ACLs Access control list (ACLs) are security layers on the VPC that control traffic at the subnet level. This differs from security groups that are on each specific instance.
alarms Used within CloudWatch for automation of actions based on defined thresholds or through the use of machine learning algorithms that are designed to spot anomalies. They can trigger actions such as auto-scaling or triggering workflows.
anomaly detection Anomaly detection is a new machine learning service that analyzes the metrics of systems and applications to determine normal baselines and surface anomalies. The service will send individual reports when an anomaly is detected and will analyze the cause of the anomaly to isolate it to an account, region, or type of usage. You can view results in a chart within the AWS Management Console and also fire CloudWatch alarms.
AppStream AppStream is a service for providing managed and streaming applications via AWS. By streaming applications, the need to download and install applications is removed, as they will be run through a web browser. This eliminates the need for an organization to distribute software and support the installation and configuration of it to their users.
Aurora Aurora is an AWS database service, a subset of Amazon RDS, that is compatible with both MySQL and PostgreSQL databases. It is built on MySQL and optimized to use cloud services, such as automatically expanding to meet storage requirements as data is added.
Availability Zones An Availability Zone (AZ) is one or more data centers with redundant power, networking, and connectivity in an AWS region.
AWS Backup AWS Backup provides backup services for all AWS services. It provides a single resource to configure backup policies and monitor their usage and success across any services that you have allocated. This allows administrators to access a single location for all backup services without having to separately configure and monitor them on a per-service basis across AWS.
AWS CLI The AWS Command Line Interface (CLI) provides a way to manage AWS services and perform many administrative functions without having to use the web-based Management Console.
AWS IQ An AWS service to connect users with AWS Certified freelancers and consulting firms to provide support, consulting, and assistance with AWS services.
AWS Management Console The main resource where you can control all of your AWS services and perform any operations against them.
AWS Professional Services The Professional Services group operates mostly based on a series of “offerings,” which are a set of activities, documentation, and best practices that form a methodology for customers moving to the cloud. They are designed as a blueprint to quickly achieve outcomes and allow customers to finish projects and offer high reliability of outcomes.
AWS Shield AWS Shield provides protection from and mitigation of Distributed Denial of Service (DDoS) attacks on AWS services. It is always active and monitoring AWS services, providing continual coverage without needing to engage AWS support for assistance should an attack occur.
AWS WAF AWS WAF is a web application firewall that protects web applications against many common attacks. AWS WAF comes with an array of preconfigured rules from AWS that will offer comprehensive protection based on common top security risks, but you also have the ability to create your own rules. The AWS WAF includes an API that can be used to automate rule creation and deployment of rules to your allocated resources.
Billing Dashboard The AWS Billing Dashboard provides you with all the tools you need to view your bills, monitor your usage and costs, and set up consolidated billing for multiple accounts.
block storage Storage that acts as an individual hard drive and stores chunks of data that are presented to users and applications in a file system structure of directories and files.
budgets Budgets are used to plan the consumption of services, costs of services, and the use of instance reservations. They can be used to track how close you are to using a budgeted amount of money, as well as the use of the Free Tier. This also includes your usage during a specified time period, including your usage of reservation instances, as well as how much of your overall budget has been used. During each month, budgets will track how much your current charged status is, including what your predicted amount of usage and charges will be by the end of the month.
budget reports Reports generated on your budgets on either a daily, weekly, or monthly frequency and sent via e-mail to up to 50 addresses.
cloud application An application that does not reside or run on a user’s device, but rather is accessible via a network.
cloud application portability The ability to migrate a cloud application from one cloud provider to another.
cloud computing Network-accessible platform that delivers services from a large and scalable pool of systems, rather than dedicated physical hardware and more static configurations.
cloud data portability The ability to move data between cloud providers.
cloud deployment model How cloud computing is delivered through a set of particular configurations and features of virtual resources. The cloud deployment models are public, private, hybrid, and community.
CloudFormation CloudFormation implements an automated way to model infrastructure and resources within AWS via either a text file or through the use of programming languages. This allows administrators to build out templates for the provisioning of resources that can then be repeated in a secure and reliable manner
CloudFront Amazon CloudFront is a content delivery network (CDN) that allows for delivery of data and media to users with the lowest levels of latency and the highest levels of transfer speeds. This is done by having CloudFront systems distributed across the entire AWS global infrastructure and fully integrated with many AWS services, such as S3, EC2, and Elastic Load Balancing.
