We've put together what we believe is the most comprehensive glossary of cloud computing terminology available.
AAD - Additional Authenticated data (AWS)
Information that is checked for integrity but not encrypted, such as headers or other contextual metadata.
Access Analyzer (AWS)
A feature of AWS Identity and Access Management (IAM) that helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity.
Access Control List (ACL - AWS)
A document that defines who can access a particular bucket or object. Each bucket and object in Amazon S3 has an ACL. The document defines what each type of user can do, such as write and read permissions.
Also called access credentials or security credentials. In authentication and authorization, a system uses credentials to identify who is making a call and whether to allow the requested access. In AWS, these credentials are typically the access key ID and the secret access key.
Access key (AWS)
The combination of an access key ID (like AKIAIOSFODNN7SAMPLE) and a secret access key (like wJalrXUtnFEMI/K7MDENG/bPxRfiCYSAMPLEKEY). You use access keys to sign API requests that you make to AWS.
Access key ID (AWS)
A unique identifier that's associated with a secret access key; the access key ID and secret access key are used together to sign programmatic AWS requests cryptographically.
Access key rotation (AWS)
A method to increase security by changing the AWS access key ID. This method enables you to retire an old key at your discretion.
Access policy language (AWS)
A language for writing documents (that is, policies) that specify who can access a particular AWS resource and under what conditions.
AWS: A formal relationship with AWS that is associated with all of the following:
- The owner email address and password
- The control of resources created under its umbrella
- Payment for the AWS activity related to those resources
The AWS account has permission to do anything and everything with all the AWS account resources. This is in contrast to a user, which is an entity contained within the account.
Azure: An account that's used to access and manage an Azure subscription. It's often referred to as an Azure account although an account can be any of these: an existing work, school, or personal Microsoft account.
ACM - AWS Certificate Manager
A web service for provisioning, managing, and deploying Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services.
An API function. Also called operation or call. The activity the principal has permission to perform. The action is B in the statement "A has permission to do B to C where D applies." For example, Jane sends a request to Amazon SQS with Action=ReceiveMessage.
Administrative suspension (AWS)
Amazon EC2 Auto Scaling might suspend processes for Auto Scaling groups that repeatedly fail to launch instances. Auto Scaling groups that most commonly experience administrative suspension have zero running instances, have been trying to launch instances for more than 24 hours, and have not succeeded in that time.
Advanced Threat Protection (Azure)
Detect and investigate advanced attacks on-premises and in the cloud. Similar to AWS GuardDuty
Azure Advisor analyses your configurations and usage telemetry and offers personalised, actionable recommendations to help you optimise your Azure resources for reliability, security, operational excellence, performance and cost. Similar to AWS Trusted Advisor.
An item that watches a single metric over a specified time period and triggers an Amazon SNS topic or an Amazon EC2 Auto Scaling policy if the value of the metric crosses a threshold value over a predetermined number of time periods.
Amazon API Gateway (AWS)
A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
Amazon AppStream 2.0 (AWS)
A fully managed, secure service for streaming desktop applications to users without rewriting those applications.
Amazon Athena (AWS)
An interactive query service that makes it easy to analyze data in Amazon S3 using ANSI SQL. Athena is serverless, so there is no infrastructure to manage. Athena scales automatically and is simple to use, so you can start analyzing your datasets within seconds.
Amazon Aurora (AWS)
A fully managed MySQL-compatible relational database engine that combines the speed and availability of commercial databases with the simplicity and cost-effectiveness of open-source databases.
Amazon Chime (AWS)
A secure, real-time, unified communications service that transforms meetings by making them more efficient and easier to conduct.
Amazon Cloud Directory (Cloud Directory)
A service that provides a highly scalable directory store for your application’s multi hierarchical data.
Amazon CloudFront (AWS)
An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.
Amazon CloudSearch (AWS)
A fully managed service in the AWS Cloud that makes it easy to set up, manage, and scale a search solution for your website or application.
Amazon CloudWatch (AWS)
A web service that enables you to monitor and manage various metrics, and configure alarm actions based on data from those metrics.
Amazon CloudWatch Events (AWS)
A web service that enables you to deliver a timely stream of system events that describe changes in AWS resources to AWS Lambda functions, streams in Amazon Kinesis Data Streams, Amazon Simple Notification Service topics, or built-in targets.
Amazon CloudWatch Logs (AWS)
A web service for monitoring and troubleshooting your systems and applications from your existing system, application, and custom log files. You can send your existing log files to CloudWatch Logs and monitor these logs in near-real time.
Amazon Cognito (AWS)
A web service that makes it easy to save mobile user data, such as app preferences or game state, in the AWS Cloud without writing any backend code or managing any infrastructure.
Amazon Connect (AWS)
A service solution that offers easy, self-service configuration and enables dynamic, personal, and natural customer engagement at any scale.
Amazon Corretto (AWS)
A no-cost, multi-platform, production-ready distribution of the Open Java Development Kit (OpenJDK).
Amazon Detective (AWS)
A service that collects log data from your AWS resources to analyze and identify the root cause of security findings or suspicious activities.
Amazon DocumentDB (with MongoDB compatibility) (AWS)
A managed database service that you can use to set up, operate, and scale MongoDB-compatible databases in the cloud.
Amazon DynamoDB (AWS)
A fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.
Amazon EBS-backed AMI (AWS)
A type of Amazon Machine Image (AMI) whose instances use an Amazon EBS volume as their root device. Compare this with instances launched from instance store-backed AMIs, which use the instance store as the root device.
Amazon EC2 (AWS)
A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon's data centers.
Amazon EC2 Auto Scaling (AWS)
A web service designed to launch or terminate instances automatically based on user-defined policies, schedules, and health checks.
Amazon Elastic Block Store (Amazon EBS) (AWS)
A service that provides block level storage volumes for use with EC2 instances.
Amazon Elastic Compute Cloud (Amazon EC2) (AWS)
A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon's data centers.
Amazon Elastic Container Registry (Amazon ECR) (AWS)
A fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (Amazon ECS) and AWS Identity and Access Management (IAM).
Amazon Elastic Container Service (Amazon ECS) (AWS)
A highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster of EC2 instances.
Amazon Elastic File System (Amazon EFS) (AWS)
A file storage service for EC2 instances. Amazon EFS is easy to use and provides a simple interface with which you can create and configure file systems. Amazon EFS storage capacity grows and shrinks automatically as you add and remove files.
Amazon Elastic Kubernetes Service (Amazon EKS) (AWS)
A managed service that simplifies running Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane.
Amazon Elastic Transcoder (AWS)
A cloud-based media transcoding service. Elastic Transcoder is a highly scalable tool for converting (or transcoding) media files from their source format into versions that play on devices like smartphones, tablets, and PCs.
Amazon ElastiCache (AWS)
A web service that simplifies deploying, operating, and scaling an in-memory cache in the cloud. The service improves the performance of web applications by providing information retrieval from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases.
Amazon Elasticsearch Service (Amazon ES) (AWS)
An AWS managed service for deploying, operating, and scaling Elasticsearch, an open-source search and analytics engine, in the AWS Cloud.
Amazon EMR (AWS)
A web service that makes it easy to process large amounts of data efficiently. Amazon EMR uses Hadoop processing combined with several AWS products to do such tasks as web indexing, data mining, log file analysis, machine learning, scientific simulation, and data warehousing.
Amazon EventBridge (AWS)
A serverless event bus service that enables you to connect your applications with data from a variety of sources and routes that data to targets such as AWS Lambda.
Amazon GuardDuty (AWS)
A continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment.
Amazon Inspector (AWS)
An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices.
Amazon Kinesis (AWS)
A platform for streaming data on AWS. Kinesis offers services that simplify the loading and analysis of streaming data.
Amazon Kinesis Data Firehose (AWS)
A fully managed service for loading streaming data into AWS. Kinesis Data Firehose can capture and automatically load streaming data into Amazon S3 and Amazon Redshift , enabling near real-time analytics with existing business intelligence tools and dashboards.
Amazon Kinesis Data Streams (AWS)
A web service for building custom applications that process or analyze streaming data for specialized needs. Amazon Kinesis Data Streams can continuously capture and store terabytes of data per hour from hundreds of thousands of sources.
Amazon Lightsail (AWS)
Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail offers bundled plans that include everything you need to deploy a virtual private server, for a low monthly rate.
Amazon Machine Image (AMI) (AWS)
An encrypted machine image stored in Amazon Elastic Block Store (Amazon EBS) or Amazon Simple Storage Service. AMIs are like a template of a computer's root drive. They contain the operating system and can also include software and layers of your application, such as database servers, middleware, web servers, and so on.
Amazon Machine Learning (AWS)
A cloud-based service that creates machine learning (ML) models by finding patterns in your data, and uses these models to process new data and generate predictions.
Amazon Macie (AWS)
A security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.
Amazon Managed Blockchain (AWS)
A fully managed service for creating and managing scalable blockchain networks using popular open source frameworks.
Amazon MQ (AWS)
A managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud.
Amazon Neptune (AWS)
A managed graph database service that you can use to build and run applications that work with highly connected datasets. Neptune supports the popular graph query languages Apache TinkerPop Gremlin and W3C’s SPARQL, enabling you to build queries that efficiently navigate highly connected datasets.
Amazon QuickSight (AWS)
A fast, cloud-powered business analytics service that makes it easy to build visualizations, perform analysis, and quickly get business insights from your data.
Amazon Redshift (AWS)
A fully managed, petabyte-scale data warehouse service in the cloud. With Amazon Redshift, you can analyze your data using your existing business intelligence tools.
Amazon Relational Database Service (Amazon RDS) (AWS)
A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.
Amazon Resource Name (ARN) (AWS)
A standardized way to refer to an AWS resource. For example: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob.
Amazon Route 53 (AWS)
A web service you can use to create a new DNS service or to migrate your existing DNS service to the cloud.
Amazon S3 (AWS)
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.
Amazon S3 Glacier (AWS)
A secure, durable, and low-cost storage service for data archiving and long-term backup. You can reliably store large or small amounts of data for significantly less than on-premises solutions. S3 Glacier is optimized for infrequently accessed data, where a retrieval time of several hours is suitable.
AWS Security Hub (AWS)
A service that provides a comprehensive view of the security state of your AWS resources. Security Hub collects security data from AWS accounts and services and helps you analyze your security trends to identify and prioritize the security issues across your AWS environment.
Amazon Simple Email Service (Amazon SES) (AWS)
An easy-to-use, cost-effective email solution for applications.
