ACL Access control list ACM AWS Certificate Manager AES Advanced Encryption Standard ALB Application load balancer Amazon SWF Amazon Simple Workflow Service AMI Amazon Machine Image ASG Auto Scaling group AWS Amazon Web Services AZ Availability zone BGP Border Gateway Protocol CAA Certification authority authorization CDN Content delivery network CIDR Classless Inter-Domain Routing CJIS Criminal justice information services CLI Command-line interface CNAME Canonical name record CRR Cross-regional replication CSA Cloud Security Alliance CSM Cloud security model CSV Comma-separated values DBMS Database management system DDL Data Definition Language DDoS Distributed denial of service DHCP Dynamic Host Configuration Protocol DIACAP DoD Information Assurance Certification and Accreditation Process DML Data Manipulation Language DMS Database Migration Service DoD Department of Defense EC2 Elastic Compute Cloud ECS EC2 Container Service EIP Elastic IP address EKS Elastic Kubernetes Service ELB Elastic load balancing ENI Elastic Network Interface ERP Enterprise resource planning ETL Extract, transform, and load FedRAMP Federal Risk and Authorization Management Program FERPA Family Educational Rights and Privacy Act FIFO First in, first out FIPS Federal Information Processing Standards FISMA Federal Information Security Management Act GPU Graphics processing unit HA High availability HIPAA Health Insurance Portability and Accountability Act HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS HTTP Secure HVM Hardware virtual machine IaaS Infrastructure as a Service IAM Identity and Access Management ICMP Internet Control Message Protocol IoT Internet of Things IP Internet Protocol ISAE International Standard on Assurance Engagements ISO International Organization for Standardization ITAR International Traffic in Arms Regulations JDBC Java Database Connectivity JSON JavaScript Object Notation KMS Key Management Service LAMP stack Linux, Apache, MySQL, and PHP (LAMP) stack MAC Media Access Control address MFA Multifactor authentication MPAA Motion Picture Association of America MTCS Multi-Tier Cloud Security MX Mail exchange record NAPTR Name authority pointer record NAT Network Address Translation NFS Network File System NIST National Institute of Standards and Technology NLB Network load balancer NS Name server record ODBC Open Database Connectivity OLAP Online analytical processing OLTP Online transaction processing PaaS Platform as a Service PCI Payment Card Industry PHP Hypertext Preprocessor PIOPS Provisioned input/output operations per second PTR Pointer record PV Paravirtual RDBMS Relational database management system RDS Relational Database Service REST Representational State Transfer RPM Revolutions per minute S3 Simple Shared Storage S3-IA Simple Shared Storage Infrequent Access S3-RR Simple Shared Storage Reduced Redundancy SaaS Software as a Service SAML Security Assertion Markup Language SDK Software development kit SES Simple Email Service SMS Server Migration Service SNS Simple Notification Service SOA Start of authority record SOAP Simple Object Access Protocol SOC Service Organization Control SPF Sender policy framework SQL Structured Query Language SQLi SQL injection SQS Simple Queue Service SSAE Standards for Attestation Engagements SSD Solid-state drive SSH Secure Shell SSL Secure Sockets Layer SSO Single sign-on STS Security Token Service TCP/IP Transmission Control Protocol (TCP)/Internet Protocol (IP) TDE Transparent Database Encryption TLS Transport Layer Security UDP User Datagram Protocol VPC Virtual private cloud VPG Virtual private gateway VPN Virtual private network WAF Web Application Firewall; Well-Architected Framework webACL Web access control list WORM Write once, read many XML Extensible Markup Language XSS Cross-site scripting AAAA An IPv6 address record. Amazon Athena A serverless, interactive query service that enables users to easily analyze data in Amazon S3 using standard SQL. Amazon Aurora Amazon’s relational database built for the cloud. It supports two open source RDBMS engines: MySQL and PostgreSQL. Amazon CloudFront The global content delivery network (CDN) service of AWS. Amazon CloudSearch A fully managed web service for search solutions. Amazon CloudWatch A monitoring service for AWS cloud resources. Amazon Cognito A service that lets you manage users of your web and mobile apps quickly. Amazon DocumentDB A fully managed document database service. Amazon DynamoDB Amazon’s NoSQL database. Amazon ElastiCache A service that helps in deploying an in-memory cache or data store in the cloud. Amazon Elasticsearch Service A fully managed web service that hosts Elasticsearch clusters in the AWS cloud. Amazon EMR A managed hosted Hadoop framework in the cloud. Amazon Glacier Amazon’s archival storage. Amazon Glue A fully managed extract, transform, and load (ETL) service. Amazon GuardDuty A threat detection service. Amazon Inspector Identifies the security vulneraries in your application. Amazon Keyspaces A fully managed Apache Cassandra–compatible database service. Amazon Kinesis A service that allows you to ingest real-time data. Amazon Lex A full service for building chatbots. Amazon Lightsail A simple virtual private server (VPS) solution in the cloud. Amazon Macie Classifies your data. Amazon MSK A fully managed Apache Kafka infrastructure. Amazon Neptune A fast, reliable graph database built for the cloud. Amazon Polly A fully managed service that converts text into lifelike speech. Amazon QLDB A fully managed ledger database. Amazon QuickSight A fully managed business analytics service. Amazon Rekognition A fully managed image recognition service. Amazon SageMaker A fully managed machine learning service. Amazon VPC Flow Logs Used to capture information about the IP traffic going to and from network interfaces in your VPC. API Gateway A fully managed service to create, publish, maintain, monitor, and secure APIs at any scale. archive Where data is stored in Amazon Glacier. Auto Scaling A technology used by AWS to scale up and scale down EC2 instances. AWS App Mesh Helps monitor, control, debug, and trace communications between services. AWS Backup Centrally manages and automates backups across AWS services. AWS Batch A service that enables users to efficiently run hundreds of thousands of batch computing jobs on AWS. AWS CloudFormation A tool for deploying AWS resource stacks. AWS CloudHSM A hardware-based key storage for regulatory compliance. AWS CloudTrail A managed service that records AWS API calls. AWS CodeBuild A fully managed build service that builds and compiles source code. AWS CodeCommit A fully managed service through which you can host any private Git repository. AWS CodeDeploy A fully managed service that automates code deployments to any instance. AWS CodePipeline A fully managed continuous integration and continuous delivery service. AWS Config A fully managed service that helps to track configuration change. AWS Device Farm Service for testing mobile devices. AWS Elastic Beanstalk A service used to run and manage web apps. AWS Global Accelerator Improves the availability and performance of your applications for global users. AWS Greengrass A managed service for running IoT applications in the AWS cloud. AWS Lake Formation Quickly sets up data lakes in AWS. AWS Lambda Enables you to run code without provisioning or managing any servers or infrastructure. AWS Marketplace An online store where you can buy software that runs on AWS. AWS Mobile Hub A web service for deploying mobile applications. AWS OpsWorks A configuration management service that provides managed instances of Chef and Puppet. AWS Organizations Provides policy-based management for multiple AWS accounts. AWS Outposts Runs AWS services on premises. AWS Personal Health Dashboard It provides a personalized view of AWS service health. AWS Secrets Manager Manages secrets in AWS. AWS Shield Protects against DDoS attack. AWS Step Functions The visual workflow service of AWS. AWS Systems Manager Gives you visibility and control of your infrastructure on AWS. AWS Trusted Advisor An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. bucket Container for storing objects in Amazon S3. Direct Connect Using Direct Connect you can establish private, dedicated network connectivity from your data center to AWS. Directory Service Directory service built on Microsoft Active Directory in the cloud. DLQ A dead-letter queue lets you set aside and isolate messages that can’t be processed correctly to determine why their processing didn’t succeed. EC2 Image Builder Builds and maintains secure images. EC2-Classic The original release of Amazon EC2. edge location Used to serve content to end users. Elastic Block Storage (EBS) Provides persistent block storage for EC2 instances. Elastic File System (EFS) Provides a shared file system for EC2. fleet A collection of EC2 servers. IG Internet gateway, a component of VPC that allows your VPC to communicate with the Internet. instance An EC2 server is also referred to as an instance. instance store Local storage in EC2 server. inventory List of Glacier archives. network access control list (NACL) This acts as a firewall at the subnet level. point of presence (POP) This is also known as an edge location. Redshift Amazon Redshift is a fully managed petabyte-scale data warehouse service. region An AWS region is a unique geography in the world where AWS data centers are hosted. root user Owner of the AWS account. root volume Instance root device contains the image that is used to boot the instance. Route 53 Domain Name System (DNS) web service. route table Table consisting of routes that determine where the traffic is directed. security group Firewall for EC2 instance. Serverless Application Repository A managed repository for serverless applications. service level agreement (SLA) This is a commitment between a service provider and a client. Snowball/Snowball Edge Amazon-owned network-attached storage (NAS) devices, used to ship customer data to AWS. Snowmobile Exabyte-scale data transfer service. SRV A service record locator. storage gateway A service that helps to seamlessly integrate on-premise storage with AWS cloud storage. subnet Logical subdivision of an IP network. TXT A text record. vault Like a safe deposit box or locker in Amazon Glacier where archives are stored. VPN CloudHub Used to create multiple AWS hardware VPN connections.
ACRONYMS AND GLOSSARY
Acronyms
Glossary