Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

Phase 7: Glossary

ACID Compliance: A set of properties (Atomicity, Consistency, Isolation, Durability) guaranteeing that database transactions are processed reliably.

ACM (AWS Certificate Manager): A service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates.

ALB (Application Load Balancer): A type of Elastic Load Balancer that operates at Layer 7 (HTTP/HTTPS), offering advanced routing features.

AMI (Amazon Machine Image): A template that contains a software configuration (operating system, application server, and applications) to launch an EC2 instance.

API Call Auditing: The process of reviewing and analyzing API calls made to a system to track actions, identify unauthorized activity, and ensure compliance.

API Gateway (Amazon API Gateway): A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

Application Load Balancer (ALB): See ALB.

AppSpec.yml: A YAML-formatted file used by AWS CodeDeploy to manage the deployment of applications to instances.

Attack Surface: The sum of all possible points where an unauthorized user can try to enter or extract data from an environment.

Auditable Records: Data or logs that are maintained in a way that allows for verification and inspection of actions and changes over time.

Auto Scaling (AWS Auto Scaling): A service that monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.

Auto Scaling Group (ASG): A collection of EC2 instances that are treated as a logical grouping for automatic scaling and management.

Availability Zones (AZs): Isolated locations within an AWS Region, designed to be independent from failures in other AZs, providing high availability and fault tolerance.

AWS Backup: A centralized, managed service that automates backup management across various AWS services and Regions.

AWS Budgets: A service that allows you to set custom budgets for your AWS costs and usage and receive alerts when thresholds are breached.

AWS CLI (Command Line Interface): A unified tool to manage AWS services from the command line.

AWS CloudFormation: A service that helps you model and set up your AWS resources, spend less time on individual resource creation, and manage your AWS resources.

AWS CloudTrail: A service that helps you enable governance, compliance, and operational and risk auditing of your AWS account by logging API calls and related events.

AWS CodeDeploy: A fully managed deployment service that automates application deployments to various compute services.

AWS Config: A service that continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

AWS Console (AWS Management Console): A web-based graphical interface for managing AWS services.

AWS Cost Explorer: A free service that allows you to visualize, understand, and manage your AWS costs and usage over time.

AWS DataSync: An online data transfer service that simplifies, automates, and accelerates moving data between on-premises storage and AWS storage services.

AWS Database Migration Service (DMS): A service that helps you migrate databases to AWS quickly and securely.

AWS Direct Connect: A cloud service solution that links your internal network to AWS over a dedicated, private connection.

AWS Elastic Beanstalk: A fully managed service that makes it easy to deploy, manage, and scale web applications and services.

AWS Fargate: A serverless compute engine for containers that works with Amazon ECS and Amazon EKS.

AWS Global Accelerator: A networking service that improves the availability and performance of your applications by directing user traffic to optimal endpoints over the AWS global network.

AWS Health Dashboard: Provides personalized insights into the operational status of AWS services and resources.

AWS IAM Identity Center (SSO): A cloud single sign-on (SSO) service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications.

AWS Lambda: A serverless compute service that runs code in response to events.

AWS Organizations: A service that helps you centrally manage and govern your environment as you grow and scale your AWS resources.

AWS Products: Refers to the various services offered by Amazon Web Services.

AWS Resource Access Manager (RAM): A service that enables you to easily and securely share your AWS resources with any AWS account or within your AWS Organization.

AWS Regions: Geographically distinct locations where AWS clusters data centers.

AWS SDKs (Software Development Kits): Language-specific APIs that allow developers to interact with AWS services programmatically.

AWS Security Hub: Provides a comprehensive view of your security alerts and security posture across your AWS accounts.

AWS Service Catalog: Allows organizations to create and manage a catalog of IT services that are approved for use on AWS.

AWS Services: See AWS Products.

AWS Shared Responsibility Model: A framework that defines security responsibilities between AWS and the customer.

AWS Snow Family: A collection of physical devices for transferring petabytes of data into and out of AWS.

AWS Step Functions: A serverless workflow service that lets you combine AWS Lambda functions and other AWS services to build business-critical applications.

AWS Storage Gateway: A hybrid cloud storage service that connects on-premises environments to cloud storage.

