glossary

A

Acceptable Use Policy: provides information regarding prohibited actions on the AWS.

ACL: web Access Control List. With ACL, you can protect CloudFront, API Gateway, Load Balancer, and AWS AppSync resources by allowing or blocking requests. It controls inbound and outbound traffic at SUBNET level.

AMI: Amazon Machine Image (AMI), the template that contains software configurations to launch an instance. AMI differ across regions.

Application Migration Service: AWS MGN. lift-and-shift migration service. the easiest and quickest way to migrate your server to AWS.

  • Cross-cloud migration

  • Data center migration

  • Cross-region migration]

Auto scaling: auto add/remove compute resources.

ARN: Amazon Resource Name, is a file naming covention used to identify a particular resource in the AWS. Uniquely identify an AWS resource.

Artifact: Amazon Artifact, access AWS security and compliance reports and special online agreements. Allows you to download ISO cert or SOC reports.

AZ: Availability Zone, is a single or a group of data centers within a Region. It helps you solve high availability problems disaster recovery scenarios. AZ is a fully isolated portion of the AWS global infrastructure. It has redundant power resources and networking.

B

Baseline: measurement of conditions at the START of your project used to make planning decisions.

Basion host: public EC2 instance to SSH into, that has SSH connectivity to EC2 instances in private subnets.

Batch data ingestion:

  • Glue

  • EMR

BLOBs: Binary Large Object. Binary data including videos, images, gifs, and audio files.

Bootstrapping: add commands or scripts to AWS EC2 's instance USER DATA section that can be execute when the instance starts. Only run ONCE.

Budget: AWS Budget, configure custom budgets and alert when cost exceed your defined budget.

C

Cabacity Reservation: ensure you have EC2 capacity when needed.

  • No need for 1 or 3 years commitment.

  • Only one AZ allowed.

  • Combined with Reserved instances & Saving Plans to do cost saving.

CDN: Content Delivery Network.

CAF: Cloud Adoption Framework, has 4 perspectives:

  • Business perspective: move from a model that seperate IT & business --> business model that integrated IT

  • People perspective: help HR prepare their teams for cloud adoption.

  • Governance perspective: help update staff skills and org processes to ensure business governance in the cloud.

  • Operations perspective: focus on recovering IT workloads to meet requirements of stakeholders.

Chaos Engineering: intentionally causing issues in order to validate that a system can respond appropriately to problems.

CI/CD: Continuous Integration

CIDR: Classless Inter-Domain Routing block

CLOBs: text data including text files, PDF docs, word processing documents.

Cloud9: cloud-based IDE, helps you write/run/debug code.

CloudHSM: is a single-tenant HSM as a service that automates hardware provisioning, software pathching, backups.

CloudFormation: treat your infrastructure as code. Takes care of provisioning and configuring the resources.

CloudFormation template: YAML or JSON format, use to create CloudFormation stack, which contains the resources created.

CloudFormation StackSets: CRUD stack across multiple AWS accounts & regions.

CloudFront: AWS Cloud Front, a CDN (content distribution network). Use Edge location on over the world to help lower latency.

CloudWatch: is the primary AWS service for monitoring various of metrics and configure alarm that automatically perform action if the value of your metric has gone beyond or under a predefined threshold.

CloudTrail: track user's activities and API requests. who or what made the call. What time is it, the user or process that took the action, and the service or resource that was affected by the action.

CodeCommit: PRIMARY purpose is software version control. It is a fully managed source control service that hosts private Git repositories.

Code Guru: helps you improve you CODE quality and application performance with recommendations.

Code serive: AWS Code Service

Computing Models: Cloud Computing Models (IaaS, PaaS, SaaS)

Comprehend: NLP (Natural Language Processing), managed and serverless service.

Container: is a lightweigtht, virtualized environment that allows developers to pakage, deploy and run application & their dependencies. It isolates the app from the underlying infrastucture.

Cost: AWS costs depend on the region.

Customer Compliance Center: it contains resources about AWS compliance. Compliance whitepapers about: FAQs about compliance, overview of risk and compliance, auditing security checklist.

Connect: Amazon Connect, provide customer service. It is a contact/call center.

Config: AWS Config, enables you to audit and monitor changes in AWS resources.

Cost Explorer: enable you to view, analyze your costs and usage in a graph or a report.

Cryptographic key: a random string of digits used for locking (encrypting) and unclocking (decrypting) data.

