Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

Phase 5: Glossary

  • Amazon API Gateway: A fully managed service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale.
  • Amazon Athena: A serverless, interactive query service that makes it easy to analyze data directly in Amazon S3 using standard SQL.
  • Amazon CloudWatch: A monitoring and observability service that provides data and actionable insights to monitor applications, respond to system-wide performance changes, and optimize resource utilization.
  • Amazon CloudWatch Alarms: A feature of CloudWatch that watches a single metric over a specified time period and performs one or more specified actions based on the value of the metric relative to a given threshold.
  • Amazon CloudWatch Logs: A feature of CloudWatch that allows you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.
  • Amazon CloudWatch Logs Insights: A feature of CloudWatch that enables you to interactively search and analyze your log data in Amazon CloudWatch Logs.
  • Amazon Detective: An AWS service that automatically collects log data from your AWS resources and uses machine learning and graph theory to help you conduct faster and more efficient security investigations.
  • Amazon DynamoDB: A fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale, offering single-digit millisecond latency.
  • Amazon EC2 (Elastic Compute Cloud): A core AWS service that provides secure, resizable compute capacity (virtual servers, or "instances") in the cloud.
  • Amazon EC2 Auto Scaling: A service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define.
  • Amazon EC2 Image Builder: A fully managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date server images (AMIs and container images).
  • Amazon ECR (Elastic Container Registry): A fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
  • Amazon ECS (Elastic Container Service): A fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications.
  • Amazon EKS (Elastic Kubernetes Service): A managed container service to run and scale Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.
  • Amazon EventBridge: A serverless event bus that makes it easy to connect applications together using data from your own applications, integrated Software-as-a-Service (SaaS) applications, and AWS services.
  • Amazon GuardDuty: An intelligent threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
  • Amazon Inspector: An automated security assessment service that helps improve the security and compliance of applications deployed on AWS by scanning for vulnerabilities and unintended network exposure.
  • Amazon Kinesis: A platform for collecting, processing, and analyzing real-time, streaming data so you can get timely insights and react quickly to new information.
  • Amazon Macie: A fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3.
  • Amazon OpenSearch Service: A managed service that makes it easy to deploy, operate, and scale OpenSearch clusters for log analytics, real-time application monitoring, and clickstream analysis.
  • Amazon QuickSight: A scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud.
  • Amazon RDS (Relational Database Service): A managed service that makes it easy to set up, operate, and scale a relational database in the cloud.
  • Amazon Route 53: A highly available and scalable cloud Domain Name System (DNS) web service, used for domain registration, DNS routing, and health checking.
  • Amazon S3 (Simple Storage Service): A highly durable and scalable object storage service for a wide range of use cases, such as websites, mobile applications, backup and restore, archive, and big data analytics.
  • Amazon SNS (Simple Notification Service): A fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication, often used for fan-out notifications.
  • Amazon SQS (Simple Queue Service): A fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
  • Application Load Balancer (ALB): A type of Elastic Load Balancer that operates at Layer 7 (application layer) and supports content-based routing for HTTP and HTTPS traffic.
  • Artifacts: The outputs of a build process, such as compiled code, container images, or deployment packages, which are stored in a repository.
  • Asynchronous Communication: A communication pattern where components interact without waiting for an immediate response, often using message queues or event buses to decouple services.
  • Attribute-Based Access Control (ABAC): An authorization strategy that defines permissions based on attributes (tags) attached to users and resources, enabling dynamic and scalable access control.
  • Automation: The practice of using technology to perform tasks with minimal human intervention, a core principle of DevOps for improving speed, consistency, and reliability.
  • Availability Zones (AZs): One or more discrete data centers with redundant power, networking, and connectivity within an AWS Region, used to achieve high availability.
  • AWS AppConfig: A feature of AWS Systems Manager that you can use to create, manage, and quickly deploy application configurations, including feature flags, in a controlled and monitored way.
  • AWS Backup: A fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services in the cloud and on premises.
  • AWS Certificate Manager (ACM): An AWS service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources.
  • AWS Cloud Development Kit (CDK): An open-source software development framework to define your cloud application resources using familiar programming languages, which then synthesizes into CloudFormation.
  • AWS CloudFormation: A service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS.