AWS Systems Manager: A unified interface for operational data and task automation across your AWS resources.

AWS Transit Gateway (TGW): A network transit hub that connects your VPCs and on-premises networks to a single gateway.

AWS Trusted Advisor: An online resource that helps you reduce cost, increase performance, and improve security by optimizing your AWS environment.

AWS VPN (Virtual Private Network): Provides secure, encrypted connections over the public internet.

AWS X-Ray: A service that helps developers analyze and debug distributed applications.

Anycast IP Addresses: A routing technique where multiple servers share the same IP address, and traffic is routed to the nearest available server.

Application Migration Service (AWS MGN): The primary service for rehosting (lift-and-shift) physical, virtual, and cloud servers to AWS.

Aurora Global Database: A feature of Amazon Aurora that allows a single Amazon Aurora database to span multiple AWS Regions.

Automated Governance: The use of tools and processes to automatically enforce policies and standards across an environment.

Automated Remediation: The process of automatically fixing or mitigating issues detected in a system without human intervention.

Availability Zone (AZ): See Availability Zones.

Blast Radius: The potential impact or scope of damage if a system or component fails or is compromised.

Blue/Green Deployment: A deployment strategy that runs two identical production environments, "Blue" (old version) and "Green" (new version), and shifts traffic when the new version is validated.

Boto3: The AWS SDK for Python.

Canary Cutover: A deployment strategy that gradually rolls out a new version of an application to a small percentage of users first.

CAP Theorem: A theorem stating that a distributed data store cannot simultaneously provide more than two out of three guarantees: Consistency, Availability, and Partition tolerance.

CDC (Change Data Capture): A set of software design patterns used to determine and track the changes in data so that action can be taken using the changed data.

CIDR Blocks: A method for allocating IP addresses and routing IP packets.

Circuit Breaker Pattern: A software design pattern that prevents an application from repeatedly trying to invoke a failing service.

Cloud-Native Transformation: The process of re-architecting applications to fully leverage cloud computing benefits, often involving microservices and serverless.

CloudFront (Amazon CloudFront): A fast content delivery network (CDN) service.

CloudHSM (AWS CloudHSM): A cloud-based hardware security module (HSM) that allows you to generate and use your own encryption keys on FIPS 140-2 Level 3 validated hardware.

CloudWatch Agent: A software package that collects metrics and logs from EC2 instances and on-premises servers and sends them to CloudWatch.

CloudWatch Alarms: A feature of Amazon CloudWatch that monitors metrics and automatically triggers actions when a defined threshold is breached.

CloudWatch Dashboards: Customizable home pages in the CloudWatch console that allow you to monitor your AWS resources and applications in a single view.

CloudWatch Logs: A fully managed service that allows you to collect, store, and monitor logs from various AWS services and applications.

CloudWatch Logs Insights: An interactive query service for CloudWatch Logs.

CloudWatch Metrics: Time-series data points that represent a measurement of a particular aspect of a resource or application.

CMKs (Customer Managed Keys): Encryption keys in AWS KMS that you create, own, and manage.

CodeDeploy Agent: A software package that runs on instances and processes deployment commands from AWS CodeDeploy.

Compliance Auditing: The process of verifying that systems and processes adhere to specific regulatory or industry standards.

Configuration Drift: When the actual configuration of a resource deviates from its intended or defined state.

Configuration Management: The process of maintaining a desired state for systems and software configurations.

Consolidated Billing: A feature of AWS Organizations that allows you to receive a single bill for all AWS accounts in your organization.

Content Delivery Network (CDN): A geographically distributed network of proxy servers and their data centers.

Cost Allocation: The process of attributing cloud costs to specific departments, projects, or business units.

Cost Allocation Tags: User-defined labels that you apply to AWS resources to categorize them for cost tracking.

Cost and Usage Report (CUR): The most comprehensive dataset about your AWS costs and usage.

Cost-Efficient Data Transfer: Strategies to minimize the expenses incurred when moving data within or out of AWS.

Cost-Optimized Compute: Strategies to reduce the cost of compute resources, such as using Spot Instances or right-sizing.

Cross-Account Access: Granting permissions to users or roles in one AWS account to access resources in another AWS account.

Cross-AZ Load Balancing: Distributing traffic across all registered targets in all enabled Availability Zones.

