glossary
A
Acceptable Use Policy: provides information regarding prohibited
actions on the AWS.
ACL: web Access Control List. With ACL, you can protect CloudFront, API Gateway, Load Balancer, and AWS AppSync resources by allowing or blocking requests. It controls inbound and outbound traffic at SUBNET level.
AMI: Amazon Machine Image (AMI), the template
that contains software configurations to launch an instance. AMI differ across regions.
Application Migration Service: AWS MGN. lift-and-shift migration service. the easiest and quickest way to migrate your server to AWS.
Cross-cloud migration
Data center migration
Cross-region migration]
Auto scaling: auto add/remove compute resources.
ARN: Amazon Resource Name, is a file naming covention
used to identify a particular resource in the AWS. Uniquely identify an AWS resource.
Artifact: Amazon Artifact, access AWS security
and compliance reports
and special online agreements. Allows you to download ISO cert or SOC reports.
AZ: Availability Zone, is a single
or a group of data centers
within a Region. It helps you solve high availability problems disaster recovery scenarios. AZ is a fully isolated portion of the AWS global infrastructure. It has redundant power resources and networking.
B
Baseline: measurement of conditions at the START of your project used to make planning decisions.
Basion host: public EC2 instance to SSH into, that has SSH connectivity to EC2 instances in private subnets.
BLOBs: Binary Large Object. Binary data including videos, images, gifs, and audio files.
Bootstrapping: add commands or scripts to AWS EC2 's instance USER DATA section that can be execute when the instance starts. Only run ONCE.
Budget: AWS Budget, configure custom budgets and alert
when cost exceed your defined budget.
C
Cabacity Reservation: ensure you have EC2 capacity when needed.
No need for 1 or 3 years commitment.
Only one AZ allowed.
Combined with Reserved instances & Saving Plans to do cost saving.
CDN: Content Delivery Network.
CAF: Cloud Adoption Framework, has 4 perspectives:
Business perspective: move from a model that seperate IT & business --> business model that
integrated
ITPeople perspective: help HR prepare their teams for cloud adoption.
Governance perspective: help update staff skills and org processes to ensure business governance in the cloud.
Operations perspective: focus on recovering IT
workloads
to meet requirements of stakeholders.
Chaos Engineering: intentionally
causing issues in order to validate that a system can respond appropriately to problems.
CI/CD: Continuous Integration
CIDR: Classless Inter-Domain Routing block
CLOBs: text data including text files, PDF docs, word processing documents.
Cloud9: cloud-based IDE, helps you write/run/debug code.
CloudHSM: is a single-tenant HSM as a service that automates hardware provisioning, software pathching, backups.
CloudFormation: treat your infrastructure as code. Takes care of provisioning
and configuring
the resources.
CloudFormation template: YAML or JSON format, use to create CloudFormation stack, which contains the resources created.
CloudFormation StackSets: CRUD stack across multiple AWS accounts & regions.
CloudFront: AWS Cloud Front, a CDN (content distribution network). Use Edge location on over the world to help lower latency.
CloudWatch: is the primary AWS service for monitoring
various of metrics and configure alarm that automatically perform action if the value of your metric has gone beyond or under a predefined threshold.
CloudTrail: track user's activities
and API requests
. who
or what
made the call. What time is it, the user or process that took the action, and the service or resource that was affected by the action.
CodeCommit: PRIMARY purpose is software version control. It is a fully managed source control service that hosts private Git repositories.
Code Guru: helps you improve you CODE
quality and application performance
with recommendations.
Code serive: AWS Code Service
Computing Models: Cloud Computing Models (IaaS, PaaS, SaaS)
Comprehend: NLP (Natural Language Processing), managed and serverless service.
Container: is a lightweigtht, virtualized environment that allows developers to pakage, deploy and run application & their dependencies. It isolates the app from the underlying infrastucture.
Cost: AWS costs depend on the region.
Customer Compliance Center: it contains resources about AWS compliance. Compliance whitepapers about: FAQs about compliance, overview of risk and compliance, auditing security checklist.
Connect: Amazon Connect, provide customer service. It is a contact/call center.
Config: AWS Config, enables you to audit and monitor changes
in AWS resources.
Cost Explorer: enable you to view
, analyze
your costs and usage in a graph or a report.
Cryptographic key: a random string of digits
used for locking (encrypting) and unclocking (decrypting) data.
