AWS Glossary
Every AWS term you need to know, explained without the fluff.
A
ACL (Access Control List)
A set of rules that controls which network traffic is allowed to flow in and out of subnets in a VPC. Network ACLs are stateless, meaning return traffic must be explicitly allowed.
ACM (AWS Certificate Manager)
A service that provisions, manages, and deploys SSL/TLS certificates for use with AWS services and your internal resources. ACM removes the time-consuming manual process of purchasing, uploading, and renewing certificates.
ALB (Application Load Balancer)
A Layer 7 load balancer that routes HTTP/HTTPS traffic to targets based on the content of the request. Supports path-based routing, host-based routing, and WebSocket connections.
AMI (Amazon Machine Image)
A pre-configured template that contains the software configuration (OS, application server, and applications) required to launch an EC2 instance. You can launch multiple instances from a single AMI.
API Gateway
A fully managed service that makes it easy to create, publish, maintain, monitor, and secure APIs at any scale. Supports REST APIs, HTTP APIs, and WebSocket APIs.
AppConfig
A capability of AWS Systems Manager that helps you deploy application configuration data in a managed and controlled way. Supports feature flags, operational tuning, and validated deployments.
AppSync
A fully managed service that develops GraphQL and Pub/Sub APIs. Simplifies application development by creating a flexible API to securely access, manipulate, and combine data from multiple sources.
ARN (Amazon Resource Name)
A unique identifier for AWS resources. ARNs follow the format arn:partition:service:region:account-id:resource. Used to specify a resource unambiguously across all of AWS.
Athena
An interactive query service that makes it easy to analyze data directly in S3 using standard SQL. Serverless, so there is no infrastructure to manage. You pay only for the queries you run.
Aurora
A MySQL and PostgreSQL-compatible relational database built for the cloud. Up to 5x faster than standard MySQL and 3x faster than standard PostgreSQL. Supports Aurora Serverless for automatic scaling.
Auto Scaling
A service that automatically adjusts the number of EC2 instances in response to demand. Helps maintain application availability and lets you scale your EC2 capacity up or down based on conditions you define.
Availability Zone (AZ)
One or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZs are physically separated and connected through low-latency links. Deploying across multiple AZs provides high availability.
AWS Batch
A fully managed batch computing service that plans, schedules, and executes your batch computing workloads. Dynamically provisions the optimal quantity and type of compute resources based on the volume and requirements of the jobs submitted.
AWS CLI
A unified tool to manage your AWS services from the command line. With just one tool to download and configure, you can control multiple AWS services and automate them through scripts.
AWS Config
A service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Continuously monitors and records your resource configurations and lets you automate evaluation against desired configurations.
AWS Organizations
A service for consolidating multiple AWS accounts into an organization that you create and centrally manage. Provides consolidated billing, hierarchical groupings of accounts, and policy-based management.
AWS SDK
Software development kits that provide APIs for AWS services in multiple programming languages. Available for JavaScript, Python (Boto3), Java, .NET, Go, Ruby, PHP, C++, and more.
B
Bedrock
A fully managed service that provides access to foundation models from leading AI companies through a single API. Build generative AI applications with security, privacy, and responsible AI features built in.
Bucket
A container for objects stored in Amazon S3. Every object is contained in a bucket. Bucket names are globally unique across all of AWS. Buckets can be configured with versioning, encryption, and access policies.
C
CDK (Cloud Development Kit)
An open-source framework that lets you define cloud infrastructure using familiar programming languages like TypeScript, Python, Java, or C#. CDK synthesizes CloudFormation templates from your code.
CloudFormation
An Infrastructure as Code service that lets you model and provision AWS resources using templates written in JSON or YAML. Manages dependencies between resources and handles rollback on failures.
CloudFront
A fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. Uses edge locations around the world.
CloudTrail
A service that records AWS API calls made on your account and delivers log files to an S3 bucket. Provides visibility into user activity by recording actions taken through the AWS console, SDKs, and CLI.
CloudWatch
A monitoring and observability service for AWS resources and applications. Collects metrics, logs, and events. Set alarms, visualize data with dashboards, and take automated actions based on thresholds.
CloudWatch Alarms
Watch a single CloudWatch metric or the result of a math expression and perform actions based on the value. Alarm states include OK, ALARM, and INSUFFICIENT_DATA. Commonly used to trigger Auto Scaling or SNS notifications.
CloudWatch Logs
A service to monitor, store, and access log files from EC2 instances, Lambda functions, CloudTrail, Route 53, and other sources. Supports metric filters, log insights queries, and cross-account log sharing.
