Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Must-Know AWS Terms for Cloud Computing Beginners

Amazon Web Services, is the market and technological leader in the world of cloud. AWS provides services like EC2, S3, Lambda, RDS and IAM. The platform allows scalable solutions in computing, storage, databases and networking for the business. However, with mastering in AWS services, you will be able to design and deploy secure cloud infrastructures, use serverless computing with Lambda, manage data through S3, and ensure robust cloud security through IAM. AWS brings all advanced concepts ranging from VPC, AWS DevOps, up to migration to the cloud, through monitoring on CloudWatch. It is a course that is compulsorily taken by anyone interested in eventually excelling in areas involving cloud computing, cloud security, and cloud architecture. 

 A

access control list (ACL): A document that defines who can access a particular bucket or object in Amazon S3, specifying actions like read or write permissions.

access key: Combination of an access key ID and a secret access key, used to sign API requests to AWS.

access key ID: A unique identifier associated with a secret access key, used together to cryptographically sign AWS requests.

access key rotation: A security practice of changing the AWS access key ID to retire an old key as needed.

access policy language: A language for writing policies that specify who can access an AWS resource and under what conditions.

account: The AWS entity that includes the control of resources, owner email, payment information, and permissions for managing resources.

account activity: A web page that displays month to date AWS usage and costs.

AWS Account Management: A tool to update contact information for AWS accounts.

ACM (AWS Certificate Manager): Service for provisioning, managing, and deploying SSL/TLS certificates for use with AWS services.

action: An API function, or operation, that specifies an activity a principal has permission to perform on an AWS resource.

active trusted key groups: Lists trusted key groups and their active public keys for a CloudFront distribution.

active active: High availability strategy where a workload exists in multiple regions, serving traffic from all deployed regions.

active passive: Disaster recovery strategy involving a primary region and a standby region in backup and restore configurations.

additional authenticated data: Non Encrypted information, such as headers, used for integrity verification.

administrative suspension: Automatic suspension of Auto Scaling processes that fail repeatedly, typically for groups with zero running instances.

alarm: Watches a single metric over time, triggering actions like Amazon SNS notifications when a threshold is crossed.

allow: One of two possible outcomes when evaluating an IAM access policy; it permits an action based on evaluated permissions.

Amazon API Gateway: Managed service for creating, managing, and securing APIs.

Amazon AppFlow: Fully managed integration service for secure data transfer between SaaS applications and AWS services.

Amazon AppStream 2.0: Secure, fully managed service for streaming desktop applications without rewriting them.

Amazon Athena: Interactive query service to analyze data in Amazon S3 using SQL.

Amazon DeepLens: AIpowered deep learning camera for developers.

Amazon DeepRacer: Autonomous 1/18th scale race car for experimenting with reinforcement learning.

Amazon EC2 (Elastic Compute Cloud): Provides resizable compute capacity in the cloud, allowing flexible virtual server hosting.

Amazon GuardDuty: Managed security monitoring service.

Amazon Machine Image (AMI): Encrypted machine image stored in Amazon EBS or S3, functioning as a root drive template with OS and applications.

Amazon Macie: Security service that uses machine learning to discover, classify, and protect sensitive data.

Amazon MQ: Managed message broker service for Apache ActiveMQ.

Amazon Neptune: Managed graph database service optimized for highly connected datasets.

Amazon Personalize: Machine learning service for building personalized experiences.

Amazon QuickSight: Cloudscale business intelligence (BI) service for creating interactive dashboards and visualizations.

Amazon RDS (Relational Database Service): Managed database service supporting multiple engines like MySQL and PostgreSQL.

Amazon Redshift: Managed data warehouse for structured and semistructured data analysis.

Amazon Rekognition: Image and video analysis service powered by machine learning.

Amazon S3 (Simple Storage Service): Object storage service designed for scalable, durable data storage and retrieval.

Amazon SageMaker: Service for building, training, and deploying machine learning models.

Amazon SES (Simple Email Service): Service for sending marketing and transactional emails.

Amazon Textract: Service for extracting text and data from scanned documents using machine learning.

Amazon Transcribe: Automatic speech recognition service for converting speech to text.

Amazon Translate: Neural machine translation service.

Amazon VPC (Virtual Private Cloud): Isolated section of AWS for launching resources in a user defined virtual network.

Amplify: Fullstack platform for building web and mobile applications.

Amplify Android: Opensource client libraries for building native Android applications powered by AWS.

Amplify Hosting: Managed CI/CD and hosting service for static and server side rendered apps.

AppStream 2.0: Managed service for streaming desktop applications without rewriting them.

 asymmetric encryption: Encryption using both a public and a private key.

asynchronous bounce: Email bounce that occurs after initial acceptance by a receiver, due to subsequent delivery failure.

attribute: Fundamental data element, like fields or columns in DynamoDB and other database systems.

AUC (Area Under a Curve): Metric for evaluating the accuracy of a binary classification model.

authentication: Process of proving identity to a system.

authenticated encryption: Encryption ensuring confidentiality, integrity, and authenticity of data.

AWS Amplify: Fullstack platform for building secure, scalable web and mobile applications.

AWS App Container: Tool for transforming .NET and Java applications into containerized applications.

AWS AppConfig: Service for updating software at runtime without deploying new code.

AWS AppSync: Managed GraphQL service for building real time applications.

AWS Artifact: Central resource for AWS compliance information.

AWS Auto Scaling: Fully managed service for scaling AWS resources based on demand.

AWS Batch: Fully managed service for batch computing jobs.

AWS CloudHSM: Hardware security module for key management and cryptographic operations.

AWS CodeCommit: Managed source control service for Git repositories.

AWS CodeDeploy: Service for automating code deployments to EC2 or Lambda.

AWS CodeStar: Platform for creating and managing software development projects.

AWS Cost and Usage Report: Detailed AWS usage and cost reports.

AWS Data Exchange: Service for subscribing to and using third party data.

AWS Device Farm: Automated app testing across real mobile devices.

AWS Elastic Inference: GPU acceleration for deep learning models in EC2.

AWS Elastic Transcoder: Media transcoding service for converting media files.

AWS Global Accelerator: Network service for improving global application performance.

AWS Glue Data Catalog: Centralized metadata repository for data assets.

AWS Inspector: Automated security assessment service for EC2 instances.

AWS IoT Core: Platform for connecting IoT devices to the cloud.

AWS Key Management Service (KMS): Secure management of encryption keys.

AWS LightSail: Simplified cloud platform with virtual private servers for developers.

AWS Marketplace: Digital catalog of software and services running on AWS.

AWS Migration Hub: Central location for tracking AWS migration projects.

AWS Organizations: Service for managing multiple AWS accounts centrally.

AWS Outposts: Extends AWS infrastructure to on premises environments.

AWS Proton: Manages infrastructure for container and serverless applications.

AWS Resource Access Manager (RAM): Allows sharing of AWS resources between accounts.

AWS Secrets Manager: Service for managing sensitive information like API keys.

AWS Snowball: Device for transferring large data amounts into and out of AWS.

AWS Snowmobile: Exabyte Scale data transfer service using a secure truck.

AWS Step Functions: Serverless orchestration service for designing workflows.

AWS Timestream: Time Series database service for IoT and operational applications.

AWS Wavelength: Platform for developing ultra low latency applications.

AWS WellArchitected Tool: Helps review workloads for best practices.

AWS XRay: Service for analyzing and debugging distributed applications.

 B

Backup and Restore: A disaster recovery strategy where backups of data in the primary Region are copied to a standby Region and can be restored from the standby Region. Provisioning infrastructure and resources is part of the failover process.

Backup Window: The time frame during which automated backups or snapshot processes occur.

Backint Agent: AWS Backint Agent for SAP HANA is an SAPcertified backup and restore solution for SAP HANA workloads on Amazon EC2.

Bandwidth: The rate at which data is transferred to and from AWS services.

Bare Metal Instances: EC2 instances that provide direct access to the underlying hardware.

Base64 Encoding: Encoding method used to represent binary data in ASCII format, frequently used in AWS APIs.

Bash Scripts: Shell scripting used in EC2 or Lambda for automating tasks.

Batch Computing: An efficient way to process large amounts of data by breaking it into smaller tasks.

Batch Jobs: Processing jobs that run to completion as part of batch processing in AWS Batch.

Behavior Analytics: A feature in GuardDuty for identifying unusual behavior in your AWS account.

Best Practices: Recommended guidelines for securing and managing AWS resources.

BI (Business Intelligence): Processes and technologies that help organizations analyze data stored in AWS.

BI Connector: Service enabling connection between Amazon QuickSight and other data sources.

Big Data: Large datasets managed and processed using services like Redshift and EMR.

Bigtable: Managed NoSQL database service, similar to Amazon DynamoDB, in another cloud environment (for comparison).

Billing: The process of tracking usage and costs in AWS. AWS provides tools like Cost Explorer for managing billing.

Billing Alerts: Notifications sent when estimated usage exceeds a set threshold.

Billing Group: Collection of AWS accounts managed centrally for cost allocation.

Billing Period: The time span for which AWS usage and costs are calculated, typically monthly.

Billing Tags: Tags applied to resources that can be used for cost allocation and reporting.

Binary Attribute: In Amazon Machine Learning, an attribute with one of two possible values, either positive or negative.

Binary Classification Model: In Amazon Machine Learning, a model that predicts binary outcomes, such as “yes” or “no.”

Blob Storage: Storage service used to store unstructured data, such as in S3.

Block: A dataset subset used by Amazon EMR. EMR assigns an ID to each block and tracks processing using a hash table.

Block Device: A storage device supporting reading and (optionally) writing data in fixedsize blocks, sectors, or clusters.

Block Device Mapping: Specifies the block devices attached to an instance in a mapping structure for AMIs and instances.

Block Storage: Data storage system used by services like EBS.

Blueprint: Preconfigured AWS CloudFormation templates for deploying common services.

Bootstrapping: The process of automatically configuring EC2 instances after launching.

Bounce: A failed email delivery attempt.

Braket: AWS service for conducting quantum computing experiments.

Bridging: The process of connecting separate network segments within a VPC.

Bridge Interface: Network interface connecting two distinct network systems or VPCs.

Bridge Router: Networking component used to connect VPCs or onpremises networks in a hybrid cloud architecture.

Bring Your Own Device (BYOD): Refers to employees accessing AWS resources using personal devices.

Bring Your Own Key (BYOK): Allows customers to import their own encryption keys into AWS KMS.

Bring Your Own License (BYOL): Use your existing software licenses on AWS.

Broker: A mediator service in Amazon MQ that routes messages between clients.

Brokered Messaging: Messaging pattern used by Amazon MQ where messages are routed through an intermediary.

Bucket: A container for storing objects in Amazon S3. Each bucket has a globally unique name.

Bucket Key: AWS KMS feature reducing encryption costs in S3 by reusing a KMS key for multiple objects.

Bucket Logging: Records requests made to your S3 bucket.

Bucket Policies: Access management policies for controlling access to S3 buckets.

Bucket Versioning: Keeps multiple versions of objects in Amazon S3 buckets.

Buildspec: A YAML file defining build instructions in AWS CodeBuild.

Bulkhead Pattern: Architecture pattern isolating services to prevent failure in one component from affecting others.

Bundle: Set of AWS resources packaged together, often in LightSail.

Bundling: Creating an Amazon Machine Image (AMI), specifically instance storebacked AMIs.

Business Associate Agreement (BAA): Contract regulating the disclosure of protected health information (PHI) in AWS.

Business Continuity: Planning and preparation to ensure AWS workloads can recover quickly from failures.

Business Support Plan: AWS paid support plan offering 24/7 customer service, AWS Trusted Advisor, and more.

Burstable Mode: Describes instances like T2 in EC2 that can temporarily burst CPU performance.

Burstable Performance Instances: EC2 instance types designed for workloads requiring bursts of CPU performance.

BYOD (Bring Your Own Device): Employees using personal devices to access AWS resources.

BYOK (Bring Your Own Key): Allows customers to import their own encryption keys into AWS KMS.

BGP ASN: Border Gateway Protocol Autonomous System Number, a unique identifier for a network used in BGP routing.

BGP (Border Gateway Protocol): Networking protocol used by Direct Connect for managing route tables.