D
Database: relational (RDS, Aurora, Redshift), & non-relational DB (DynamoDB, Neptune, ElastiCache, DocumentDB)
DAX: DynamoDB Accelerator, one of DynamoDB features that uses in-memory chaching to reduce latency 10x.
Dead letter queue (DLQ): contains messages that could not be processed.
Synchronous Decoupling: involves components that
must always be available
for proper functionality.Asynchronous Decoupling:
Dedicated instance: is EC2 instance that runs in a VPC. Other instances for that customer can be hosted on the same hardware.
Direct Connect: is a private connection
provides helps you to reduce network costs and increase the amount of bandwidth.
Disaster recovery: designing for systems to operate through a disaster.
Disater recovery trategies: active/passive, pilot light, warm standby, active/active.
DMS: AWS Database Migration Service, helps you migrate
databases to AWS quickly and securely.
Docker: a software development platform
to deploy apps.
DocumentDB: is a document
database service that supports MongoDB workloads. NoSQL database service.
DynamicScaling: a policy that tracks specific CloudWatch metric, to instructs Amazon EC2 Auto Scaling.
DynamoDB: is a very fast scalable NoSQL database service that manages distributed replicas of your data for high avaiability.
E
EBS: Amazon Elastic Block Store, is the disk volumes that you attach to EC2. It is AZ level resource.
EC2: Amazon Elastic Compute Cloud
ECS: Elastic Container Service. Amazon container platform
Edge locations: is a physical site
that Amazon CloudFront uses to store cached copies
of your content closer to your customer for faster delivery.
EFS: Elastic File System, a regional
service. Allow us access data across AZs.
EKS: Elastic Kubernetes Service. Amazon's managed Kubernetes
Elasticity: (= horizontal scalability) ability to automatically increase or decrease your capacity based on the current demand of traffic, memory and computing power.
ELB: Elastic Load Balancer, only work for 1 region. So you need to deploy your instances accross AZs.
ENI: Elastic Network Interfaces. Logical component in a VPC that represents a virutal network card
. Bounded to specific AZ.
EventBridge: Amazon EventBridge
F
Fail over: happens when you have a plan to shift traffic to a redundant system in case of the primary system fails. Ex: run a duplicate standby database in another AZ.
Fan out: messaging pattern where 1 sender broadcasts message to multiple subscriber in parallel.
Fault tolerance: the built-in redundancy
of an application's components. Means designing for zero downtime.
Fargate: is a serverless
compute engine for containers
. works with EC2 and with EKS.
Ferderated users: AWS Managed Microsoft AD
Firehose: fully managed, auto scaling service for loading streaming data into AWS (S3, DynamoDB, or Redshift). Enable near real-time analytics with business intelligence tools and dashboards.
Fleet managmenet: refer to the functionality thats automatically replace unhealthy instances and maintains your fleet at desired capacity.
Function: a piece of code
running in AWS lambda that is triggered by an event.
G
Glacier: S3
Glacier, is a low-cost storage designed for data archiving
.
Global Accelerator: is used to send user traffic through the AWS global network infrastructure. Improving latency and availability for single region application. Improve internet speed
by 60%.
GuardDuty: Amazon GuardDuty, a service that provides intelligent
threat detection for your AWS infrastructure and resources. Data source of GuardDuty are VPC Flow logs, DNS Logs,...
H
High availability: accessibility and availablity, minimal downtime. Run instances for the same app across multi-AZ
.
Horizonal Scaling: scaling OUT and IN. Adding more nodes, change number
of instances.
Hub: device that connects all the nodes of a network together. It rebroadcast to all the other ports on the host.
I
IaaS: Infrastructure as a Service will always have 4 core cloud services: compute, storage, networking, database.
IAM entity: include 4 concepts: IAM group, IAM user, IAM federated user, and IAM role.
IAM group: a group of IAM users. Each user in the group inherits permissions
from the group.
IAM policy: is the JSON document used to describes permission.
IAM user: an entity that interacts with AWS.
IAM role: an identity
or temporary
access to permission. Delegate the permission using IAM role. Ex: an application on EC2 try to connect to an object stored on S3. EC2 does not normally have access to S3.
Inspector: Amazon Inspector, the service to help you automatically detect security vulnerabilies and deviations from security best practices. Create template -> Run on template.
Instance: EC2 Instance, is a virtual server
instance on the cloud.
Instance store: is a disk storage
that is physically
attached to the EC2 instance. Therefore, have the same lifespan as the instance. It is ideal for temporary
data.
