glossary
Last updated
Last updated
: provides information regarding prohibited actions on the AWS.
: web Access Control List. With ACL, you can protect CloudFront, API Gateway, Load Balancer, and AWS AppSync resources by allowing or blocking requests. It controls inbound and outbound traffic at SUBNET level.
: Amazon Machine Image (AMI), the template that contains software configurations to launch an instance. AMI differ across regions.
: AWS MGN. lift-and-shift migration service. the easiest and quickest way to migrate your server to AWS.
Cross-cloud migration
Data center migration
Cross-region migration]
: auto add/remove compute resources.
: Amazon Resource Name, is a file naming covention used to identify a particular resource in the AWS. Uniquely identify an AWS resource.
: Amazon Artifact, access AWS security and compliance reports and special online agreements. Allows you to download ISO cert or SOC reports.
: Availability Zone, is a single or a group of data centers within a Region. It helps you solve high availability problems disaster recovery scenarios. AZ is a fully isolated portion of the AWS global infrastructure. It has redundant power resources and networking.
: measurement of conditions at the START of your project used to make planning decisions.
: public EC2 instance to SSH into, that has SSH connectivity to EC2 instances in private subnets.
Batch data ingestion:
Glue
EMR
No need for 1 or 3 years commitment.
Only one AZ allowed.
Combined with Reserved instances & Saving Plans to do cost saving.
Business perspective: move from a model that seperate IT & business --> business model that integrated IT
People perspective: help HR prepare their teams for cloud adoption.
Governance perspective: help update staff skills and org processes to ensure business governance in the cloud.
Operations perspective: focus on recovering IT workloads to meet requirements of stakeholders.
Container: is a lightweigtht, virtualized environment that allows developers to pakage, deploy and run application & their dependencies. It isolates the app from the underlying infrastucture.
Data ingestion: moving data from one place to another.
Synchronous Decoupling: involves components that must always be available for proper functionality.
Asynchronous Decoupling:
Docker: a software development platform to deploy apps.
ECS: Elastic Container Service. Amazon container platform
EKS: Elastic Kubernetes Service. Amazon's managed Kubernetes
UpdateShardCount: increase the number of shard.
Random partition keys
Distribute hash key evently across shards.
Host node: centralized node that shares files, apps, and resources with other nodes. Ex: File server, Email server, Web server
Client node: nodes that depend on the host node for files, applications and resources. Ex: computer, printer, mobile device
Rehost: lift & shift
Replatform: lift, tinker & shift
Repurchase: replacing existing app --> cloud services.
Refactor: change architect
Retire
Retain.
SAM (Serverless Application Model): a framework provided by AWS that allows you to build, test, and deploy serverless applications.
Severless: is a compute model, where the developer DOESN'T need to be concerned with the server.
SOC 1 Report (AWS Artifact)
SOC 2 Security (AWS Artifact)
SOC 2 Security (AWS Artifact, but DocumentDB only)
SOC 2 Privacy Type I (AWS Artifact)
SOC 3 Security (publicly available as whitepaper)
Stateful: RDS, ElasticCache
Stateless: Lambda, API gateway, S3
: Binary Large Object. Binary data including videos, images, gifs, and audio files.
: add commands or scripts to AWS EC2 's instance USER DATA section that can be execute when the instance starts. Only run ONCE.
: AWS Budget, configure custom budgets and alert when cost exceed your defined budget.
: ensure you have EC2 capacity when needed.
: Content Delivery Network.
: Cloud Adoption Framework, has 4 perspectives:
: intentionally causing issues in order to validate that a system can respond appropriately to problems.
: Continuous Integration
: Classless Inter-Domain Routing block
: text data including text files, PDF docs, word processing documents.
: cloud-based IDE, helps you write/run/debug code.
: is a single-tenant HSM as a service that automates hardware provisioning, software pathching, backups.
: treat your infrastructure as code. Takes care of provisioning and configuring the resources.