  • AWS CloudHSM: A cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on FIPS 140-2 Level 3 validated hardware.
  • AWS CloudTrail: An AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account by logging all API calls and actions.
  • AWS CodeArtifact: A fully managed artifact repository service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process.
  • AWS CodeBuild: A fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
  • AWS CodeCommit: A secure, highly scalable, managed source control service that hosts private Git repositories.
  • AWS CodeDeploy: A fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.
  • AWS CodePipeline: A fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.
  • AWS Config: A service that enables you to assess, audit, and evaluate the configurations of your AWS resources, helping with compliance and governance.
  • AWS Control Tower: A service that provides an easy way to set up and govern a secure, multi-account AWS environment, often referred to as a "landing zone."
  • AWS Fargate: A serverless, pay-as-you-go compute engine that lets you focus on building applications without managing servers, compatible with both Amazon ECS and Amazon EKS.
  • AWS Global Accelerator: A networking service that improves the availability and performance of your applications with users by providing static IP addresses that act as a fixed entry point.
  • AWS Health: A service that provides ongoing visibility into your resource performance and the availability of your AWS services and accounts.
  • AWS IAM Identity Center (SSO): A cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications.
  • AWS Key Management Service (KMS): A managed service that makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
  • AWS Lambda: A serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers.
  • AWS Network Firewall: A managed service that makes it easier to deploy essential network protections for all of your Amazon VPCs.
  • AWS OpsWorks: A configuration management service that provides managed instances of Chef and Puppet, which are automation platforms that allow you to use code to automate the configurations of your servers.
  • AWS Organizations: A service that helps you centrally govern your environment as you grow and scale your AWS resources, including consolidated billing and policy management.
  • AWS Security Hub: A service that provides a comprehensive view of your security alerts and security posture across your AWS accounts.
  • AWS Service Catalog: A service that allows organizations to create and manage catalogs of IT services that are approved for use on AWS.
  • AWS Shield: A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
  • AWS Step Functions: A serverless function orchestrator that makes it easy to sequence AWS Lambda functions and multiple AWS services into business-critical applications.
  • AWS Systems Manager: A unified interface that allows you to view operational data from multiple AWS services and automate operational tasks across your AWS resources.
  • AWS WAF (Web Application Firewall): A web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
  • AWS X-Ray: A service that helps developers analyze and debug distributed applications, such as those built using a microservices architecture, by providing end-to-end tracing.
  • Backup and Restore: A disaster recovery strategy that involves backing up data and restoring it to a new environment in the event of a disaster. It typically has the highest RTO and RPO.
  • Blast Radius: The potential impact or damage that a failure or security breach of a component could have on the rest of the system.
  • Blue/Green Deployment: A deployment strategy that involves running two identical production environments (Blue and Green) and switching traffic between them to minimize downtime and risk.
  • Buildspec: A collection of build commands and related settings, in YAML format, that AWS CodeBuild uses to run a build.
  • Canary Deployment: A deployment strategy where a new version of an application is gradually rolled out to a small subset of users before a full release, minimizing the impact of potential issues.
  • CI/CD (Continuous Integration/Continuous Delivery): A set of practices that automate the software release process, from code integration and testing (CI) to preparing for and deploying to production (CD).
  • CloudWatch Agent: A software agent that can be installed on Amazon EC2 instances and on-premises servers to collect custom system-level metrics and log files.
  • Configuration Drift: The state where the actual configuration of an environment has diverged from its intended, code-defined configuration.
  • Configuration Management: The process of maintaining systems and software in a known, consistent state.
  • Defense in Depth: A security strategy that uses multiple layers of security controls to protect a system, so that if one layer fails, another is in place to stop an attack.
  • Deployment Strategies: Methodologies for updating applications, such as in-place, rolling, blue/green, and canary, each with different trade-offs for risk and downtime.
  • DevOps: A combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity.
  • DevSecOps: An extension of DevOps that integrates security practices into every phase of the software development lifecycle.
  • Disaster Recovery (DR): The process of restoring data and services after a major disruption or outage.
  • Distributed Architectures: Systems composed of multiple independent components that communicate over a network, often used in microservices.
  • Docker: An open platform for developing, shipping, and running applications in isolated environments called containers.
  • Event-Driven Architecture (EDA): A software architecture pattern that promotes the production, detection, consumption of, and reaction to events, enabling loosely coupled systems.