CodeBuild
A fully managed continuous integration service that compiles source code, runs tests, and produces software packages ready to deploy. Scales continuously and processes multiple builds concurrently.
CodeDeploy
A fully managed deployment service that automates software deployments to EC2 instances, on-premises instances, Lambda functions, or ECS services. Supports rolling, blue/green, and canary deployments.
CodePipeline
A fully managed continuous delivery service that helps you automate your release pipelines for application and infrastructure updates. Integrates with CodeBuild, CodeDeploy, and third-party tools.
Cognito
A service that provides authentication, authorization, and user management for web and mobile apps. Users can sign in with a username and password or through a third-party identity provider like Google or Facebook.
Cold Start
The latency experienced when a Lambda function is invoked after being idle. AWS needs to provision a new execution environment, download the code, and initialize the runtime. Provisioned Concurrency eliminates cold starts.
Cost Explorer
A tool that lets you visualize, understand, and manage your AWS costs and usage over time. Provides default reports and lets you create custom reports to analyze cost and usage data.
Cross-Region Replication
Automatic, asynchronous copying of objects across S3 buckets in different AWS Regions. Helps meet compliance requirements, minimize latency, and increase operational efficiency.
D
DAX (DynamoDB Accelerator)
A fully managed, in-memory cache for DynamoDB that delivers up to 10x performance improvement. Reduces response times from milliseconds to microseconds, even at millions of requests per second.
Dead Letter Queue (DLQ)
A queue that receives messages that cannot be processed successfully. Used with SQS, SNS, Lambda, and EventBridge to isolate problematic messages for debugging without blocking the main processing pipeline.
Direct Connect
A dedicated network connection from your premises to AWS. Provides a more consistent network experience than internet-based connections with reduced bandwidth costs and increased throughput.
DocumentDB
A fast, scalable, and highly available document database service that supports MongoDB workloads. Designed from the ground up to give you the performance, scalability, and availability you need when operating mission-critical MongoDB workloads.
DynamoDB
A fully managed NoSQL key-value and document database that delivers single-digit millisecond performance at any scale. Supports both key-value and document data models with built-in security, backup, and in-memory caching.
DynamoDB Streams
An ordered flow of information about changes to items in a DynamoDB table. Captures a time-ordered sequence of item-level modifications and stores the data for up to 24 hours. Commonly used with Lambda triggers.
E
EBS (Elastic Block Store)
A block-level storage service designed for use with EC2 instances. Provides persistent storage that exists independently of EC2 instances. Supports SSD-backed and HDD-backed volume types.
EC2 (Elastic Compute Cloud)
A web service that provides resizable compute capacity in the cloud. Launch virtual servers called instances, choose from multiple instance types, and pay only for the capacity you actually use.
ECR (Elastic Container Registry)
A fully managed Docker container registry that makes it easy to store, manage, and deploy Docker container images. Integrated with ECS and EKS with built-in image scanning and lifecycle policies.
ECS (Elastic Container Service)
A fully managed container orchestration service that supports Docker containers. Run and scale containerized applications on a managed cluster of EC2 instances or with Fargate for serverless containers.
Edge Location
A site that CloudFront uses to cache copies of your content closer to your users for faster delivery. AWS has hundreds of edge locations across the globe.
EFS (Elastic File System)
A simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. Grows and shrinks automatically as you add and remove files.
EKS (Elastic Kubernetes Service)
A managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install and operate your own control plane. Integrates with AWS services for networking, security, and monitoring.
ElastiCache
A fully managed in-memory data store compatible with Redis or Memcached. Provides sub-millisecond latency for caching, session management, gaming leaderboards, and real-time analytics workloads.
Elastic Beanstalk
A service for deploying and scaling web applications. Upload your code and Elastic Beanstalk handles the deployment, capacity provisioning, load balancing, auto-scaling, and health monitoring.
Elastic IP
A static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account and can be remapped to another instance in case of failure.
Elastic Load Balancing (ELB)
Automatically distributes incoming application traffic across multiple targets. Supports Application Load Balancers (HTTP/HTTPS), Network Load Balancers (TCP/UDP), and Gateway Load Balancers.
EventBridge
A serverless event bus that connects your applications with data from AWS services, SaaS apps, and your own applications. Build event-driven architectures with rules to route events to targets.
F
Fargate
A serverless compute engine for containers that works with ECS and EKS. Removes the need to provision and manage servers. You specify and pay for resources per application without managing the underlying infrastructure.