Cross-Region Replication (CRR): Automatically and asynchronously copies objects between S3 buckets in different AWS Regions.

Customer Managed Keys (CMKs): See CMKs.

Data Classification: The process of categorizing data based on its sensitivity, value, and regulatory requirements.

Data Durability: The ability of data to remain intact and uncorrupted over its lifecycle.

Data Egress: Data moving out of AWS to the internet, which typically incurs charges.

Data Ingress: Data moving into AWS, which is generally free.

Data Lake: A centralized repository that allows you to store all your structured and unstructured data at any scale.

Data Lifecycle Management: Strategies for managing data from creation to deletion, often involving tiering to different storage classes.

Data Mesh Principles: A decentralized data architecture approach that treats data as a product.

Data Residency: The geographical location where data is stored, often dictated by regulatory requirements.

Data Warehousing: The process of collecting and managing data from varied sources to provide meaningful business insights.

Database Migration Service (DMS): See AWS Database Migration Service.

Dead-Letter Queues (DLQs): A queue that other (source) queues can target for messages that can't be processed successfully.

Decoupling Components: Separating different parts of an application so they can operate independently, preventing cascading failures.

Declarative Language: A programming paradigm that expresses the logic of a computation without describing its control flow.

Dedicated Hosts (EC2 Dedicated Hosts): Physical EC2 servers dedicated for your exclusive use.

Defense in Depth: A multi-layered security strategy where multiple security controls are implemented to protect resources.

Deployment Strategies: Methods used to release new versions of applications to production environments.

DDoS Attacks (Distributed Denial of Service Attacks): Malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Distributed Tracing: A method used to monitor requests as they flow through a distributed system, providing end-to-end visibility.

DLQs (Dead-Letter Queues): See Dead-Letter Queues.

DNS (Domain Name System): A hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.

Drift Detection: A CloudFormation feature that identifies when actual resource configurations deviate from the template's defined state.

DR Strategies (Disaster Recovery Strategies): Plans and procedures to recover from large-scale outages, often involving a separate AWS Region.

DynamoDB (Amazon DynamoDB): A fully managed NoSQL key-value and document database.

DynamoDB Auto Scaling: Automatically adjusts Read Capacity Units (RCUs) and Write Capacity Units (WCUs) for DynamoDB tables.

DynamoDB Global Tables: Provides multi-Region, active-active replication for DynamoDB tables.

EC2 (Amazon EC2): Amazon Elastic Compute Cloud, a web service that provides resizable compute capacity in the cloud.

EC2 Auto Scaling: See Auto Scaling.

EC2 Instance Profiles: A container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

EC2 Instances: Virtual servers in Amazon's Elastic Compute Cloud.

EC2 Purchasing Options: Different pricing models for EC2 instances, including On-Demand, Spot, Reserved Instances, and Savings Plans.

Edge Locations: Data centers operated by AWS that are strategically positioned in highly populated areas around the world to cache content closer to end-users.

EFS (Amazon EFS): Amazon Elastic File System, a scalable, elastic, cloud-native NFS file system.

Egress-Only Internet Gateway: A VPC component for IPv6 traffic that allows instances in private subnets to initiate outbound connections to the internet but prevents inbound internet connections.

ElastiCache (Amazon ElastiCache): A fully managed, in-memory caching service.

Elastic Beanstalk (AWS Elastic Beanstalk): See AWS Elastic Beanstalk.

Elastic Block Store (EBS): See Amazon EBS.

Elastic Compute Cloud (EC2): See Amazon EC2.

Elastic Container Service (ECS): See Amazon ECS.

Elastic Kubernetes Service (EKS): See Amazon EKS.

Elastic Load Balancing (ELB): See ELB.

ELB (Elastic Load Balancing): A service that automatically distributes incoming application traffic across multiple targets.

Encryption at Rest: Protecting data while it is stored on disk.

Encryption in Transit: Protecting data as it moves over networks.

ENI (Elastic Network Interface): A logical networking component in a VPC that represents a virtual network card.

ETL (Extract, Transform, Load): A process in data warehousing that involves extracting data from sources, transforming it, and loading it into a target system.

Event-Driven Automation: Automation triggered by events or changes in the environment.

