in plain language, name the six pillars of the Well-Architected Framework, and give examples of decisions each pillar drives. (CLF-C02 Domain 1.1, 1.2)
Led by Cockroftian Cloud Economics Simulacrum
The question
The Cloud Adoption Framework and the migration decision. The module covers the CAF's six perspectives (business, people, governance, platform, security, operations), the Six Rs of migration strategy (rehost, replatform, repurchase, refactor, retain, retire), database replication via DMS and SCT, the AWS Snowball physical-transfer option, fixed-vs-variable cost components, BYOL considerations, and rightsizing as a cost lever. Maps to CLF-C02 Domain 1.3 and 1.4.
Outcome
The student can describe the CAF's six perspectives, name and distinguish the Six Rs, identify appropriate migration strategies for given workloads, and reason from first principles about when the cloud is economically superior to owned infrastructure (and when it is not). (CLF-C02 Domain 1.3, 1.4)
Led by Schneierian Security Thinking Simulacrum
The question
The shared responsibility model — security OF the cloud (AWS) versus security IN the cloud (you) — and the AWS compliance and audit services. The module covers how responsibility shifts between IaaS, PaaS, and serverless services, AWS Artifact and the major compliance frameworks (SOC, PCI DSS, HIPAA, FedRAMP, ISO, GDPR), encryption at rest and in transit via KMS and CloudHSM, auditing with CloudTrail/Config/Audit Manager, threat detection via Inspector/GuardDuty/Security Hub/Macie/Detective, and Shield for DDoS. Maps to CLF-C02 Domain 2.1 and 2.2.
Outcome
The student can apply the shared responsibility model to a specific service and correctly assign who is responsible for what, name the compliance and auditing services and what each is for, and identify encryption options for data at rest and in transit. (CLF-C02 Domain 2.1, 2.2)
Led by Schneierian Security Thinking Simulacrum
The question
How AWS IAM works in practice and how to design minimum-privilege access. The module covers the four IAM primitives (users, groups, roles, policies), managed vs custom policies, MFA and hardware keys, access-key handling via Secrets Manager and Parameter Store, cross-account roles and federation (SAML, OIDC), IAM Identity Center, and the network-and-application-layer counterparts of identity (security groups, NACLs, AWS WAF, Trusted Advisor). The student designs a minimal-privilege policy for a stated task.
Outcome
The student can design a minimal-privilege IAM policy for a given task, explain the difference between users and roles and when to use each, articulate what the root user can uniquely do and why to protect it, and name the services that sit adjacent to IAM at the network and application layers. (CLF-C02 Domain 2.3, 2.4)
Led by Vogelsian Cloud Architecture Simulacrum
The question
The geography of AWS and how you get your infrastructure into it. The module covers Regions, Availability Zones, and edge locations; multi-AZ for high availability and multi-Region for disaster recovery and data sovereignty; Wavelength, Local Zones, and Outposts; the four deployment models (cloud, hybrid, on-premises, multi-cloud); the four provisioning methods (Console, CLI, SDKs, APIs); and infrastructure as code via CloudFormation and CDK. Maps to CLF-C02 Domain 3.1 and 3.2.
Outcome
The student can describe the relationship between Regions, AZs, and edge locations; identify when to architect across multiple AZs versus multiple Regions; choose among deployment models and provisioning methods for a given scenario; and articulate why IaC is the default for production AWS work. (CLF-C02 Domain 3.1, 3.2)
Led by Vogelsian Cloud Architecture Simulacrum
The question
The AWS compute services and how to choose between them. The module covers the EC2 instance families, Lightsail for pre-packaged simple workloads, Elastic Beanstalk for PaaS-style deployment, Batch, the container family (ECS, EKS, ECR, Fargate), and Lambda for serverless. The decision framework for EC2 vs Lambda vs containers vs Fargate is worked through, plus how Auto Scaling and Elastic Load Balancing combine to deliver elastic capacity. Maps to CLF-C02 Domain 3.3.
Outcome
The student can name the AWS compute services, map each to a typical use case, explain the trade-offs between IaaS and serverless, and describe how Auto Scaling and ELB work together to provide elastic capacity. (CLF-C02 Domain 3.3)
Led by Vogelsian Cloud Architecture Simulacrum
The question
The three storage shapes — object, block, and file — and the AWS services that fit each. The module covers S3 with its full storage-class hierarchy from Standard down to Glacier Deep Archive, lifecycle policies, EBS volume types, instance store, EFS, the FSx family (Windows, Lustre, NetApp ONTAP, OpenZFS), Storage Gateway, AWS Backup, Elastic Disaster Recovery, and the Snow family for physical data transfer. The student matches workloads to storage shapes and designs a lifecycle policy. Maps to CLF-C02 Domain 3.4.
Outcome
The student can match a workload to the right storage shape, distinguish between S3 storage classes by cost and retrieval characteristics, design a lifecycle policy for a given data-access pattern, and identify the right hybrid service for a given on-premises-to-cloud storage requirement. (CLF-C02 Domain 3.6)
Led by Willisonian Applied LLM Engineering Simulacrum
The question
How a network is built in AWS. The module covers VPC components (subnets, route tables, internet gateway, NAT gateway, peering, Transit Gateway, VPC endpoints), public vs private subnets, security groups (stateful, instance-level) versus network ACLs (stateless, subnet-level), Route 53 routing policies, CloudFront, Global Accelerator, API Gateway, and the difference between Global Accelerator and CloudFront. The exercise traces a request from a user to a workload running on AWS. Maps to CLF-C02 Domain 3.5.
Outcome
The student can describe the components of a VPC and what each is for, distinguish security groups from NACLs, name the edge services and the use cases they address, and reason about how a request from a user reaches a workload running on AWS. (CLF-C02 Domain 3.5)
Led by Willisonian Applied LLM Engineering Simulacrum
The question
The AWS database services and how to match each to a data shape. The module covers the managed-vs-self-hosted decision, relational (RDS, Aurora), NoSQL document and key-value (DynamoDB), in-memory (MemoryDB for Redis, ElastiCache), graph (Neptune), the importance of multi-AZ for relational and read replicas for scale, AWS DMS for continuous-replication migration, and AWS SCT for schema conversion. Maps to CLF-C02 Domain 3.4 (database portion).
Outcome
The student can name the AWS-native databases and match each to a data shape and workload, distinguish managed from self-hosted trade-offs, and identify which migration tool applies to a given scenario. (CLF-C02 Domain 3.4)
Led by Willisonian Applied LLM Engineering Simulacrum
The question
Beyond compute, storage, networking, and databases — the services AWS gives you for building intelligent, data-driven, event-wired applications. The module surveys the AI/ML services (SageMaker, Rekognition, Comprehend, Lex, Polly, Transcribe, Translate, Textract, Kendra), the analytics stack (Athena, Glue, Kinesis, QuickSight, Redshift, EMR, OpenSearch, MSK, Data Exchange), application integration (SNS, SQS, EventBridge, Step Functions), business applications (Connect, SES), developer tools, end-user computing (WorkSpaces), frontend and mobile (Amplify, AppSync), and IoT (IoT Core, Greengrass). Maps to CLF-C02 Domain 3.7 and 3.8.
Outcome
The student can recognise each of the in-scope services in AI/ML, analytics, integration, developer tools, end-user computing, frontend, and IoT; and match a use case to the right service without needing to know its implementation details. (CLF-C02 Domain 3.7, 3.8)
Led by Cockroftian Cloud Economics Simulacrum
The question
How AWS bills you and the tools you use to manage spend. The module covers the compute purchasing options (On-Demand, Reserved Instances, Savings Plans, Spot, Dedicated Hosts and Instances, Capacity Reservations) and their flexibility dimensions, data-transfer pricing (free in, paid out, cross-region, cross-AZ), storage pricing across S3 classes and EBS types, AWS Budgets for proactive alerts, Cost Explorer for retrospective analysis, Pricing Calculator for pre-deployment estimates, AWS Organizations and consolidated billing, cost allocation tags, the Cost and Usage Report, and AWS Marketplace as a procurement channel. Maps to CLF-C02 Domain 4.1 and 4.2.
Outcome
The student can match a workload to the right compute purchasing option, reason about data-transfer cost implications of a given architecture, name the AWS-native cost-management tools and what each is for, and use consolidated billing and cost allocation tags to attribute spend. (CLF-C02 Domain 4.1, 4.2)
Led by Vogelsian Cloud Architecture Simulacrum
The question
Where to go for help, documentation, and partners. The module covers the five AWS Support plans (Basic, Developer, Business, Enterprise On-Ramp, Enterprise) and the response-time SLAs of each, the AWS Partner Network of consulting and technology partners, the major documentation resources (whitepapers, Prescriptive Guidance, Knowledge Center, re:Post), Trusted Advisor's best-practice checks, the Health Dashboard and Health API, and the AWS Professional Services and Solutions Architect roles. Maps to CLF-C02 Domain 1.5.
Outcome
The student can name the five AWS Support plans and articulate what each adds, identify the appropriate technical resource for a given kind of question, describe the role of the AWS Partner Network, and know where to go in the ecosystem for architecture guidance, security information, and health monitoring. (CLF-C02 Domain 4.3)