Amazon Simple Notification Service (Amazon SNS) (AWS)
A web service that enables applications, users, and devices to instantly send and receive notifications from the cloud.
Amazon Simple Queue Service (Amazon SQS) (AWS)
Reliable and scalable hosted queues for storing messages as they travel between computers.
Amazon Simple Workflow Service (Amazon SWF)
A fully managed service that helps developers build, run, and scale background jobs that have parallel or sequential steps. Amazon SWF is like a state tracker and task coordinator in the cloud.
Amazon Sumerian (AWS)
A set of tools for creating and running high-quality 3D, augmented reality (AR), and virtual reality (VR) applications on the web.
Amazon Virtual Private Cloud (Amazon VPC) (AWS)
A web service for provisioning a logically isolated section of the AWS Cloud virtual network that you define. You control your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
Amazon Web Services (AWS)
An infrastructure web services platform in the cloud for companies of all sizes.
Amazon WorkMail (AWS)
A managed, secure business email and calendar service with support for existing desktop and mobile email clients.
Amazon WorkSpaces (AWS)
A managed, secure desktop computing service for provisioning cloud-based desktops and providing users access to documents, applications, and resources from supported devices.
API app / App Service app (Azure)
The compute resources that Azure App Service provides for hosting a website or web application, web API, or mobile app backend. App Service apps are also referred to as App Services, web apps, API apps, and mobile apps.
Entry points that allows multiple APIs or services to interact. Referred to as API Gateway in AWS, API Management in Azure and Cloud Endpoints in GCP.
GCP’s API Management, development and security platform.
Application Auto Scaling (AWS)
A web service that enables you to configure automatic scaling for AWS resources beyond Amazon EC2, such as Amazon ECS services, Amazon EMR
App Mesh (AWS)
AWS App Mesh is a service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. App Mesh standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications. Similar to Azure Service Fabric Mesh.
AWS CodePipeline: A copy of the files or changes that will be worked upon by the pipeline.
Asymmetric encryption (AWS)
Encryption that uses both a public key and a private key.
Provides a serverless interactive query service that uses standard SQL for analyzing databases. Similar to Azure Data Lake Analytics
Atomic counter (AWS)
DynamoDB: A method of incrementing or decrementing the value of an existing attribute without interfering with other write requests.
A fundamental data element, something that does not need to be broken down any further. In DynamoDB, attributes are similar in many ways to fields or columns in other database systems.
Amazon Machine Learning: A unique, named property within an observation in a dataset. In tabular data, such as spreadsheets or comma-separated values (.csv) files, the column headings represent the attributes, and the rows contain values for each attribute.
Area Under a Curve. An industry-standard metric to evaluate the quality of a binary classification machine learning model.
Encryption that provides confidentiality, data integrity, and authenticity assurances of the encrypted data.
The process of proving your identity to a system.
The process of increasing or decreasing resources based on usage and rules. Referred to as AWS Auto-Scaling groups, Azure VM Scale Sets and GCP Compute Engine Autoscaler.
Auto Scaling group (AWS)
A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management. Similar to Azure VM Scale Sets.
Availability Set (Azure)
A collection of virtual machines that are managed together to provide application redundancy and reliability. The use of an availability set ensures that during either a planned or unplanned maintenance event at least one virtual machine is available.
A distinct location within a Region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same Region. The terminology is common across AWS, GCP and Azure.
Amazon Web Services
AWS Application Discovery Service (AWS)
A web service that helps you plan to migrate to AWS by identifying IT assets in a data center—including servers, virtual machines, applications, application dependencies, and network infrastructure.
AWS AppSync (AWS)
An enterprise level, fully managed GraphQL service with real-time data synchronization and offline programming features.
AWS Auto Scaling (AWS)
A fully managed service that enables you to quickly discover the scalable AWS resources that are part of your application and configure dynamic scaling.
AWS Backup (AWS)
A managed backup service that you can use to centralize and automate the backup of data across AWS services in the cloud and on premises.
AWS Blockchain Templates (AWS)
A service for creating and deploying open-source blockchain frameworks on AWS, such as Ethereum and Hyperledger Fabric.
AWS Certificate Manager (ACM) (AWS)
A web service for provisioning, managing, and deploying Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services.
AWS Certificate Manager Private Certificate Authority (ACM PCA) (AWS)
A hosted private certificate authority service for issuing and revoking private digital certificates.
AWS Cloud Development Kit (AWS CDK)
An open-source software development framework for defining your cloud infrastructure in code and provisioning it through AWS CloudFormation.
AWS Cloud Map
A service that you use to create and maintain a map of the backend services and resources that your applications depend on. AWS Cloud Map lets you name and discover your cloud resources.
AWS Cloud9 (AWS)
A cloud-based integrated development environment (IDE) that you use to write, run, and debug code.
A service for writing or changing templates that create and delete related AWS resources together as a unit.
AWS CloudHSM (AWS)
A web service that helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware security module (HSM) appliances within the AWS Cloud.
AWS CloudTrail (AWS)
A web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.
AWS CodeBuild (AWS)
A fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
AWS CodeCommit (AWS)
A fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories.
AWS CodeDeploy (AWS)
A service that automates code deployments to any instance, including EC2 instances and instances running on-premises.
AWS CodePipeline (AWS)
A continuous delivery service for fast and reliable application updates.
AWS Command Line Interface (AWS CLI)
A unified downloadable and configurable tool for managing AWS services. Control multiple AWS services from the command line and automate them through scripts.
AWS Config (AWS)
A fully managed service that provides an AWS resource inventory, configuration history, and configuration change notifications for better security and governance. You can create rules that automatically check the configuration of AWS resources that AWS Config records.
AWS Database Migration Service (DMS) (AWS)
A web service that can help you migrate data to and from many widely used commercial and open-source databases.
AWS Data Pipeline (AWS)
A web service for processing and moving data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals.
AWS Device Farm (Device Farm) (AWS)
An app testing service that allows developers to test Android, iOS, and Fire OS devices on real, physical phones and tablets that are hosted by AWS.
AWS Direct Connect (AWS)
A web service that simplifies establishing a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment.
AWS Directory Service (AWS)
A managed service for connecting your AWS resources to an existing on-premises Microsoft Active Directory or to set up and operate a new, standalone directory in the AWS Cloud.
AWS Elastic Beanstalk (AWS)
A web service for deploying and managing applications in the AWS Cloud without worrying about the infrastructure that runs those applications.
AWS Encryption SDK (AWS)
A client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices.
AWS Firewall Manager (AWS)
A service that you use with AWS WAF to simplify your AWS WAF administration and maintenance tasks across multiple accounts and resources.
AWS Global Accelerator
A network layer service that you use to create accelerators that direct traffic to optimal endpoints over the AWS global network.
AWS Glue (AWS)
A fully managed extract, transform, and load (ETL) service that you can use to catalog data and load it for analytics. With AWS Glue, you can discover your data, develop scripts to transform sources into targets, and schedule and run ETL jobs in a serverless environment.
AWS GovCloud (US) (AWS)
An isolated AWS Region designed to host sensitive workloads in the cloud, ensuring that this work meets the US government's regulatory and compliance requirements. The AWS GovCloud (US) Region adheres to United States International Traffic in Arms Regulations (ITAR), Federal Risk and Authorization Management Program (FedRAMP) requirements, Department of Defense (DOD) Cloud Security Requirements Guide (SRG) Levels 2 and 4, and Criminal Justice Information Services (CJIS) Security Policy requirements.
AWS Identity and Access Management (IAM) (AWS)
A web service that enables Amazon Web Services (AWS) customers to manage users and user permissions within AWS.
AWS Import/Export (AWS)
A service for transferring large amounts of data between AWS and portable storage devices.
AWS IoT Core (AWS)
A managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.
AWS IoT 1-Click (AWS)
A service that enables simple devices to trigger AWS Lambda functions that can execute an action.
AWS IoT Analytics (AWS)
A fully managed service used to run sophisticated analytics on massive volumes of IoT data.
AWS IoT Device Defender (AWS)
An AWS IoT security service that allows you to audit the configuration of your devices, monitor your connected devices to detect abnormal behavior, and to mitigate security risks.
AWS IoT Device Management (AWS)
A service used to securely onboard, organize, monitor, and remotely manage IoT devices at scale.
AWS IoT Events (AWS)
A fully managed AWS IoT service that makes it easy to detect and respond to events from IoT sensors and applications.
AWS IoT Greengrass (AWS)
Software that lets you run local compute, messaging, data caching, sync, and ML inference capabilities for connected devices in a secure way.
AWS IoT SiteWise (AWS)
A managed service that lets you collect, organize, and analyze data from industrial equipment at scale.
AWS IoT Things Graph (AWS)
A service that makes it easy to visually connect different devices and web services to build IoT applications.
AWS Key Management Service (AWS KMS)
A managed service that simplifies the creation and control of encryption keys that are used to encrypt data.
AWS Lambda (AWS)
A web service that lets you run code without provisioning or managing servers. You can run code for virtually any type of application or backend service with zero administration. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app.
AWS managed key (AWS)
One type of customer master key (CMK) in AWS Key Management Service (AWS KMS).
AWS managed policy (AWS)
An IAM managed policy that is created and managed by AWS.
AWS Management Console (AWS)
A graphical interface to manage compute, storage, and other cloud resources.
AWS Management Portal for vCenter (AWS)
A web service for managing your AWS resources using VMware vCenter. You install the portal as a vCenter plugin within your existing vCenter environment. Once installed, you can migrate VMware VMs to Amazon EC2 and manage AWS resources from within vCenter.
AWS Marketplace (AWS)
A web portal where qualified partners market and sell their software to AWS customers. AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.
AWS Mobile Hub (Mobile Hub) (AWS)
An integrated console for building, testing, and monitoring mobile apps.
AWS Mobile SDK (AWS)
A software development kit whose libraries, code examples, and documentation help you build high quality mobile apps for the iOS, Android, Fire OS, Unity, and Xamarin platforms.
AWS OpsWorks (AWS)
A configuration management service that helps you use Chef to configure and operate groups of instances and applications.
AWS Organizations (AWS)
An account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
AWS Resource Access Manager (AWS)
A service that lets you share your resources with any AWS account or organization in AWS Organizations.
AWS ParallelCluster (AWS)
An AWS supported open source cluster management tool that helps you to deploy and manage high performance computing (HPC) clusters in the AWS Cloud.
AWS SDK for C++ (AWS)
A software development kit for that provides C++ APIs for many AWS services including Amazon S3, Amazon EC2, Amazon DynamoDB, and more.
AWS SDK for Go (AWS)
A software development kit for integrating your Go application with the full suite of AWS services.
