AWS Cloud
Terminology

Elastic Compute Cloud — a web service that provides resizable virtual server capacity in the cloud, enabling developers to launch and manage compute instances on demand.

Predefined hardware configurations for EC2 instances, grouped into families: General Purpose (t, m), Compute Optimized (c), Memory Optimized (r, x), Storage Optimized (i, d), and Accelerated Computing (p, g).

A collection of EC2 instances managed as a logical unit, automatically adjusting capacity based on defined policies, health checks, and schedules to maintain availability and reduce cost.

Automatically distributes incoming application traffic across multiple targets (EC2, containers, IP addresses, Lambda) within single or multiple Availability Zones to maximize availability and fault tolerance.

Elastic Container Service — a fully managed container orchestration service that enables you to run, stop, and manage Docker containers on a cluster of EC2 instances or with AWS Fargate.

Elastic Kubernetes Service — a managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install, operate, or maintain your own control plane.

A serverless compute engine for containers that works with both ECS and EKS, removing the need to provision, configure, or scale clusters of virtual machines to run containers.

An easy-to-use virtual private server (VPS) service that offers compute power, SSD storage, data transfer, DNS, and a static IP for a low, predictable monthly price. Ideal for simple workloads.

A fully managed service for running batch computing workloads at any scale, dynamically provisioning the optimal compute resources based on volume and requirements of submitted batch jobs.

Unused EC2 capacity available at up to 90% discount compared to On-Demand pricing. They can be interrupted by AWS with a 2-minute warning when capacity is reclaimed, ideal for fault-tolerant workloads.

A billing discount applied to the use of On-Demand Instances in exchange for a 1-year or 3-year commitment, offering savings of up to 72% versus standard On-Demand pricing.

Simple Storage Service — object storage built for any amount of data, offering industry-leading scalability, availability, security, and performance for data lakes, backups, and static websites.

Different tiers of S3 storage optimized for varying access patterns and cost: Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier Instant Retrieval, Glacier Flexible Retrieval, and Glacier Deep Archive.

Elastic Block Store — high-performance block storage designed for use with EC2, providing persistent, low-latency storage volumes that function like hard drives attached to a server.

Elastic File System — a fully managed, scalable NFS file system that can be mounted concurrently by thousands of EC2 instances, containers, and Lambda functions across multiple AZs.

A low-cost cloud storage service for data archiving and long-term backup, offering configurable retrieval times from minutes to hours and storage costs as low as $0.004 per GB per month.

A hybrid cloud storage service that gives on-premises applications access to virtually unlimited cloud storage through standard storage protocols, enabling seamless integration with S3 and Glacier.

A petabyte-scale data transport service using secure physical devices to transfer large amounts of data into and out of AWS, bypassing internet limitations for massive migrations.

An S3 feature that preserves, retrieves, and restores every version of every object stored in a bucket, enabling recovery from unintended deletes or overwrites and data protection.

Rules that automate the transition of objects between S3 storage classes or their deletion after specified time periods, enabling automated cost optimization at scale.

A family of fully managed third-party file systems on AWS, including FSx for Windows File Server, Lustre (HPC), NetApp ONTAP, and OpenZFS, offering native file system capabilities in the cloud.

Relational Database Service — a managed service for operating relational databases (MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora) in the cloud with automated backups, patching, and scaling.

A MySQL and PostgreSQL-compatible relational database built for the cloud offering up to 5x the throughput of MySQL and 3x that of PostgreSQL, with automatic failover and 6-way replication.

A fully managed, serverless NoSQL key-value and document database delivering single-digit millisecond performance at any scale, with built-in security, multi-region replication, and in-memory caching.

A fully managed in-memory caching service supporting Redis and Memcached, enabling microsecond response times for real-time applications by caching frequently accessed data in memory.

A fully managed, petabyte-scale data warehouse service in the cloud that makes it simple and cost-effective to analyze large amounts of structured and semi-structured data using SQL.

A fully managed graph database service supporting both Property Graph (Gremlin) and RDF (SPARQL), optimized for storing billions of relationships and querying the graph with millisecond latency.

A fully managed, MongoDB-compatible document database service designed to be fast, scalable, and highly available, storing, querying, and indexing JSON data with native AWS integration.

A scalable, highly available managed Apache Cassandra-compatible database service, enabling you to run Cassandra workloads on AWS without managing servers, software, or capacity.

An RDS high-availability feature that automatically provisions and maintains a synchronous standby replica in a different Availability Zone, enabling automatic failover within 1-2 minutes during outages.

Asynchronous copies of an RDS or Aurora database instance that allow you to scale read capacity horizontally, offloading read traffic from the primary instance for improved performance.

Virtual Private Cloud — logically isolated section of the AWS Cloud where you can launch resources in a virtual network you define, with full control over IP ranges, subnets, routing, and gateways.

A segmented portion of a VPC's IP address range where you can place AWS resources. Public subnets route traffic to the internet via an Internet Gateway; private subnets do not.

A highly available, scalable DNS (Domain Name System) web service that routes users to applications using a range of routing policies: latency, geolocation, weighted, failover, and multi-value answer.

A content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds via 450+ edge locations.

A horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It serves as the entry and exit point for internet-bound traffic.

A managed Network Address Translation service that enables resources in private subnets to initiate outbound connections to the internet while preventing unsolicited inbound connections from the internet.

A dedicated private network connection between on-premises environments and AWS, bypassing the public internet for reduced latency, increased bandwidth, and more consistent network performance.

A networking connection between two VPCs that enables routing traffic between them privately using private IP addresses, as if they were within the same network. Peering can span accounts and regions.

A stateful virtual firewall controlling inbound and outbound traffic at the instance level within a VPC. Security groups support allow rules only — all traffic is denied by default.

A stateless firewall that controls traffic entering and leaving a subnet within a VPC. NACLs support both allow and deny rules, evaluated in numbered order from lowest to highest.

Identity and Access Management — a web service for controlling access to AWS resources, enabling you to manage users, groups, roles, and policies to grant or deny permissions to AWS services and resources.

An IAM identity with specific permissions that can be assumed temporarily by trusted entities (users, services, or external identities), enabling cross-account access and service-to-service authorization.

Key Management Service — a managed service that creates and controls the cryptographic keys used to protect your data, integrating with most AWS services for server-side encryption at rest.

A user identity platform providing authentication, authorization, and user management for web and mobile apps, supporting social and enterprise identity federation via OAuth 2.0, SAML, and OpenID Connect.

A managed DDoS protection service that safeguards applications running on AWS. Shield Standard is automatically enabled for all customers; Shield Advanced provides enhanced detection and 24/7 DDoS response.

Web Application Firewall — a service that protects web applications from common exploits (SQL injection, XSS, bad bots) by filtering HTTP/HTTPS requests based on configurable rules and managed rule groups.

A continuous security monitoring service using machine learning to detect threats by analyzing AWS CloudTrail, VPC Flow Logs, and DNS logs for malicious activity and unauthorized behavior.

A service to protect access to applications, services, and IT resources by securely storing, rotating, managing, and retrieving secrets such as database credentials, API keys, and OAuth tokens.

An automated vulnerability management service that continually scans EC2 instances, Lambda functions, and container images for software vulnerabilities and unintended network exposures.

A serverless compute service that runs code in response to events without provisioning or managing servers, automatically scaling from zero to thousands of concurrent executions in milliseconds.

A fully managed service to create, publish, maintain, monitor, and secure REST, HTTP, and WebSocket APIs at any scale, acting as the front door for applications to access backend services.

A serverless workflow orchestration service that lets you coordinate multiple AWS services into visual workflows using state machines, with built-in error handling, retries, and parallel execution.

A serverless event bus that connects applications using data from your services, integrated SaaS applications, and AWS services, enabling event-driven architectures at scale.

Serverless Application Model — an open-source framework extending CloudFormation to define serverless applications with shorthand syntax, simplifying deployment of Lambda, API Gateway, and DynamoDB.

A distribution mechanism for libraries, custom runtimes, data, and configuration files that can be shared across multiple Lambda functions, reducing deployment package sizes and promoting code reuse.

A feature of CloudFront that lets you run Lambda functions at AWS edge locations in response to CloudFront events (viewer request, origin request, viewer response, origin response) for low-latency customization.

A time-ordered sequence of item-level changes in a DynamoDB table, capturing all modification events (insert, update, delete) and making them available as a stream that Lambda or other consumers can process.

An Infrastructure as Code (IaC) service that provisions and manages AWS resources using JSON or YAML templates, enabling predictable, repeatable deployments as version-controlled stacks.

Cloud Development Kit — an open-source framework for defining cloud infrastructure using familiar programming languages (TypeScript, Python, Java, C#), synthesizing CloudFormation templates from high-level constructs.

A fully managed continuous delivery service that automates build, test, and deploy phases whenever code is changed, enabling rapid and reliable delivery of features and updates.

A fully managed continuous integration service that compiles source code, runs tests, and produces deployment-ready artifacts, scaling automatically and charging only for build minutes consumed.

A deployment service that automates application deployments to EC2, Fargate, Lambda, and on-premises servers using deployment strategies like blue/green, canary, and rolling updates.