CloudTrail CloudTrail is the AWS service for performing auditing and compliance within your AWS account. CloudTrail pairs with CloudWatch to analyze all the logs and data collected from the services within your account, which can then be audited and monitored for all activities done by users and admins within your account.
CloudWatch CloudWatch is the AWS service for monitoring and measuring services running within the AWS environment. It provides data and insights on application performance and how it may change over time, monitors resource utilization, and provides a centralized and consolidated view of the overall health of systems and services.
CodeBuild AWS CodeBuild is a fully featured code-building service that will compile and test code, as well as build deployment packages that are ready for implementation.
CodeCommit AWS CodeCommit is an AWS-managed service for secure Git repositories.
CodeDeploy AWS CodeDeploy is a managed deployment service that can deploy code to AWS services or on-premises servers.
consolidated billing If you have multiple accounts in AWS, you can opt to consolidate your billing into a single monthly bill, rather than receiving separate bills for each account. With consolidated billing, even though you will only receive one bill, it will still be broken down by individual accounts for tracking purposes and auditing. The great benefit of consolidated billing is the ability to share volume discounts, reserved instance discounts, and savings plans across all of your accounts, rather than each account having its own bill.
container A single system instance that can host multiple virtual environments within it while leveraging the underlying infrastructure.
cost allocation tags Cost allocation tags are metadata assigned to AWS resources in the form of a key and a value. These can be used to allow an account to quickly track costs associated with resources through very granular views. Cost allocation tags are either generated automatically by AWS or are created by users. The AWS tags will contain information of a system nature, such as created dates, created by what user, region, etc. User tags are defined by the user based on their organization and can include items like project, stack, team, cost center, etc.
cost categories Cost categories allow an account to categorize services and costs into granular containers for the purposes of analysis based on your specific needs. Services can be grouped into categories based on projects, departments, initiatives, or any other category that is tracked and important to a user. This also allows services to appear in multiple cost categories
Cost Explorer Cost Explorer allows you to view and analyze both your costs and usage of AWS services. Cost Explorer will display data for 12 months of usage, as well as provide forecasts for what you may use in the next 12 months based on your past usage.
Database Migration Service The AWS Database Migration Service (DMS) is a tool for migrating data into AWS databases from existing databases with minimal downtime or other interruptions. The DMS can move data from most of the popular and widely used databases into the various AWS database services while the source system remains fully operational.
data at rest (DAR) Data stored in a database or file system, such as volumes (EBS), S3 objects, and backups.
data in transit (DIT) Data that flows over a networked connection, either through public unsecured networks or internal protected corporate networks.
data in use (DIU) Data within a system or application that is currently being processed or is in use, either through the computing resources or residing in memory.
data loss prevention (DLP) An overall strategy and process for ensuring that users cannot send sensitive or protected information outside of networks or systems that are secured and protected. This can be related to the intentional attempt by users to transfer such information, but it also applies to preventing the accidental sending or leakage of data.
data portability The ability to move data from one system or another without having to re-enter it.
data warehouse A centralized repository of historical data from throughout an enterprise that is used for querying and creating reports to be used for business intelligence or data mining.
DynamoDB DynamoDB is the AWS key/value and document database solution for those applications that do not need a SQL or relational database but do need extremely high performance and scalable access to their data.
EC2 Amazon Elastic Compute Cloud (EC2) is the main offering for virtual servers in the cloud. It allows users to create and deploy compute instances that they will retain full control over and offers a variety of configuration options for resources.
EC2 instance types EC2 instance types are where the underlying hardware resources are married with the type of image you are using. The instance type will dictate the type of CPU used, how many virtual CPUs (vCPUs) it has, how much memory, the type of storage used, network bandwidth, and the underlying EBS bandwidth. Some instance types also have GPUs for greater processing power.
Edge locations To provide optimal responsiveness for customers, AWS maintains a network of Edge locations throughout the world to provide ultra-low-latency access to data. These locations are geographically dispersed throughout the world to be close to customers and organizations in order to provide the fastest response times. Unlike regular AWS regions and Availability Zones, Edge locations are optimized to perform a narrow set of tasks and duties, allowing them to be optimally tuned and maintained for their intended focus, without being burdened by the full range of AWS services.
Elastic Beanstalk With Elastic Beanstalk, you chose the application platform that your code is written in, such as Java, Node.js, PHP, or .NET. Once you provision the instance, you can deploy your code into it and begin running. You only select the platform that you need—you do not select specific hardware or compute resources.
Elastic Block Storage Amazon Elastic Block Storage (EBS) is high-performance block storage that is used in conjunction with EC2 where high-throughput data operations are required. This will typically include file systems, media services, and both relational and nonrelational databases.