: YAML or JSON format, use to create CloudFormation stack, which contains the resources created.
: CRUD stack across multiple AWS accounts & regions.
: AWS Cloud Front, a CDN (content distribution network). Use Edge location on over the world to help lower latency.
: is the primary AWS service for monitoring various of metrics and configure alarm that automatically perform action if the value of your metric has gone beyond or under a predefined threshold.
: track user's activities and API requests. who or what made the call. What time is it, the user or process that took the action, and the service or resource that was affected by the action.
: PRIMARY purpose is software version control. It is a fully managed source control service that hosts private Git repositories.
: helps you improve you CODE quality and application performance with recommendations.
: AWS Code Service
: Cloud Computing Models (IaaS, PaaS, SaaS)
: NLP (Natural Language Processing), managed and serverless service.
: AWS costs depend on the region.
: it contains resources about AWS compliance. Compliance whitepapers about: FAQs about compliance, overview of risk and compliance, auditing security checklist.
: Amazon Connect, provide customer service. It is a contact/call center.
: AWS Config, enables you to audit and monitor changes in AWS resources.
: enable you to view, analyze your costs and usage in a graph or a report.
: a random string of digits used for locking (encrypting) and unclocking (decrypting) data.
: relational (RDS, Aurora, Redshift), & non-relational DB (DynamoDB, Neptune, ElastiCache, DocumentDB)
: DynamoDB Accelerator, one of DynamoDB features that uses in-memory chaching to reduce latency 10x.
(DLQ): contains messages that could not be processed.
:
: is EC2 instance that runs in a VPC. Other instances for that customer can be hosted on the same hardware.
: is a private connection provides helps you to reduce network costs and increase the amount of bandwidth.
: designing for systems to operate through a disaster.
: active/passive, pilot light, warm standby, active/active.
: AWS Database Migration Service, helps you migrate databases to AWS quickly and securely.
: is a document database service that supports MongoDB workloads. NoSQL database service.
: a policy that tracks specific CloudWatch metric, to instructs Amazon EC2 Auto Scaling.
: is a very fast scalable NoSQL database service that manages distributed replicas of your data for high avaiability.
: Amazon Elastic Block Store, is the disk volumes that you attach to EC2. It is AZ level resource.
: is a physical site that Amazon CloudFront uses to store cached copies of your content closer to your customer for faster delivery.
: Elastic File System, a regional service. Allow us access data across AZs.
: (= horizontal scalability) ability to automatically increase or decrease your capacity based on the current demand of traffic, memory and computing power.
: Elastic Load Balancer, only work for 1 region. So you need to deploy your instances accross AZs.
: Elastic Network Interfaces. Logical component in a VPC that represents a virutal network card. Bounded to specific AZ.
: extract, transform, load data.
: happens when you have a plan to shift traffic to a redundant system in case of the primary system fails. Ex: run a duplicate standby database in another AZ.
: messaging pattern where 1 sender broadcasts message to multiple subscriber in parallel.
: the built-in redundancy of an application's components. Means designing for zero downtime.
: is a serverless compute engine for containers. works with EC2 and with EKS.
: AWS Managed Microsoft AD
: fully managed, auto scaling service for loading streaming data into AWS (S3, DynamoDB, or Redshift). Enable near real-time analytics with business intelligence tools and dashboards.
: refer to the functionality thats automatically replace unhealthy instances and maintains your fleet at desired capacity.
: a piece of code running in AWS lambda that is triggered by an event.
: S3 Glacier, is a low-cost storage designed for data archiving.
: is used to send user traffic through the AWS global network infrastructure. Improving latency and availability for single region application. Improve internet speed by 60%.
: Amazon GuardDuty, a service that provides intelligent threat detection for your AWS infrastructure and resources. Data source of GuardDuty are VPC Flow logs, DNS Logs,...
: accessibility and availablity, minimal downtime. Run instances for the same app across multi-AZ.