Byte: Unit of digital information, with services like S3 priced based on storage size in bytes.

 C

cache: Temporary storage for frequently accessed data, used in services like ElastiCache.

cache cluster: A logical cache distributed over multiple cache nodes. A cache cluster can be set up with a specific number of cache nodes.

cache cluster identifier: Customer Supplied identifier for the cache cluster that must be unique for that customer in an AWS Region.

cache engine version: The version of the Memcached service that’s running on the cache node.

cache node: A fixed size chunk of secure, network attached RAM. Each cache node runs an instance of the Memcached service and has its own DNS name and port. Multiple types of cache nodes are supported, each with varying amounts of associated memory.

campaign: In Amazon Personalize, a deployed solution version (trained model) with provisioned dedicated transaction capacity for creating real time recommendations for your application users. After creating a campaign, you use the `getRecommendations` or `getPersonalizedRanking` personalization operations to get recommendations.

canonicalization: The process of converting data into a standard format that a service such as Amazon S3 can recognize.

capacity: The amount of available computer size at a given time. Each Auto Scaling group is defined with a minimum and maximum compute size. A scaling activity increases or decreases the capacity within the defined minimum and maximum values.

Cartesian product: A mathematical operation that returns a product from multiple sets.

certificate: A credential that some AWS products use to authenticate AWS accounts and users. Also known as an X.509 certificate. The certificate is paired with a private key.

Certificate Manager: Service that helps provision, manage, and deploy SSL/TLS certificates.

chargeable resources: Features or services whose use incurs fees. Although some AWS products are free, others include charges. For example, in a CloudFormation stack, AWS resources that have been created incur charges. The amount charged depends on the usage load. Use the Amazon Web Services Simple Monthly Calculator to estimate your cost before creating instances, stacks, or other resources.

C3R (Cryptographic Computing for Clean Rooms): AWS Clean Rooms capability that enables organizations to bring sensitive data together for analytics while cryptographically limiting what any party can learn.

CIDR (Classless InterDomain Routing): Method for allocating IP addresses within a VPC.

CIDR block: Classless InterDomain Routing block, an internet protocol address allocation, and route aggregation methodology.

ciphertext: Information that has been encrypted, as opposed to plaintext, which is information that has not been encrypted.

classification: In machine learning, a problem type that seeks to place (classify) a data sample into a single category or “class.” Classification problems may be binary (two classes) or multiclass (more than two classes).

client VPN: Secure VPN service that allows you to access AWS and on premises resources.

Cloud Directory: Amazon service that provides a highly scalable directory store for your application’s multi hierarchical data.

Cloud Control API: A set of standardized application programming interfaces (APIs) that developers can use to create, read, update, delete, and list supported cloud infrastructure.

Cloud Development Kit (CDK): AWS CDK is an open source software development framework for defining your cloud infrastructure in code and provisioning it through AWS CloudFormation.

Cloud Map: AWS Cloud Map is a service used to create and maintain a map of the backend services and resources that your applications depend on.

Cloud Shell: A web based shell environment for running AWS CLI commands in the AWS console.

Cloud Trail: AWS service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements that the AWS service returns.

Cloud Trail Insights: Feature that helps detect unusual operational activity in your AWS account.

Cloud WAN: AWS Cloud WAN is a managed wide area networking service used to build, manage, and monitor a unified global network.

Cloud9: AWS Cloud9 is a cloud based integrated development environment (IDE) that you use to write, run, and debug code.

CloudFormation: Service that helps you model and set up your AWS resources using templates, automating and simplifying resource provisioning.

CloudFront: AWS’s content delivery network (CDN) service that delivers data, videos, applications, and APIs globally with low latency and high transfer speeds.

CloudSearch: Managed service for setting up, managing, and scaling a search solution.

CloudWatch: Monitoring service that collects and tracks metrics, logs, and events to provide visibility into your AWS resources and applications.

CloudWatch Events: Service that delivers a stream of system events describing changes in AWS resources, enabling timely actions with services like Lambda, SNS, or Kinesis.

CloudWatch Logs: Service for monitoring and troubleshooting systems and applications from log files, with real time log file monitoring and storage.

Cloud Security Posture Management (CSPM): Solutions to continuously monitor cloud environments for security risks.

Cognito: Service providing user authentication, authorization, and user management for your web and mobile applications.

Cognito Sync: Synchronizes app data across devices using the AWS cloud.

CodeArtifact: Managed artifact repository service for software development dependencies.

CodeBuild: Fully managed continuous integration service that compiles source code, runs tests, and produces software packages ready to deploy.

CodeCommit: AWS service that hosts secure Gitbased repositories.

CodeDeploy agent: Software package that, when installed and configured on an instance, enables it to be used in CodeDeploy deployments.

CodeGuru: Amazon CodeGuru is a collection of developer tools that automate code reviews and provide intelligent recommendations to optimize application performance.

CodePipeline: Continuous delivery service for fast and reliable application updates.

collaboration: AWS Clean Rooms concept where members can perform SQL queries on configured tables within a secure logical boundary.

Command Line Interface (CLI): AWS CLI is a unified tool to manage AWS services, enabling control of multiple services from the command line and automation through scripts.

complaint: Event where a recipient marks an email as spam, prompting a notification to Amazon SES from the ISP.

compute optimizer: AWS service that recommends optimal AWS resources for your workloads.

configuration API: CloudSearch API for creating, configuring, and managing search domains.

configuration template: A series of key value pairs that define parameters for various AWS products so Elastic Beanstalk can provision them for an environment.

Console Mobile Application: App that allows AWS customers to monitor and manage a select set of resources while on the go.

container: A lightweight, standalone, executable software package that includes everything needed to run software, such as the code, runtime, libraries, and system settings.

container definition: Specifies the details associated with running a container on Amazon ECS, including container image and resource allocation.

container instance: An EC2 instance, on premises server, or VM running the ECS container agent, serving as the infrastructure for ECS workloads.

container registry: A collection of repositories storing container images, such as Amazon ECR.

content delivery network (CDN): A web service that accelerates the delivery of static and dynamic web content to users by using a worldwide network of data centers. Amazon CloudFront is an example of a CDN.

contextual metadata: In Amazon Personalize, data collected about a user’s browsing context during an event, improving recommendation relevance.

continuous delivery: Software development practice where code changes are automatically built, tested, and prepared for release to production.

Continuous Integration: Practice in software development where code is automatically tested and merged into a repository.

Control Tower: Service used to set up and govern a secure, multi account AWS environment.

cooldown period: The time Amazon EC2 Auto Scaling prevents changes to the Auto Scaling group size after a notification from a CloudWatch alarm.

core node: An EC2 instance in Hadoop that performs data storage and processing tasks managed by a master node.

corpus: In CloudSearch, a collection of data to be searched.

Corretto: Amazon Corretto is a no cost, multiplatform, production ready distribution of OpenJDK.

cost anomaly detection: Machine learning driven AWS service for detecting cost anomalies.

coverage: Amazon Personalize evaluation metric indicating the proportion of unique items potentially recommended by the model out of all items in the datasets.

credentials: Access credentials or security credentials are used to authenticate users and services in AWS. Typically, they consist of an access key ID and a secret access key.

credential helper: CodeCommit program that stores and supplies credentials to Git for connections to repositories.

cross account access: Allows users in one AWS account limited, controlled access to resources in another AWS account.

cross region replication: Solution for replicating data across different AWS Regions in nearrealtime.

customer gateway: Router or software application on your side of a VPN tunnel managed by Amazon VPC.

customer managed policy: IAM managed policy that you create and manage in your AWS account.

customer master key (CMK): Deprecated term replaced by AWS KMS key (KMS key).

 D

Data Catalog: A centralized metadata store for managing and searching datasets in AWS Glue.

Data Encryption Key (DEK): A symmetric encryption key used for encrypting and decrypting data in AWS KMS.

Data Lake: A centralized repository for storing large amounts of structured and unstructured data in Amazon S3.

Data Lifecycle Manager: Automates the creation, retention, and deletion of EBS snapshots.

Data Pipeline: A service for automating the movement and transformation of data between different AWS services.

Data Source: The database, file, or repository that provides information required by an application or database. Examples include Amazon RDS service layers, S3 buckets, or remote hosts accessible by Amazon Redshift clusters.

DataSync: An online data transfer service that simplifies, automates, and accelerates moving data between storage systems and services.

Database Engine: The database software and version running on the DB instance.

Database Name: The name of a database hosted in a DB instance, which must be unique within the same DB instance.

Dataset: Amazon Personalize: A container for the data used by Amazon Personalize, including Users, Items, and Interactions.

Dataset Group: Amazon Personalize: A container for Amazon Personalize components, like datasets, event trackers, solutions, and campaigns, organizing resources into independent collections.

DB Compute Class: The size of the database compute platform used to run the instance.

DB Instance: An isolated database environment running in the cloud, which can contain multiple user created databases.

DB Instance Identifier: User Supplied identifier for the DB instance, unique within a Region.

DB Parameter Group: A container for database engine parameter values that apply to one or more DB instances.

DB Security Group: A method that controls access to the DB instance. Inbound traffic rules are applied to all DB instances associated with a security group.

DB Snapshot: A user initiated point backup of a DB instance.

DDoS (Distributed Denial of Service): An attack that AWS Shield helps mitigate by distributing traffic load across multiple servers.

Dedicated Host: A physical server with EC2 instance capacity fully dedicated to a user.

Dedicated Instance: An EC2 instance physically isolated at the host hardware level and launched within an Amazon VPC.

Dedicated Reserved Instance: A capacity reservation purchased to ensure sufficient availability of Dedicated Instances in a VPC.

Delete Marker: An object with a key and version ID but without content, inserted by Amazon S3 into versioned buckets when an object is deleted.

Delegation: Setting up access between AWS accounts or users within a single account.

Deliverability: The likelihood that an email message arrives at its intended destination.

Deliveries: The count of email messages, sent through Amazon SES, accepted by ISPs for delivery.

Deny: The result of a policy statement with deny as the effect, explicitly forbidding actions for a user, group, or role.

Deployment Configuration: CodeDeploy: Rules and conditions used by CodeDeploy during a deployment.

Deployment Group: CodeDeploy: A set of tagged EC2 instances, Auto Scaling groups, or both used in a deployment.

Description Property: A property in CloudFormation templates for documenting elements like parameters and resources.

Detailed Monitoring: Monitoring AWSprovided metrics at a one minute frequency.

Detective: Amazon Detective: A service that analyzes log data from AWS resources to investigate security findings.

Device Defender: AWS IoT service that audits and monitors security policies continuously.

Device Farm: A testing service for Android, iOS, and web apps on real, physical devices hosted by AWS.

DevOps Guru: A managed service for monitoring operational performance and providing insights.

Dimension: A name value pair (e.g., `InstanceType=m1.small`) that adds information to identify a metric.

Direct Connect: A cloud service for establishing a dedicated network connection from your premises to AWS, improving bandwidth performance.

Direct Connect Gateway: Connects multiple VPCs in different regions using AWS Direct Connect.

Directory Service: Managed Microsoft Active Directory in AWS.

Distributed Tracing: A technique used by AWS XRay to trace requests through distributed systems.

DKIM (DomainKeys Identified Mail): A standard for email authentication, using signatures that ISPs verify for message legitimacy.

DNS Failover: Route 53 feature that reroutes traffic if a resource fails.

Document: CloudSearch: An item that can be returned as a search result, with fields for searchable or returnable data.

Document Batch: CloudSearch: A collection of add and delete document operations, submitted through the document service API.

Document Service API: CloudSearch: The API call for submitting document batches to a CloudSearch domain.

Document Service Endpoint: CloudSearch: The URL for sending document updates to an Amazon CloudSearch domain.

DocumentDB Cluster: A set of Amazon DocumentDB instances designed for high availability and fault tolerance.

Domain: OpenSearch Service: The hardware, software, and data exposed by OpenSearch Service endpoints, encapsulating instances, data, snapshots, access policies, and metadata.

Domain Name System (DNS): A service that routes internet traffic by translating human readable domain names into numeric IP addresses.

DynamoDB: A fully managed NoSQL database service offering fast, predictable performance and seamless scalability.