Elastic Load Balancing Elastic Load Balancing is used to distribute traffic across the AWS infrastructure. This can be done with varying degrees of granularity, ranging from spanning across multiple Availability Zones or within a single Availability Zone. It is focused on fault tolerance by implementing high availability, security, and auto-scaling capabilities. There are three different types of load balancing under its umbrella: application load balancer, network load balancer, and classic load balancer.
Elasticity The ability of a cloud environment to dynamically change the level of resources allocated to a system or application based on changing needs and in real time. This will include adjusting resources for applications where sudden or unexpected demands are mitigated by adding additional capacity and then automatically releasing resources when no longer needed
Free Tier Services that are free to use for AWS users that can be either permanent, for 12 months, or on a trial basis.
Glacier S3 Glacier is a special type of S3 storage that is intended to be a secure solution for long-term data archiving and backups.
Glacier Deep S3 Glacier Deep is a subset of Glacier for even longer-term storage that allows cost savings based upon longer retrieval times.
groups (within Billing) Used to organize AWS services for use in the Billing Dashboard for budgets, cost estimates, and other reporting.
hashing Hashing involves taking data of an arbitrary type, length, or size and using a mathematical function to map the data to a value that is of a fixed size. Hashing can be applied to virtually any type of data object, from text strings, documents, images, binary data, and even virtual machine images.
IAM dashboard The AWS Identity and Access Management dashboard where user accounts can be created and security applied to them for access to your AWS account, as well as creating, editing, or deleting users, roles, groups, policies, and more.
Infrastructure as a Service (IaaS) The capability provided to a consumer to provision processing, storage, networks, and other fundamental computing resources in order to deploy and run arbitrary software, including operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure, but has control over operating systems, storage, and deployed applications—and possibly limited control of select networking components such as host firewalls.
interoperability The ease and ability to reuse components of a system or application, regardless of underlying system design and provider.
key management service (KMS) A system or service that manages keys used for encryption within a system or application that is separate from the actual host system. The KMS will typically generate, secure, and validate keys.
Knowledge Center An FAQ page that is maintained by AWS Services and addresses the most common types of issues and support questions from AWS users.
Lambda AWS Lambda is a service for running code for virtually any application or back-end service. All you need to do is upload your code, and there are no systems or resources to manage.
Lightsail Lightsail is the quickest way to get into AWS for new users. It offers blueprints that will configure fully ready systems and application stacks for you to immediately begin using and deploy your code or data into. Lightsail is fully managed by AWS and is designed to be a one-click deployment model to get you up and running quickly at a low cost.
Machine Images Amazon Machine Images (AMIs) are the basis of virtual compute instances in AWS. An image is basically a data object that is a bootable virtual machine and can be deployed throughout the AWS infrastructure. AMIs can be either those offered by AWS though their Quick Start options, those offered by vendors through the AWS Marketplace, or those created by users for their own specific needs.
managed resources Resources where the cloud provider is responsible for the installation, patching, maintenance, and security.
measured service Cloud services are delivered and billed for in a metered way.
multitenancy Having multiple customers and applications running within the same environment but in a way that they are isolated from each other and not visible to each other but share the same resources.
object storage Storage where data is a distinct object and called by a unique identifier rather than being organized in a file system structure with folders.
on-demand self-service A cloud customer can provision services in an automatic manner, when needed, with minimal involvement from the cloud provider.
OpsWorks AWS OpsWorks provides managed instances of Puppet and Chef.
Platform as a Service (PaaS) The capability provided to the customer to deploy into the cloud a platform to host consumer-created or acquired applications written using programming languages, libraries, services, and tools supported by the provider. The customer does not manage or control the underlying cloud infrastructure, including the network, servers, operating systems, and storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
portability The ability for a system or application to seamlessly and easily move between different cloud providers.
Pricing Calculator The AWS Pricing Calculator services as your one-stop shop for generating estimates for all AWS services. It can be used for a single estimate for one service or can be used to add an entire menu of services to generate a consolidated estimate.
Redshift Redshift is a cloud-based data warehouse solution offered by AWS. Unlike traditional on-premises data warehouses, Redshift leverages AWS storage to any capacity that is needed by a company, either now or in the future
regions AWS organizes resources throughout the world in regions. Each region is a group of logical data centers, called Availability Zones. While each region may seem like it is a data center or a physical location, it is actually a collection of independent data centers that are grouped and clustered together, providing redundancy and fault tolerance.