Event-Driven Communication: A software architecture pattern where components communicate by emitting and reacting to events.

EventBridge (Amazon EventBridge): A serverless event bus service that makes it easy to connect applications together using data from various sources.

Event Patterns: JSON-based filters used in EventBridge to define specific attributes an event must possess to trigger a rule.

Fargate (AWS Fargate): See AWS Fargate.

Fault Tolerance: The ability of a system to continue operating (perhaps in a degraded state) even if one or more of its components fail.

Federated Access: Allowing users to sign in with corporate credentials to access AWS resources.

Feynman Technique: A learning method that involves simplifying complex concepts as if teaching them to someone else.

FinOps (Cloud Financial Management): A cultural practice that brings financial accountability to the variable spend model of cloud, enabling organizations to make business trade-offs.

First Principle: A foundational truth or assumption that cannot be deduced from any other propositions.

Flow Log Records: Records captured by VPC Flow Logs that contain information about IP traffic.

FSx (Amazon FSx): A family of fully managed third-party file systems on AWS (e.g., FSx for Windows File Server, FSx for Lustre).

FSx for Windows File Server: A fully managed, highly reliable, and scalable file storage built on Windows Server.

GB-seconds: A billing unit for AWS Lambda, calculated by multiplying the memory allocated to a function by its execution duration.

Git: A distributed version control system.

GitOps: An operational framework that takes DevOps best practices used for application development, like version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation.

Glacier (Amazon Glacier): An S3 storage class for extremely low-cost, high-durability storage for infrequently accessed data with flexible retrieval times.

Glacier Deep Archive (S3 Glacier Deep Archive): The lowest-cost S3 storage class for long-term archival.

Global Accelerator (AWS Global Accelerator): See AWS Global Accelerator.

Global Infrastructure: The worldwide network of AWS data centers, Regions, Availability Zones, and Edge Locations.

Global Tables (DynamoDB Global Tables): See DynamoDB Global Tables.

gp3 (General Purpose SSD): A general-purpose SSD-backed EBS volume type that balances price and performance for a wide variety of transactional workloads.

GuardDuty (Amazon GuardDuty): An intelligent threat detection service that continuously monitors for malicious activity and unauthorized behavior.

HA (High Availability): The ability of a system to remain operational and accessible for a high percentage of the time.

Hadoop: An open-source framework for distributed storage and processing of very large datasets.

Health Checks: Mechanisms used by load balancers or Auto Scaling Groups to determine the health of registered targets.

Heterogeneous Database Migration: Migrating a database from one database engine to a different database engine (e.g., Oracle to PostgreSQL).

High Availability (HA): See HA.

HIPAA (Health Insurance Portability and Accountability Act): A U.S. law that sets standards for protecting sensitive patient health information.

Hot Data: Data that is frequently accessed and requires high performance and low latency.

Hot Spots: In a distributed database, a partition key that receives a disproportionately high volume of requests, leading to performance bottlenecks.

HPC (High-Performance Computing): The use of supercomputers and computer clusters to solve advanced computation problems.

HTTP/S: Hypertext Transfer Protocol Secure, a secure version of HTTP that uses SSL/TLS encryption.

Hybrid Cloud Architectures: IT environments that combine on-premises infrastructure with cloud resources.

IaC (Infrastructure as Code): Managing and provisioning infrastructure through code instead of manual processes.

IAM (Identity and Access Management): An AWS service that helps you securely control access to AWS resources.

IAM Groups: Collections of IAM users that simplify permission management.

IAM Policies: JSON documents that define specific permissions for IAM users, groups, or roles.

IAM Roles: Secure IAM identities that grant temporary permissions to AWS services or trusted users.

IAM Users: Individual entities (people or applications) with long-term credentials for direct AWS interaction.

Identity Federation: See Federated Access.

IGW (Internet Gateway): A VPC component that allows communication between your VPC and the internet.

Immutable AMIs: Amazon Machine Images that are never modified after being deployed; new versions are deployed from fresh images.

Immutable Data Integrity: Ensuring that data, once written, cannot be altered or deleted.

Immutable Infrastructure: An approach where servers are never modified after being deployed; new versions are deployed from fresh images.

Incident Response: A structured approach to managing unexpected events that disrupt normal operations.