AWS SDK for Java (AWS)
A software development kit that provides Java APIs for many AWS services including Amazon S3, Amazon EC2, Amazon DynamoDB, and more.
AWS SDK for .NET (AWS)
A software development kit that provides .NET API actions for AWS services including Amazon S3, Amazon EC2, IAM, and more.
AWS SDK for PHP (AWS)
A software development kit and open-source PHP library for integrating your PHP application with AWS services.
AWS SDK for Python (Boto) (AWS)
A software development kit for using Python to access AWS services like Amazon EC2, Amazon EMR, Amazon EC2 Auto Scaling, Amazon Kinesis, AWS Lambda, and more.
AWS SDK for Ruby (AWS)
A software development kit for accessing AWS services from Ruby. The SDK provides Ruby classes for many AWS services including Amazon S3, Amazon EC2, Amazon DynamoDB. and more.
AWS Secrets Manager (AWS)
A service for securely encrypting, storing, and rotating credentials for databases and other services.
AWS Security Token Service (AWS STS)
A web service for requesting temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).
AWS Service Catalog (AWS)
A web service that helps organizations create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multitier application architectures.
AWS Shield (AWS)
A service that helps to protect your resources—such as Amazon EC2 instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, and Route 53 hosted zones—against DDoS attacks.
AWS Single Sign-On SSO (AWS)
A cloud-based service that simplifies managing SSO access to AWS accounts and business applications. You can control SSO access and user permissions across all your AWS accounts in AWS Organizations.
AWS Step Functions (AWS)
A web service that coordinates the components of distributed applications as a series of steps in a visual workflow.
AWS Snowball (AWS)
A petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud.
AWS Storage Gateway (AWS)
A web service that connects an on-premises software appliance with cloud-based storage. AWS Storage Gateway provides seamless and secure integration between an organization’s on-premises IT environment and AWS storage infrastructure.
AWS Toolkit for Eclipse (AWS)
An open-source plugin for the Eclipse Java integrated development environment (IDE) that makes it easier to develop, debug, and deploy Java applications using Amazon Web Services.
AWS Toolkit for Visual Studio (AWS)
An extension for Visual Studio that helps in developing, debugging, and deploying .NET applications using Amazon Web Services.
AWS Toolkit for Visual Studio Code (AWS)
An open-source plugin for the Visual Studio Code (VS Code) editor that makes it easier to develop, debug, and deploy applications using Amazon Web Services.
AWS Tools for Windows PowerShell (AWS)
A set of PowerShell cmdlets to help developers and administrators manage their AWS services from the Windows PowerShell scripting environment.
AWS Toolkit for Microsoft Azure DevOps (AWS)
Provides tasks you can use in build and release definitions in VSTS to interact with AWS services.
AWS Trusted Advisor (AWS)
A web service that inspects your AWS environment and makes recommendations for saving money, improving system availability and performance, and helping to close security gaps.
AWS VPN CloudHub (AWS)
Enables secure communication between branch offices using a simple hub-and-spoke model, with or without a VPC.
AWS WAF (AWS)
A web application firewall service that controls access to content by allowing or blocking web requests based on criteria that you specify. For example, you can filter access based on the header values or the IP addresses that the requests originate from. AWS WAF helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
AWS X-Ray (AWS)
A web service that collects data about requests that your application serves. X-Ray provides tools that you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization.
Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated IT tasks.
Azure Content Delivery Network (CDN) lets you reduce load times, save bandwidth and speed responsiveness.
Azure Classic Deployment Model (Azure)
One of two deployment models used to deploy resources in Azure (the new model is Azure Resource Manager). Some Azure services support only the Resource Manager deployment model, some support only the classic deployment model, and some support both. The documentation for each Azure service specifies which model(s) they support.
A command-line interface that can be used to manage Azure services from Windows, macOS, and Linux. Some services or service features can be managed only via PowerShell or the CLI.
Azure Managed Disks
SSD storage optimized for I/O intensive read/write operations. For use as high-performance Azure virtual machine storage.
Easy-to-deploy and automatically configured third-party applications, including single virtual machine or multiple virtual machine solutions.
A command-line interface to manage Azure services via a command line from Windows PCs. Some services or service features can be managed only via PowerShell or the CLI
Azure Resource Manager deployment model
One of two deployment models used to deploy resources in Microsoft Azure (the other is the classic deployment model). Some Azure services support only the Resource Manager deployment model, some support only the classic deployment model, and some support both. The documentation for each Azure service specifies which model(s) they support.
Bare Metal (GCP)
Infrastructure to run specialized workloads on Google Cloud.
Batch prediction (AWS ML)
Amazon Machine Learning: An operation that processes multiple input data observations at one time (asynchronously). Unlike real-time predictions, batch predictions are not available until all predictions have been processed.
Border Gateway Protocol Autonomous System Number. A unique identifier for a network, for use in BGP routing. Amazon EC2 supports all 2-byte ASN numbers in the range of 1 – 65335, with the exception of 7224, which is reserved.
A broad term used to describe unconventional data sets which are either too large or too complex to be dealt with using traditional data-processing techniques.
Binary attribute (AWS ML)
Amazon Machine Learning: An attribute for which one of two possible values is possible.
Binary classification model (AWS ML)
Amazon Machine Learning: A machine learning model that predicts the answer to questions where the answer can be expressed as a binary variable.
Azure Blob storage provides scalable, cost-efficient object storage in the cloud. Store and access unstructured data for your most demanding workloads.
A dataset. Amazon EMR breaks large amounts of data into subsets. Each subset is called a data block. Amazon EMR assigns an ID to each block and uses a hash table to keep track of block processing.
A storage device that supports reading and (optionally) writing data in fixed-size blocks, sectors, or clusters.
Blue/Green deployment (AWS)
CodeDeploy: A deployment method in which the instances in a deployment group (the original environment) are replaced by a different set of instances (the replacement environment).
Amazon EC2 Auto Scaling: The condition in which a user-set threshold (upper or lower boundary) is passed. If the duration of the breach is significant, as set by a breach duration parameter, it can possibly start a scaling activity.
Amazon Simple Storage Service (Amazon S3): A container for stored objects. Every object is contained in a bucket.
A commonly used term for creating an Amazon Machine Image (AMI). It specifically refers to creating instance store-backed AMIs.
Cache cluster (AWS)
A logical cache distributed over multiple cache nodes. A cache cluster can be set up with a specific number of cache nodes.
Cache node (AWS)
A fixed-size chunk of secure, network-attached RAM. Each cache node runs an instance of the Memcached service, and has its own DNS name and port. Multiple types of cache nodes are supported, each with varying amounts of associated memory.
Cache node type (AWS)
An EC2 instance type used to run the cache node.
Cache security group (AWS)
A group maintained by ElastiCache that combines inbound authorizations to cache nodes for hosts belonging to Amazon EC2 security groups specified through the console or the API or command line tools.
Canned access policy (AWS)
A standard access control policy that you can apply to a bucket or object. Options include: private, public-read, public-read-write, and authenticated-read.
The process of converting data into a standard format that a service such as Amazon S3 can recognize.
Content Delivery Network - Commonly referred to as AWS Cloudfront, Azure CDN and GCP Cloud CDN or GCP CDN Interconnect.
A credential that some AWS products use to authenticate AWS accounts and users. Also known as an X.509 certificate . The certificate is paired with a private key.
Classless Inter-Domain Routing. An internet protocol address allocation and route aggregation methodology.
Information that has been encrypted, as opposed to plaintext, which is information that has not.
A feature for linking an EC2-Classic instance to a VPC, allowing your EC2-Classic instance to communicate with VPC instances using private IP addresses.
Command Line Interface
A metaphor for a global network, first used in reference to the telephone network and now commonly used to represent the Internet. Although some argue there is no cloud, only other people’s computers.
Cloud Armor (GCP)
A GCP service providing defense against web and DDoS attacks.
Cloud Data Fusion (GCP)
A google service providing data integration for building and managing data pipelines.
Cloud migration is the process of transferring all of or a piece of a company’s data, applications, and services from on-premise hardware to the cloud.
Applications and solutions developed specifically for cloud platforms.
Cloud washing is a somewhat deceptive marketing technique used to rebrand old products by connecting them to the cloud, or at least to the term cloud.
AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their life cycles, by treating infrastructure as code. A CloudFormation template describes your desired resources and their dependencies so you can launch and configure them together as a stack. Similar to Azure Automation.
Amazon CloudFront is a content delivery network offered by Amazon Web Services. Content delivery networks provide a globally-distributed network of proxy servers which cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content. Similar to Azure CDN
Cloud Run (GCP)
Fully managed environment for running containerized apps.
Delivers full-text search and related search analytics and capabilities. Similar to Azure Cognitive Search.
Cloud Spanner (GCP)
Fully managed relational database with unlimited scale, strong consistency, and up to 99.999% availability.
Cloud Computing Types
There are three main cloud computing types, with additional ones evolving—software-as-a-service (SaaS) for web-based applications, infrastructure-as-a-service (IaaS) for Internet-based access to storage and computing power, and platform-as-a-service (PaaS) that gives developers the tools to build and host Web applications
Cloud service provider (CSP)
A company that provides subscribers with access to internet-hosted computing, storage, and software services.
A logical grouping of container instances that you can place tasks on.
Cluster compute instance
A type of instance that provides a great amount of CPU power coupled with increased networking performance, making it well suited for High Performance Compute (HPC) applications and other demanding network-bound applications.
Cluster status (AWS)
Amazon Elasticsearch Service (Amazon ES): An indicator of the health of a cluster. A status can be green, yellow, or red. At the shard level, green means that all shards are allocated to nodes in a cluster, yellow means that the primary shard is allocated but the replica shards are not, and red means that the primary and replica shards of at least one index are not allocated. The shard status determines the index status, and the index status determines the cluster status.
Customer Master Key
CMP - Cloud Management Platform
A cloud management platform (CMP) is a product that gives the user integrated management of public, private, and hybrid cloud environments.
Canonical Name Record. A type of resource record in the Domain Name System (DNS) that specifies that the domain name is an alias of another, canonical domain name. More simply, it is an entry in a DNS table that lets you alias one fully qualified domain name to another.
Cognitive Search (Azure)
Delivers full-text search and related search analytics and capabilities. Similar to AWS CloudSearch.
Compound query (AWS)
Amazon CloudSearch: A search request that specifies multiple search criteria using the Amazon CloudSearch structured search syntax.
Scalable servers referred to as instances. AWS EC2, Azure Virtual Machines or GCP Compute Engine.
AWS Management Console
A Linux container that was created from a Docker image as part of a task. A container virtualization instance in which the kernel of an operating system allows for multiple isolated user-space instances. Unlike virtual machines (VMs), containers do not need to run a full-blown operating system (OS) image for each instance. Instead, containers are able to run separate instances of an application within a single shared OS.
Specifies which Docker image to use for a container, how much CPU and memory the container is allocated, and more options. The container definition is included as part of a task definition.
AWS: An EC2 instance that is running the Amazon Elastic Container Service (Amazon ECS) agent and has been registered into a cluster. Amazon ECS tasks are placed on active container instances.
Azure: Azure Container Instances is the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or adopt a higher-level orchestration service.
Stores, manages, and deploys Docker images in Azure and AWS (also referred to as Elastic Container Registry)
One of the diagram types available when using hava.io to visualize AWS network topology. The container view diagrams containers and their associated tasks.
Content delivery network (CDN)
A web service that speeds up distribution of your static and dynamic web content—such as .html, .css, .js, media files, and image files—to your users by using a worldwide network of data centers.
Continuous delivery (CD)
A software development practice in which code changes are automatically built, tested, and prepared for a release to production. Often referred to as part of DevOps CI/CD Continuous Integration / Continuous Delivery
Continuous integration (CI)
A software development practice in which developers regularly merge code changes into a central repository, after which automated builds and tests are run. Often referred to as part of DevOps CI/CD Continuous Integration / Continuous Delivery
Cooldown period (AWS)
Amount of time during which Amazon EC2 Auto Scaling does not allow the desired size of the Auto Scaling group to be changed by any other notification from an Amazon CloudWatch alarm.
Corpus (AWS Cloudsearch)
Amazon CloudSearch: A collection of data that you want to search.
Cosmos DB (Azure)
NoSQL key-value store for rapid development using massive semi-structured datasets. Similar to AWS Dynamo DB.
Credential helper (AWS)
AWS CodeCommit: A program that stores credentials for repositories and supplies them to Git when making connections to those repositories. The AWS CLI includes a credential helper that you can use with Git when connecting to CodeCommit repositories.
Also called access credentials or security credentials. In authentication and authorization, a system uses credentials to identify who is making a call and whether to allow the requested access.
In AWS, these credentials are typically the access key ID and the secret access key.
Cross-account access (AWS)
The process of permitting limited, controlled use of resources in one AWS account by a user in another AWS account.
Cross-Region replication (AWS)
A solution for replicating data across different AWS Regions, in near-real time.
Customer gateway (AWS)
A router or software application on your side of a VPN tunnel that is managed by Amazon VPC. The internal interfaces of the customer gateway are attached to one or more devices in your home network. The external interface is attached to the virtual private gateway (VGW) across the VPN tunnel.
Customer managed policy (AWS)
An IAM managed policy that you create and manage in your AWS account.
Customer master key (CMK) (AWS)
The fundamental resource that AWS Key Management Service (AWS KMS) manages. CMKs can be either customer managed keys or AWS managed keys.
Create, manage, operate, and optimize HPC and big compute clusters of any scale. Similar to AWS Parallel Cluster.
A type of partitioning that lets you divide your large database into smaller databases, which can be managed faster more easily across servers.
Data Catalog (Azure)
A fully managed service that serves as a system of registration and system of discovery for enterprise data sources. Similar to AWS Glue
Data consistency (AWS)
A concept that describes when data is written or updated successfully and all copies of the data are updated in all AWS Regions. However, it takes time for the data to propagate to all storage locations. To support varied application requirements, Amazon DynamoDB supports both eventually consistent and strongly consistent reads.
Streaming analytics for stream and batch processing.
Data Lake Storage (Azure)
Massively scalable, secure data lake functionality built on Azure Blob Storage.
Data node (AWS)
Amazon Elasticsearch Service (Amazon ES): An Elasticsearch instance that holds data and responds to data upload requests.
The database, file, or repository that provides information required by an application or database.
The database software and version running on the DB instance.
The name of a database hosted in a DB instance. A DB instance can host multiple databases, but databases hosted by the same DB instance must each have a unique name within that instance.
Data Lake Analytics (Azure)
Provides a serverless interactive query service that uses standard SQL for analyzing databases. Similar to AWS Athena.
A GCP service for running Apache Spark and Apache Hadoop clusters.
Central collection of data from multiple sources. Popular solutions include Amazon Redshift, Azure SQL Data Warehouse and GCP BigQuery
DB compute class
The size of the database compute platform used to run the instance.
An isolated database environment running in the cloud. A DB instance can contain multiple user-created databases.
DB security group
A method that controls access to the DB instance. By default, network access is turned off to DB instances. After inbound traffic is configured for a security group, the same rules apply to all DB instances associated with that group.
A user-initiated point backup of a DB instance.
Dedicated Host (AWS)
A physical server with EC2 instance capacity fully dedicated to a user.
Dedicated Instance (AWS)
An instance that is physically isolated at the host hardware level and launched within a VPC.
Dedicated Reserved Instance (AWS)
An option that you purchase to guarantee that sufficient capacity will be available to launch Dedicated Instances into a VPC.
Within a single AWS account: Giving AWS users access to resources in your AWS account.
Between two AWS accounts: Setting up a trust between the account that owns the resource (the trusting account), and the account that contains the users that need to access the resource (the trusted account).
Delete marker (AWS)
An object with a key and version ID, but without content. Amazon S3 inserts delete markers automatically into versioned buckets when an object is deleted.
The result of a policy statement that includes “deny” as the effect, so that a specific action or actions are expressly forbidden for a user, group, or role. Explicit deny take precedence over explicit allow.
The union of people, process, and technology to enable continuous delivery of value to customers. The practice of DevOps brings development and operations teams together to speed up software delivery and make products more secure and reliable.
Azure: Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle, and enables DevOps capabilities
A name–value pair (for example, InstanceType=m1.small, or EngineName=mysql), that contains additional information to identify a metric.
A link between an origin server (such as an Amazon S3 bucket) and a domain name, which CloudFront automatically assigns. Through this link, CloudFront identifies the object you have stored in your origin server.
DomainKeys Identified Mail. A standard that email senders use to sign their messages. ISPs use those signatures to verify that messages are legitimate.
DNS - Domain Name System
Database of internet domain names that are translated into the IP address of the host computer. Popular cloud solutions include AWS Route53, Azure DNS and GCP Cloud DNS.
A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.
Domain Name System (DNS)
A service that routes internet traffic to websites by translating friendly domain names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
A fully managed NoSQL database service from Amazon
Amazon Elastic Block Store (Amazon EBS).
Amazon Elastic Compute Cloud (EC2)
EC2 compute unit (ECU)
An AWS standard for compute CPU and memory. You can use this measure to evaluate the CPU capacity of different EC2 instance types.
EC2 instance (AWS)
A compute instance in the Amazon EC2 service. Other AWS services use the term EC2 instance to distinguish these instances from other types of instances they support.
Amazon Elastic Container Registry (Amazon ECR). Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying development to production workflow.
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service.
A data center that a cloud service uses to perform service-specific operations. For example, AWS CloudFront uses edge locations to cache copies of your content, so the content is closer to your users and can be delivered faster regardless of their location.
Amazon Elastic File System (Amazon EFS) is a regional cloud storage service storing data across multiple availability zones for high availability and durability.
Elastic Beanstalk (AWS)
Managed hosting platform providing easy to use services for deploying and scaling web applications and services.
Elastic Block Store (AWS)
Amazon Elastic Block Store (EBS) is an easy to use, high performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale
The ability to dynamically provision and de-provision computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage.
Elastic Kubernetes Service (EKS)
Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console. Similar to Azure AKS
Elastic Load Balancing (ELB) (AWS)
A web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.
Elastic network interface (AWS)
An additional network interface that can be attached to an instance. Elastic network interfaces include a primary private IP address, one or more secondary private IP addresses, an Elastic IP Address (optional), a MAC address, membership in specified security groups, a description, and a source/destination check flag. You can create an elastic network interface, attach it to an instance, detach it from an instance, and attach it to another instance.
An open-source, real-time distributed search and analytics engine used for full-text search, structured search, and analytics. Elasticsearch was developed by the Elastic company.
AWS: Amazon Elasticsearch Service (Amazon ES) is an AWS managed service for deploying, operating, and scaling Elasticsearch in the AWS Cloud.
Amazon Elastic MapReduce (Amazon EMR) is a web service that makes it easy to quickly and cost-effectively process vast amounts of data. Amazon EMR uses Hadoop, an open source framework, to distribute your data and processing across a resizable cluster of Amazon EC2 instances. Similar to Azure Databricks / HD Insight / Data Lake Storage
To use a mathematical algorithm to make data unintelligible to unauthorized users while allowing authorized users a method (such as a key or password) to convert the altered data back to its original state.
Encryption context (AWS)
A set of key–value pairs that contains additional information associated with AWS Key Management Service (AWS KMS)–encrypted information.
A URL that identifies a host and port as the entry point for a web service. Every web service request contains an endpoint. Most AWS products provide endpoints for a Region to enable faster connectivity.
The date from which time is measured. For most Unix environments, the epoch is January 1, 1970.
Extract, Transform and Load - A process that is used to integrate data from multiple sources. Data is collected from sources (extract), converted to an appropriate format (transform), and written to a target data store (load) for purposes of analysis and querying
A strategy that incrementally increases the wait between retry attempts in order to reduce the load on the system and increase the likelihood that repeated requests will succeed. For example, client applications might wait up to 400 milliseconds before attempting the first retry, up to 1600 milliseconds before the second, up to 6400 milliseconds (6.4 seconds) before the third, and so on.
The ability of a cloud solution to add new runtime and framework support via community buildpacks.
Facet (AWS Cloudsearch)
Amazon CloudSearch: An index field that represents a category that you want to use to refine and filter search results.
Fault Domain (Azure)
The collection of virtual machines in an availability set that can possibly fail at the same time. An example is a group of machines in a rack that share a common power source and network switch. In Azure, the virtual machines in an availability set are automatically separated across multiple fault domains.
Amazon Machine Learning: The machine learning process of constructing more predictive input representations or “features” from the raw input variables to optimize a machine learning model’s ability to learn and generalize. Also known as data transformation or feature engineering.
A system in which multiple databases appear to function as a single entity. However, the databases typically involved in this kind of system exist independently of the others. Once the different databases are combined, one federated database is formed.
