Glossary Flashcards
EC2
elastic cloud compute
virtual computer, secure, resizable compute capacity in the cloud
ECS
elastic container service - highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS
Fargate
serverless container service - provision and manage servers
only supports container images hosted on ECS or docker hub
task storage is ephemeral
AMI
Amazon machine image - create new EC2 with root volume
S3
simple storage service - flat files, static websites, multi AZ, scalability, durability
EBS
elastic block storage - hard drive in the cloud, designed for use with EC2
EFS
elastic file system linux based
NFS
network file system - database backup for EFS
RDS
relational database service - managed service, set up operate and scale a relational database in the cloud
provides metrics in real time for the operating system (OS) that your DB instance runs on
Aurora
MySQL and PostreSQL database, 5x faster, for infrequent intermittent unpredictable workloads
DynamoDB
non relational database service for any scale
NoSQL key-value database, single-digit millisecond
streams function
Redshift
datawarehouse
Elasticache
edge location frequent caching
redis
memcached
Redis
fast, opensource, in-memory data store and cache
Memcache
widely adopted memory object caching system
Neptune
graph database
EMR
big data, hadoop
Athena
analyse S3 using SQL, serverless
DocumentDB
mongoDB compatible
DMS
database migration service
Kendra
highly accurate and easy to use enterprise search service, powered by machine learning
Kinesis
streaming data
Lambda
event driven run code without servers
Codebuild
fully managed continuous integration service compiles code, runs tests and produces software packages
Codedeploy
fully managed deployment, on prem
Codepipeline
fully managed end-to-end
Codecommit
source control service that hosts secure Git-based repositories
Codestar
unified UI, enabling you to easily manage your software development activities in one place
Xray
distributed tracing system, debug, useful for lambdas
Opsworks
chef and puppet platform to automate server processes on prem
Cloudwatch
monitors applications, logs and metrics
multi-platform CloudWatch agent which can be installed on both Linux and Windows-based instances
Cloudtrail
API calls monitory, auditable
Config
AWS resource inventory, config history
Shield
DDoS, standard or advance
Trusted Advisor
infrastructure, security, performance, costs
Inspector
assesses security of AWS resources, automated security and compliance source control service that hosts secure Git-based repositories
GuardDuty
threat detection
Macie
AI security to identify PII personally identifiable information
S3, cloudtrail logs, dashboards, reports alerting
Rekognition
video image analysis security
IAM
identity and access management
Identities
IAM resource objects
Resources
identity provider objects
Entities
IAM users, federated users
Principals
root account
Cognito
simple and secure user sign up and in for 3rd party
sign-up, sign-in, and access control to your web and mobile apps
quickly and easily. With Amazon Cognito, you also have the option to authenticate users through social
identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your
own identity system. In addition, Amazon Cognito enables you to save data locally on users’ devices,
allowing your applications to work even when the devices are offline. You can then synchronize data
across users’ devices so that their app experience remains consistent regardless of the device they use.
AWS organisations
consolidated billing
Objects ACLs
access to individual objects
Bucket ACLs
write permissions ot bucket
Bucket policies
cross-account bucket ACLs
IAM policies
create users and groups attach policies
KMS
key management service, server side encryption
MQ
different software systems communication in different languages
SQS
simple queue service, integrated and decouple software systems and components
SNS
simple notification service, decouple microservices
highly available, durable, secure, fully managed
pub/sub messaging service that enables you to decouple microservices, distributed systems, and
serverless applications
SES
simple email service, send mail from applications, marketers
NACL
network access control list, stateless, subnet level
Security group
stateful instance level, allow rules only
AWS artifact
central compliance reports
SOC
service organisation control
PCI
payment card industry
ISO
international organisation for standardisation
CSA
cloud security alliance
HIPAA
medication record storage US
CloudFront
content delivery network using edge locations, distribute your users (including illegitimate requests) across multiple regions
CDN - system of distributed servers that delivers webpages and other web content
improves latency
Global accelerator
improves global availability, two global static customer facing IPs
ELB
elastic load balancer
NLB
network load balancer - static IP, TCP layer 4, route requests to one or more targets using the TCP protocol and specified port numbetr
ALB
application load balancer - http/https layer 7
Route tables
subnet private/public
WAF
web application firewall
Route53
DNS, route internet traffic to the resources fro your domain, check health of resources
TTL - length DNS is cached
Internet gateway
VPC to the internet
Virtual private gateway
VPC to on prem
Direct connect
on prem to AWS, physical line
NAT gateway
network address translation gateway, public IP instance to internet or AWS service
Peering
VPC to VPC
transit gateway
VPC and on prem to gateway
Elastic beanstalk
no servers, code to web servers
Cloud9
integrated development environment, code editor
Durability
region replication
Amazon Appstream
an agreement between major Linux vendors to create an infrastructure for application installers on Linux and sharing of metadata
Kinesis Data Firehouse
fully managed service that automatically provisions, manages and scales compute, memory, and network resources required to process and load your streaming data
Kinesis Data analytics
analyse streaming data
Kinesis Data stream
massively scalable and durable real-time data streaming service, records in real time
AWS Glue
a serverless ETL service that crawls your data, builds a data catalog, performs data preparation, data transformation, and data ingestion
Amazon FSx for lustre
delivers the performance to satisfy a wide variety of high-performance workloads
works natively with S3 making it easy to access data to run processing workloads
ECR
managed docker container registry, highly available
VPC
virtual private cloud - logically isolated from other virtual networks in the cloud
Datasync
move large amounts of data to AWS
agent is deployed as an agent on a server
automatically encrypts data and accelerates transfer over the WAN
copy data and metadata to AWS
NFS and SMB compatible systems
Storage gateway
connects on prem software appliance with cloud based storage
can download as VMware
file (flat files), tape (magnetic drive) or volume (stored or cached)
supports the Amazon S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access and Amazon Glacier storage classes. When you create or update a file share, you have the option to select a storage class for your objects. You can either choose the Amazon S3 Standard or any of the infrequent access storage classes such as S3 Standard IA or S3 One Zone IA. Objects stored in any of these storage classes can be transitioned to Amazon Glacier using a Lifecycle Policy.