In-place Deployment: A deployment strategy that updates application directly on existing servers or instances.

Infrastructure as Code (IaC): See IaC.

Instance IDs: Unique identifiers for EC2 instances.

Instance Profile (IAM Instance Profile): A container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

Internet Gateway (IGW): See IGW.

IoT (Internet of Things): A network of physical objects embedded with sensors, software, and other technologies for connecting and exchanging data over the internet.

io2 (Provisioned IOPS SSD): An EBS volume type designed for high-performance, mission-critical applications that require sustained IOPS performance.

IPsec Tunnel: A secure network tunnel that uses the IPsec protocol suite for encryption and authentication.

Ishikawa Diagram (Fishbone Diagram): A visual tool used to explore and identify the potential causes of a problem.

ITSM (IT Service Management): The activities performed by an organization to plan, deliver, operate, and control IT services offered to customers.

Jumbo Frames: Ethernet frames with a payload greater than the standard 1500 bytes, used to increase network throughput.

Kinesis (Amazon Kinesis): A family of services for real-time data streaming.

Kinesis Data Firehose (Amazon Kinesis Data Firehose): A fully managed service for delivering real-time streaming data to destinations.

KMS (AWS Key Management Service): See AWS Key Management Service.

Kubernetes: An open-source container orchestration system for automating deployment, scaling, and management of containerized applications.

Kubernetes Horizontal Pod Autoscaler: Automatically scales the number of pods in a Kubernetes deployment based on observed CPU utilization or other select metrics.

Lambda (AWS Lambda): See AWS Lambda.

Lambda Function Execution Roles: IAM roles that grant permissions to Lambda functions to access other AWS services.

Lambda Function Logs: Logs generated by AWS Lambda functions, typically sent to CloudWatch Logs.

Lambda Invocations: The number of times a Lambda function is executed.

Lambda Versions: A feature of AWS Lambda that allows you to publish multiple versions of your function code.

Landing Zone: A well-architected, multi-account AWS environment that is scalable and secure.

Latency-based Routing: A Route 53 routing policy that routes traffic to the AWS Region that provides the lowest latency for the user.

Least Privilege (Principle of Least Privilege): Granting only the minimum permissions necessary for a user or service to perform its task.

Ledger Database: A type of database that provides an immutable, cryptographically verifiable transaction log.

Lift-and-Shift (Rehost): A migration strategy that involves moving an application as-is from on-premises to the cloud without significant changes.

Lift-Tinker-Shift (Replatform): A migration strategy that involves moving an application to the cloud and making some cloud optimizations without changing core architecture.

Lifecycle Policies (S3 Lifecycle Policies): Rules that automate the transition of objects between S3 storage classes or their expiration.

Log Groups: High-level containers for logs in CloudWatch Logs.

Log Streams: Sequences of log events from a single source within a log group in CloudWatch Logs.

Low-Latency Global Access: Providing users worldwide with fast access to applications and data by deploying resources closer to them.

Lustre (Amazon FSx for Lustre): A high-performance file system optimized for fast processing of workloads.

Macie (Amazon Macie): A security service that uses machine learning to discover, classify, and protect sensitive data in S3.

Managed Services: AWS services where AWS manages the underlying infrastructure, allowing customers to focus on their applications.

MariaDB: An open-source relational database management system, compatible with MySQL.

Mean Time To Detect (MTTD): The average time it takes to detect an incident.

Mean Time To Recovery (MTTR): The average time it takes to recover from an incident.

Memcached: A popular open-source, distributed memory caching system, supported by Amazon ElastiCache.

Metric Filters: CloudWatch Logs feature that allows you to create metrics from log events.

Metrics: Quantitative measurements of a resource or application over time.

MFA (Multi-Factor Authentication): Requires users to provide two or more verification factors to gain access.

Microservices: An architectural style that structures an application as a collection of loosely coupled, independently deployable services.

Migration Hub (AWS Migration Hub): A centralized dashboard to track the progress of application migrations from on-premises to AWS.

Migration Readiness Assessment (MRA): A structured assessment of an organization's readiness for cloud migration across various dimensions.

MongoDB: A popular open-source NoSQL document database.

Multi-AZ Deployments: A strategy that distributes resources across physically isolated Availability Zones within a single AWS Region for high availability.