Federated identity management (FIM)
Allows individuals to sign in to different networks or services, using the same group or personal credentials to access data across all networks. With identity federation in AWS, external identities (federated users) are granted secure access to resources in an AWS account without having to create IAM users. These external identities can come from a corporate identity store (such as LDAP or Windows Active Directory) or from a third party (such as Login with Amazon, Facebook, or Google). AWS federation also supports SAML 2.0.
The relative importance of a text field in a search index. Field weights control how much matches in particular text fields affect a document's relevance score.
Amazon Kinesis Data Firehose is a fully managed service that automatically provisions, manages and scales compute, memory, and network resources required to process and load your streaming data. Once set up, Kinesis Data Firehose loads data streams into your destinations continuously as they arrive.
Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. Similar to AWS Lambda.
A simple search query that uses approximate string matching (fuzzy matching) to correct for typographical errors and misspellings.
GCP - Google Cloud Platform
Google Cloud Platform is a comprehensive cloud platform offered by Google, Inc. that consists of both infrastructure as a service (IaaS) and platform as a service (PaaS) offerings.
GCE - Google Container Engine
GCE is a management and orchestration system for Docker containers that runs within Google's public cloud. Google Container Engine is based on the Google Kubernetes container orchestration engine.
A defined boundary for data residency that typically contains two or more regions. The boundaries may be within or beyond national borders and are influenced by tax regulation. Every geo has at least one region. Examples of geos are Asia Pacific and Japan.
The process of automatically replicating content such as blobs, tables, and queues within a regional pair.
A search query that uses locations specified as a latitude and longitude to determine matches and sort the results.
A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes. A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte (TiB).
A web-based repository that uses Git for version control.
GKE - Google Kubernetes Engine
Google’s managed environment for running containerized apps.
Global secondary index
An index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered global because queries on the index can span all of the data in a table, across all partitions.
A fully managed service that serves as a system of registration and system of discovery for enterprise data sources. Similar to Azure Data Catalog.
Google App Engine (GCP)
GCP App Engine is a platform-as-a-service (PaaS) offering that gives software developers access to Google's scalable hosting. Developers can also use a software developer kit (SDK) to develop software products that run on App Engine.
Google Chronicle (GCP)
Extracts signals from your security telemetry and identifies threats instantly.
Google Cloud Trace (GCP)
Cloud Trace is a distributed tracing system that collects latency data from your applications and finds performance bottlenecks in production.
Google Compute Engine (GCP)
An IaaS service offering that provides users with virtual machine instances for workload hosting on GCP
Google Cloud SQL (GCP)
Fully Managed Relational Database Server For MySQL PostgreSQL & SQL Server.
Google Cloud Build (GCP)
Solution for running build steps in a Docker Container.
Google Cloud Storage (GCP)
GCS is a cloud storage platform designed to store large, unstructured data sets. Google also offers database storage options, including Cloud Datastore for NoSQL nonrelational storage, Cloud SQL for MySQL fully relational storage and Google's native Cloud Bigtable database.
Google Data Studio (GCP)
An interactive data suite for dashboarding, reporting and analytics.
Google Recommender (GCP)
Monitors and provides actionable recommendations to keep your GCP infrastructure optimized.
AWS Key Management Service (AWS KMS): A mechanism for giving AWS principals long-term permissions to use customer master key (CMK)s.
Grant token (AWS)
A type of identifier that allows the permissions in a grant to take effect immediately.
The observations used in the machine learning (ML) model training process that include the correct value for the target attribute. To train an ML model to predict house sales prices, the input observations would typically include prices of previous house sales in the area. The sale prices of these houses constitute the ground truth.
A collection of IAM users. You can use IAM groups to simplify specifying and managing permissions for multiple users.
Detect and investigate advanced attacks on-premises and in the cloud. Similar to Azure Advanced Threat Protection.
Software that enables distributed processing for big data by using clusters and simple programming models. For more information, see http://hadoop.apache.org.
A hardware-based IPsec VPN connection over the internet.
HashiCorp Control Language. The declarative language used in the Terraform CLI to construct arguments and blocks when defining infrastructure as code.
Health check (AWS)
A system call to check on the health status of each instance in an Amazon EC2 Auto Scaling group.
A document that matches the criteria specified in a search request. Also referred to as a search result.
Hash-based Message Authentication Code. A specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key.
Hosted zone (AWS Route53)
A collection of resource record sets that Amazon Route 53 hosts. Like a traditional DNS zone file, a hosted zone represents a collection of records that are managed together under a single domain name.
Hardware Virtual Machine virtualization. Allows the guest VM to run as though it is on a native hardware platform, except that it still uses paravirtual (PV) network and storage drivers for improved performance.
A cloud that combines public and private clouds, bound together by technology that allows data and applications to be shared between them. A hybrid cloud gives businesses greater flexibility to scale up and down and offers more deployment options.
A hypervisor or virtual machine monitor (VMM) is a piece of software that allows physical devices to share their resources among virtual machines (VMs) running on top of that physical hardware.
IaaS - Infrastructure as a Service
Infrastructure as a Service (IaaS) is a model of cloud computing in which the vendor hosts virtualized computing resources, as well as network and storage resources, and provides them to the user as a service via the internet.
Identity and Access Management (AWS)
AWS: AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Azure: Azure Role-Based ACL (RBAC) or Azure Active Directory
GCP: Google Cloud IAM
Is a collection of IAM users that allow you to specify permissions for multiple users.
IAM policy simulator
AWS: With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies (SCPs), and resource-based policies.
AWS: An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
One of the available network topology diagram types when using Hava.io to visualize AWS, GCP and Azure cloud infrastructure.
A file that contains the operating system and application configuration that can be used to create any number of virtual machines. In Azure there are two types of images: VM image and OS image. A VM image includes an operating system and all disks attached to a virtual machine when the image is created. An OS image contains only a generalized operating system with no data disk configurations.
In-place deployment (AWS)
CodeDeploy: A deployment method in which the application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated.
Inline policy (AWS)
An IAM policy that is embedded in a single IAM user, group, or role.
A copy of an Amazon Machine Image (AMI) running as a virtual server in the AWS Cloud.
Instance store (AWS)
Disk storage that is physically attached to the host computer for an EC2 instance, and therefore has the same lifespan as the instance. When the instance is terminated, you lose any data in the instance store.
A specification that defines the memory, CPU, storage capacity, and usage cost for an instance. Some instance types are designed for standard applications, whereas others are designed for CPU-intensive, memory-intensive applications, and so on.
Connects a network to the internet. You can route traffic for IP addresses outside your VPC to the internet gateway.
Internet service provider (ISP)
A company that provides subscribers with access to the internet.
A numerical address (for example, 192.0.2.44) that networked devices use to communicate with one another using the Internet Protocol (IP).
IP match condition (AWS)
AWS WAF: An attribute that specifies the IP addresses or IP address ranges that web requests originate from. Based on the specified IP addresses, you can configure AWS WAF to allow or block web requests to AWS resources such as Amazon CloudFront distributions.
The person who writes a policy to grant permissions to a resource. The issuer (by definition) is always the resource owner. AWS does not permit Amazon SQS users to create policies for resources they don't own. If John is the resource owner, AWS authenticates John's identity when he submits the policy he's written to grant permissions for that resource.
Job flow (AWS)
Amazon EMR: One or more steps that specify all of the functions to be performed on the data.
A credential that identifies an AWS account or user to AWS (such as the AWS secret access key).
Amazon Simple Storage Service (Amazon S3), Amazon EMR: The unique identifier for an object in a bucket. Every object in a bucket has exactly one key.
AWS Import/Export: The name of an object in Amazon S3. It is a sequence of Unicode characters whose UTF-8 encoding cannot exceed 1024 bytes.
IAM: In a policy, a specific characteristic that is the basis for restricting access (such as the current time, or the IP address of the requester).
A set of security credentials that you use to prove your identity electronically. A key pair consists of a private key and a public key.
Key prefix (AWS)
A logical grouping of the objects in a bucket. The prefix value is similar to a directory name that enables you to store similar data under the same directory in a bucket.
GCP Components to create Kubernetes-native cloud-based software.
Key Vault (Azure)
Provides security solutions and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSM).
A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB) is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB).
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation.
Kubernetes Service (AKS) (Azure)
Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console.
Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. Similar to Azure Functions.
Launch configuration (AWS)
A set of descriptive parameters used to create new EC2 instances in an Amazon EC2 Auto Scaling activity.
Launch permission (AWS)
An Amazon Machine Image (AMI) attribute that allows users to launch an AMI.
The lifecycle state of the EC2 instance contained in an Auto Scaling group. EC2 instances progress through several states over their lifespan; these include Pending, InService, Terminating and Terminated.
Build, deploy, and scale web apps on a fully managed platform.
The number of resources that can be created or the performance benchmark that can be achieved. Limits are typically associated with subscriptions, services, and offerings.
Link to VPC (AWS)
The process of linking (or attaching) an EC2-Classic instance to a ClassicLink-enabled VPC.
A DNS name combined with a set of ports, which together provide a destination for all requests intended for your application. A load balancer can distribute traffic to multiple application instances across every Availability Zone within a Region.
AWS: Load balancers can span multiple Availability Zones within an AWS Region into which an Amazon EC2 instance was launched. But load balancers cannot span multiple Regions.
Azure: A resource that distributes incoming traffic among computers in a network. In Azure, a load balancer distributes traffic to virtual machines defined in a load-balancer set. A load balancer can be internet-facing, or it can be internal.
Local secondary index
An index that has the same partition key as the table, but a different sort key. A local secondary index is local in the sense that every partition of a local secondary index is scoped to a table partition that has the same partition key value.
Looker is an enterprise platform for BI, data applications, and embedded analytics that helps you explore and share insights in real time.
Main route table (AWS)
The default route table that any new VPC subnet uses for routing. You can associate a subnet with a different route table of your choice. You can also change which route table is the main route table.
Managed Data Stream Processing Service MDSPS
Service to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Popular solutions include AWS Kinesis, Azure Stream, Azure Data Lake Analytics and GCP Dataflow.
A standalone IAM policy that you can attach to multiple users, groups, and roles in your IAM account.
When sending a create job request for an import or export operation, you describe your job in a text file called a manifest. The manifest file is a YAML-formatted file that specifies how to transfer data between your storage device and the AWS Cloud.
Manifest file (AWS ML)
Amazon Machine Learning: The file used for describing batch predictions. The manifest file relates each input data file with its associated batch prediction results. It is stored in the Amazon S3 output location.
Master node (AWS)
A process running on an Amazon Machine Image (AMI) that keeps track of the work its core and task nodes complete.