  • Failover: The process of automatically switching to a redundant or standby system upon the failure or abnormal termination of the previously active system.
  • Fan Out: An event-driven pattern where a single event triggers multiple, parallel actions or processes.
  • Fault Tolerance: The ability of a system to continue operating, possibly at a reduced level, rather than failing completely, when one or more of its components fail.
  • FinOps: A cultural practice and operational model that brings financial accountability to the variable spend model of cloud, enabling organizations to get maximum business value.
  • First Principles: Fundamental truths or basic propositions that cannot be deduced from any other propositions, used to understand the core "why" behind a concept.
  • Health Checks: Automated tests performed by services like Elastic Load Balancing and Route 53 to determine if an endpoint is operational and can receive traffic.
  • High Availability (HA): The ability of a system to remain operational and accessible for a high percentage of time, often achieved through redundancy and failover.
  • IAM (Identity and Access Management): An AWS service that helps you securely control access to AWS resources by managing users, groups, roles, and their permissions.
  • IAM Access Analyzer: A service that helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity.
  • IAM Instance Profiles: A container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
  • IAM Permissions Boundaries: An advanced feature for using managed policies to set the maximum permissions that an identity-based policy can grant to an IAM entity.
  • IaC (Infrastructure as Code): The process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
  • Idempotency: A property of an operation that ensures it can be applied multiple times without changing the result beyond the initial application.
  • Identity Federation: A system of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources.
  • Identity Providers (IdPs): A trusted provider that lets you manage user identities and federate with AWS so that your users can access AWS resources.
  • Immutable Infrastructure: An approach where servers are never modified after deployment. If a change is needed, a new server is provisioned from a fresh image to replace the old one.
  • Incident Response: The process of reacting to and managing the aftermath of a security breach or operational incident.
  • Kubernetes: An open-source container orchestration system for automating the deployment, scaling, and management of containerized applications.
  • Landing Zone: A well-architected, multi-account AWS environment that's a starting point from which you can deploy workloads and applications with confidence in your security and infrastructure environment.
  • Least Privilege: A security principle that states that a user or process should be given only the minimum necessary access rights to perform its job.
  • Logging: The practice of recording events, errors, and other information generated by a system or application to provide an audit trail for troubleshooting and analysis.
  • Loosely Coupled: An architectural principle where components are designed to have minimal dependencies on each other, improving resilience and flexibility.
  • Metrics: A set of time-ordered data points, or a variable that is monitored over time, such as CPU utilization or network latency.
  • Microservices: An architectural style that structures an application as a collection of small, autonomous services, each focused on a single business capability.
  • Monitoring: The process of collecting, analyzing, and using information to track the performance and health of a system over time.
  • Multi-AZ: A deployment strategy that distributes resources across multiple, physically isolated Availability Zones within a single AWS Region for high availability.
  • Multi-Region: A deployment strategy that distributes application components across geographically separate AWS Regions for disaster recovery and global low-latency access.
  • Mutable Deployments: A deployment pattern where updates are applied directly to existing servers or instances, which can lead to configuration drift.
  • Network ACLs (NACLs): A stateless firewall that acts at the subnet level, controlling traffic in and out of one or more subnets.
  • Network Firewall: A managed AWS service that provides stateful, managed network firewall and intrusion detection and prevention for your VPC.
  • Observability: The ability to measure a system's current state based on the data it generates, such as logs, metrics, and traces, allowing for deep exploration and understanding of its behavior.
  • Operational Excellence: One of the pillars of the AWS Well-Architected Framework, focusing on running and monitoring systems to deliver business value and to continually improve supporting processes and procedures.
  • Organizational Units (OUs): A way to group accounts within an AWS Organization to simplify management and policy application.
  • Parameter Store: A feature of AWS Systems Manager that provides secure, hierarchical storage for configuration data and secrets management.
  • Patch Manager: A feature of AWS Systems Manager that automates the process of patching managed instances with both security-related and other types of updates.
  • Pilot Light: A disaster recovery strategy where a minimal version of an environment is always running in the cloud, ready to be scaled up in the event of a disaster.
  • PKI (Public Key Infrastructure): A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
  • Post-mortem: A process, usually performed after an incident, to identify the root cause, understand the impact, and determine what can be done to prevent it from happening again.