DynamoDB Accelerator (DAX): An in memory cache for DynamoDB, enhancing read times.

DynamoDB Encryption Client: A software library that helps protect data before sending it to DynamoDB.

DynamoDB Global Tables: A feature providing fully replicated, multi region DynamoDB tables.

DynamoDB Streams: A service capturing a time ordered sequence of item level modifications in DynamoDB tables, viewable for up to 24 hours.

E

EBS (Elastic Block Store)  

Persistent block storage for use with EC2 instances, functioning like a virtual hard drive that retains data even after the instance is terminated.

EBSOptimized Instances  

EC2 instances designed to provide dedicated throughput between EC2 and EBS.

EC2 Auto Recovery  

Automatically recovers EC2 instances from system failures.

EC2 Hibernate  

Preserves the state of an EC2 instance to its EBS root volume, allowing it to restart faster.

EC2 Instance  

A virtual server in the Amazon EC2 environment used for running applications in the cloud.

EC2 Spot Fleet  

A collection of EC2 spot instances, optionally combined with on demand instances.

ECR (Elastic Container Registry)  

A fully managed Docker container registry integrated with Amazon ECS and IAM for storing and deploying Docker container images.

ECS (Elastic Container Service)  

A fully managed container orchestration service that allows users to run and manage Docker containers on a cluster of EC2 instances.

EgressOnly Internet Gateway  

A VPC component that enables outbound communication from IPv6 addresses to the internet without allowing inbound traffic.

EIP (Elastic IP Address)  

A static, public IPv4 address associated with an AWS account, which can be attached or detached from an instance.

Elastic Beanstalk  

A service for deploying and managing applications without needing to manage the underlying infrastructure.

Elastic Fabric Adapter (EFA)  

A network interface that accelerates HPC and machine learning workloads on EC2 instances.

Elastic Inference  

A service that attaches low cost inference acceleration to EC2 and SageMaker for reducing deep learning inference costs.

Elastic IP Transfer  

Enables the transfer of Elastic IP addresses between accounts.

Elastic Load Balancing (ELB)  

Distributes incoming application traffic across multiple targets, such as EC2 instances, to maintain application availability.

Elastic Network Interface (ENI)  

A virtual network interface attached to an EC2 instance, which can include an Elastic IP, security group memberships, and private IP addresses.

Elastic Transcoder  

A media transcoding service for converting audio and video files into formats suitable for various devices.

ElastiCache  

A web service that simplifies the deployment and operation of in memory cache for faster application performance.

Elasticsearch Service  

A managed service for deploying, operating, and scaling Elasticsearch in AWS, commonly used for search, logging, and analytics.

Elemental MediaConnect  

A service for ingesting, transporting, and distributing live video streams.

Elemental MediaConvert  

A service for converting media files into formats suitable for traditional broadcast and internet streaming.

Elemental MediaLive  

A cloud based live video encoding service for high quality broadcast and internet streaming.

Elemental MediaPackage  

A service that securely packages and delivers live and ondemand video streams.

Elemental MediaStore  

A storage service optimized for media, with low latency and high performance for video delivery.

Elemental MediaTailor  

A channel assembly and personalized ad insertion service for OTT video and audio applications.

EMR (Elastic MapReduce)  

A service for processing large amounts of data quickly and cost effectively using Hadoop.

Encrypt  

A process of encoding data to make it unintelligible to unauthorized users, with a method for decoding available to authorized users.

Encryption Context  

Additional metadata associated with AWS KMSencrypted data, provided as key value pairs.

Endpoint  

A URL that identifies a host and port as the entry point for a web service.

Endpoint Port  

The port number used by services like ElastiCache and RDS for communication.

Envelope Encryption  

A technique that uses a master key to encrypt a data key, which in turn encrypts the actual data.

Environment  

In Elastic Beanstalk, an environment is a running instance of an application with a CNAME and configuration settings. In CodeDeploy, it represents the instances involved in a blue/green deployment.

ETL (Extract, Transform, Load)  

A process for integrating data from various sources, transforming it into a usable format, and loading it into a storage system for analysis. AWS Glue offers a fully managed ETL service.

Evaluation  

In Amazon Machine Learning, the evaluation process measures the predictive performance of an ML model.

Event  

In Amazon Personalize, an event is a user activity, such as a purchase or video view, recorded in real time or in bulk for analysis.

Event Tracker  

In Amazon Personalize, an event tracker specifies where to record real time event data for recommendations.

EventBridge  

A serverless event bus that connects applications with data from various sources, routing data based on user defined rules.

Eventual Consistency  

A data consistency model where updates are replicated across servers, achieving consistency within seconds but possibly showing outdated data in initial reads.

Eventually Consistent Read  

A read process that returns data from one Region, which may not reflect the latest changes, though subsequent reads will eventually return the most current data.

Eviction  

In CloudFront, eviction is the removal of an object from an edge location before its expiration to make space for more popular objects.

Explicit Impressions  

In Amazon Personalize, explicit impressions are manually added items influencing future recommendations.

Explicit Launch Permission  

A permission that allows a specific AWS account to launch an AMI.

Exponential Backoff  

A strategy that gradually increases the time between retry attempts to reduce system load and increase request success rates.

Expression  

In CloudSearch, an expression is a numeric formula used to sort search hits based on specific criteria.

Exbibyte (EiB)  

A binary unit of data storage, equivalent to 2^60 or 1,152,921,504,606,846,976 bytes.

Expiration  

In CloudFront, expiration refers to the time when an object is no longer served from the edge location and requires a new request to the origin.

 F

Facet: In CloudSearch, an index field representing a category used to refine and filter search results.

Facet Enabled: An index field option in CloudSearch that enables facet information to be calculated for the field.

Fargate: A serverless compute engine for containers that integrates with ECS and EKS. It eliminates the need to manage servers and allows for direct container execution.

Fault Injection Simulator (AWS FIS): A managed service that allows for the performance of fault injection experiments on AWS workloads to test resilience.

Feature Transformation: In Amazon Machine Learning, this refers to constructing more predictive input features from raw variables to optimize a model’s performance.

Federated Access: A mechanism that allows users from different identity providers to access AWS resources securely.

Federated Identity Management (FIM): Allows individuals to sign in to different networks or services with the same credentials across multiple systems, often integrated with AWS to provide secure access for external identities.

Federated Single SignOn (SSO): Enables users to sign in to AWS using credentials from an external identity provider, allowing seamless access across multiple applications.

Feedback Loop (FBL): A mechanism where an ISP forwards a recipient’s complaint about email back to the sender, commonly used to manage email lists.

Field Weight: Refers to the relative importance of a text field within a search index, affecting a document’s relevance score.

File Gateway: A configuration of AWS Storage Gateway used for storing files as objects in Amazon S3, enabling seamless hybrid cloud storage.

Filter: A criterion specified to limit results when listing or describing resources in Amazon EC2.

Filter Query: A way to filter search results in CloudSearch without affecting the scoring or sorting of those results.

FineGrained Access Control: A security measure allowing precise permissions at the data level, providing detailed access control.

FinSpace: A data management and analytics service in AWS purpose built for the financial services industry.

Firewall Manager: A centralized security management service for setting up and enforcing firewall rules across multiple AWS accounts and resources.

FIFO Queues: A type of Amazon SQS queue that guarantees messages are processed in the order they were sent and only once.

FIPS (Federal Information Processing Standard): A set of security and encryption standards used by AWS GovCloud to ensure compliance with government requirements.

Flexible Compute Options: EC2 instance flexibility that allows users to choose between various instance types and pricing models.

Fluent Bit: An open source logging tool used in AWS for log collection, typically used for monitoring and troubleshooting applications.

Flow Logs: A service for capturing information about IP traffic to and from network interfaces within a VPC.

Forecast: Amazon Forecast is a fully managed service that utilizes statistical and machine learning models to generate accurate time series forecasts.

Form Recognizer: A service that extracts text, key value pairs, and tables from documents, aiding in document processing.

FrontEnd Web Hosting: The use of AWS services like S3 and CloudFront to host static websites or frontend web applications.

Fuzzy Search: A type of search that uses approximate string matching to account for typographical errors and misspellings.

Function as a Service (FaaS): A serverless computing model used in AWS Lambda where functions are executed on demand, abstracting infrastructure management.

Function Versioning: A feature in AWS Lambda that allows for the creation and management of function versions, aiding in rollbacks and version control.

FSx for Lustre: A high performance file system optimized for fast processing of workloads like machine learning, analytics, and high performance computing.

FSx for Windows File Server: A fully managed Windows file system that provides shared storage for enterprise applications.

Fast Snapshot Restore (FSR): A feature that enables rapid recovery of Amazon EBS volumes from snapshots, providing faster data access.

Failover: The process of automatically switching to a backup system or resource when the primary one fails, ensuring service continuity.

 G

GameKit: An open source SDK and game engine plugin that empowers game developers to build and deploy cloud based features with AWS from their game engine.

GameLift: A managed service for deploying, operating, and scaling session based multiplayer games.

GameSparks: A fully managed AWS service that provides a multiservice backend for game developers.

Gateway Load Balancer: A service for distributing network traffic across multiple virtual appliances to enhance application availability.

General Purpose SSD (gp2): An Amazon EBS volume type that balances price and performance for general purpose workloads.

General Purpose SSD (gp3): The next generation of EBS volume types that offer lower costs and improved performance.

Geospatial Search: A search query that uses specified locations (latitude and longitude) to determine matches and sort results.

GeoRestrictions: A CloudFront feature that restricts content delivery to specific countries or regions.

Glacier Data Retrieval Policy: A feature in S3 Glacier that allows control over retrieval costs associated with archived data.

Glacier Retrievals: The process of retrieving archived data from S3 Glacier for access or restoration.

Glacier Vault Lock: A feature that enforces a write once, readmany (WORM) policy in S3 Glacier for data retention and compliance.

Global Accelerator: A network layer service that improves the availability and performance of applications for users in different geographical locations by directing traffic to optimal endpoints over the AWS global network.

Global Accelerator Listener: Used to direct incoming traffic from clients to designated endpoint groups in a Global Accelerator setup.

Global Consistency: An active active strategy where all reads and writes for a workload are handled in the originating Region and are replicated synchronously to other Regions.

Global Secondary Index (GSI): An alternative method of querying data in DynamoDB that allows for more flexible indexing, with a different partition key and sort key than the main table.

Global Tables (DynamoDB): Fully replicated, multiregion tables designed for globally distributed applications.

Global Services: AWS services like IAM and Route 53 that operate across all regions globally, providing consistent functionality.

Glue: A fully managed extract, transform, and load (ETL) service that helps prepare data for analytics and data processing.

Glue Catalog Encryption: A feature that encrypts the metadata stored in the AWS Glue Data Catalog to enhance data security.

Glue Job: A unit of work performed by AWS Glue to extract, transform, and load (ETL) data.

Governance: Policies and practices for managing AWS resources securely and efficiently.

Grant: A mechanism in AWS KMS for giving principals long term permissions to use KMS keys.

Grant Token: An identifier that allows the permissions in a grant to take effect immediately upon use.

Ground Station: A fully managed ground station service for satellite communications, allowing for data exchange with satellites.

Ground Truth: The observations used in the machine learning (ML) model training process, representing the correct values for target attributes, aiding in accurate predictions.

Group: A collection of IAM users used to simplify the management of permissions for multiple users.

GuardDuty: A continuous security monitoring service that identifies unexpected, unauthorized, or malicious activity in AWS environments based on detected anomalies.

GuardDuty Findings: Security findings generated by Amazon GuardDuty that provide insights into potential security threats and anomalies in AWS environments.

 H

Hadoop: Software that enables distributed processing for big data by using clusters and simple programming models.

Hard Bounce: A persistent email delivery failure, such as “mailbox does not exist.”

Hardware Security Module (HSM): A dedicated hardware appliance for cryptographic operations provided by AWS CloudHSM.

Hardware VPN: A hardware based IPsec VPN connection over the internet.

Health Check: A system call to check on the health status of each instance in an Amazon EC2 Auto Scaling group.

Health Checks: Monitoring the status of resources like EC2 instances, Route 53 endpoints, or ALB targets.