Internet gateway: is a door
that allows public traffic from the Internet to access your VPC. You attach an ING to the VPC.
IOPS: Input/Output per second.
ISP (Internet Service Provider): is an org that provides internet access to its customers.
K
KMS: AWS Key Management Service, enable you perform encryption
operations through the use of cryptographic keys.
Kinesis: a platform for streaming
real-time data on AWS.
Kinesis Data Streams: a service that can continuously capture and store terabytes of data / hour from hundred & thousands sources.
Kinesis Firehose: see also Firehose
Kubernetes: an open-source system for automatic deployment, scaling, and management of containerized application.
L
Lambda: run code for virtually any type of application or backend service without provisioning or managing servers. Lambda's runtime limit is 15min
.
Latency: the response time
between user's client and server.
Lift and Shift: process of moving
your application from on-premesis to cloud WITHOUT making any major changes
to the code. Aka rehosting.
Lightsail: helps you build applications and websites fast
with low-cost, pre-configured cloud resources.
Load balancer: distribute traffic
accross AZs.
M
Macie: AWS Macie is an automated security
assessment service that helps improve the security
and compliance
of applications deployed on AWS. It continually evaluates your S3
environment.
MFA: Multi-factor authentication, is an authentication process that provides an extra layer
of protection AWS account.
Monitoring: observing, collecting metrics, and using data to make decisions.
Mount target: an IP address that acts as a network endpoint for an NFSv4 connection to an EFS file system. It provides the way to access the file system from EC2 or another resource that is in the same VPC as the mount target.
N
NAT: is a Network Address Translation service. Used so that instances in a private subnet can connect to services outside your VPC.
Neptune: is a graph database service. used to build and run applications that work with hightly connected datasets. Such as: recommendation engines, fraud detection, and knowledge graphs.
Network ACLS: is a virtual firewall
that controls inbound and outbount traffic at the subnet
level.
Node: a computer in a network. There are 2 types of nodes:
Host node: centralized node that shares files, apps, and resources with other nodes. Ex: File server, Email server, Web server
Client node: nodes that depend on the host node for files, applications and resources. Ex: computer, printer, mobile device
O
Object: each object in Object Storage, contains Data, Metadata, and Key.
Organization: AWS Organization offers an API to create and manage AWS accounts
.
Outpost: is a service that enables you to run infrastructure in a hybrid
cloud approach.
P
Packet: is a unit
of data sent over the internet or network.
PinPoint: promotional emails. You can create email campaigns
, segment your contacts.
Professional Services: is a global team experts
that can help you achieve your desired business outcomes.
Q
QuickSight: like Microsoft Power BI. It allows everyone in your org to understand your DATA
by asking question in natural language, explore through dashboard
.
R
6 R's of migration: is the 6 strategies of migration to the cloud:
Rehost: lift & shift
Replatform: lift, tinker & shift
Repurchase: replacing existing app --> cloud services.
Refactor: change architect
Retire
Retain.
RCUs: Read Capacity Unit. One of 2 primary metrics of AWS DynamoDB.
RDS: fully-managed relational database service by AWS.
Read Replica: is a read-only copy
of a database instance.
Redshift: a data warehousing service used for big data
.
Region: geographically
isolated area that contains AWS services. Japan has 2 regions: Tokyo & Osaka
Rekcognition: face detection, labeling, celebrity recognition.
Replatforming: one of 6 R's migration strategies. Changing how an application is architected and developed, typpically using cloud-native features.
Resilient: how quickly a system RECOVERY
. or brought back online.
RPO (Recovery Point Objective): the maximum amount of time over which you can lose data
.
Role: IAM role, when using a role, you don't need to distribute long-term credentials (such as: username, password, or access keys).
Route53: DNP Web Service. It translates
a domain name to IP address.
Route table: contains a set of rules, called routes, that are used to determine where network traffic from subnet or gateway is directed.
Router: a network device that connects multiple network segments into one networks. It connects multiple switches (and their networks)
RTO (Recovery Time Objective): the maximum duration of a service interuption
. Ex: SLA = 99% -> RTO = 1% = 7.2H
S
S3: Amazon Simple Storage Service.
S3 endpoint: a private connection
between VPC and S3, that doesn't require internet access, to reducing NAT gateway costs.
SageMaker: is a service that enables you to quickly build, train, and deploy ML models
.