(Health Insurance Portability and Accountability Act):
: a overworking shard. Solution
: scaling OUT and IN. Adding more nodes, change number of instances.
: device that connects all the nodes of a network together. It rebroadcast to all the other ports on the host.
: Infrastructure as a Service will always have 4 core cloud services: compute, storage, networking, database.
: include 4 concepts: IAM group, IAM user, IAM federated user, and IAM role.
: a group of IAM users. Each user in the group inherits permissions from the group.
: is the JSON document used to describes permission.
: an entity that interacts with AWS.
: an identity or temporary access to permission. Delegate the permission using IAM role. Ex: an application on EC2 try to connect to an object stored on S3. EC2 does not normally have access to S3.
: Amazon Inspector, the service to help you automatically detect security vulnerabilies and deviations from security best practices. Create template -> Run on template.
: EC2 Instance, is a virtual server instance on the cloud.
: is a disk storage that is physically attached to the EC2 instance. Therefore, have the same lifespan as the instance. It is ideal for temporary data.
: is a door that allows public traffic from the Internet to access your VPC. You attach an ING to the VPC.
Input/Output per second.
(Internet Service Provider): is an org that provides internet access to its customers.
: AWS Key Management Service, enable you perform encryption operations through the use of cryptographic keys.
: a platform for streaming real-time data on AWS.
: a service that can continuously capture and store terabytes of data / hour from hundred & thousands sources.
: see also
: an open-source system for automatic deployment, scaling, and management of containerized application.
: run code for virtually any type of application or backend service without provisioning or managing servers. Lambda's runtime limit is 15min.
: the response time between user's client and server.
: process of moving your application from on-premesis to cloud WITHOUT making any major changes to the code. Aka rehosting.
: helps you build applications and websites fast with low-cost, pre-configured cloud resources.
: distribute traffic accross AZs.
: AWS Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It continually evaluates your S3 environment.
: Multi-factor authentication, is an authentication process that provides an extra layer of protection AWS account.
: observing, collecting metrics, and using data to make decisions.
an IP address that acts as a network endpoint for an NFSv4 connection to an EFS file system. It provides the way to access the file system from EC2 or another resource that is in the same VPC as the mount target.
: is a Network Address Translation service. Used so that instances in a private subnet can connect to services outside your VPC.
: is a graph database service. used to build and run applications that work with hightly connected datasets. Such as: recommendation engines, fraud detection, and knowledge graphs.
: is a virtual firewall that controls inbound and outbount traffic at the subnet level.
: a computer in a network. There are 2 types of nodes:
: each object in Object Storage, contains Data, Metadata, and Key.
: AWS Organization offers an API to create and manage AWS accounts.
: is a service that enables you to run infrastructure in a hybrid cloud approach.
: is a unit of data sent over the internet or network.
: promotional emails. You can create email campaigns, segment your contacts.
: is a global team experts that can help you achieve your desired business outcomes.
: like Microsoft Power BI. It allows everyone in your org to understand your DATA by asking question in natural language, explore through dashboard.
: is the 6 strategies of migration to the cloud:
: Read Capacity Unit. One of 2 primary metrics of AWS DynamoDB.
: fully-managed relational database service by AWS.
: is a read-only copy of a database instance.
: a data warehousing service used for big data.
: geographically isolated area that contains AWS services. Japan has 2 regions: Tokyo & Osaka
: face detection, labeling, celebrity recognition.
: one of 6 R's migration strategies. Changing how an application is architected and developed, typpically using cloud-native features.
: how quickly a system RECOVERY. or brought back online.
(Recovery Point Objective): the maximum amount of time over which you can lose data.
: IAM role, when using a role, you don't need to distribute long-term credentials (such as: username, password, or access keys).
: DNP Web Service. It translates a domain name to IP address.
: contains a set of rules, called routes, that are used to determine where network traffic from subnet or gateway is directed.
: a network device that connects multiple network segments into one networks. It connects multiple switches (and their networks)
(Recovery Time Objective): the maximum duration of a service interuption. Ex: SLA = 99% -> RTO = 1% = 7.2H
: Amazon Simple Storage Service.
: a private connection between VPC and S3, that doesn't require internet access, to reducing NAT gateway costs.
: is a service that enables you to quickly build, train, and deploy ML models.
: Security Assertion Markup Language, easily connect to AWS using the login credentials of your on-premises network.
: EC2, EC2 Spot Fleets, ECS, DynamoDB, Aurora
: Service Control Policy, enable you to centrally control permissions for the accounts in your organization. Defines what services and actions are allowed for users/groups. Dont grant permission, just ALLOW or DENY.
: a virtual firewall that controls all in/out traffic from/incomming your cloud resources: servers, databases.
: Simple Email Service (HTML email) Emails that be triggered based on in-app actions: Sign-up, Reset password, Invoices.
: AWS Sheild, a service uses techniques to detect potential DDoS attacks in real time and automatically mitigates thems.
: Service Level Agreements.
: is a collection of physical devices that help to physically transport up to exabytes of data into and out of AWS. Include AWS Snowcone (8TB), Snowcone SSD (14TB), AWS Snowball Edge (80TB), and AWS Snowmobile (100PB).
: System and Organization Controls reports, are independent-third party examination reports that demonstrate how AWS achieves key compliance controls and objectives. There are FIVE SOC reports.
: a network communication protocol used by Windows-based computers and file servers to share files, printers, and other resources across a network.
: Simple Notifications Service (plain text emails), which triggered via other AWS Services. Help you send notifications to subscribers of topics.
: a mixed compute model that manages Spot and On-demand EC2 instances. Spot Fleets = set of Spot Instance + (optional) On-Demand Instances.
: EC2 instance that can be acquired by bidding for a low price in exchange for the understanding that AWS can reclaim it at anytime (after 2 minutes of notice).
: Simple Queue Service, is a service that enables you to send, store, and receive messages between software components through a queue.
: in CloudFormation, a stack is a collection of AWS resources that you can manage as a single unit.
: set of stack that use the same template, but applied across multiple accounts, regions.
: this ensure 1 traffic always redirected to the same target. This help user does not loose his SESSION data.
: Security Token Service, give temporary access to resources.
: is network within network, a section of a VPC, is a range of IP addresses in your VPC. Each subnet must reside entirely within 1 AZ.
: AWS Support is a PAID service offering access to AWS technical experts and guidances.
: connects multiple nodes together. A switch makes a direct link between the transmitting device and receiving device. -> more secure than .
: automate common administrative tasks and perform one-time configuration changes at scale. It provides you with a centralized and consistent way to gather operational insights and carry out routine management tasks.
: used to categorize resources, help you in searching and managing your resources.
: Technical Account Manager is available ONLY to AWS customers with Enterprise Support plan. Provides guidances, architecutal reviews, and ongoing communication with your company.
: Total Cost of Ownership Calculator, estimate the cost savings you can realize by migrating your workloads to the cloud.
: declarative language that describes infrastructure.
: the MOST popular implementation of multi-tier architecture. 3 tiers: presentation tier (client), logic tier (server), data tier (database).
: change the data from its original from to other form that can be useful for downstream use cases.
: convert voice-to-text. use ASR (Automatic Speech Recognition).
:
: provides real-time recommendations base on AWS best practices. Has 5 pillars: cost, performance, security, fault tolerance, service limits.
: Time-To-Live. the session expircy
: scaling UP and DOWN. Change size of instance, adding more RAM, CPU.
: Virtual Private Cloud, enable you provision an isolated section of AWS cloud.
: a network connection between 2 AWS VPCs that allows you to route traffic between them using private IP addresses.
: Web Application Firewall, let you monitor network requests that come to your application by using ACL.
: Write Capacity Unit
: AWS Well-archhitected framework, has 6 pillars (well-known as 5 pillars without Sustainability):