D

Database: relational (RDS, Aurora, Redshift), & non-relational DB (DynamoDB, Neptune, ElastiCache, DocumentDB)

Data ingestion: moving data from one place to another.

DAX: DynamoDB Accelerator, one of DynamoDB features that uses in-memory chaching to reduce latency 10x.

Dead letter queue (DLQ): contains messages that could not be processed.

Decoupling:

  • Synchronous Decoupling: involves components that must always be available for proper functionality.

  • Asynchronous Decoupling:

Dedicated instance: is EC2 instance that runs in a VPC. Other instances for that customer can be hosted on the same hardware.

Direct Connect: is a private connection provides helps you to reduce network costs and increase the amount of bandwidth.

Disaster recovery: designing for systems to operate through a disaster.

Disater recovery trategies: active/passive, pilot light, warm standby, active/active.

DMS: AWS Database Migration Service, helps you migrate databases to AWS quickly and securely.

Docker: a software development platform to deploy apps.

DocumentDB: is a document database service that supports MongoDB workloads. NoSQL database service.

DynamicScaling: a policy that tracks specific CloudWatch metric, to instructs Amazon EC2 Auto Scaling.

DynamoDB: is a very fast scalable NoSQL database service that manages distributed replicas of your data for high avaiability.

E

EBS: Amazon Elastic Block Store, is the disk volumes that you attach to EC2. It is AZ level resource.

ECS: Elastic Container Service. Amazon container platform

Edge locations: is a physical site that Amazon CloudFront uses to store cached copies of your content closer to your customer for faster delivery.

EFS: Elastic File System, a regional service. Allow us access data across AZs.

EKS: Elastic Kubernetes Service. Amazon's managed Kubernetes

Elasticity: (= horizontal scalability) ability to automatically increase or decrease your capacity based on the current demand of traffic, memory and computing power.

ELB: Elastic Load Balancer, only work for 1 region. So you need to deploy your instances accross AZs.

ENI: Elastic Network Interfaces. Logical component in a VPC that represents a virutal network card. Bounded to specific AZ.

ETL: extract, transform, load data.

F

Fail over: happens when you have a plan to shift traffic to a redundant system in case of the primary system fails. Ex: run a duplicate standby database in another AZ.

Fan out: messaging pattern where 1 sender broadcasts message to multiple subscriber in parallel.

Fault tolerance: the built-in redundancy of an application's components. Means designing for zero downtime.

Fargate: is a serverless compute engine for containers. works with EC2 and with EKS.

Ferderated users: AWS Managed Microsoft AD

Firehose: fully managed, auto scaling service for loading streaming data into AWS (S3, DynamoDB, or Redshift). Enable near real-time analytics with business intelligence tools and dashboards.

Fleet managmenet: refer to the functionality thats automatically replace unhealthy instances and maintains your fleet at desired capacity.

Function: a piece of code running in AWS lambda that is triggered by an event.

G

Glacier: S3 Glacier, is a low-cost storage designed for data archiving.

Global Accelerator: is used to send user traffic through the AWS global network infrastructure. Improving latency and availability for single region application. Improve internet speed by 60%.

GuardDuty: Amazon GuardDuty, a service that provides intelligent threat detection for your AWS infrastructure and resources. Data source of GuardDuty are VPC Flow logs, DNS Logs,...

H

High availability: accessibility and availablity, minimal downtime. Run instances for the same app across multi-AZ.

HIPAA (Health Insurance Portability and Accountability Act):

Hot shard: a overworking shard. Solution

  • UpdateShardCount: increase the number of shard.

  • Random partition keys

  • Distribute hash key evently across shards.

Horizonal Scaling: scaling OUT and IN. Adding more nodes, change number of instances.

Hub: device that connects all the nodes of a network together. It rebroadcast to all the other ports on the host.

I

IaaS: Infrastructure as a Service will always have 4 core cloud services: compute, storage, networking, database.

IAM entity: include 4 concepts: IAM group, IAM user, IAM federated user, and IAM role.

IAM group: a group of IAM users. Each user in the group inherits permissions from the group.

IAM policy: is the JSON document used to describes permission.

IAM user: an entity that interacts with AWS.

IAM role: an identity or temporary access to permission. Delegate the permission using IAM role. Ex: an application on EC2 try to connect to an object stored on S3. EC2 does not normally have access to S3.

Inspector: Amazon Inspector, the service to help you automatically detect security vulnerabilies and deviations from security best practices. Create template -> Run on template.

Instance: EC2 Instance, is a virtual server instance on the cloud.