FIFO Queue
A type of SQS queue that guarantees messages are processed exactly once, in the exact order they are sent. Supports message groups for parallel ordered processing within the same queue.
G
Global Accelerator
A networking service that improves the availability and performance of your applications using the AWS global network. Provides static IP addresses that act as a fixed entry point to your application.
Glue
A fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load data for analytics. Includes a data catalog, ETL engine, and job scheduler.
GuardDuty
A threat detection service that continuously monitors for malicious activity and unauthorized behavior. Analyzes CloudTrail events, VPC Flow Logs, and DNS logs to identify potential threats.
I
IAM (Identity and Access Management)
A service that helps you securely control access to AWS resources. Use IAM to manage users, groups, roles, and policies that determine who can access which resources and what actions they can perform.
IAM Policy
A JSON document that defines permissions for AWS resources. Policies specify which actions are allowed or denied on which resources under what conditions. Can be attached to users, groups, or roles.
IAM Role
An IAM identity with specific permissions that can be assumed by trusted entities. Unlike users, roles do not have permanent credentials. They provide temporary security credentials for the session.
Inspector
An automated vulnerability management service that continually scans your AWS workloads for software vulnerabilities and unintended network exposure. Automatically discovers EC2 instances, Lambda functions, and container images.
Internet Gateway
A horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. Attached to a VPC to enable internet access for resources in public subnets.
K
KMS (Key Management Service)
A managed service that makes it easy to create and control cryptographic keys used to encrypt your data. Integrated with most AWS services that encrypt data. Supports automatic key rotation.
Kinesis
A platform for streaming data on AWS. Collect, process, and analyze real-time streaming data. Includes Kinesis Data Streams, Kinesis Data Firehose, and Kinesis Data Analytics.
L
Lambda
A serverless compute service that runs your code in response to events without provisioning or managing servers. Supports multiple runtimes including Node.js, Python, Java, Go, and .NET. Pay only for compute time consumed.
Lambda@Edge
Run Lambda functions at CloudFront edge locations in response to CloudFront events. Customize content delivery with lower latency by executing code closer to users. Limited to 5 seconds execution time.
Lambda Layer
A ZIP archive that contains libraries, a custom runtime, or other dependencies for your Lambda function. Layers help reduce the size of deployment packages and promote code sharing across functions.
Launch Template
A template that specifies instance configuration information for EC2 instances. Includes the AMI ID, instance type, key pair, security groups, and other parameters. Used with Auto Scaling groups.
Lightsail
An easy-to-use virtual private server with a simple management interface. Includes everything you need to launch your project quickly: a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP.
M
MemoryDB
A Redis-compatible, durable, in-memory database service that delivers ultra-fast performance. Purpose-built for modern applications with microservices architectures that need a durable primary database.
MSK (Managed Streaming for Apache Kafka)
A fully managed Apache Kafka service that makes it easy to build and run applications that use Apache Kafka to process streaming data. Handles cluster provisioning, configuration, and maintenance.
Multi-AZ Deployment
A deployment strategy where resources are provisioned across multiple Availability Zones for high availability. Used with RDS, ElastiCache, and other services to provide automatic failover.
N
NACL (Network Access Control List)
A stateless firewall that controls inbound and outbound traffic at the subnet level. Each subnet in a VPC must be associated with a NACL. Rules are evaluated in order from lowest to highest number.
NAT Gateway
A managed Network Address Translation service that enables instances in a private subnet to connect to the internet while preventing the internet from initiating connections to those instances.
Neptune
A fast, reliable, fully managed graph database service. Supports both the Property Graph model (with Apache TinkerPop Gremlin) and the W3C RDF model (with SPARQL).
NLB (Network Load Balancer)
A Layer 4 load balancer that handles TCP, UDP, and TLS traffic with ultra-low latency. Capable of handling millions of requests per second while maintaining ultra-low latencies.
P
Parameter Store
A capability of AWS Systems Manager that provides secure, hierarchical storage for configuration data and secrets management. Supports plaintext data and encrypted data using KMS.
Partition Key
The primary key attribute in a DynamoDB table that determines the partition where the item is stored. A well-designed partition key distributes data evenly across partitions for optimal performance.
PrivateLink
A technology that provides private connectivity between VPCs, AWS services, and on-premises networks without exposing your traffic to the public internet. Creates interface VPC endpoints.
R
RDS (Relational Database Service)
A managed relational database service supporting six database engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. Handles provisioning, patching, backup, and recovery.
Redshift
A fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing business intelligence tools. Uses columnar storage and parallel processing.