Information about other data or objects. In Amazon Simple Storage Service (Amazon S3) and Amazon EMR metadata takes the form of name–value pairs that describe the object. These include default metadata such as the date last modified and standard HTTP metadata such as Content-Type.
MFA - Multi Factor Authentication
An optional account security feature. Once you enable MFA, you must provide a six-digit, single-use code in addition to your sign-in credentials whenever you access secure webpages or the Management Console. You get this single-use code from an authentication device that you keep in your physical possession.
Micro instance (AWS)
A type of EC2 instance that is more economical to use if you have occasional bursts of high CPU activity.
In machine learning (ML), a mathematical model that generates predictions by finding patterns in data.
MSP - Managed Service Provider
A managed services provider (MSP) is an IT services provider that provides fully outsourced network, application, and system services across a network to clients.
Multi-AZ deployment (AWS)
A primary DB instance that has a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to the standby replica.
Multi-Tenancy is a mode of operation for software in which multiple instances of one or many applications run in a shared environment. In a cloud computing model, pooled physical and virtual resources are dynamically assigned and reassigned to tenants according to consumer demand.
An attribute with more than one value.
A feature that allows you to upload a single object as a set of parts.
A cascading application that provides a simple command-line interface for managing large datasets.
An abstract container that provides context for the items (names, or technical terms, or words) it holds, and allows disambiguation of homonym items residing in different namespaces.
Network address translation. A strategy of mapping one or more IP addresses to another while data packets are in transit across a traffic routing device. This is commonly used to restrict internet communication to private instances while allowing outgoing traffic.
NAT gateway (AWS / Azure )
A NAT device, managed by AWS or Azure, that performs network address translation in a private subnet, to secure inbound internet traffic. A NAT gateway uses both NAT and port address translation. In the AWS and Azure ecosystems they are referred to as NAT Gateways and as Cloud NAT in GCP.
NAT instance (AWS)
A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound internet traffic.
Network ACL (Access Control List) (AWS)
An optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. You can associate multiple subnets with a single network ACL, but a subnet can be associated with only one network ACL at a time.
Network Address Translation and Protocol Translation
(NAT-PT) An internet protocol standard defined in RFC 2766.
A network connection between two VPCs or Virtual Networks that routes traffic between them using private IP addresses. Referred to as VPC Peering connections in AWS, Virtual Network Peering in Azure and VPC Network Peering in GCP.
NICE Desktop Cloud Visualization (AWS)
A remote desktop visualization technology for securely connecting users to graphic-intensive 3D applications hosted on a remote, high-performance server.
Amazon Elasticsearch Service (Amazon ES): An Elasticsearch instance. A node can be either a data instance or a dedicated master instance.
Non Relational database systems that are highly available, scalable, and optimized for high performance. NoSQL technology offers dynamic schema, horizontal scaling, and the ability to store and retrieve data as columns, graphs, key-values, or documents. Instead of the relational model, NoSQL databases (like Amazon DynamoDB) use alternate models for data management, such as key–value pairs or document storage. Popular solutions include AWS DynamoDB, Azure Cosmos DB, GCP Cloud Firestone, Bigtable and GCP Cloud Database.
A null object is one whose version ID is null.
AWS: Amazon S3 adds a null object to a bucket when versioning for that bucket is suspended. It is possible to have only one null object for each key in a bucket.
Amazon Simple Storage Service (Amazon S3): The fundamental entity type stored in Amazon S3. Objects consist of object data and metadata. The data portion is opaque to Amazon S3.
Amazon CloudFront: Any entity that can be served either over HTTP or a version of RTMP.
On-Demand Instance (AWS)
An Amazon EC2 pricing option that charges you for compute capacity by the hour with no long-term commitment.
An API function. Also called an action.
A strategy to ensure that an item that you want to update has not been modified by others before you perform the update. For Amazon DynamoDB, optimistic locking support is provided by the AWS SDKs.
AWS Organizations: An entity that you create to consolidate and manage your AWS accounts. An organization has one master account along with zero or more member accounts.
Origin Access Identity (OAI) (AWS)
Also called OAI. When using Amazon CloudFront to serve content with an Amazon S3 bucket as the origin, a virtual identity that you use to require users to access your content through CloudFront URLs instead of Amazon S3 URLs. Usually used with CloudFront private content.
Origin server (AWS)
The Amazon S3 bucket or custom origin containing the definitive original version of the content you deliver through CloudFront.
PaaS - Platform as a Service
Platform as a Service (PaaS) is a model of cloud computing in which a vendor provides the hardware and software tools necessary to create, deploy and manage applications at scale to the user via the internet, as a service.
The process of responding to an API request by returning a large list of records in small separate parts. Pagination can occur in the following situations:
- The client sets the maximum number of returned records to a value below the total number of records.
- The service has a default maximum number of returned records that is lower than the total number of records.
When an API response is paginated, the service sends a subset of the large list of records and a pagination token that indicates that more records are available. The client includes this pagination token in a subsequent API request, and the service responds with the next subset of records. This continues until the service responds with a subset of records and no pagination token, indicating that all records have been sent.
A marker that indicates that an API response contains a subset of a larger list of records. The client can return this marker in a subsequent API request to retrieve the next subset of records until the service responds with a subset of records and no pagination token, indicating that all records have been sent.
An Amazon Machine Image (AMI) that you sell to other Amazon EC2 users on AWS Marketplace.
Parallel Cluster (AWS)
Create, manage, operate, and optimize HPC and big compute clusters of any scale. Similar to Azure CycleCloud.
A simple primary key, composed of one attribute (also known as a hash attribute).
Port address translation.
A statement within a policy that allows or denies access to a particular resource.
A data storage solution where the data remains intact until it is deleted.
Persistent Disk (GCP)
Block storage for virtual machine instances running on Google Cloud
AWS CodePipeline: A workflow construct that defines the way software changes go through a release process.
Information that has not been encrypted, as opposed to ciphertext.
IAM: A document defining permissions that apply to a user, group, or role; the permissions in turn determine what users can do in AWS. A policy typically allows access to specific actions, and can optionally grant that the actions are allowed for specific resources, like EC2 instances, Amazon S3 buckets, and so on. Policies can also explicitly deny access.
Amazon EC2 Auto Scaling: An object that stores the information needed to launch or terminate instances for an Auto Scaling group. Executing the policy causes instances to be launched or terminated. You can configure an alarm to invoke an Auto Scaling policy.
Policy generator (AWS IAM)
A tool in the IAM AWS Management Console that helps you build a policy by selecting elements from lists of available options.
Policy simulator (AWS)
A tool in the IAM AWS Management Console that helps you test and troubleshoot policies so you can see their effects in real-world scenarios.
Policy validator (AWS)
A tool in the IAM AWS Management Console that examines your existing IAM access control policies to ensure that they comply with the IAM policy grammar.
The secure web portal used to deploy and manage Azure services.
A web address that uses query string authentication.
Primary key (AWS)
One or two attributes that uniquely identify each item in a Amazon DynamoDB table, so that no two items can have the same key.
The user, service, or account that receives permissions that are defined in a policy.
Services offered over the Internet or over a private internal network to only select users, not the general public
Private content (AWS)
When using Amazon CloudFront to serve content with an Amazon S3 bucket as the origin, a method of controlling access to your content by requiring users to use signed URLs. Signed URLs can restrict user access based on the current date and time and/or the IP addresses that the requests originate from.
Private IP address
A private numerical address (for example, 192.168.2.10) that networked devices use to communicate with one another using the Internet Protocol (IP).
Private subnet (AWS)
A VPC subnet whose instances cannot be reached from the internet.
Property rule (AWS)
A JSON-compliant markup standard for declaring properties, mappings, and output values in an AWS CloudFormation template.
A storage option designed to deliver fast, predictable, and consistent I/O performance.
AWS: When you specify an IOPS rate while creating a DB instance, Amazon RDS provisions that IOPS rate for the lifetime of the DB instance.
Public AMI (AWS)
An Amazon Machine Image (AMI) that all AWS accounts have permission to launch.
Services offered over the public Internet and available to anyone who wants to purchase them.
Public dataset (AWS)
A large collection of public information that can be seamlessly integrated into applications that are based in the AWS Cloud. Amazon stores public datasets at no charge to the community and, like all AWS services, users pay only for the compute and storage they use for their own applications. These datasets currently include data from the Human Genome Project, the U.S. Census, Wikipedia, and other sources.
Public IP address
A public numerical address (for example, 192.0.2.44) that networked devices use to communicate with one another using the Internet Protocol (IP).
A subnet whose instances can be reached from the internet.
Publish/subscribe messaging, or pub/sub messaging, is a form of asynchronous service-to-service communication used in serverless and microservices architectures. In a pub/sub model, any message published to a topic is immediately received by all of the subscribers to the topic. Pub/sub messaging can be used to enable event-driven architectures, or to decouple applications in order to increase performance, reliability and scalability.
Popular cloud solutions include AWS SNS Topics, Azure Event Grid and GCP Cloud Pub/Sub
Paravirtual virtualization. Allows guest VMs to run on host systems that do not have special support extensions for full hardware and CPU virtualization. Because PV guests run a modified operating system that does not use hardware emulation, they cannot provide hardware-related features such as enhanced networking or GPU support.
A type of web service that generally uses only the GET or POST HTTP method and a query string with parameters in the URL.
Query string authentication (AWS)
An AWS feature that lets you place the authentication information in the HTTP request query string instead of in the Authorization header, which enables URL-based access to objects in a bucket.
A sequence of messages or jobs that are held in temporary storage awaiting transmission or processing.
A web address that uniquely identifies a queue.
The maximum value for your resources, actions, and items.
A request that specifies a byte range of data to get for a download. If an object is large, you can break up a download into smaller units by sending multiple range GET requests that each specify a different byte range to GET.
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups.
Amazon RDS: An active copy of another DB instance. Any updates to the data on the source DB instance are replicated to the read replica DB instance using the built-in replication feature of MySQL 5.1.
A fast, open-source, in-memory key-value data structure store. Redis comes with a set of versatile in-memory data structures with which you can easily create a variety of custom applications.
Cloud-based Enterprise Data Warehouse (EDW) that uses Massively Parallel Processing (MPP) to quickly run complex queries across petabytes of data. Similar to Azure Synapse Analytics.
A named set of cloud resources in the same geographical area. A Region comprises at least two Availability Zones.
Azure: An area within a geo that does not cross national borders and contains one or more datacenters. Pricing, regional services, and offer types are exposed at the region level. A region is typically paired with another region, which can be up to several hundred miles away. Regional pairs can be used as a mechanism for disaster recovery and high availability scenarios. Also referred to as location.