HealthLake: A HIPAAeligible service that helps customers store, query, and generate artificial intelligence (AI) and machine learning (ML) insights from healthcare data, enabling healthcare data interoperability.

High Availability: System design aimed at ensuring continuous operation with minimal downtime by distributing resources across regions or availability zones.

HighQuality Email: Email that recipients find valuable and want to receive, which can include offers, order confirmations, receipts, or newsletters.

Highlight Enabled: An index field option in CloudSearch that enables matches within the field to be highlighted.

Highlights: Excerpts returned with search results in CloudSearch that show where the search terms appear within the text of the matching documents.

Hibernation: A feature that allows you to stop EC2 instances and retain RAM data, resuming later from where they were paused.

Horizontal Scaling: The process of adding more instances to distribute workload, as opposed to vertical scaling.

Hot Attach: Dynamically attaching EBS volumes to a running EC2 instance.

Hot Standby: An active passive disaster recovery strategy in which a workload is fully scaled up in both the primary and standby regions, serving traffic only from the primary region.

Hot Storage: Frequently accessed data stored in services like S3 Standard or EFS.

HPC (HighPerformance Computing): Computational power for demanding workloads, often utilizing EC2 instances like C5, P4, or R5.

HSTS (HTTP Strict Transport Security): A security feature that enforces browsers to connect over HTTPS only.

HTTP API: A simplified and cost effective API Gateway offering designed for low latency web applications.

HTTP2: A protocol used by services like CloudFront for improved web performance.

HVM Virtualization: Hardware Virtual Machine virtualization that allows the guest VM to run as though it’s on a native hardware platform, while still using paravirtual (PV) network and storage drivers for improved performance.

I

IAM (Identity and Access Management): A service that enables you to manage access to AWS resources securely. It lets you create and manage AWS users, groups, and permissions.

IAM Access Analyzer: A feature of IAM that you can use to identify resources in your organization and accounts that are shared with an external entity. Example resources include Amazon S3 buckets or IAM roles.

IAM Identity Center: A cloud based service that brings together administration of users and their access to AWS accounts and cloud applications. You can control single sign on access and user permissions across all your AWS accounts in AWS Organizations.

IAM Policies: Documents that define access permissions to AWS resources for IAM users, groups, or roles.

IAM Roles: An Identity and Access Management (IAM) entity that defines permissions for an AWS resource.

Identity Federation: Allows users from an external identity provider to access AWS resources.

Identity Provider (IdP): An IAM entity that holds metadata about external identity providers.

Image Builder: AWS service that automates the creation of custom EC2 AMIs.

Implicit Impressions: Amazon Personalize: The recommendations that your application shows a user. Unlike explicit impressions, where you manually record each impression, Amazon Personalize automatically derives implicit impressions from your recommendation data.

Import/Export: AWS Import/Export is a service for transferring large amounts of data between AWS and portable storage devices.

Import/Export Station: A machine that uploads or downloads your data to or from Amazon S3.

Import Log: A report that contains details about how Import/Export processed your data.

InPlace Deployment: CodeDeploy: A deployment method where the application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated.

InMemory Caching: Storing frequently accessed data in memory using services like ElastiCache for faster retrieval.

Ingress Rules: Security group rules that control inbound traffic to AWS resources.

Instance: A virtual server for running applications on AWS. EC2 instances are the most common.

Instance Family: A general instance type grouping using either storage or CPU capacity.

Instance Fleets: A configuration in AWS EMR that allows you to specify a fleet of instances for a cluster.

Instance Group: A Hadoop cluster that contains one master instance group with one master node, a core instance group with one or more core nodes, and an optional task node instance group, which can contain any number of task nodes.

Instance Lifecycle: Different states (e.g., running, stopped) of an EC2 instance.

Instance Metadata: Data that an EC2 instance can access about itself, such as instance ID and region.

Instance Profile: A container that passes IAM role information to an EC2 instance at launch.

Instance Store: Temporary storage attached to an EC2 instance, lost when the instance is stopped.

Instance StoreBacked AMI: A type of Amazon Machine Image (AMI) whose instances use an instance store volume as the root device.

Instance Type: A specification that defines the memory, CPU, storage capacity, and usage cost for an instance.

Inspector Findings: Security risks and vulnerabilities identified by AWS Inspector.

Intrinsic Function: A special action in a CloudFormation template that assigns values to properties not available until runtime.

Internet Gateway (IGW): A VPC component that allows communication between resources in your VPC and the internet.

Internet Service Provider (ISP): A company that provides subscribers with access to the internet. Many ISPs are also mailbox providers.

IPv6 Support: Ability to assign and use IPv6 addresses in AWS services like EC2 and VPC.

IP Address: A numerical address (for example, 192.0.2.44) that networked devices use to communicate with one another using the Internet Protocol (IP).

IP Match Condition: AWS WAF: An attribute that specifies the IP addresses or IP address ranges from which web requests originate.

IP Whitelisting: A security technique to allow network traffic from only specific IP addresses.

 J

JAR (Java ARchive): Javabased file format often used in AWS Lambda for Java runtime environments.

Java Lambda Handler: The entry point for Java Based Lambda functions.

Java SDK: AWS SDK that allows developers to interact with AWS services from Java applications.

Java Spring Boot: Java framework supported by AWS services for building microservices.

JDBC (Java Database Connectivity): API used to connect Java applications to AWS database services like RDS.

JDBC Drivers: Software that enables communication between Java applications and AWS databases like Aurora.

Job Analytics: Insights provided by AWS Batch and Glue for understanding job performance.

Job Definitions: Predefined job configurations used by AWS Batch to run specific types of jobs.

Job Execution: A unit of work performed by services like AWS Batch or Glue.

Job Flow: Set of Hadoop jobs processed by an Amazon EMR cluster.

Job ID: A five character, alphanumeric string that uniquely identifies an Import/Export storage device in your shipment.

Job Parameters: Inputs passed to AWS Glue or Batch jobs to control the execution behavior.

Job Prefix: An optional string that you can add to the beginning of an Import/Export log file name to prevent collisions with objects of the same name.

Job Queue: Used in AWS Batch to store batch jobs until they are ready to be executed.

Job Status Notifications: Alerts sent by AWS Batch or Step Functions when a job’s status changes.

JMS (Java Messaging Service): API used for message oriented middleware in AWS services like SQS and MQ.

JSON: JavaScript Object Notation. A lightweight data interchange format.

JSON Lines: File format used in services like Amazon Kinesis and Glue for processing large datasets.

JSON Policy: The format used by AWS IAM policies to define permissions and access.

JSON Web Token (JWT): Open standard used by services like Cognito for securely transmitting data between parties.

Jupyter Notebooks: Interactive data science environments used with services like SageMaker for machine learning.

JupyterHub: Multi User version of Jupyter Notebooks, useful for collaborative machine learning.

Junk Folder: The location where email messages that various filters determine to be of lesser value are collected so that they don’t arrive in the recipient’s inbox but are still accessible to the recipient.

 K

K8s: A common abbreviation for Kubernetes, an open source container orchestration platform.

Kafka (MSK): Managed service for running Apache Kafka, a distributed streaming platform.

Kibibyte (KiB): A contraction of kilo binary byte, a kibibyte is \(2^{10}\) or 1,024 bytes. A kilobyte (KB) is \(10^{3}\) or 1,000 bytes. 1,024 KiB is a mebibyte (MiB).

Key: A credential that identifies an AWS account or user to AWS (such as the AWS secret access key).

Key Management Service (KMS): A managed service that makes it easy to create and control the encryption keys used to encrypt your data.

KMS Grants: Mechanism for providing temporary access to AWS KMS keys.

KMS Key: The primary resource in AWS Key Management Service. In general, KMS keys are created, used, and deleted entirely within KMS. KMS supports symmetric and asymmetric keys for encryption and signing.

Key Pair: Combination of a public key and a private key used to securely access EC2 instances.

Key Policy: IAM policy used to control access to AWS KMS encryption keys.

Key Prefix: A string of characters that is a subset of an object key name, starting with the first character. The prefix can be any length, up to the maximum length of the object key name (1,024 bytes).

Kinesis: Amazon Kinesis is a platform for streaming data on AWS. Kinesis offers services that simplify the loading and analysis of streaming data.

Kinesis Agent: Standalone Java application that simplifies collecting and sending data to Kinesis Data Streams.

Kinesis Consumers: Applications or services that process data from Kinesis Data Streams.

Kinesis Data Analytics SQL: SQL queries used to process real time data in Kinesis Data Analytics.

Kinesis Data Firehose: Service for loading streaming data into AWS storage and analytics services.

Kinesis Data Streams: Real Time data streaming service for collecting and processing large streams of data.

Kinesis Data Streams (Amazon Kinesis Data Streams): A web service for building custom applications that process or analyze streaming data for specialized needs. Amazon Kinesis Data Streams can continuously capture and store terabytes of data per hour from hundreds of thousands of sources.

Kinesis Firehose: Service for loading streaming data into AWS storage and analytics services.

Kinesis Partition Key: Key used in Kinesis Data Streams to group and order data for processing.

Kinesis Producer Library (KPL): Library to simplify producing records into Kinesis streams.

Kinesis Replay: The ability to replay records from Kinesis Data Streams to reprocess data.

Kinesis Shards: Units of capacity within a Kinesis stream, each responsible for processing a portion of the stream’s data.

Kinesis Video Streams: Service for securely streaming video from connected devices to AWS for analytics or machine learning.

Kinesis Analytics: Service for analyzing streaming data in real time.

KNearest Neighbors (KNN): Machine learning algorithm supported in SageMaker for classification and regression tasks.

Kerberos Authentication: Security protocol supported in Amazon EMR for secure authentication.

Kubernetes (EKS): Managed Kubernetes service for deploying, managing, and scaling containerized applications.

Amazon Keyspaces: Amazon Keyspaces (for Apache Cassandra) is a scalable, highly available, and managed Apache Cassandra Compatible database service.

AWS KMS: AWS Key Management Service is a managed service that simplifies the creation and control of encryption keys that are used to encrypt data.

 L

Lambda: AWS Lambda is a web service that you can use to run code without provisioning or managing servers. You can run code for virtually any type of application or backend service with zero administration. You can set up your code to automatically start from other AWS services or call it directly from any web or mobile app.

Lambda Alias: A pointer to a specific version of a Lambda function.

Lambda Cold Start: The delay that occurs when a Lambda function is invoked for the first time or after a period of inactivity.

Lambda Concurrency: Refers to the number of Lambda functions that can be run simultaneously.

Lambda Container Images: A method to package and deploy Lambda functions using container images.

Lambda Execution Role: IAM role that defines permissions for a Lambda function to interact with other AWS resources.

Lambda Function: A small, self contained piece of code that is executed in response to an event, without the need to manage the underlying infrastructure.

Lambda Function Handler: The entry point for Lambda functions, defining how requests are processed.

Lambda Layers: Feature that allows you to manage code, libraries, and other dependencies in Lambda functions.

Lambda Provisioned Concurrency: Ensures that a set number of Lambda functions are ready to handle incoming requests.

Lambda Throttling: Occurs when the invocation rate exceeds the provisioned or default concurrency limits for Lambda.

Lambda@Edge: Extension of AWS Lambda that allows you to run code closer to users of CloudFront.

Lake Formation: AWS Lake Formation is a managed service that makes it easy to set up, secure, and manage your data lakes. Lake Formation helps you discover your data sources and then catalog, cleanse, and transform the data.

LatencyBased Routing: Route 53 feature that directs user traffic to the lowest latency endpoints.

Labeled Data: In machine learning, data for which you already know the target or “correct” answer.

LightSail Instance: Simplified VPS (Virtual Private Server) service within AWS.

LightSail Load Balancer: Feature within AWS LightSail that distributes incoming traffic across instances.

Lightsail: Amazon Lightsail is a service used to launch and manage a virtual private server with AWS. Lightsail offers bundled plans that include everything you need to deploy a virtual private server for a low monthly rate.

Lifecycle: The lifecycle state of the EC2 instance contained in an Auto Scaling group. EC2 instances progress through several states over their lifespan; these include Pending, InService, Terminating, and Terminated.