SAM (Serverless Application Model): a framework provided by AWS that allows you to build, test, and deploy serverless applications.
SAML: Security Assertion Markup Language, easily connect to AWS using the login credentials of your on-premises network.
Scalable resource: EC2, EC2 Spot Fleets, ECS, DynamoDB, Aurora
SCP: Service Control Policy, enable you to centrally control
permissions for the accounts in your organization
. Defines what services and actions are allowed for users/groups. Dont grant permission, just ALLOW or DENY.
Security Group: a virtual firewall
that controls all in/out traffic from/incomming your cloud resources: servers, databases.
SES: Simple Email Service (HTML email) Emails that be triggered based on in-app actions: Sign-up, Reset password, Invoices.
Severless: is a compute model
, where the developer DOESN'T need to be concerned with the server.
Shield: AWS Sheild, a service uses techniques to detect potential DDoS
attacks in real time and automatically mitigates thems.
SLAs: Service Level Agreements.
Snow Family: is a collection of physical devices
that help to physically transport up to exabytes of data into and out of AWS. Include AWS Snowcone (8TB), Snowcone SSD (14TB), AWS Snowball Edge (80TB), and AWS Snowmobile (100PB).
SOC: System and Organization Controls reports, are independent-third party examination reports that demonstrate how AWS achieves key compliance controls
and objectives. There are FIVE SOC reports.
SOC 1 Report (AWS Artifact)
SOC 2 Security (AWS Artifact)
SOC 2 Security (AWS Artifact, but DocumentDB only)
SOC 2 Privacy Type I (AWS Artifact)
SOC 3 Security (publicly available as whitepaper)
SMB: a network communication protocol used by Windows-based computers and file servers to share files, printers, and other resources across a network.
SNS: Simple Notifications Service (plain text emails), which triggered via other AWS Services. Help you send notifications to subscribers of topics.
Spot Fleet: a mixed compute model
that manages Spot and On-demand EC2 instances. Spot Fleets = set of Spot Instance + (optional) On-Demand Instances.
Spot instance: EC2 instance that can be acquired by bidding for a low price
in exchange for the understanding that AWS can reclaim
it at anytime (after 2 minutes of notice).
SQS: Simple Queue Service, is a service that enables you to send, store, and receive messages between software components through a queue
.
Stack: in CloudFormation, a stack is a collection
of AWS resources that you can manage as a single unit.
StackSet: set of stack
that use the same template, but applied across multiple accounts, regions.
Sticky session: this ensure 1 traffic always redirected to the same target. This help user does not loose his SESSION data.
STS: Security Token Service, give temporary access to resources.
Subnet: is network within network, a section
of a VPC, is a range of IP addresses
in your VPC. Each subnet must reside entirely within 1 AZ.
Support: AWS Support is a PAID service offering access to AWS technical experts
and guidances.
Switch: connects multiple nodes together. A switch makes a direct link between the transmitting device and receiving device. -> more secure than hub.
System Manager: automate common administrative tasks and perform one-time configuration changes at scale. It provides you with a centralized
and consistent way to gather operational insights and carry out routine management tasks.
T
Tag: used to categorize resources, help you in searching and managing your resources.
TAM: Technical Account Manager is available ONLY to AWS customers with Enterprise Support plan
. Provides guidances, architecutal reviews, and ongoing communication with your company.
TCO: Total Cost of Ownership Calculator, estimate the cost savings you can realize by migrating
your workloads to the cloud.
Terraform: declarative
language that describes infrastructure.
Three-tier architecture: the MOST popular implementation of multi-tier architecture. 3 tiers: presentation tier (client), logic tier (server), data tier (database).
Transcribe: convert voice-to-text. use ASR (Automatic Speech Recognition). Remove
Trust Advisor: provides real-time recommendations
base on AWS best practices. Has 5 pillars: cost, performance, security, fault tolerance, service limits.
TTL: Time-To-Live. the session expircy
V
Vertical Scaling: scaling UP and DOWN. Change size
of instance, adding more RAM, CPU.
VPC: Virtual Private Cloud, enable you provision an isolated section
of AWS cloud.
VPC Peering: a network connection
between 2 AWS VPCs that allows you to route traffic between them using private IP addresses.
W
WAF: Web Application Firewall, let you monitor network requests
that come to your application by using ACL.
WCUs: Write Capacity Unit
Well-Architected: AWS Well-archhitected framework, has 6 pillars (well-known as 5 pillars
without Sustainability
):
Last updated