Multi-Factor Authentication (MFA): See MFA.

Multi-Region Design: A strategy that distributes application components across geographically separate AWS Regions for disaster recovery and global low-latency access.

Multi-Site Active/Active: A disaster recovery strategy where the application is fully deployed and actively serving traffic in multiple Regions simultaneously.

MySQL: A popular open-source relational database management system.

NACLs (Network Access Control Lists): See Network Access Control Lists.

NAT Gateway (Network Address Translation Gateway): A highly available, managed Network Address Translation service that allows instances in private subnets to initiate outbound connections to the internet.

Neptune (Amazon Neptune): A fully managed graph database service.

Network Access Control Lists (NACLs): Stateless packet filters that control traffic to and from one or more subnets.

Network Address Translation (NAT): A method of remapping one IP address space into another.

Network Firewall (AWS Network Firewall): A managed service that makes it easier to deploy network protections for all your Amazon VPCs.

Network Load Balancer (NLB): See NLB.

NFS (Network File System): A distributed file system protocol that allows a user on a client computer to access files over a computer network.

NLB (Network Load Balancer): A type of Elastic Load Balancer that operates at Layer 4 (TCP/UDP), designed for extreme performance and static IP addresses.

Node.js: An open-source, cross-platform, JavaScript runtime environment.

NoSQL Databases: Databases that provide a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases.

Object Lock (S3 Object Lock): An S3 feature that provides Write Once Read Many (WORM) capability, preventing objects from being deleted or overwritten.

Observability: The ability to understand the internal state of a system by examining its outputs (metrics, logs, traces).

OIDC (OpenID Connect): An authentication layer on top of OAuth 2.0, used for identity federation.

OLAP (Online Analytical Processing): A category of software tools that provide analysis of data for business intelligence.

OLTP (Online Transaction Processing): A class of software programs capable of conducting a large number of transactions simultaneously.

On-Demand Capacity Mode (DynamoDB): A flexible billing option for DynamoDB where you pay per request for reads and writes.

On-Demand Instances (EC2 On-Demand Instances): EC2 instances that you pay for by the second or hour, with no long-term commitment.

Operational Consistency: Ensuring that operational processes and configurations are uniform and repeatable across environments.

Operational Excellence: A pillar of the AWS Well-Architected Framework that focuses on running and monitoring systems and continuously improving supporting processes and procedures.

Operational Intelligence: The ability to gain insights from operational data to improve efficiency and decision-making.

Operational Overhead: The effort and resources required to manage and maintain systems.

Operational Runbooks: Documented, step-by-step procedures for common operational tasks or incident responses.

Oracle: A popular commercial relational database management system.

OS Patching: Applying updates to an operating system to fix bugs, improve performance, or address security vulnerabilities.

Over-provisioning: Allocating more resources than are actually needed for a workload, leading to unnecessary costs.

Partition Key (DynamoDB): An attribute that determines the logical and physical partitions where data is stored in DynamoDB.

Patch Baselines: In Systems Manager Patch Manager, a set of rules that define which patches are approved or rejected for deployment.

Patch Manager (Systems Manager Patch Manager): A capability of AWS Systems Manager that automates the process of patching operating systems and applications.

PCI DSS (Payment Card Industry Data Security Standard): A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Performance Insights (RDS Performance Insights): An Amazon RDS feature that helps you quickly assess the load on your database and determine when and where to take action.

Permissions Boundaries (IAM Permissions Boundaries): An advanced IAM feature that allows the central security team to set the maximum permissions that an identity-based policy can grant to an IAM user or role.

Persistent Storage: Storage that retains data even after the compute instance is terminated.

Petabyte (PB): A unit of digital information equal to 1,000 terabytes, or 10^15 bytes.

PII (Personally Identifiable Information): Information that can be used to identify an individual.

Pilot Light: A disaster recovery strategy where a minimal core infrastructure is kept running in the DR Region, ready for quick scale-up.

Point-in-Time Recovery: The ability to restore a database or data to any specific point in time within a retention period.

Polyglot Persistence: The practice of using different data storage technologies for different needs within a single application.

POSIX (Portable Operating System Interface): A family of standards specified by the IEEE for maintaining compatibility between operating systems.