A type of machine learning model that predicts a numeric value, such as the exact purchase price of a house.
A machine learning (ML) parameter that you can tune to obtain higher-quality ML models. Regularization helps prevent ML models from memorizing training data examples instead of learning how to generalize the patterns it sees (called overfitting). When training data is overfitted, the ML model performs well on the training data but does not perform well on the evaluation data or on new data.
The person (or application) that sends a request to AWS to perform a specific action. When AWS receives a request, it first evaluates the requester's permissions to determine whether the requester is allowed to perform the request action (if applicable, for the requested resource).
Reserved Instance (AWS)
A pricing option for EC2 instances that discounts the on-demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.
Reserved Instance Marketplace (AWS)
An online exchange that matches sellers who have reserved capacity that they no longer need with buyers who are looking to purchase additional capacity. Reserved Instances that you purchase from third-party sellers have less than a full standard term remaining and can be sold at different upfront prices. The usage or reoccurring fees remain the same as the fees set when the Reserved Instances were originally purchased. Full standard terms for Reserved Instances available from AWS run for one year or three years.
AWS: An entity that users can work with in AWS, such as an EC2 instance, an Amazon DynamoDB table, an Amazon S3 bucket, an IAM user, an AWS OpsWorks stack, and so on.
Azure: An item that is part of your Azure solution. Each Azure service enables you to deploy different types of resources, such as databases or virtual machines.
Resource Group (Azure)
A container in Resource Manager that holds related resources for an application. The resource group can include all of the resources for an application, or only those resources that are logically grouped together. You can decide how you want to allocate resources to resource groups based on what makes the most sense for your organization.
Resource Manager Template (Azure)
A JSON file that declaratively defines one or more Azure resources and that defines dependencies between the deployed resources. The template can be used to deploy the resources consistently and repeatedly.
Resource Provider (Azure)
A service that supplies the resources you can deploy and manage through Resource Manager. Each resource provider offers operations for working with the resources that are deployed. Resource providers can be accessed through the Azure portal, Azure PowerShell, and several programming SDKs.
Also called resource record set. The fundamental information elements in the Domain Name System (DNS).
Representational state transfer. A simple stateless architecture that generally runs over HTTPS/TLS. REST emphasizes that resources have unique and hierarchical identifiers (URIs), are represented by common media types (HTML, XML, JSON, and so on), and that operations on the resources are either predefined or discoverable within the media type. In practice, this generally results in a limited number of operations.
RESTful web service
Also known as RESTful API. A web service that follows REST architectural constraints. The API operations must use HTTP methods explicitly; expose hierarchical URIs; and transfer either XML, JSON, or both.
AWS CodePipeline: A change made to a source that is configured in a source action, such as a pushed commit to a GitHub repository or an update to a file in a versioned Amazon S3 bucket.
AWS: A tool for giving temporary access to AWS resources in your AWS account
Azure: A means for controlling access that can be assigned to users, groups, and services. Roles are able to perform actions such as create, manage, and read on Azure resources.
A return to a previous state that follows the failure to create an object, such as AWS CloudFormation stack. All resources associated with the failure are deleted during the rollback.
AWS Organizations: A parent container for the accounts in your organization. If you apply a service control policy to the root, it applies to every organizational unit and account in the organization.
Root credentials (AWS)
Authentication information associated with the AWS account owner.
Root device volume (AWS)
A volume that contains the image used to boot the instance (also known as a root device).
A set of routing rules that controls the traffic leaving any subnet that is associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.
AWS WAF: A set of conditions that AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions. You add rules to a web ACL, and then specify whether you want to allow or block web requests based on each rule.
Amazon Simple Storage Service (Amazon S3) is a service offered by Amazon Web Services that provides object storage through a web service interface.
SaaS - Software as a Service
Software as a service (SaaS), is a model of cloud computing in which applications (software) are hosted by a vendor and provided to the user as a service. SaaS applications are licensed on a subscription basis and are made available to users over a network, typically the internet
Sampling period (AWS Cloudwatch)
A defined duration of time, such as one minute, over which Amazon CloudWatch computes a statistic.
A testing location where you can test the functionality of your application without affecting production, incurring charges, or purchasing products.
To remove resources like AWS EC2 instances from an Auto Scaling group.
To add resources like AWS EC2 instances to an Auto Scaling group.
A description of how Auto Scaling should automatically scale an Auto Scaling group in response to changing demand.
The method used for placing tasks on container instances.
Describes the organisation, structure and data types within a database or data set.
Amazon Machine Learning: The information needed to interpret the input data for a machine learning model, including attribute names and their assigned data types, and the names of special attributes.
Secret access key
A key that is used in conjunction with the access key ID to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and prevents the request from being altered.
A named set of allowed inbound network connections for an instance. (Security groups in Amazon VPC also include support for outbound connections.) Each security group consists of a list of protocols, ports, and IP address ranges. A security group can apply to multiple instances, and multiple groups can regulate a single instance. Referred to as AWS Security Group, Azure Network Security Group and GCP Compute Engine Firewall Rules.
One of the available diagram views available when using hava.io to visualize your AWS network security. The security view displays security groups and overlays the open ports and traffic ingress/egress points.
A Microsoft-controlled version of SPF. An email authentication and anti-spoofing system. For more information about Sender ID, see Sender ID in Wikipedia.
A computing model in which the cloud provider provisions and manages servers. It enables developers to spend more time building apps and less time managing infrastructure.
Serverless Container Service
The ability to run containers without managing servers. Popular solutions include AWS Fargate, Azure ACI and GCP Cloud Run (GKE)
Server-side encryption (SSE)
The encryption of data at the server level.
AWS: Amazon S3 supports three modes of server-side encryption: SSE-S3, in which Amazon S3 manages the keys; SSE-C, in which the customer manages the keys; and SSE-KMS, in which AWS Key Management Service (AWS KMS) manages keys.
Service control policy (AWS)
AWS Organizations: A policy-based control that specifies the services and actions that users and roles can use in the accounts that the service control policy (SCP) affects.
Service Fabric Mesh (Azure)
Fully managed service that enables developers to deploy microservices applications without managing virtual machines, storage, or networking
Service health dashboard (AWS)
A web page showing up-to-the-minute information about AWS service availability. The dashboard is located at http://status.aws.amazon.com/.
Service Quotas (AWS)
A service for viewing and managing your quotas easily and at scale as your AWS workloads grow. Quotas, also referred to as limits, are the maximum number of resources that you can create in an AWS account.
Service role (AWS)
An IAM role that grants permissions to an AWS service so it can access AWS resources. The policies that you attach to the service role determine which AWS resources the service can access and what it can do with those resources.
Amazon Simple Email Service (Amazon SES).
The period during which the temporary security credentials provided by AWS Security Token Service (AWS STS) allow access to your AWS account.
Secure Hash Algorithm.
Shared Access Signature (SAS) (Azure)
A signature that enables you to grant limited access to a resource, without exposing your account key. For example, Azure Storage uses SAS to grant client access to objects such as blobs. IoT Hub uses SAS to grant devices permission to send telemetry.
Amazon Elasticsearch Service (Amazon ES): A partition of data in an index. You can split an index into multiple shards, which can include primary shards (original shards) and replica shards (copies of the primary shards). Replica shards provide failover, which means that a replica shard is promoted to a primary shard if a cluster node that contains a primary shard fails. Replica shards also can handle requests.
Shared AMI (AWS)
An Amazon Machine Image (AMI) that a developer builds and makes available for others to use.
Refers to a digital signature, which is a mathematical way to confirm the authenticity of a digital message. AWS uses signatures to authenticate the requests you send to AWS web services.
Signature Version 4 (AWS)
Protocol for authenticating inbound API requests to AWS services in all AWS Regions.
Single-AZ DB instance (AWS)
A standard (non-Multi-AZ) DB instance that is deployed in one Availability Zone, without a standby replica in another Availability Zone.
Sloppy phrase search
A search for a phrase that specifies how close the terms must be to one another to be considered a match.
Simple Mail Transfer Protocol. The standard that is used to exchange email messages between internet hosts for the purpose of routing and delivery.
Amazon Elastic Block Store (Amazon EBS): A backup of your volumes that is stored in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability..
Amazon Simple Notification Service is a notification service provided as part of Amazon Web Services since 2010. It provides a low-cost infrastructure for the mass delivery of messages, predominantly to mobile users
Simple Object Access Protocol. An XML-based protocol that lets you exchange information over a particular protocol (HTTP or SMTP, for example) between applications.
A software appliance-based VPN connection over the internet.
Sort enabled (AWS)
Amazon CloudSearch: An index field option that enables a field to be used to sort the search results.
Source/destination checking (AWS)
A security measure to verify that an EC2 instance is the origin of all traffic that it sends and the ultimate destination of all traffic that it receives; that is, that the instance is not relaying traffic. Source/destination checking is enabled by default. For instances that function as gateways, such as VPC NAT instances, source/destination checking must be disabled.
Sender Policy Framework. A standard for authenticating email.
Spot Instance (AWS)
A type of EC2 instance that you can bid on to take advantage of unused Amazon EC2 capacity.
Spot price (AWS)
The price for a Spot Instance at any given time. If your maximum price exceeds the current price and your restrictions are met, Amazon EC2 launches instances on your behalf.
SQL injection match condition (AWS)
AWS WAF: An attribute that specifies the part of web requests, such as a header or a query string, that AWS WAF inspects for malicious SQL code. Based on the specified conditions, you can configure AWS WAF to allow or block web requests to AWS resources such as Amazon CloudFront distributions.
Amazon Simple Queue Service (Amazon SQS).
Server-side encryption (SSE).
Secure Sockets Layer - Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.
Single Sign-On. Single sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. It is often accomplished by using the Lightweight Directory Access Protocol and stored LDAP databases on servers
AWS CloudFormation: A collection of AWS resources that you create and delete as a single unit.
AWS OpsWorks: A set of instances that you manage collectively, typically because they have a common purpose such as serving PHP applications. A stack serves as a container and handles tasks that apply to the group of instances as a whole, such as managing applications and cookbooks.
Sticky session (AWS)
A feature of the Elastic Load Balancing load balancer that binds a user's session to a specific application instance so that all requests coming from the user during the session are sent to the same application instance. By contrast, a load balancer defaults to route each request independently to the application instance with the smallest load.
A word that is not indexed and is automatically filtered out of search requests because it is either insignificant or so common that including it would result in too many matches to be useful. Stopwords are language specific.
Storage Account (Azure)
An account that gives you access to the Azure Blob, Queue, Table, and File services in Azure Storage. The storage account name defines the unique namespace for Azure Storage data objects.