Lifecycle Action: An action that can be paused by Auto Scaling, such as launching or terminating an EC2 instance.

Lifecycle Hooks: Triggers that allow you to execute custom actions during Auto Scaling events.

Lifecycle Policies: Policies that manage the lifecycle of objects in services like S3, including transitions and expirations.

Lifecycle Hook: A feature for pausing Auto Scaling after it launches or terminates an EC2 instance so that you can perform a custom action while the instance isn’t in service.

Load Balancer: A DNS name combined with a set of ports, which together provide a destination for all requests intended for your application. A load balancer can distribute traffic to multiple application instances across every Availability Zone within a Region.

Load Balancer Stickiness: Mechanism in ELB to keep a user’s session bound to a specific target.

Local Secondary Index: An index that has the same partition key as the table, but a different sort key. A local secondary index is local in the sense that every partition of a local secondary index is scoped to a table partition that has the same partition key value.

Local Zones: AWS infrastructure deployments that place compute, storage, and other services closer to end users.

Lookout for Equipment: Amazon Lookout for Equipment is a machine learning service that uses data from sensors mounted on factory equipment to detect abnormal behavior so you can take action before machine failures occur.

Lookout for Metrics: Amazon Lookout for Metrics is a machine learning (ML) service that automatically detects and diagnoses anomalies in business and operational data, such as a sudden dip in sales revenue or customer acquisition rates.

Lookout for Vision: Amazon Lookout for Vision is a machine learning service that uses computer vision (CV) to find defects in industrial products.

 M

MFA (MultiFactor Authentication): An optional AWS account security feature. After you enable AWS MFA, you must provide a six digit, single use code in addition to your login credentials whenever you access secure AWS web pages or the AWS Management Console. You get this single use code from an authentication device that you keep in your physical possession.

Macie: Security service that uses machine learning to automatically discover, classify, and protect sensitive data in S3.

Managed Blockchain: Fully managed service for creating and managing blockchain networks using popular frameworks.

Managed Policies: Predefined AWS policies you can use to grant permissions in IAM.

Managed Prefix List: List of IP addresses or CIDR blocks used in security groups or route tables, managed by AWS.

Managed Services: AWS services that handle infrastructure management tasks, like RDS or ElastiCache.

Managed Grafana: A fully managed and secure data visualization service that you can use to instantly query, correlate, and visualize operational metrics, logs, and traces from multiple data sources.

Managed Service for Prometheus: A service that provides highly available, secure, and managed monitoring for your containers.

MediaConvert: Service for transcoding video content for broadcast and multiscreen delivery.

MediaLive: Live video processing service that encodes and delivers live video streams.

MemoryDB for Redis: Redis Compatible, in memory database service for applications requiring submillisecond response times.

MemoryDB: Amazon MemoryDB is a Redis Compatible, durable, in memory database service that’s purpose built for modern applications with microservices architectures.

Message Broker: Manages communication between distributed applications, used by services like Amazon MQ.

Message Deduplication ID: Unique identifier that ensures the deduplication of messages within FIFO SQS queues.

Message ID: Amazon SES: A unique identifier that’s assigned to every email message that’s sent. Amazon SQS: The identifier returned when you send a message to a queue.

metadata: Information about other data or objects. In Amazon S3 and Amazon EMR, metadata takes the form of name–value pairs that describe the object. These include default metadata such as the date last modified and standard HTTP metadata (for example, ContentType). Users can also specify custom metadata at the time they store an object. In Amazon EC2, metadata includes data about an EC2 instance that the instance can retrieve to determine things about itself, such as the instance type or the IP address.

metrics: Amazon Personalize: Evaluation data that Amazon Personalize generates when you train a model. You use metrics to evaluate the performance of the model, view the effects of modifying a solution’s configuration, and compare results between solutions that use the same training data but were created with different recipes.

MultiAZ deployment: A primary DB instance that has a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to the standby replica.

MultiAZ (Multi Availability Zone): A deployment option for high availability. AWS automatically duplicates your data across multiple availability zones for fault tolerance.

MultiAZ Deployment: Provides high availability by replicating resources, like databases, across multiple availability zones.

MultiRegion Replication: Data replication across different AWS regions to enhance availability and disaster recovery (used in S3, DynamoDB, etc.).

multiclass classification model: A machine learning model that predicts values that belong to a limited, predefined set of permissible values. For example, “Is this product a book, movie, or clothing?”

multipart upload: A feature that you can use to upload a single object as a set of parts.

Multipurpose Internet Mail Extensions (MIME): An internet standard that extends the email protocol to include nonASCII text and nontext elements, such as attachments.

Multitool: A cascading application that provides a simple command line interface for managing large datasets.

multivalued attribute: An attribute with more than one value.

Migration Evaluator: A service that provides insights and recommendations for cloud migration costs.

Migration Hub: Central service for tracking the progress of application migrations across AWS services.

Mail Transfer Agent (MTA): Software that transports email messages from one computer to another by using a client server architecture.

Mailbox Provider: An organization that provides email mailbox hosting services. Mailbox providers are sometimes referred to as internet service providers (ISPs), even if they only provide mailbox services.

Mailbox Simulator: A set of email addresses that you can use to test an Amazon SESbased email sending application without sending messages to actual recipients. Each email address represents a specific scenario (such as a bounce or complaint) and generates a typical response that’s specific to the scenario.

Maximum Price: The maximum price you pay to launch one or more Spot Instances. If your maximum price exceeds the current Spot price and your restrictions are met, Amazon EC2 launches instances on your behalf.

Maximum Send Rate: The maximum number of email messages that you can send per second using Amazon SES.

mean reciprocal rank at 25: An evaluation metric that assesses the relevance of a model’s highest ranked recommendation. Amazon Personalize calculates this metric using the average accuracy of the model when ranking the most relevant recommendation out of the top 25 recommendations over all requests for recommendations.

mebibyte (MiB): A contraction of mega binary byte. A mebibyte (MiB) is 2^20 or 1,048,576 bytes. A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte (GiB).

Mobile Analytics: Amazon Mobile Analytics is a service for collecting, visualizing, understanding, and extracting mobile app usage data at scale.

Mobile SDK for Unity: The AWS Mobile SDK for Unity is included in the AWS SDK for .NET.

Mobile SDK for Xamarin: The AWS Mobile SDK for Xamarin is included in the AWS SDK for .NET.

Monitron: An end to end system that uses machine learning (ML) to detect abnormal behavior in industrial machinery. Use Amazon Monitron to implement predictive maintenance and reduce unplanned downtime.

MQ: A managed message broker service for Apache ActiveMQ that you can use to set up and operate message brokers in the cloud.

 N

NAT Gateway: Network Address Translation service that enables instances in a private subnet to access the internet.

NAT instance: A NAT device, configured by a user, that performs network address translation in an Amazon VPC public subnet to secure inbound internet traffic.

NAT gateway: A NAT device, managed by AWS, that performs network address translation in a private subnet to secure inbound internet traffic. A NAT gateway uses both NAT and port address translation.

NAT: Network address translation. A strategy of mapping one or more IP addresses to another while data packets are in transit across a traffic routing device. This is commonly used to restrict internet communication to private instances while allowing outgoing traffic.

Neptune: Amazon Neptune is a managed graph database service that you can use to build and run applications that work with highly connected datasets. Neptune supports the popular graph query languages Apache TinkerPop Gremlin and W3C’s SPARQL, enabling you to build queries that efficiently navigate highly connected datasets.

Network ACL (NACL): Stateless firewall applied at the subnet level that controls inbound and outbound traffic.

Network Address Translation and Protocol Translation (NATPT): An internet protocol standard defined in RFC 2766.

Network Firewall: AWS Network Firewall is a managed service that deploys essential network protections for all Amazon Virtual Private Clouds (Amazon VPCs).

Network Interface: Virtual network adapter in EC2 instances, also known as Elastic Network Interface (ENI).

Network Latency: The delay in transferring data over the network, affected by distance and routing.

Network Load Balancer (NLB): Load balancer that distributes incoming TCP/UDP traffic across targets based on IP protocol data.

Network Performance: Measures the throughput and latency of traffic between EC2 instances.

Network Peering: Connection between two VPCs that enables them to communicate as if they were within the same network.

NFS (Network File System): Protocol that EFS uses to allow EC2 instances to access file systems over the network.

NICE Desktop Cloud Visualization: A remote visualization technology for securely connecting users to graphic intensive 3D applications hosted on a remote, high performance server.

Nimble Studio: Amazon Nimble Studio is a managed AWS cloud service for creative studios to produce visual effects, animation, and interactive content—from storyboard to final deliverable.

Node: A single instance in an ElastiCache cluster or a component of a Kubernetes cluster in EKS.

NoEcho: A property of CloudFormation parameters that prevents the otherwise default reporting of names and values of a template parameter. Declaring the NoEcho property causes the parameter value to be masked with asterisks in the report by the cfndescribestacks command.

NoSQL: Nonrelational database systems that are highly available, scalable, and optimized for high performance. Instead of the relational model, NoSQL databases (for example, DynamoDB) use alternate models for data management, such as key–value pairs or document storage.

NoSQL Workbench: A tool for building and testing DynamoDB data models interactively.

null object: A null object is one whose version ID is null. Amazon S3 adds a null object to a bucket when versioning for that bucket is suspended. It’s possible to have only one null object for each key in a bucket.

number of passes: The number of times that you allow Amazon Machine Learning to use the same data records to train a machine learning model.

 O

Object Lifecycle Policies: Used in S3 to manage the lifecycle of objects, automating transitions to different storage tiers or deletion.

Object Lock: S3 feature that allows you to enforce WORM (write once, read many) policies to prevent object deletions.

Object Metadata: Information about an S3 object, such as size, content type, and last modified date.

Object Storage: A type of data storage architecture that manages data as objects (used in services like Amazon S3), in contrast to file storage or block storage.

Object Tags: Key Value pairs applied to S3 objects for organizing and managing resources.

OnDemand Instance: An Amazon EC2 pricing option that charges you for compute capacity by the hour or second (minimum of 60 seconds) with no long term commitment.

OnDemand Instances: EC2 instances you can launch at any time without upfront payment or long term commitment.

Operational Data Store (ODS): Centralized repository of operational data used in AWS services like QuickSight.

Operational Excellence: AWS WellArchitected pillar that focuses on running and monitoring systems to deliver business value.

OpsCenter: Feature in AWS Systems Manager that helps you manage and resolve operational issues.

OpsWorks: Configuration management service that provides managed instances of Chef and Puppet.

Origin Access Identity (OAI): CloudFront feature that restricts direct access to S3 buckets and allows access only through CloudFront.

Origin Shield: Additional layer of caching in CloudFront that reduces load on your origin server.

Origin Server: The Amazon S3 bucket or custom origin that contains the definitive original version of the content you deliver through CloudFront.

Organization: Organizations: An entity that you create to consolidate and manage your AWS accounts. An organization has one management account along with zero or more member accounts.

Organizations: AWS Organizations is an account management service that you can use to consolidate multiple AWS accounts into an organization that you create and centrally manage.

Organization Unit (OU): Grouping of accounts in AWS Organizations to apply policies or manage billing centrally.

Organizational Unit: Organizations: A container for accounts within the root of an organization. An organizational unit (OU) can contain other OUs.

Outposts: AWS Outposts is a fully managed service by AWS that extends AWS infrastructure, services, APIs, and tools to on premises data centers and edge locations. Use AWS Outposts for workloads and devices requiring low latency access to on premises systems, local data processing, data residency, and application migration with local system interdependencies.

Output Location: Amazon Machine Learning: An Amazon S3 location where the results of a batch prediction are stored.

 P

paid AMI: An Amazon Machine Image (AMI) that you sell to other Amazon EC2 users on AWS Marketplace.

Patch Baseline: Collection of rules and criteria that define which patches should be applied to managed instances.

Patch Manager: AWS Systems Manager tool for automating the patching of operating systems and applications on EC2 instances.

part: A contiguous portion of the object’s data in a multipart upload request.

Partner Network (APN): AWS global partner program that includes consulting and technology partners.

Partition: A group of AWS Regions. Each Region is in only one partition, and each partition contains one or more Regions. Partitions have independent instances of the AWS Identity and Access Management (IAM) infrastructure.

Partition Key: Attribute in DynamoDB that determines how data is distributed across partitions.

permission: A statement within a policy that allows or denies access to a particular resource. You can state any permission in the following way: “A has permission to do B to C.”

Permissions: The rights assigned to a principal (user, role, or service) to perform actions on AWS resources.

personalized ranking recipe: Amazon Personalize: A PERSONALIZED_RANKING recipe that ranks a collection of items that you provide based on the predicted interest level for a specific user.

physical name: A unique label that CloudFormation assigns to each resource when creating a stack.

Pilot Light: Disaster recovery strategy where critical systems are always kept running in minimal capacity.

Pinpoint: AWS service for targeted push notifications, email, SMS, and voice messaging.

Pipeline: CodePipeline: A workflow construct that defines the way software changes go through a release process.

Plaintext: Information that has not been encrypted, as opposed to ciphertext.

Policy: IAM: A document defining permissions that apply to a user, group, or role.

Policy Generator: Tool used to create custom IAM policies for controlling access to AWS resources.

Policy Simulator: A tool in the IAM AWS Management Console that helps you test and troubleshoot policies.

Policy Validator: A tool in the IAM AWS Management Console that examines your existing IAM access control policies.

Powering Assistant for .NET: Porting Assistant for .NET is a compatibility analyzer that reduces the manual effort required to port Microsoft .NET Framework applications to open source .NET Core.

Pricing Calculator: AWS tool that helps you estimate the cost of using AWS services.

Pricing Model: AWS offers several pricing models, including ondemand, reserved instances, and spot instances, each with different cost structures.

Private DNS: DNS resolution within a VPC, used by services like Route 53 Resolver.

Private IP Address: A private numerical address (for example, 192.0.2.44) that networked devices use to communicate with one another using the Internet Protocol (IP).

PrivateLink: Secure, private access to AWS services over the AWS network without using public IP addresses.

Private Subnet: A VPC subnet that is isolated from the internet and only accessible from within the VPC.

Private Content: When using Amazon CloudFront to serve content with an Amazon S3 bucket as the origin, a method of controlling access to your content by requiring users to use signed URLs.

public AMI: An Amazon Machine Image (AMI) that all AWS accounts have permission to launch.

Public Dataset: A large collection of public information that can be seamlessly integrated into applications that are based in the AWS Cloud.

Public IP Address: A public numerical address (for example, 192.0.2.44) that networked devices use to communicate with one another using the Internet Protocol (IP).

Public Subnet: A subnet whose instances can be reached from the internet.

PV Virtualization: Paravirtual virtualization allows guest VMs to run on host systems that don’t have special support extensions for full hardware and CPU virtualization.

 Q

QLDB: Amazon Quantum Ledger Database (Amazon QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority.

queue: A sequence of messages or jobs that are held in temporary storage awaiting transmission or processing.

Queue: Component of SQS where messages are stored until they are processed by consumers.

Queue Depth: The number of messages waiting in an SQS queue to be processed by consumers.

Queue Message Retention: Duration that messages are kept in SQS queues before they are deleted automatically.

Queue URL: A web address that uniquely identifies a queue.

Queue Visibility Timeout: Period during which a message is invisible to other consumers after being retrieved from an SQS queue.

Queued Jobs: Jobs in services like Batch or Glue that are waiting to be executed when resources become available.

Quicksight Authors: Users who can create, edit, and publish dashboards in AWS QuickSight.

Quicksight Embedding: Integrating QuickSight dashboards into external applications or websites.

Quicksight ML Insights: QuickSight feature that leverages machine learning to provide insights like forecasts or anomaly detection.

Quicksight Permissions: Access control policies that define what users can do in QuickSight, like viewing or editing reports.

Quicksight Q: Natural language query tool in QuickSight, allowing users to ask questions using plain language.

Quicksight Readers: Users who can view and interact with dashboards in AWS QuickSight but cannot create or edit them.

Quicksight SPICE: In Memory data store that powers QuickSight’s fast, interactive data analysis.

Quota: The maximum value for your resources, actions, and items in your AWS account.

Quota Management: The process of tracking and managing AWS service usage quotas for a specific account or region.

QOS (Quality of Service): The overall performance of a service, often measured in terms of latency and availability.

Query: A type of web service that generally uses only the GET or POST HTTP method and a query string with parameters in the URL.

Query API: API pattern used by DynamoDB and other AWS services to retrieve data using specific conditions.

Query Editor: Tool in services like Redshift to execute SQL queries directly from the AWS Management Console.

Query Latency: The time taken to execute a query and retrieve results, measured in services like DynamoDB or Redshift.

Query Planner: Component in Redshift that determines the most efficient way to execute a SQL query.

query string authentication: An AWS feature that you can use to place the authentication information in the HTTP request query string instead of in the Authorization header, which provides URLbased access to objects in a bucket.

quartile binning transformation: Amazon Machine Learning: A process that takes two inputs, a numerical variable and a parameter called a bin number, and outputs a categorical variable.

 R

RDS: Amazon Relational Database Service is a web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost efficient, resizable capacity for an industry standard relational database and manages common database administration tasks.

RAM (Resource Access Manager): Service that allows you to share AWS resources like VPCs and Transit Gateways across accounts.

Raw Email: A type of sendmail request with which you can specify the email headers and MIME types.

Read Local/Write Global: An active strategy in which all writes for a workload are sent to one primary Region and all read traffic is served from the Region where the request originates. Typically architected with an asynchronous data store.

Read Local/Write Local: An active strategy in which all writes for a workload are sent to one primary Region and all read traffic is served from the Region where the request originates.

Read Replica: A copy of a database instance that allows you to offload read traffic from the primary instance, improving scalability.

Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time, used for disaster recovery planning.

Recovery Time Objective (RTO): The maximum acceptable time to restore a system after a failure.

Rehydration: The process of retrieving and restoring archived data from S3 Glacier or other cold storage.

Replication Group: Group of ElastiCache Redis nodes configured for data replication, improving availability and fault tolerance.

Requester: The person (or application) that sends a request to AWS to perform a specific action. When AWS receives a request, it first evaluates the requester’s permissions to determine whether the requester is allowed to perform the request action.

Requester Pays: An Amazon S3 feature that allows a bucket owner to specify that anyone who requests access to objects in a particular bucket must pay the data transfer and request costs.

Reservation: A collection of EC2 instances started as part of the same launch request. This is not to be confused with a Reserved Instance.

Reserved Capacity: Prepaid, reserved capacity for services like Redshift or DynamoDB, providing discounted pricing for long term use.

Reserved Instance: A pricing option for EC2 instances that discounts the on demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.

Reserved Instance Marketplace: An online exchange that matches sellers who have reserved capacity that they no longer need with buyers who are looking to purchase additional capacity.

Resilience Hub: AWS Resilience Hub gives you a central place to define, validate, and track the resiliency of your AWS application. It helps protect your applications from disruptions and reduce recovery costs to optimize business continuity.

Resource: An entity that users can work with in AWS, such as an EC2 instance, a DynamoDB table, an Amazon S3 bucket, an IAM user, or an OpsWorks stack.

Resource Groups: AWS Resource Groups is a web service that AWS customers can use to manage and automate tasks on large numbers of resources at one time.

Resource Policy: IAM policy attached to an AWS resource (like S3 or SQS) that defines who can access the resource and how.

Resource Record: Also called resource record set. The fundamental information elements in the Domain Name System (DNS).

Resource Tagging: The practice of applying key value pairs to AWS resources for categorization and management.

Resource Property: A value required when including an AWS resource in a CloudFormation stack. Each resource can have one or more properties associated with it.

Route 53: Amazon Route 53 is a web service that you can use to create a new DNS service or to migrate your existing DNS service to the cloud.

Route Tables: Sets of rules in a VPC that determine how network traffic is routed between subnets and other resources.

Route Table: A set of routing rules that controls the traffic leaving any subnet that’s associated with the route table.

Rollback: A return to a previous state that follows the failure to create an object, such as a CloudFormation stack. All resources associated with the failure are deleted during the rollback.

Rollout: The process of deploying a new version of a service or application across various environments or regions.

Rule: AWS WAF: A set of conditions that AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions.

S

s3  

Amazon Simple Storage Service is an object storage service that offers industry leading scalability, data availability, security, and performance.

S3 Glacier  

A secure, durable, and low cost storage service for data archiving and long term backup. You can reliably store large or small amounts of data for significantly less than on premises solutions. S3 Glacier is optimized for infrequently accessed data, where a retrieval time of several hours is suitable.

SaaS  

Software as a Service. A software distribution model in which applications are hosted by a service provider and made available to customers over the internet.

sample  

A representative subset of a population, used in statistics and data analysis.

sampling  

The process of selecting a subset of data points from a larger data set to analyze or evaluate characteristics of the whole set.

SAML  

Security Assertion Markup Language. An open standard for exchanging authentication and authorization data between parties.

sandbox  

A testing location where you can test the functionality of your application without affecting production, incurring charges, or purchasing products.

scale in  

To remove EC2 instances from an Auto Scaling group.

scale out  

To add EC2 instances to an Auto Scaling group.

scaling activity  

A process that changes the size, configuration, or makeup of an Auto Scaling group by launching or terminating instances.

scaling policy  

A description of how Auto Scaling automatically scales an Auto Scaling group in response to changing demand.

scheduler  

The method used for placing tasks on container instances.

schema  

Amazon Machine Learning: The information that’s needed to interpret the input data for a machine learning model, including attribute names and their assigned data types, and the names of special attributes.

score cutoff value  

Amazon Machine Learning: A binary classification model outputs a score that ranges from 0 to 1. To decide whether an observation is classified as 1 or 0, you pick a classification threshold, or cutoff, and Amazon ML compares the score against it. Observations with scores higher than the cutoff are predicted as target equals 1, and scores lower than the cutoff are predicted as target equals 0.

SCT  

AWS Schema Conversion Tool is a desktop application that automates heterogeneous database migrations. You can use AWS SCT to convert database schemas and code objects, SQL code in your applications, and ETL scripts to a format compatible with the target database. Then, you can use AWS SCT data extraction agents to migrate data to your target database.

SDK  

Software Development Kit. A collection of software tools and libraries that developers use to create applications for specific platforms.

SDK for .NET  

A software development kit that provides .NET API operations for AWS services including Amazon S3, Amazon EC2, IAM, and more. You can download the SDK as multiple service specific packages on NuGet.

SDK for C++  

A software development kit that provides C++ APIs for many AWS services including Amazon S3, Amazon EC2, DynamoDB, and more. The single, downloadable package includes the AWS C++ library, code examples, and documentation.

SDK for Go  

A software development kit for integrating your Go application with the full suite of AWS services.

SDK for Java  

A software development kit that provides Java API operations for many AWS services including Amazon S3, Amazon EC2, DynamoDB, and more. The single, downloadable package includes the AWS Java library, code examples, and documentation.

SDK for JavaScript in Node.js  

A software development kit for accessing AWS services from JavaScript in Node.js. The SDK provides JavaScript objects for AWS services, including Amazon S3, Amazon EC2, DynamoDB, and Amazon SWF. The single, downloadable package includes the AWS JavaScript library and documentation.

SDK for JavaScript in the Browser  

A software development kit for accessing AWS services from JavaScript code running in the browser. Authenticate users through Facebook, Google, or Login with Amazon using web identity federation. Store application data in DynamoDB, and save user files to Amazon S3.

SDK for PHP  

A software development kit and open source PHP library for integrating your PHP application with AWS services such as Amazon S3, Amazon S3 Glacier, and DynamoDB.

SDK for Python (Boto3)  

A software development kit for using Python to access AWS services such as Amazon EC2, Amazon EMR, Amazon EC2 Auto Scaling, Kinesis, or Lambda.

SDK for Ruby  

A software development kit for accessing AWS services from Ruby. The SDK provides Ruby classes for many AWS services including Amazon S3, Amazon EC2, DynamoDB, and more. The single, downloadable package includes the AWS Ruby Library and documentation.

SDK for Rust  

A software development kit that provides APIs and utilities for developers. It enables Rust applications to integrate with AWS services such as Amazon S3 and Amazon EC2.