Elastic Container Registry — a fully managed container image registry that stores, manages, and deploys Docker container images, integrating with ECS, EKS, and Lambda for seamless container workflows.

A platform-as-a-service (PaaS) that handles the deployment, from capacity provisioning and load balancing to auto-scaling and health monitoring, for applications in a variety of languages and frameworks.

A distributed tracing service that collects data about requests processed by your application, providing end-to-end visibility into request flows across microservices to identify performance bottlenecks.

A monitoring and observability service providing data and insights for applications, infrastructure, and services with metrics, logs, alarms, dashboards, and automated actions based on thresholds.

Simple Queue Service — a fully managed message queuing service that enables decoupling and scaling of microservices, distributing systems, and serverless applications, supporting Standard and FIFO queues.

Simple Notification Service — a fully managed pub/sub messaging service for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and serverless applications.

A platform for collecting, processing, and analyzing real-time streaming data at massive scale, with services for data streams (KDS), data firehose (KDF), data analytics (KDA), and video streams (KVS).

A managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to migrate existing messaging applications to the cloud without rewriting code.

A fully managed GraphQL and Pub/Sub API service that simplifies building scalable applications requiring real-time data updates and offline data synchronization capabilities with built-in conflict detection.

A special SQS or SNS queue that receives messages that cannot be successfully processed, enabling isolation and analysis of failed messages for debugging without losing them permanently.

An interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL without loading data into a database, with pay-per-query pricing based on data scanned.

A serverless data integration service for discovering, preparing, and combining data for analytics, ML, and application development, with a built-in data catalog, ETL engine, and crawlers.

Elastic MapReduce — a cloud big data platform for processing vast amounts of data using frameworks like Apache Spark, Hadoop, Hive, HBase, Flink, and Presto on dynamically scalable clusters.

A cloud-native BI service for creating interactive dashboards, visualizations, and ML-powered insights, embedding analytics in applications, and sharing reports across the organization at scale.

A service that makes it easy to set up a secure data lake in days by automating many manual steps required to collect, cleanse, catalog, and transform data across multiple data sources.

A feature of Amazon Redshift that enables querying exabytes of unstructured data in S3 without loading or transforming it, extending Redshift's analytical reach beyond the data warehouse.

A managed service for deploying, operating, and scaling OpenSearch (and legacy Elasticsearch) clusters to search, analyze, and visualize data in real time using Kibana and OpenSearch Dashboards.

A fully managed ML platform that enables developers and data scientists to build, train, and deploy ML models quickly at scale using a suite of integrated tools spanning the entire ML lifecycle.

A fully managed service offering foundation models (FMs) from leading AI companies (Anthropic, Cohere, AI21, Meta, Stability AI, Amazon) through an API, enabling generative AI applications without managing infrastructure.

A computer vision service that adds image and video analysis to applications, detecting objects, faces, text, scenes, and activities, plus facial comparison and recognition capabilities.

A natural language processing (NLP) service that uses ML to find insights and relationships in text — extracting entities, key phrases, sentiment, language, and custom categories from unstructured data.

A service for building conversational interfaces (chatbots and voice bots) using the same deep learning technologies that power Amazon Alexa, with automatic speech recognition and natural language understanding.

A text-to-speech service that converts text into lifelike speech in dozens of voices and languages, supporting both standard and neural TTS (NTTS) engines for more natural-sounding output.

An automatic speech recognition (ASR) service that converts audio to text, supporting real-time and batch transcription with speaker identification, custom vocabulary, and language detection across dozens of languages.

A fully managed service using ML to deliver highly accurate time-series forecasts, automatically training and deploying models for retail demand, inventory, staffing, and energy consumption use cases.

A governance, compliance, and audit service that records API calls and account activity across your AWS infrastructure, storing event history in S3 for security analysis and troubleshooting.

A service that continuously monitors and records AWS resource configurations, evaluates them against desired configurations using rules, and tracks changes over time for compliance and security audits.

A policy-based management framework for consolidating multiple AWS accounts into an organization for centralized billing, policy enforcement via SCPs, and organizational unit (OU) hierarchies.

A collection of tools to view, control, and automate operational tasks across AWS and on-premises infrastructure — including patch management, session management, parameter store, and run commands.

A tool for visualizing, understanding, and managing AWS costs and usage over time with pre-built reports, custom filtering, and ML-powered forecasting for 12 months of future spend.

An online service providing real-time recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits — drawing on AWS best practices.

A service for setting up and governing a secure, multi-account AWS environment based on best practices, with a landing zone, guardrails, and Account Factory for automated account provisioning.

One or more discrete data centers with redundant power, networking, and connectivity within an AWS Region, physically separated from other AZs but interconnected through high-bandwidth, low-latency private links.