Storage Gateway (AWS)
Integrates on-premises IT environments with cloud storage. Automates data management and storage, plus supports disaster recovery. Similar to Azure StorSimple.
Integrates on-premises IT environments with cloud storage. Automates data management and storage, plus supports disaster recovery. Similar to AWS Storage Gateway.
Before you calculate an HMAC signature, you first assemble the required components in a canonical order. The pre encrypted string is the string-to-sign.
String match condition (AWS)
AWS WAF: An attribute that specifies the strings that AWS WAF searches for in a web request, such as a value in a header or a query string. Based on the specified strings, you can configure AWS WAF to allow or block web requests to AWS resources such as CloudFront distributions.
Structured query (AWS)
Search criteria specified using the Amazon CloudSearch structured query language. You use the structured query language to construct compound queries that use advanced search options and combine multiple search criteria using Boolean operators.
AWS Security Token Service (AWS STS).
AWS: A segment of the IP address range of a VPC that EC2 instances can be attached to. You can create subnets to group instances according to security and operational needs.
A customer's agreement with Microsoft that enables them to obtain Azure services. The subscription pricing and related terms are governed by the offer chosen for the subscription
Supported AMI (AWS)
An Amazon Machine Image (AMI) similar to a paid AMI, except that the owner charges for additional software or a service that customers use with their own AMIs.
Amazon SWF (Simple Workflow Service) is an Amazon Web Services tool that helps developers coordinate, track and audit multi-step, multi-machine application jobs. A developer can access Amazon SWF through the AWS Management Console, AWS SDK or SWF APIs
Encryption that uses a private key only.
Synapse Analytics (Azure)
Cloud-based Enterprise Data Warehouse (EDW) that uses Massively Parallel Processing (MPP) to quickly run complex queries across petabytes of data. Similar to AWS Redshift
A word that is the same or nearly the same as an indexed word and that should produce the same results when specified in a search request. For example, a search for "Police Academy Four" or "Police Academy 4" should return the fourth Police Academy movie.
A collection of data. Similar to other database systems, DynamoDB stores data in tables.
Metadata that you can define and assign to resources.
Tagging resources: Applying a tag to a resource.
Target revision (AWS)
AWS CodeDeploy: The most recent version of the application revision that has been uploaded to the repository and will be deployed to the instances in a deployment group. In other words, the application revision currently targeted for deployment. This is also the revision that will be pulled for automatic deployments.
An instantiation of a task definition that is running on a container instance.
The blueprint for your task. Specifies the name of the task, revisions, container definitions, and volume information.
Template format version (AWS)
The version of an AWS CloudFormation template design that determines the available features. If you omit the AWSTemplateFormatVersion section from your template, AWS CloudFormation assumes the most recent format version.
Terraform is an open-source infrastructure as code software tool created by HashiCorp. Users define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language, or optionally JSON.
The automatic restricting or slowing down of a process based on one or more limits.
Time series data
Data provided as part of a metric. The time value is assumed to be when the value occurred.
A date/time string in ISO 8601 format.
Traffic Director (GCP)
Traffic Director is Google Cloud's fully managed traffic control plane for service mesh. With Traffic Director, you can deploy global load balancing across clusters and virtual machine (VM) instances in multiple regions, offload health checking from service proxies, and configure sophisticated traffic control policies.
Trusted Advisor (AWS)
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Similar to Azure Advisor.
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.
The process of splitting a stream of text into separate tokens on detectable boundaries such as white space and hyphens.
A communication channel to send messages and subscribe to notifications. It provides an access point for publishers and subscribers to communicate with each other.
Traffic Mirroring (AWS)
An Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances, and then send it to out-of-band security and monitoring appliances for content inspection, threat monitoring, and troubleshooting.
Training datasource (AWS ML)
A datasource that contains the data that Amazon Machine Learning uses to train the machine learning model to make predictions.
AWS CodePipeline: The act of a revision in a pipeline continuing from one stage to the next in a workflow.
Transport Layer Security (TLS)
A cryptographic protocol that provides security for communication over the internet. Its predecessor is Secure Sockets Layer (SSL).
Trust policy (IAM)
An IAM policy that is an inherent part of an IAM role. The trust policy specifies which principals are allowed to use the role.
Trusted signers (AWS)
AWS accounts that the CloudFront distribution owner has given permission to create signed URLs for a distribution's content.
A route for transmission of private network traffic that uses the internet to connect nodes in the private network. The tunnel uses encryption and secure protocols such as PPTP to prevent the traffic from being intercepted as it passes through public routing nodes.
The number of potential occurrences is not limited by a set number. This value is often used when defining a data type that is a list
Standard measurement for the values submitted to Amazon CloudWatch as metric data. Units include seconds, percent, bytes, bits, count, bytes/second, bits/second, count/second, and none.
Unlink from VPC (AWS)
The process of unlinking (or detaching) an EC2-Classic instance from a ClassicLink-enabled VPC.
Update Domain (Azure)
The collection of virtual machines in an availability set that are updated at the same time. Virtual machines in the same update domain are restarted together during planned maintenance. Azure never restarts more than one update domain at a time. Also referred to as an upgrade domain.
Usage report (AWS)
An AWS record that details your usage of a particular AWS service.
A person or application under an account that needs to make API calls to AWS products. Each user has a unique name within the AWS account, and a set of security credentials not shared with other users. These credentials are separate from the AWS account's security credentials. Each user is associated with one and only one AWS account.
Instances of attributes for an item, such as cells in a spreadsheet. An attribute might have multiple values.
Tagging resources: A specific tag label that acts as a descriptor within a tag category (key). For example, you might have an EC2 instance with the tag key of Owner and the tag value of Jan. You can tag an AWS resource with up to 10 key–value pairs. Not all AWS resources can be tagged.
Software upgrade versioning is the process of assigning either unique version names or unique version numbers to unique states of computer software. Within a given version number category, these numbers are generally assigned in increasing order and correspond to new developments in the software
AWS S3: Every object in Amazon S3 has a key and a version ID. Objects with the same key, but different version IDs can be stored in the same bucket. Versioning is enabled at the bucket layer using PUT Bucket versioning.
Hava.io: The versioning within Hava captures changes in infrastructure settings, updates diagrams and captures the changes in a version history so that superseded diagrams can still be accessed and interactively inspected.
A vertical cloud is a cloud computing solution that is built or optimized for a specific business vertical such as manufacturing, financial services, or healthcare.
The act of creating a virtual rather than a physical version of a computing environment, including computer hardware, operating system, storage devices, and so on. Allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.
The software implementation of a physical computer that runs an operating system. Multiple virtual machines can run simultaneously on the same hardware.
Azure: Virtual servers allow users to deploy, manage, and maintain OS and server software. Instance types provide combinations of CPU/RAM. Users pay for what they use with the flexibility to change sizes. Similar to AWS EC2 Instances.
Virtual Machine Extension (Azure)
A resource that implements behaviors or features that either help other programs work or provide the ability for you to interact with a running computer. For example, you could use the VM Access extension to reset or modify remote access values on an Azure virtual machine.
Virtual Machine Scale Sets (Azure)
Allows you to automatically change the number of VM instances. You set defined metric and thresholds that determine if the platform adds or removes instances.
Virtual Network (Azure)
A network that provides connectivity between your Azure resources that is isolated from all other Azure tenants. An Azure VPN Gateway lets you establish connections between virtual networks and between a virtual network and an on-premises network. You can fully control the IP address blocks, DNS settings, security policies, and route tables within a virtual network. Similar to AWS VPC
Virtual private gateway (VGW) (AWS)
The Amazon side of a VPN connection that maintains connectivity. The internal interfaces of the virtual private gateway connect to your VPC through the VPN attachment. The external interfaces connect to the VPN connection, which leads to the customer gateway.
The period of time that a message is invisible to the rest of your application after an application component gets it from the queue. During the visibility timeout, the component that received the message usually processes it, and then deletes it from the queue. This prevents multiple components from processing the same message.
The ability to diagram and view your cloud environments in diagram or graphical form. Usually used to visually communicate the design and structure of network topology. Cloud engineers typical use an automated solution like https://hava.io to visualize network environments.
VM Import/Export (AWS)
A service for importing virtual machine (VM) images from your existing virtualization environment to Amazon EC2 and then exporting them back.
A fixed amount of storage on an instance. You can share volume data between containers and persist the data on the container instance when the containers are no longer running.
Virtual private cloud. An elastic network populated by infrastructure, platform, and application services that share common security and interconnection. Similar to Azure Virtual Network.
VPC endpoint (AWS)
A feature that enables you to create a private connection between your VPC and another AWS service without requiring access over the internet, through a NAT instance, a VPN connection, or AWS Direct Connect.
VPG Virtual Private Gateway (AWS)
The Amazon side of a VPN connection that maintains connectivity. The internal interfaces of the virtual private gateway connect to your VPC through the VPN attachment. The external interfaces connect to the VPN connection, which leads to the customer gateway.
Amazon Web Services (AWS): The IPsec connection between a VPC and some other network, such as a corporate data center, home network, or colocation facility.
WAF - Web Application Firewall (AWS / Azure )
A firewall that protects web applications from common web exploits.
Amazon WorkSpaces Application Manager (Amazon WAM) offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces. Amazon WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers. These applications run on the end-user’s Amazon WorkSpaces instance as though they are natively installed.
Web access control list (web ACL)
AWS WAF: A set of rules that defines the conditions that AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions. A web access control list (web ACL) specifies whether to allow, block, or count the requests.
Web Services Description Language. A language used to describe the actions that a web service can perform, along with the syntax of action requests and responses.
A digital document that uses the X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the entity described in the certificate.
YAML is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted. YAML targets many of the same communications applications as Extensible Markup Language but has a minimal syntax which intentionally differs from SGML.
A contraction of yotta binary byte, a yobibyte is 2^80 or 1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or 1,000,000,000,000,000,000,000,000 bytes.
A contraction of zetta binary byte, a zebibyte is 2^70 or 1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or 1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB).
Zone awareness (AWS)
Amazon Elasticsearch Service (Amazon ES): A configuration that distributes nodes in a cluster across two Availability Zones in the same Region. Zone awareness helps to prevent data loss and minimizes downtime in the event of node and data center failure.
If you enable zone awareness, you must have an even number of data instances in the instance count, and you also must use the Amazon Elasticsearch Service Configuration API to replicate your data for your Elasticsearch cluster.
Please feel free to link to or embed this resource. If reproducing in whole or part, please include proper attribution - thankyou.