Post-Mortem (Blameless Post-Mortem): A review process after an incident that focuses on identifying root causes and improving processes, without assigning blame.

PostgreSQL: A powerful, open-source object-relational database system.

Principle of Least Privilege (PoLP): See Principle of Least Privilege.

PrivateLink (AWS PrivateLink): A service that provides private connectivity between VPCs, AWS services, and on-premises applications.

Private Subnet: A subnet that does not have a direct route to an Internet Gateway, isolating resources from inbound internet connections.

Proactive Cost Analysis: Continuously monitoring and analyzing costs to identify optimization opportunities before they become significant.

Programmatic Control: Managing resources or systems using code or scripts rather than manual interfaces.

Provisioned Capacity Mode (DynamoDB): A billing option for DynamoDB where you specify the Read Capacity Units (RCUs) and Write Capacity Units (WCUs) you expect your application to require.

Provisioned Concurrency (Lambda Provisioned Concurrency): A feature of AWS Lambda that keeps functions initialized and ready to respond in milliseconds.

Pub/Sub (Publish/Subscribe): A messaging pattern where senders (publishers) send messages to a topic, and receivers (subscribers) receive messages from the topic.

Public Subnet: A subnet that has a route to an Internet Gateway, allowing inbound/outbound internet access.

Python (Boto3): The AWS SDK for Python.

QLDB (Amazon Quantum Ledger Database): See Amazon Quantum Ledger Database.

Quantum Ledger Database (QLDB): A fully managed ledger database for immutable, cryptographically verifiable transaction logs.

RCA (Root Cause Analysis): See Root Cause Analysis.

RDS (Amazon RDS): See Amazon Relational Database Service.

RDS Multi-AZ: A deployment option for Amazon RDS that synchronously replicates database instances to a standby in a different AZ for high availability.

RDS Performance Insights: See Performance Insights.

RDS Read Replicas: Asynchronously replicated copies of your primary RDS database instance, used for scaling read performance.

Reachability Analyzer: A feature in Amazon VPC that analyzes the network path between two resources and determines if they are reachable.

Recovery Point Objective (RPO): The maximum tolerable amount of data loss measured in time.

Recovery Time Objective (RTO): The maximum tolerable downtime after a disaster.

Redshift (Amazon Redshift): A fast, fully managed, petabyte-scale data warehouse.

Refactor/Re-architect: A migration strategy that involves re-imagining how an application is architected and developed, typically to leverage cloud-native capabilities fully.

Regions: See AWS Regions.

Rehost (Lift-and-Shift): See Lift-and-Shift.

Relational Database Service (RDS): See Amazon Relational Database Service.

Replatform (Lift-Tinker-Shift): See Lift-Tinker-Shift.

Repurchase: A migration strategy that involves moving to a different product, typically a SaaS solution.

Reserved Instances (RIs): A purchasing option for EC2 and other services that provides a discounted hourly rate in exchange for a 1- or 3-year commitment.

Resource ARNs (Amazon Resource Names): Uniquely identify AWS resources.

Resource Configurations: The settings and properties of AWS resources.

Resource Utilization: How efficiently computing resources are being used.

Retain: A migration strategy that involves keeping the application as-is (e.g., due to compliance, cost, or lack of business justification for migration).

Retire: A migration strategy that involves decommissioning applications that are no longer needed.

Retry Mechanisms: Logic implemented in application code to reattempt failed operations, especially for transient errors.

Right-Sizing: Continuously evaluating compute instance sizes to ensure they are appropriately matched to workload requirements.

Risk Mitigation: Actions taken to reduce the likelihood or impact of potential risks.

Rolling Cutover: A deployment strategy that gradually replaces old versions with new ones in a phased manner across a fleet of instances.

Rolling Update: See Rolling Cutover.

Root Cause Analysis (RCA): A systematic process for identifying the fundamental reasons for an operational incident.

Route 53 (Amazon Route 53): A highly available and scalable cloud Domain Name System (DNS) web service.

Route Tables: Control where network traffic from a subnet or gateway is directed within a VPC.

RPO (Recovery Point Objective): See Recovery Point Objective.

RTO (Recovery Time Objective): See Recovery Time Objective.