ENI
elastic network interface - virtual network card
EN
enhanced networking - uses single root I/O virtualisation (SR-IOV) to provide high-performance networking capabilities on supported instance types
EFA
elastic fabric adapter - a network device that you can attach to your EC2 instance to accelerate HPC and machine learning applications
provides lower and more consistent latency and higher throughput than TCP transport traditionally
DAX
dynamodb accelerator - fully managed, highly availabile, in-memory cache
10x performance improvement
ARN
amazon reference number
Transfer accelerator
speed up content transfers to and from Amazon S3 by as much as 50-500% for long-distance transfer of larger objects
Amazon DynamoDB Stream
ordered flow of information about changes to items in DynamoDB
AWS secrets manager
easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle
systems manager parameter store
keep the database credentials and then encrypt them using AWS KMS
CORS
cross origin resource sharing - a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.
CRR
cross region replication - bucket-level configuration that enables automatic, asynchronous copying of objects across buckets in different AWS Regions.
IAM DB authentication
MySQL and PostgreSQL
authentication token is a unique string of characters that Amazon RDS generates on request. Authentication tokens are generated using AWS Signature Version 4. Each token has a lifetime of 15 minutes. You don’t need to store user credentials in the database, because authentication is managed externally using IAM. You can also still use standard database authentication
throttling limits
API Gateway provides throttling at multiple levels including global and by service call. Throttling limits can be set for standard rates and bursts. For example, API owners can set a rate limit of 1,000 requests per second for a specific method in their REST APIs, and also configure Amazon API Gateway to handle a burst of 2,000 requests per second for a few seconds. Amazon API Gateway tracks the number of requests per second. Any request over the limit will receive a 429 HTTP response. The client SDKs generated by Amazon API Gateway retry calls automatically when met with this response.
backend help
RAM
resource access manager - enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM
RAM eliminates the need to create duplicate resources in multiple accounts, reducing the operational overhead of managing those resources in every single account you own
Control tower
easiest way to set up and govern a new, secure, multi-account AWS environment.
parallel cluster
AWS-supported open-source cluster management tool that makes it easy for you to deploy and manage HPC clusters on AWS
VPN
virtual private network - customer gateway, internet gateway
API gateway
application programming interface
Hypervisor
computer software, firmware, or hardware that creates and runs virtual machines
EC2
bastion
host computer or a “jump server” used to allow SSH access to your EC2 instances from an outside network
signed cookies/signed urls
: they allow you to control who can access your content
Matched viewer
an Origin Protocol Policy which configures CloudFront to communicate with your origin using HTTP or HTTPS, depending on the protocol of the viewer request. CloudFront caches the object only once even if viewers make requests using both HTTP and HTTPS protocols
OAI
origin access identity
When you create or update a distribution in CloudFront set up OAI and automatically update the bucket policy to give the origin access identity permission to access your bucket. Alternatively, you can choose to manually change the bucket policy or change ACLs, which control permissions on individual objects in your bucket.
SNI
server name indication
custom SSL relies on the SNI extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address by including the hostname which the viewers are trying to connect to
not supported by classic load balancers
Perfect Forward Secrecy
provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised
cloudfront and ELB
OLTP
online transactional processing
EC2 with ELB and autoscaling
RDS also suitable
Quicksight
cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization
step function
design and run workflows that stitch together
services such as AWS Lambda and Amazon ECS into feature-rich applications
MQ
managed message broker - apache activeMQ
Budgets
alert when your costs and usage exceed expectations
lightsail
easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project – a virtual machine, SSDbased
storage, data transfer, DNS management, and a static IP address – for a low, predictable price
Sagemaker
machine learning
fully-managed platform that enables developers and data scientists to quickly and easily
build, train, and deploy machine learning models at any scale. SageMaker removes all the barriers that
typically slow down developers who want to use machine learning
transfer for SFTP
fully managed service that enables the transfer of files directly into and out
of Amazon S3 using the Secure File Transfer Protocol (SFTP)—also known as Secure Shell (SSH) File
Transfer Protocol
amplify
create, configure, and implement scalable mobile applications powered by AWS. Amplify seamlessly provisions and manages your mobile backend and provides a simple framework
to easily integrate your backend with your iOS, Android, Web, and React Native frontends. Amplify also
automates the application release process of both your frontend and backend allowing you to deliver
features faster.
app mesh
monitor and control microservices running on AWS. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications
CloudHSM
cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
LDAP
light weight directory access protocol