Instance store: is a disk storage that is physically attached to the EC2 instance. Therefore, have the same lifespan as the instance. It is ideal for temporary data.

Internet gateway: is a door that allows public traffic from the Internet to access your VPC. You attach an ING to the VPC.

IOPS: Input/Output per second.

ISP (Internet Service Provider): is an org that provides internet access to its customers.

K

KMS: AWS Key Management Service, enable you perform encryption operations through the use of cryptographic keys.

Kinesis: a platform for streaming real-time data on AWS.

Kinesis Data Streams: a service that can continuously capture and store terabytes of data / hour from hundred & thousands sources.

Kinesis Firehose: see also Firehose

Kubernetes: an open-source system for automatic deployment, scaling, and management of containerized application.

L

Lambda: run code for virtually any type of application or backend service without provisioning or managing servers. Lambda's runtime limit is 15min.

Latency: the response time between user's client and server.

Lift and Shift: process of moving your application from on-premesis to cloud WITHOUT making any major changes to the code. Aka rehosting.

Lightsail: helps you build applications and websites fast with low-cost, pre-configured cloud resources.

Load balancer: distribute traffic accross AZs.

M

Macie: AWS Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It continually evaluates your S3 environment.

MFA: Multi-factor authentication, is an authentication process that provides an extra layer of protection AWS account.

Monitoring: observing, collecting metrics, and using data to make decisions.

Mount target: an IP address that acts as a network endpoint for an NFSv4 connection to an EFS file system. It provides the way to access the file system from EC2 or another resource that is in the same VPC as the mount target.

N

NAT: is a Network Address Translation service. Used so that instances in a private subnet can connect to services outside your VPC.

Neptune: is a graph database service. used to build and run applications that work with hightly connected datasets. Such as: recommendation engines, fraud detection, and knowledge graphs.

Network ACLS: is a virtual firewall that controls inbound and outbount traffic at the subnet level.

Node: a computer in a network. There are 2 types of nodes:

  • Host node: centralized node that shares files, apps, and resources with other nodes. Ex: File server, Email server, Web server

  • Client node: nodes that depend on the host node for files, applications and resources. Ex: computer, printer, mobile device

O

Object: each object in Object Storage, contains Data, Metadata, and Key.

Organization: AWS Organization offers an API to create and manage AWS accounts.

Outpost: is a service that enables you to run infrastructure in a hybrid cloud approach.

P

Packet: is a unit of data sent over the internet or network.

PinPoint: promotional emails. You can create email campaigns, segment your contacts.

Professional Services: is a global team experts that can help you achieve your desired business outcomes.

Q

QuickSight: like Microsoft Power BI. It allows everyone in your org to understand your DATA by asking question in natural language, explore through dashboard.

R

6 R's of migration: is the 6 strategies of migration to the cloud:

  • Rehost: lift & shift

  • Replatform: lift, tinker & shift

  • Repurchase: replacing existing app --> cloud services.

  • Refactor: change architect

  • Retire

  • Retain.

RCUs: Read Capacity Unit. One of 2 primary metrics of AWS DynamoDB.

RDS: fully-managed relational database service by AWS.

Read Replica: is a read-only copy of a database instance.

Redshift: a data warehousing service used for big data.

Region: geographically isolated area that contains AWS services. Japan has 2 regions: Tokyo & Osaka

Rekcognition: face detection, labeling, celebrity recognition.

Replatforming: one of 6 R's migration strategies. Changing how an application is architected and developed, typpically using cloud-native features.

Resilient: how quickly a system RECOVERY. or brought back online.

RPO (Recovery Point Objective): the maximum amount of time over which you can lose data.

Role: IAM role, when using a role, you don't need to distribute long-term credentials (such as: username, password, or access keys).

Route53: DNP Web Service. It translates a domain name to IP address.

Route table: contains a set of rules, called routes, that are used to determine where network traffic from subnet or gateway is directed.

Router: a network device that connects multiple network segments into one networks. It connects multiple switches (and their networks)

RTO (Recovery Time Objective): the maximum duration of a service interuption. Ex: SLA = 99% -> RTO = 1% = 7.2H

S

S3: Amazon Simple Storage Service.

S3 endpoint: a private connection between VPC and S3, that doesn't require internet access, to reducing NAT gateway costs.

SageMaker: is a service that enables you to quickly build, train, and deploy ML models.

SAM (Serverless Application Model): a framework provided by AWS that allows you to build, test, and deploy serverless applications.