SDK for Swift  

A software development kit that provides support for accessing AWS infrastructure and services using the Swift language.

Secrets Manager  

AWS service for securely storing, retrieving, and managing access to sensitive information like API keys and passwords.

Security Group  

A virtual firewall that controls the traffic for one or more EC2 instances.

Security Groups  

Virtual firewalls for controlling inbound and outbound traffic to EC2 instances or other AWS resources.

Security Hub  

Centralized security and compliance management service that aggregates and normalizes findings from various AWS services.

security token service (STS)  

AWS Security Token Service is a web service for requesting temporary, limited privilege credentials for IAM users or for users that you authenticate (federated users).

session  

The period when the temporary security credentials that are provided by AWS STS allow access to your AWS account.

SHA  

Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS has replaced with SHA256.

shard  

OpenSearch Service: A partition of data in an index. You can split an index into multiple shards.

shared AMI  

An Amazon Machine Image (AMI) that a developer builds and makes available for others to use.

Shield  

AWS Shield is a service that helps to protect your resources against DDoS attacks.

Shield Advanced  

Enhanced DDoS protection for more advanced threats and attack vectors, providing additional monitoring and reporting.

shutdown action  

Amazon EMR: A predefined bootstrap action that launches a script that runs a series of commands in parallel before terminating the job flow.

signature  

Refers to a digital signature, which is a mathematical way to confirm the authenticity of a digital message.

signature version 4  

Protocol for authenticating inbound API requests to AWS services in all AWS Regions.

site to site VPN  

AWS Site Site VPN is a fully managed service that you can use to establish IPsec VPN connections between your AWS networks and your on premises networks.

soft bounce  

A temporary email delivery failure such as one resulting from a full mailbox.

solution  

Amazon Personalize: The recipe, customized parameters, and trained models that can be used to generate recommendations.

solution version  

Amazon Personalize: A trained model that you create as part of a solution in Amazon Personalize.

sort enabled  

CloudSearch: An index field option that enables a field to be used to sort the search results.

sort key  

An attribute used to sort the order of partition keys in a composite primary key.

source/destination checking  

A security measure to verify that an EC2 instance is the origin of all traffic that it sends and the ultimate destination of all traffic that it receives.

spam  

Unsolicited bulk emails.

spamtrap  

An email address that’s set up by an anti-spam entity to monitor unsolicited emails.

SPF  

Sender Policy Framework. A standard for authenticating email.

SPICE  

A robust in memory engine that is part of Amazon QuickSight, enabling faster results from interactive queries.

Spot Instance  

A type of EC2 instance that you can bid on to use unused Amazon EC2 capacity.

Spot price  

The price for a Spot Instance at any given time.

SQL injection match condition  

AWS WAF: An attribute that specifies the part of web requests that AWS WAF inspects for malicious SQL code.

SQS  

Amazon Simple Queue Service is a reliable and scalable hosted queue for storing messages.

SWF  

Amazon Simple Workflow Service is a fully managed service that helps developers build and run background jobs.

stack  

CloudFormation: A collection of AWS resources that you create and delete as a single unit.

sticky session  

A feature of the ELB load balancer that binds a user’s session to a specific application instance.

stopping  

The process of filtering stop words from an index or search request.

stopword  

A word that isn’t indexed and is automatically filtered out of search requests.

Storage Gateway  

AWS Storage Gateway is a hybrid cloud storage service that provides on premises access to virtually unlimited cloud storage.

streaming  

Amazon EMR: A utility that comes with Hadoop that you can use to develop MapReduce executables.

streaming distribution  

A special kind of distribution that serves streamed media files using a RealTime Messaging Protocol (RTMP) connection.

string match condition  

AWS WAF: An attribute that specifies the strings that AWS WAF searches for in a web request.

strongly consistent read  

A read process that returns a response with the most uptodate data.

structured query  

Search criteria that are specified using the CloudSearch structured query language.

subnet  

A segment of the IP address range of an Amazon VPC that an

 EC2 instance can be attached to.

suggester  

CloudSearch: Specifies an index field for getting autocomplete suggestions and options.

suggestions  

Documents that contain a match for the partial search string in the field that’s designated by the suggester.

Sumerian  

Amazon Sumerian is a set of tools for creating and running high quality 3D, AR, and VR applications.

Service Control Policies (SCP)  

Policies used in AWS Organizations to centrally control the permissions for accounts in your organization.

Service Quotas  

Limits on the resources or actions that AWS users can consume within a given service (e.g., the number of EC2 instances).

Service Health Dashboard  

A webpage showing uptotheminute information about AWS service availability.

Service Role  

An IAM role that grants permissions to an AWS service so it can access AWS resources.

 T

TCO (Total Cost of Ownership)  

A calculation of the total cost of using AWS, factoring in hardware, software, operations, and personnel costs.

TLS (Transport Layer Security)  

An encryption protocol used to secure communication between clients and AWS services.

Timestream  

A time series database optimized for storing and analyzing timestamped data like IoT events. Amazon Timestream is a scalable and serverless time series database service for real time analytics, DevOps, and IoT applications that you can use to store and analyze trillions of events per day.

Tag Editor  

A tool in the AWS Management Console that helps you search and manage tags for your AWS resources.

Tag Policy  

A service control policy that enforces tagging standards across your AWS organization.

Tagging  

Assigning metadata (key value pairs) to AWS resources for identification, categorization, and management.

Tags  

Key Value pairs that you can assign to AWS resources to help organize and manage them.

Task  

An instantiation of a task definition that’s running on a container instance.

Task Definition  

Configuration for Docker containers in ECS, specifying CPU, memory, networking, and IAM roles.

Task Node  

An EC2 instance that runs Hadoop maps and reduces tasks, but doesn’t store data. Task nodes are managed by the master node, which assigns Hadoop tasks to nodes and monitors their status. While a job flow is running, you can increase and decrease the number of task nodes. Because they don’t store data and can be added and removed from a job flow, you can use task nodes to manage the EC2 instance capacity your job flow uses, increasing capacity to handle peak loads and decreasing it later.

Target Groups  

Groups of targets (e.g., EC2 instances, containers) that can receive traffic from a load balancer in Elastic Load Balancing (ELB).

Target Health Check  

A feature of load balancers that checks the health of targets before routing traffic to them.

Target Tracking Scaling  

An Auto Scaling strategy that automatically adjusts capacity to maintain a specified target metric.

Target Attribute  

Amazon Machine Learning (Amazon ML): The attribute in the input data that contains the “correct” answers. Amazon ML uses the target attribute to learn how to make predictions on new data. For example, if you were building a model for predicting the sale price of a house, the target attribute would be “target sale price in USD.”

Target Revision  

CodeDeploy: The most recent version of the application revision that has been uploaded to the repository and will be deployed to the instances in a deployment group. In other words, the application revision currently targeted for deployment. This is also the revision that will be pulled for automatic deployments.

Temporary Security Credentials  

Short Term credentials provided by services like IAM roles or AWS STS for accessing AWS resources. Authentication information that’s provided by AWS STS when you call an STS API action. Includes an access key ID, a secret access key, a session token, and an expiration time.

Throttling  

The automatic restricting or slowing down of a process based on one or more limits. For example, Kinesis Data Streams throttles operations if an application (or group of applications operating on the same stream) attempts to get data from a shard at a rate faster than the shard limit. API Gateway uses throttling to limit the steady state request rates for a single account. Amazon SES uses throttling to reject attempts to send email that exceeds the sending limits.

Time to Live (TTL)  

Expiration time for data or resources, used in services like DynamoDB and Route 53 to control how long data is retained or cached.

Timestamp  

A date/time string in the ISO 8601 format (more specifically, in the YYYYMMDD format).

Traffic Mirroring  

An Amazon VPC feature that you can use to copy network traffic from an Elastic Network Interface (ENI) of Amazon EC2 instances. You can then send this network traffic to out of band security and monitoring appliances for content inspection, threat monitoring, and troubleshooting.

Training Datasource  

A datasource that contains the data that Amazon Machine Learning uses to train the machine learning model to make predictions.

Trust Policy  

An IAM policy that’s an inherent part of an IAM role. The trust policy specifies which principals are allowed to use the role.

Trusted Advisor  

AWS service that provides best practices and recommendations across cost optimization, security, and performance.

Trusted Key Groups  

CloudFront feature that lets you manage and rotate keys used to sign URL tokens for content access control.

Tunnel  

A route for transmission of private network traffic that uses the internet to connect nodes in the private network. The tunnel uses encryption and secure protocols such as PPTP to prevent the traffic from being intercepted as it passes through public routing nodes.

Template Format Version  

The version of a CloudFormation template design that determines the available features. If you omit the AWSTemplateFormatVersion section from your template, AWS CloudFormation assumes the most recent format version.

Template Validation  

The process of confirming the use of JSON code in a CloudFormation template. You can validate any AWS CloudFormation template using the cfn validate template command.

Tuning  

Selecting the number and type of AMIs to run a Hadoop job flow most efficiently.

 U

Unauthenticated User  

A user who has not been authenticated through AWS services like IAM or Cognito.

Unallocated Elastic IPs  

Elastic IP addresses that are reserved but not currently associated with a running resource.

Unbounded  

The number of potential occurrences isn’t limited by a set number. This value is often used when defining a data type that’s a list (for example, maxOccurs=”unbounded”) in WSDL.

Unhealthy Host  

An EC2 instance or resource that fails a health check in Elastic Load Balancing (ELB).

Unmanaged Policies  

IAM policies that are created and managed by users rather than AWS (also called customer managed policies).

Unscoped Permissions  

IAM policies that lack specific restrictions, potentially leading to excessive access to AWS resources.

Update Policy  

Defines how CloudFormation updates resources during stack operations, such as rolling updates for EC2 Auto Scaling groups.

Upgrade Policy  

Specifies how updates and upgrades are applied to resources, such as the update strategy for Elastic Beanstalk environments.

URI (Uniform Resource Identifier)  

A string of characters that uniquely identifies a resource in AWS, often used in API calls.

Usage Metrics  

Quantitative measures of how AWS resources are consumed, helping to monitor performance and costs.

Usage Reports  

Detailed breakdown of AWS service usage and associated costs, available through AWS Cost Explorer and billing dashboards.

User  

A person or application under an account that makes API calls to AWS products. Each user has a unique name within the AWS account and a set of security credentials that aren’t shared with other users. These credentials are separate from the security credentials for the AWS account. Each user is associated with one and only one AWS account.

User Data  

Script or instructions that are passed to an EC2 instance at launch, allowing the instance to perform specific tasks on startup.

User Permissions  

IAM policies that grant or restrict access to AWS resources for individual users or roles.

USER_PERSONALIZATION Recipes  

Amazon Personalize: Recipes that are used to build a recommendation system that predicts the items that a user interacts with based on data provided in Interactions, Items, and Users datasets.

UserPersonalization Recipe  

Amazon Personalize: An HRNNbased USER_PERSONALIZATION recipe that predicts the items that a user interacts with. The user personalization recipe can use item exploration and impressions data to generate recommendations for new items.

Users Dataset  

Amazon Personalize: A container for metadata about your users, such as age, gender, or loyalty membership.

Utility Computing  

Computing resources offered on a payasyougo basis, similar to utilities like electricity or water.

Untagged Resources  

AWS resources that have not been assigned tags, making them harder to manage or categorize.

Untag Policy  

Policy enforcement that ensures certain AWS resources cannot be created or modified without appropriate tags.

 V

VPN  

AWS Virtual Private Network provides functionality that establishes encrypted connections between your network or device and AWS. AWS VPN consists of two services: AWS Client VPN and AWS SitetoSite VPN.

VPN CloudHub  

AWS VPN CloudHub is a feature that enables secure communication between branch offices using a simple hub and spoke model, with or without a VPN.

Validation  

The process of verifying that AWS resource configurations meet specified requirements and standards.

Value  

Instances of attributes for an item, such as cells in a spreadsheet. An attribute might have multiple values.

Verification  

The process of confirming that you own an email address or a domain so that you can send email from or to it.