  • Pull Request (PR): A feature in version control systems that allows developers to propose changes to a codebase and request that they be reviewed and merged into a main branch.
  • RBAC (Role-Based Access Control): An authorization strategy that defines permissions based on a user's role within an organization.
  • Recovery Point Objective (RPO): The maximum acceptable amount of data loss from an IT service due to a major incident, measured in time.
  • Recovery Time Objective (RTO): The targeted duration of time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences.
  • Region: A physical location in the world where AWS clusters data centers, each consisting of multiple Availability Zones.
  • Replication: The process of creating and maintaining copies of data on multiple systems to improve availability and durability.
  • Resilience: The ability of a system to recover from failures and continue to function.
  • Resource-based Policies: IAM policies attached directly to a resource (like an S3 bucket) that specify who has permission to access that resource.
  • Root Cause Analysis (RCA): A systematic process for identifying the fundamental causes of problems or incidents to prevent them from recurring.
  • Runbooks: A set of documented procedures and automated tasks used to carry out a specific operational process, often for incident response or routine maintenance.
  • SAM (Serverless Application Model): An open-source framework for building serverless applications on AWS, providing a simplified syntax for defining serverless resources.
  • Scalability: The ability of a system to handle a growing amount of work by adding resources, either by scaling up (increasing the size of a resource) or scaling out (adding more resources).
  • Secrets Manager: An AWS service that helps you protect access to your applications, services, and IT resources by enabling you to easily rotate, manage, and retrieve secrets.
  • Security by Design: The practice of integrating security considerations into every phase of the software development lifecycle.
  • Security Groups (SGs): A stateful virtual firewall for your EC2 instance to control inbound and outbound traffic.
  • Security Hub: An AWS service that provides a comprehensive view of your security alerts and security posture across your AWS accounts.
  • Self-Healing Architectures: Systems designed to automatically detect and remediate anomalies or failures, restoring services to a healthy state with minimal human intervention.
  • Serverless: A cloud computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources.
  • Service Catalog: An AWS service that allows organizations to create and manage catalogs of IT services that are approved for use on AWS.
  • Service Control Policies (SCPs): A type of policy in AWS Organizations that you can use to manage permissions in your organization, acting as a guardrail for all accounts.
  • Service Level Agreement (SLA): A commitment between a service provider and a client, defining the level of service expected from the provider.
  • Shared Responsibility Model: A framework that outlines what AWS is responsible for (security of the cloud) and what the customer is responsible for (security in the cloud).
  • Shokunin Kishitsu: A Japanese term referring to the "craftsman's spirit," emphasizing meticulous attention to detail, continuous improvement, and a deep sense of responsibility for one's work.
  • Single Point of Failure (SPOF): A part of a system that, if it fails, will stop the entire system from working.
  • SSM Agent (Systems Manager Agent): A software agent that runs on your Amazon EC2 instances and on-premises servers, enabling Systems Manager to update, manage, and configure these resources.
  • State Manager: A feature of AWS Systems Manager that helps you maintain your instances in a consistent state by applying configurations at a specified time or interval.
  • Step Functions: A serverless workflow service that lets you combine AWS Lambda functions and other AWS services to build business-critical applications.
  • STS (Security Token Service): An AWS service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users).
  • Systems Manager: A unified AWS service that allows you to view operational data from multiple AWS services and automate operational tasks across your AWS resources.
  • Target Groups: A component of Elastic Load Balancing used to route requests to one or more registered targets, such as EC2 instances.
  • Task Definition: A text file, in JSON format, that describes one or more containers that form your application in Amazon ECS.
  • Terraform: An open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure across multiple cloud providers.
  • Version Control System (VCS): A system that records changes to a file or set of files over time so that you can recall specific versions later (e.g., Git).
  • VPC (Virtual Private Cloud): A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
  • VPC Flow Logs: A feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
  • WAF (Web Application Firewall): An AWS service that helps protect your web applications or APIs from common web exploits that may affect availability, compromise security, or consume excessive resources.
  • Warm Standby: A disaster recovery strategy where a scaled-down but fully functional version of your system is running in a separate region, ready to be scaled up in the event of a disaster.
  • Well-Architected Framework: A set of best practices from AWS that helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications.