Glossary of Key Terms

A

access key ID An IAM credential that you can use to authenticate to AWS.

ACID A property of relational databases that stands for atomicity, consistency, isolation, and durability.

action Part of a statement that defines API calls that are allowed or denied.

Agile A software development methodology focused on speed and quality of delivery through iteration.

authentication The process of providing credentials to a service for the purpose of getting access.

authorization The act of allowing access after a user is authenticated.

availability zone A fault isolation area in one AWS region that is composed of one or more datacenters. Multiple availability zones are connected to independent Internet, power, uplink, and other providers to mitigate the possibility of a failure affecting more than one availability zone at a time.

AWS Config configuration snapshot A recording of the state of AWS objects in an account at a particular point in time.

AWS Lambda A serverless code execution service.

AWS Step Functions A service that decouples the business logic and state from the code.

B–C

BASE Typically a property of nonrelational databases that stands for basic availability, soft state, eventual consistency.

caching Temporarily storing frequently used data closer to the final data destination (server or client).

CDN Content delivery network; a system of distributed servers (network) that deliver pages and other web content to a user, based on the geographic locations of the user.

CI/CD Continuous integration/continuous delivery (or deployment); a practice that focuses on the toolchain that can automate the delivery of software in a fast, iterative manner.

CLI Command-line interface; a tool to access a service or feature in a terminal or command-line session.

cloud-native application An application designed to run in the cloud.

Cloud9 An online IDE available in AWS.

CloudFront A CDN service in AWS.

CloudFront distribution A deployment and configuration component that determines how to cache the data from an origin to the CloudFront cache.

CloudTrail log An entry for an API call to the AWS infrastructure.

CloudTrail trail A set of particular API calls that are being monitored by CloudTrail.

CloudWatch alarm A response to a certain metric or log condition being out of bounds for a specific amount of time.

CloudWatch dimension An identifier in a metric that can help pinpoint the source of a particular metric value at a particular time.

CloudWatch log group A grouping of log entries for a certain log namespace.

CloudWatch log stream A grouping of a particular log from a particular instance logging in to a log group.

CloudWatch metric A data point collected at a certain point in time.

CloudWatch namespace A notation for grouping and sorting metrics.

CloudWatch percentile A representation of the rank of a certain metric compared to other metrics in the same group.

CloudWatch statistic A metric that has been aggregated over time.

commit code To create a new version of the code in your local repository.

compute To perform calculation, computation, and transformation of incoming data or requests.

condition Part of a statement that can enforce additional conditions for access.

D

decoupling Disconnecting tightly connected services.

DevOps A software development practice focused on culture, automation, and iterative development of software.

DMS Database Migration Service; an AWS service that gives you the ability to easily migrate and sync databases to and from AWS.

dynamic assets Files or datasets that are opened by a service on the server that governs the read and write operations. Examples are databases and registries.

DynamoDB A NoSQL key/value database service in AWS.

E

EC2 Elastic Compute Cloud; the VM instance-running service in AWS.

ECS Elastic Container Service; the container orchestration service in AWS.

edge location A location external to a region from which caching and DNS resolution and other “edge” services are delivered from.

effect Part of a statement that defines the allow or deny of an action.

ElastiCache An in-memory cluster deployment and management tool in AWS.

F–G

federation The process of allowing an external directory to authenticate users on behalf of AWS IAM.

group A group of users.

H

HA High availability; the ability to withstand failure and adhere to availability as defined in an SLA.

HTTP Hypertext Transfer Protocol; the underlying protocol used by the World Wide Web that defines how messages are formatted and transmitted.

HTTPS A secure implementation of HTTP that uses SSL or TLS for encryption of data in transit.

I

IaaS Infrastructure as a Service; a service that makes it possible to provision and use infrastructure components such as compute units, disk, and network from the cloud.

IAM Identity and Access Management; the AWS service with which you provide access control for users, group, and roles.

IDE Integrated development environment; a software application that provides comprehensive facilities to computer programmers for software development.

identity An attribute that identifies an individual in AWS.

IdP Identity provider; a directory that can authenticate a user when federated with IAM.

J

jq JSON query; a filtering tool that can extract and query JSON data in Linux.

JSON JavaScript Object Notation; A scripting language used widely in the cloud to define infrastructure characteristics, security, and so on.

L

Lambda A function execution service in AWS.

LDAP Light Directory Access Protocol; the underlying protocol in many modern directories and authentication mechanisms.

M

Memcached An open-source in-memory key/value store.

message queue service A service that allows you to post messages to be picked up by receivers and that decouples the sender from the receiver.

migration The process of moving an application to the cloud.

monitoring Tracking performance, logs, and the state of an application.

Multi-AZ A feature of an AWS service like RDS and ElastiCache that deploys resources in two availability zones.

N

NACL Network access control list; a stateless firewall that protects a whole subnet.

networking Connecting compute devices, clients, and services in a programmatic manner.

nonrelational databases Databases that contain data that does not fit well in the traditional relational database model.

NoSQL Not-only SQL; a type of database that supports querying and structures that would typically not fit into SQL databases.

O

OAI Origin access identity; an identity that allows for the creation of a policy that controls access to the CloudFront origin only for this identity.

Object Storage A remote service that allows storage of data in file or blob format through an industry-standard protocol such as HTTP.

OpenID A web-based protocol for cross-platform authentication on the Internet.

origin A server or service (like S3) that serves HTTP/HTTPS content to a CloudFront distribution.

P

PaaS Platform as a Service; the ability to provision and use platforms like databases, queues, and DNS from the cloud.

policy A document that specifies access and permissions to AWS services.

push code Code that allows you to synchronize your local repository with the online central repository with the changes from the commit.

R

RDS Relational Database Service; a database service in AWS.

RDS connection string A URI used to connect to a database.

RDS database instance A database running on an RDS server.

RDS instance A running instance of a virtual machine hosting an RDS database server.

Redis An open-source in-memory database service.

region A geographic grouping of availability zones that is located in one geographic area where the same time zone, language, laws, and regulations apply.

relational database A database that has the ability to perform complex queries over the data in a structured manner.

resource Part of a statement that defines the AWS resources to which permissions apply.

role A piece of metadata that can be used to obtain temporary credentials for access to AWS.

RPO Restore point objective; the goal for restoring data to a certain point in time before the time of failure.

RTO Restore time objective; the goal for restoring data in a certain maximum amount of time from the time of failure.

S

S3 Simple Storage Service; an object storage service in AWS.

S3 multipart upload An upload that occurs in multiple parts that S3 can assemble together in one unit.

S3 Sync A simple S3 tool that can help synchronize a local directory with an S3 bucket.

SaaS Software as a Service; the ability to provision and use software and applications from the cloud (for example, cloud-based email).

SAM Serverless Application Model; an open-source framework used to build serverless applications on AWS.

SAML Security Assertion Markup Language; a language used in many directories for cross-region or cross-platform authentication and federation.

SCT Schema Conversion Tool; an AWS tool that can help you convert a schema of a source database into a different target database type.

SDK Software Development Kit; a set of tools, libraries, and frameworks that are prebuilt for use with a certain service or platform.

secret access key An IAM credential that you can use to authenticate to AWS.

security group A component of a stateful firewall that protects each instance that belongs to it.

serverless execution Running code on a service without managing servers.

shared responsibility Sharing the responsibility for the security and reliability of the application and platform with the provider.

SLA Service-level agreement; an agreement that defines the operating envelope of the service.

SMS Simple Message Service; the standard protocol for delivering messages to mobile devices.

SMS Server Migration Service; a service in AWS that can help automate the migration of servers to AWS.

SMTP Simple Message Transfer Protocol; the service behind email delivery.

Snowball A data transfer device from AWS that can help you physically transfer large amounts of data to and from AWS.

Snowball Edge A snowball device with a compute option that can be run locally.

Snowmobile An 18-wheeler truck with a 45-foot shipping container that can physically transfer up to 100 PB of data to AWS at once.

SNS Simple Notification Service; a fully managed pub/sub messaging service in AWS.

SQL Structured Query Language; a standardized query language for requesting information from a database.

SQL schema The definition of the structure of a SQL database.

SQL table An entry in a SQL database that contains rows and columns where data is stored.

SQS Simple Queuing Service; a fully managed message queuing service in AWS.

SSL Secure Sockets Layer; a standard security technology for establishing an encrypted link between a web server and a browser.

statement Part of a policy that defines the specifics of the policy.

static asset A file or other piece of data delivered to the client in its entirety. Examples are web pages, images, videos, and installation packages.

storage Storing of data on a physical unit of one of or more magnetic or SSD-based storage devices.

subnet A usable network segment of a VPC.

SWF Simple Workflow Service; a cloud workflow management application that allows you to build applications that use Amazon’s cloud to coordinate work across distributed components.

T–V

TLS Transport Layer Security; an improved version of SSL.

user A representation of a person or system using AWS.

versioning repository A storage environment with built-in versioning of all files deposited.

VM Import/Export A service in AWS that allows you to take an image of a virtual machine and import it into AWS.

VPC Virtual Private Cloud; an AWS service that allows logical grouping of specific network resources of a tenant.

W–Y

Waterfall A software development methodology focused on separate consecutive stages of development.

Web Identity An identity provider that offers authentication of users from the web.

web server A service hosting a website that is accessible via HTTP or HTTPS.

YAML Yet Another Markup Language; a language that is used widely in the cloud to define infrastructure characteristics, security, and so on.