Region
A physical location around the world where AWS clusters data centers. Each Region consists of multiple Availability Zones. Examples include us-east-1 (N. Virginia) and eu-west-1 (Ireland).
Reserved Instances
A pricing model that provides a significant discount (up to 75%) compared to On-Demand pricing in exchange for a one or three year commitment. Available for EC2, RDS, ElastiCache, and other services.
Route 53
A highly available and scalable DNS web service. Provides domain registration, DNS routing, and health checking. Supports routing policies like simple, weighted, latency-based, failover, and geolocation.
S
S3 (Simple Storage Service)
An object storage service offering industry-leading scalability, data availability, security, and performance. Store and retrieve any amount of data at any time from anywhere. Supports multiple storage classes for cost optimization.
S3 Glacier
A low-cost storage class for data archiving and long-term backup. Provides three retrieval options: expedited (1-5 minutes), standard (3-5 hours), and bulk (5-12 hours) to balance cost and access speed.
S3 Lifecycle Policy
A set of rules that defines actions applied to a group of objects in S3. Automatically transition objects between storage classes or expire objects after a specified period.
SAM (Serverless Application Model)
An open-source framework for building serverless applications on AWS. Extends CloudFormation with a simplified syntax for defining Lambda functions, APIs, databases, and event source mappings.
Savings Plans
A flexible pricing model that offers lower prices on EC2, Lambda, and Fargate usage in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one or three year term.
SCP (Service Control Policy)
A type of policy in AWS Organizations that offers central control over the maximum available permissions for all accounts in your organization. SCPs restrict which AWS services, resources, and actions are available.
Secrets Manager
A service that helps you protect secrets needed to access your applications, services, and IT resources. Enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets.
Security Group
A virtual firewall that controls inbound and outbound traffic for EC2 instances. Security groups are stateful, meaning if you allow an inbound request, the response is automatically allowed.
SES (Simple Email Service)
A cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. Also supports email receiving.
SNS (Simple Notification Service)
A fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. Supports pub/sub messaging with topics for fan-out to multiple subscribers.
Spot Instances
Spare EC2 capacity available at up to 90% discount compared to On-Demand prices. AWS can reclaim Spot Instances with a 2-minute warning when capacity is needed. Best for fault-tolerant, flexible workloads.
SQS (Simple Queue Service)
A fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Supports standard queues and FIFO queues.
SSM (Systems Manager)
A management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure operating systems. Includes Parameter Store, Session Manager, and Run Command.
SSO (IAM Identity Center)
A service that makes it easy to centrally manage access to multiple AWS accounts and business applications. Provides a user portal where users can find and access their assigned AWS accounts and applications.
Step Functions
A serverless orchestration service that lets you combine Lambda functions and other AWS services to build business-critical applications. Visual workflow designer with built-in error handling and retry logic.
Subnet
A range of IP addresses in your VPC. A public subnet has a route to an internet gateway. A private subnet does not. Subnets reside within a single Availability Zone.
T
Tags
Key-value pairs that you attach to AWS resources for organization and cost allocation. Tags help you manage, identify, organize, search for, and filter resources. Essential for cost tracking and access control.
Terraform
An open-source Infrastructure as Code tool by HashiCorp. Widely used with AWS to define and provision infrastructure using HCL (HashiCorp Configuration Language). Not an AWS service, but commonly used with AWS.
Timestream
A fast, scalable, and serverless time-series database service for IoT and operational applications. Automatically scales up or down to adjust capacity and performance, so you do not need to manage the underlying infrastructure.
Transit Gateway
A network transit hub that connects VPCs, VPN connections, and AWS Direct Connect gateways. Simplifies your network architecture by acting as a central hub for routing traffic between connected networks.
Trusted Advisor
A service that provides real-time guidance to help you provision your resources following AWS best practices. Checks cover cost optimization, performance, security, fault tolerance, and service limits.
V
VPC (Virtual Private Cloud)
A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network you define. You have complete control over your virtual networking environment, including IP address range, subnets, route tables, and gateways.
VPC Endpoint
Enables you to privately connect your VPC to supported AWS services without requiring an internet gateway, NAT device, or VPN connection. Two types: interface endpoints and gateway endpoints (S3 and DynamoDB).
VPC Peering
A networking connection between two VPCs that enables traffic routing using private IP addresses. Instances in either VPC can communicate as if they are in the same network. Not transitive.
VPN (Virtual Private Network)
AWS Site-to-Site VPN creates a secure connection between your on-premises network and your Amazon VPC. Uses IPsec tunnels for encrypted communication over the public internet.