SAML: Security Assertion Markup Language, easily connect to AWS using the login credentials of your on-premises network.

Scalable resource: EC2, EC2 Spot Fleets, ECS, DynamoDB, Aurora

SCP: Service Control Policy, enable you to centrally control permissions for the accounts in your organization. Defines what services and actions are allowed for users/groups. Dont grant permission, just ALLOW or DENY.

Security Group: a virtual firewall that controls all in/out traffic from/incomming your cloud resources: servers, databases.

SES: Simple Email Service (HTML email) Emails that be triggered based on in-app actions: Sign-up, Reset password, Invoices.

Severless: is a compute model, where the developer DOESN'T need to be concerned with the server.

Shield: AWS Sheild, a service uses techniques to detect potential DDoS attacks in real time and automatically mitigates thems.

SLAs: Service Level Agreements.

Snow Family: is a collection of physical devices that help to physically transport up to exabytes of data into and out of AWS. Include AWS Snowcone (8TB), Snowcone SSD (14TB), AWS Snowball Edge (80TB), and AWS Snowmobile (100PB).

SOC: System and Organization Controls reports, are independent-third party examination reports that demonstrate how AWS achieves key compliance controls and objectives. There are FIVE SOC reports.

  • SOC 1 Report (AWS Artifact)

  • SOC 2 Security (AWS Artifact)

  • SOC 2 Security (AWS Artifact, but DocumentDB only)

  • SOC 2 Privacy Type I (AWS Artifact)

  • SOC 3 Security (publicly available as whitepaper)

SMB: a network communication protocol used by Windows-based computers and file servers to share files, printers, and other resources across a network.

SNS: Simple Notifications Service (plain text emails), which triggered via other AWS Services. Help you send notifications to subscribers of topics.

Spot Fleet: a mixed compute model that manages Spot and On-demand EC2 instances. Spot Fleets = set of Spot Instance + (optional) On-Demand Instances.

Spot instance: EC2 instance that can be acquired by bidding for a low price in exchange for the understanding that AWS can reclaim it at anytime (after 2 minutes of notice).

SQS: Simple Queue Service, is a service that enables you to send, store, and receive messages between software components through a queue.

Stack: in CloudFormation, a stack is a collection of AWS resources that you can manage as a single unit.

StackSet: set of stack that use the same template, but applied across multiple accounts, regions.

Sticky session: this ensure 1 traffic always redirected to the same target. This help user does not loose his SESSION data.

STS: Security Token Service, give temporary access to resources.

Subnet: is network within network, a section of a VPC, is a range of IP addresses in your VPC. Each subnet must reside entirely within 1 AZ.

Support: AWS Support is a PAID service offering access to AWS technical experts and guidances.

Switch: connects multiple nodes together. A switch makes a direct link between the transmitting device and receiving device. -> more secure than hub.

System Manager: automate common administrative tasks and perform one-time configuration changes at scale. It provides you with a centralized and consistent way to gather operational insights and carry out routine management tasks.

T

Tag: used to categorize resources, help you in searching and managing your resources.

TAM: Technical Account Manager is available ONLY to AWS customers with Enterprise Support plan. Provides guidances, architecutal reviews, and ongoing communication with your company.

TCO: Total Cost of Ownership Calculator, estimate the cost savings you can realize by migrating your workloads to the cloud.

Terraform: declarative language that describes infrastructure.

Three-tier architecture: the MOST popular implementation of multi-tier architecture. 3 tiers: presentation tier (client), logic tier (server), data tier (database).

Transformation: change the data from its original from to other form that can be useful for downstream use cases.

Transcribe: convert voice-to-text. use ASR (Automatic Speech Recognition).

Transactional data:

  • Stateful: RDS, ElasticCache

  • Stateless: Lambda, API gateway, S3

Trust Advisor: provides real-time recommendations base on AWS best practices. Has 5 pillars: cost, performance, security, fault tolerance, service limits.

TTL: Time-To-Live. the session expircy

V

Vertical Scaling: scaling UP and DOWN. Change size of instance, adding more RAM, CPU.

VPC: Virtual Private Cloud, enable you provision an isolated section of AWS cloud.

VPC Peering: a network connection between 2 AWS VPCs that allows you to route traffic between them using private IP addresses.

W

WAF: Web Application Firewall, let you monitor network requests that come to your application by using ACL.

WCUs: Write Capacity Unit

Well-Architected: AWS Well-archhitected framework, has 6 pillars (well-known as 5 pillars without Sustainability):

Last updated