Relational Database Service Amazon Relational Database Service (RDS) is an umbrella service that incorporates several different kinds of database systems. Each system is fully managed by AWS and is optimized within the AWS infrastructure for memory, performance, and I/O. All aspects of the database management, such as provisioning, configuration, maintenance, performance monitoring, and backups, are handled by AWS.
reserved instances AWS allows users to pre-purchase resources and capacity for AWS EC2 services. These are based upon a one- or three-year commitment and can offer up to a 72 percent discount against the prices you would normally be charged when resources are allocated on-demand. Reserved instances are based upon specific Availability Zones and match specific criteria, such as instance type and specific resources.
resource pooling The aggregation of resources allocated to cloud customers by the cloud provider.
root account The master account that controls all aspects of an AWS account and should be protected with the highest level of security.
Route 53 Amazon Route 53 is a robust, scalable, and highly available DNS service. Rather than running their own DNS services or being dependent on another commercial service, an organization can utilize Route 53 to transform names into their IP address, as well as having full IPv6 compatibility and access. Route 53 can be used for services that reside inside AWS, as well as those outside of AWS.
reversibility The ability of a cloud customer to remove all data and applications from a cloud provider and completely remove all data from their environment.
S3 Amazon Simple Storage Service (S3) is the most prominent and widely used storage service under AWS. It offers object storage at incredibly high-availability levels, with stringent security and backups, and is used for everything from websites, backups, archives, and big data implementations.
savings plans Savings plans are a pricing model for AWS compute usage that offers up to a 72 percent discount on on-demand pricing by committing to purchasing a set amount of compute power (in $/hour) over a one- or three-year span, similar to reserved instances. Savings plans apply across instance types, size, operation system, or region and also apply to the AWS Fargate and Lambda services.
scalability The ability for a cloud customer to statistically add or remove allocated resources to meet expected demand or a change in services.
security groups Security groups in AWS are virtual firewalls that are used to control inbound and outbound traffic. Security groups are applied on the actual instance within a VPC versus at the subnet level.
service quotas In order to protect the availability for all users in AWS, service quotas (formerly called limits) are applied to each service. These quotas are specific to a region and will place a limit on the number of specific types of resources you can allocate by default.
SOC reports Audit and accounting reports, focused on an organization’s controls, that are employed when providing secure services to users.
Software as a Service (SaaS) The capability provided to the customer to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (for example, web-based e-mail), or a program interface. The consumer does not manage or control the underlying cloud infrastructure, including the network, servers, operating systems, storage, and even individual application capabilities, with the possible exception of limited user-specific application settings.
Storage Gateway The AWS Storage Gateway provides storage for hybrid cloud services that gives access to your on-premises resources to the full array of storage services in AWS. This enables a customer to extend their storage capabilities into AWS seamlessly and with very low latency.
Snow AWS Snow is designed for offering compute and storage capabilities to those organizations or places that are outside the areas where AWS regions and resources operate. Snow is based on hardware devices that contain substantial compute and storage resources that can be used both as devices for data processing away from the cloud and as a means to get data into and out of AWS. This is particularly useful in situations where high-speed or reliable networking is not possible.
subnets Subnets are logical subdivisions of an IP network that can be used to organize systems or for the application of security rules.
Systems Manager The AWS Systems Manager allows you to consolidate data from AWS services and automate tasks across all of your services. It allows for a holistic view of all of your AWS services, while also allowing you to create logical groups of resources that can then be viewed in a consolidated manner.
tenant An entity that occupies resource space. A single-tenant application has only one entity occurring in a resource, versus a multitenant application that has multiple entities occupying the same space, such as a cloud environment where many different entities operate within the same pool of resources.
tokenization The process of replacing and substituting secured or sensitive data in a data set with an abstract or opaque value that has no use outside of the application.
Trusted Advisor A dashboard to check whether your account configurations are in compliance with established best practices in the areas of cost optimization, performance, security, fault tolerance, and service limits.
Virtual Private Cloud With Amazon Virtual Private Cloud (Amazon VPC), you can create a logically defined space within AWS to create an isolated virtual network. Within this network, you retain full control over how the network is defined and allocated. You fully control the IP space, subnets, routing tables, and network gateway settings within your VPC, and you have full use of both IPv4 and IPv6.
WorkLink WorkLink offers users the ability to access internal applications through the use of mobile devices.
WorkSpaces Amazon WorkSpaces is a Desktop as a Service (DaaS) implementation that is built, maintained, configured, and secured through an AWS-managed service. WorkSpaces offers both Windows and Linux desktop solutions that can be quickly deployed anywhere throughout the AWS global infrastructure.