VERP  

Variable Envelope Return Path. A way that email sending applications can match bounced email with the undeliverable address that caused the bounce by using a different return path for each recipient. VERP is typically used for mailing lists. With VERP, the recipient’s email address is embedded in the address of the return path, which is where bounced email is returned. This makes it possible to automate the processing of bounced email without having to open the bounce messages, which might vary in content.

Version Control  

Managing changes to documents, code, and other digital assets within AWS CodeCommit or other services.

Versioning  

Every object in Amazon S3 has a key and a version ID. Objects with the same key but different version IDs can be stored in the same bucket. Versioning is enabled at the bucket layer using PUT Bucket versioning.

Virtual Machine (VM)  

Software emulation of physical hardware that runs an operating system and applications.

Virtual Private Cloud (VPC)  

A logically isolated section of the AWS cloud where you can define your own virtual network.

Virtual Private Cloud Network Interface  

Network interface for an EC2 instance that allows communication within a VPC.

Virtual Private Gateway (VGW)  

The Amazon side of a VPN connection that maintains connectivity. The internal interfaces of the virtual private gateway connect to your Amazon VPC through the VPN attachment. The external interfaces connect to the VPN connection, which leads to the customer gateway.

Virtualization  

Technology that allows you to create virtual instances of physical hardware, facilitating resource allocation in AWS. It allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.

Visibility Timeout  

The period of time that a message is invisible to the rest of your application after an application component gets it from the queue. During the visibility timeout, the component that received the message usually processes it and then deletes it from the queue. This prevents multiple components from processing the same message.

.VPN Connection  

The IPsec connection that’s between an Amazon VPC and some other network, such as a corporate data center, home network, or colocation facility.

VPC Endpoint  

A feature that you can use to create a private connection between your Amazon VPC and another AWS service without requiring access over the internet, through a NAT instance, a VPN connection, or Direct Connect.

VPC Flow Logs  

Capture and store information about the IP traffic going to and from network interfaces in your VPC.

VPC Peering  

Connection between two VPCs that allows them to communicate as if they were within the same network.

VPC Route Table  

Contains rules that determine where network traffic is directed within a VPC.

VPC Security Groups  

Virtual firewalls that control inbound and outbound traffic for EC2 instances in a VPC.

VPC Traffic Mirroring  

Enables you to capture and inspect network traffic from EC2 instances in a VPC. (Note: This term was mentioned twice, but I’ve included it once for clarity.)

Volume  

A fixed amount of storage on an instance. You can share volume data between more than one container and persist the data on the container instance when the containers are no longer running.

Volume Snapshot  

A backup of an EBS volume that can be used to restore data or create new volumes.

 W

WAF (Web Application Firewall)  

Protects web applications from common web exploits that could affect availability and security. AWS WAF is a web application firewall service that controls access to content by allowing or blocking web requests based on criteria that you specify. 

Web Access Control List (Web ACL)  

A set of rules that defines the conditions that AWS WAF searches for in web requests to an AWS resource, such as an Amazon CloudFront distribution. A web access control list (web ACL) specifies whether to allow, block, or count the requests.

Web Console  

The graphical interface for managing AWS services through the AWS Management Console.

Web Hosting  

Hosting websites on AWS using services like S3, EC2, or Lightsail.

Web Identity Federation  

Allows users to log in to AWS using external identities from providers like Google or Facebook.

WebSocket API  

Allows real time, two way communication between clients and servers over a single, long lived connection.

Wavelength  

Service that extends AWS services to mobile edge computing, allowing applications to deliver ultra low latency. AWS Wavelength is a service by AWS that embeds AWS compute and storage services within 5G networks to provide mobile edge computing infrastructure. Use AWS Wavelength to develop, deploy, and scale ultra low latency applications to mobile devices and end users.

Wavelength Zones  

Extensions of AWS infrastructure to 5G networks, allowing applications to deliver ultra low latency.

Wait Condition  

Used in AWS CloudFormation to wait for a signal before proceeding with stack creation or updates.

Wild Card Certificate  

SSL certificate that secures multiple subdomains of a domain, often used in AWS Certificate Manager.

Windows AMI  

Amazon Machine Image that contains a Windows operating system for deploying EC2 instances.

Windows Server  

Microsoft operating system for Windows Based servers that can be run on AWS EC2.

WorkDocs  

Amazon WorkDocs is a managed, secure enterprise document storage and sharing service with administrative controls and feedback capabilities.

WorkLink  

Amazon WorkLink is a cloud based service that provides secure access to internal websites and web apps from mobile devices.

WorkMail  

Amazon WorkMail is a managed, secure business email and calendar service with support for existing desktop and mobile email clients.

WorkSpaces  

Managed desktop computing service that allows users to access cloud based desktops from any device. Amazon WorkSpaces is a managed, secure desktop computing service for provisioning cloud based desktops and providing users access to documents, applications, and resources from supported devices.

Workload  

A specific application, service, or task running on AWS infrastructure that consumes resources.

Workload Optimization  

The practice of tuning AWS resources and configurations for maximum efficiency and performance.

Workflow  

A series of automated tasks in AWS services like Step Functions or CodePipeline to achieve a specific outcome.

Workflow Automation  

Use of AWS services like Lambda and Step Functions to automate processes and reduce manual intervention.

Workflow Step  

A defined task or action within an AWS Step Functions workflow, representing a unit of work.

WSDL  

Web Services Description Language. A language that’s used to describe the actions that a web service can perform, along with the syntax of action requests and responses.

Warm Standby  

An active passive disaster recovery strategy in which a workload is scaled down in the passive standby region but is otherwise fully functional. This is not an Amazon EC2 Auto Scaling term, but an industry standard resilience term.

 X

X.25  

An older network protocol that provides packet switched communication services, rarely used in modern AWS implementations.

X.400  

A standard for electronic messaging protocols, occasionally referenced in enterprise integrations with AWS services.

X.500 Directory  

A series of standards used for directory services, often referenced in the context of AWS Directory Service.

X.509 Certificate  

A standard format for public key certificates used in AWS services like IAM for authentication.

X509 Authentication  

Certificate Based authentication method often used in IAM roles and AWS services for secure communications.

XAPI (eXtensible API)  

A specification for creating and managing APIs in cloud environments, sometimes referenced in AWS integrations.

XContentTypeOptions  

HTTP header used to prevent MIME sniffing attacks, which can be configured in AWS services.

XFrame Options  

HTTP response header used to prevent clickjacking attacks, which can be managed via AWS WAF.

XRay  

AWS service that helps with debugging and analyzing microservices by providing insights into the performance of applications.

XRay Daemon  

Process that listens for trace data sent from the XRay SDK and uploads it to AWS XRay.

XRay SDK  

Software Development Kit for integrating AWS XRay into applications to capture trace data.

XSS (CrossSite Scripting)  

A security vulnerability that allows attackers to inject malicious scripts into web applications, addressed by AWS WAF.

XSS Filtering  

Mechanism to detect and mitigate cross site scripting attacks, which can be applied using AWS WAF rules.

XSS Prevention  

Measures taken to mitigate cross site scripting vulnerabilities in web applications hosted on AWS.

XForwardedFor  

HTTP header used to identify the originating IP address of a client connecting through a proxy, relevant for services like CloudFront.

XRequestedWith  

HTTP header used to identify AJAX requests, relevant for security configurations in web applications.

Xen  

Virtual machine monitor used by AWS for virtualization on certain EC2 instance types.

XenApp  

A virtual application delivery service that may be integrated with AWS for hosting and managing applications.

 Y

YAML (YAML Ain’t Markup Language)  

Humanreadable data serialization format often used for configuration files in AWS CloudFormation.

YAML Configuration  

Configuration files formatted in YAML, commonly used in AWS CloudFormation templates.

Yottabyte  

A unit of data equal to one septillion bytes, used in discussions of AWS storage capacity.

Yen (Currency)  

Japanese currency that may be referenced in AWS billing and cost reports for international services.

Yearly Savings Plan  

A pricing model in AWS that offers discounts for committing to a one year term of consistent usage of certain services.

YearonYear Growth  

A financial metric often analyzed using AWS services for business intelligence and reporting.

YTD (YearToDate)  

Financial metric often used in reports generated from AWS Cost Explorer or QuickSight.

Yield  

In AWS Cost Explorer, the yield refers to the revenue generated from an AWS service over a specific time.

Yield Curve  

Graph that shows the relationship between interest rates and time, relevant in financial services leveraging AWS.

YouTube Data API  

An API that enables applications to interact with YouTube content, often integrated with AWS for media applications.

YouTube Integration  

Connecting AWS services with YouTube for content hosting, distribution, and analytics.

Your Account  

Refers to the individual AWS account you use to access and manage AWS resources and services.

Your Resources  

The AWS resources associated with your account, which can be viewed and managed through the AWS Management Console.

Your Security Credentials  

The information you need to authenticate to AWS services, including access keys and IAM roles.

Youth Technology Program  

Initiatives to educate young people about technology and cloud computing, sometimes sponsored by AWS.

Yarn  

Package manager for JavaScript that can be used in AWS services like Lambda for deploying Node.js applications.

Yarn Package  

A package used in JavaScript development that can be deployed in AWS Lambda or other services.

Yubikey  

Hardware Based authentication device that can be integrated with AWS services for strong two factor authentication.

Yellow Dog Project  

Not directly AWS related but refers to a community effort to connect volunteers for cloud related projects.

yobibyte (YiB)  

A contraction of yotta binary byte. A yobibyte (YiB) is 2^80 or 1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or 1,000,000,000,000,000,000,000,000 bytes.

 Z

ZScore  

Statistical measurement that describes a value’s relation to the mean of a group of values, relevant in analytics applications on AWS.

ZFS (Zettabyte File System)  

Advanced file system used for managing large amounts of data, relevant in discussions about storage solutions on AWS.

Zebibyte (ZiB)  

A contraction of zetta binary byte. A zebibyte (ZiB) is 2^70 or 1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or 1,000,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB).

Zenith  

Used in various contexts in AWS to refer to the peak or top performance, particularly in discussions about service capabilities.

Zero Copy  

Data transfer method that minimizes the amount of data copied in storage solutions like S3 and EBS.

Zero Downtime Deployment  

A deployment strategy that ensures applications remain available during updates, often implemented using AWS Elastic Beanstalk.

Zero Trust Architecture  

Security model that requires strict verification for every person and device trying to access resources, often implemented using AWS services.

Zigbee  

A wireless communication protocol often used in IoT devices that can integrate with AWS IoT services.

Zigzag Join  

A method for joining datasets that can be executed in AWS data processing services like Athena.

Zonal Affinity  

The tendency of a service to deploy resources within a specific Availability Zone for performance reasons.

Zonal Deployment  

Deploying resources within a specific Availability Zone to achieve high availability.

Zonal Redundancy  

The ability of AWS services to provide high availability by spreading resources across multiple Availability Zones.

Zone  

Refers to Availability Zones in AWS, which are isolated locations within a region designed for high availability.

Zone Awareness  

The design principle in AWS for ensuring that applications can handle failures at the availability zone level.

Zone Transfer  

The process of copying DNS records from a primary DNS server to a secondary server, relevant in Route 53.

ZOrder  

Refers to the order in which elements are rendered in graphical applications, potentially using AWS graphics services.

Zookeeper  

Open source tool for managing distributed applications, can be integrated with AWS services like EMR.

Zip Compression  

Data compression method often used to reduce the size of files before uploading to AWS services.

To put it shortly, familiarity with this glossary of AWS services helps navigate the wide range offered by Amazon Web Services. Understand core services such as EC2 for computing, S3 for storage, or Lambda for serverless applications. Also having knowledge of the set of tools such as, VPC, to have controlled networks, IAM, to provide permissions to users, and CloudFormation, to work on infrastructures so that everything remains automated and secure also helps in building scalable solutions. Certain services like Auto Scaling, and Load Balancer, for resource management and Route 53 help in managing traffic, and CloudWatch, for resource monitoring. And with expanding offers from AWS, such as SageMaker, Glue, and Redshift, the better understanding of the terminology is a good deal in taking advantage of cloud benefits in the optimization of workloads and innovation.

Ready to boost your career with cloud computing skills that are in high demand? Enroll in Frontlines Edutech’s AWS course today and gain access to real-world projects, live demonstrations, and industry-relevant content that will set you apart in the tech world.