Run Command (Systems Manager Run Command): A capability of AWS Systems Manager that allows you to run shell commands, PowerShell commands, or Systems Manager Documents on a large fleet of instances.

Runbooks: See Operational Runbooks.

S3 (Amazon S3): See Amazon S3.

S3 Bucket Policies: Access policies attached to S3 buckets to control who can access objects and how.

S3 Buckets: Containers for objects stored in Amazon S3.

S3 Cross-Region Replication (CRR): See Cross-Region Replication.

S3 Encryption: Various options for encrypting objects stored in S3 buckets.

S3 Glacier: See Glacier.

S3 Glacier Deep Archive: See Glacier Deep Archive.

S3 Intelligent-Tiering: An S3 storage class that automatically moves objects between frequent, infrequent, and archive access tiers based on changing access patterns.

S3 Lifecycle Policies: See Lifecycle Policies.

S3 Object Lock: See Object Lock.

S3 Standard: The default S3 storage class for general-purpose, frequently accessed data.

S3 Standard-Infrequent Access (IA): An S3 storage class for data accessed less frequently but requiring rapid access when needed.

S3 Storage Classes: Different storage tiers within Amazon S3, optimized for various access patterns and costs.

SaaS (Software as a Service): A software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet.

SAML 2.0 (Security Assertion Markup Language 2.0): An open standard for exchanging authentication and authorization data between an identity provider and a service provider.

Sandbox Environment: A testing environment that isolates unproven code changes and experiments from the production environment.

Savings Plans: A flexible pricing model that offers significant discounts on compute usage in exchange for a 1- or 3-year commitment to a consistent amount of compute usage.

Scaled Score: A raw score that has been converted to a common scale to allow for comparison across different versions of an exam.

Scaling Policies (Auto Scaling Policies): Define how an Auto Scaling Group should scale (e.g., Target Tracking, Simple/Step, Scheduled).

SCPs (Service Control Policies): See Service Control Policies.

Schema Conversion Tool (SCT): A tool used as part of AWS Database Migration Service (DMS) to convert database schemas and application code.

Security by Design: Proactively building security into every architectural decision, rather than retrofitting it later.

Security Groups (SGs): Stateful virtual firewalls that control inbound and outbound traffic for individual EC2 instances or ENIs.

Security Hub (AWS Security Hub): See AWS Security Hub.

Security in Operations: Integrating security considerations directly into all operational processes and configurations.

Segment Timelines (X-Ray Segment Timelines): Detailed breakdowns of what each service or component is doing within an X-Ray trace.

Self-healing Architectures: Systems designed to automatically detect and remediate anomalies or failures, restoring services to a healthy state with minimal human intervention.

Serverless: A cloud execution model where the cloud provider dynamically manages the allocation and provisioning of servers.

Serverless Application: An application built using serverless compute services like AWS Lambda.

Serverless Compute: A cloud execution model where the cloud provider dynamically manages the allocation and provisioning of servers.

Service Control Policies (SCPs): Policies within AWS Organizations that allow you to centrally control the maximum available permissions for all IAM users and roles in member accounts.

Service Degradations: A reduction in the quality or performance of a service.

Service Health Dashboard (AWS Service Health Dashboard): A public page that displays the current and historical status of all AWS services.

Service Map (X-Ray Service Map): A visual representation of the components of your application and their connections in AWS X-Ray.

Session Manager (Systems Manager Session Manager): A capability of AWS Systems Manager that provides secure, auditable, and browser-based shell access to EC2 instances and on-premises servers.

SGs (Security Groups): See Security Groups.

Shared Responsibility Model: See AWS Shared Responsibility Model.

Shokunin Kishitsu: A Japanese term referring to the craftsman's spirit, emphasizing meticulous attention to detail and continuous improvement.

Short-term Memory: The capacity for holding a small amount of information in mind in an active, readily available state for a short period of time.

Site-to-Site VPN (AWS Site-to-Site VPN): A managed VPN connection that creates an encrypted tunnel between your on-premises network and your Amazon VPC over the public internet.

Snowball Edge (AWS Snowball Edge): A physical device for transferring petabytes of data into and out of AWS, which can also run EC2 instances and Lambda functions for edge computing.

Snowcone (AWS Snowcone): A small, portable, and rugged edge computing and data transfer device.

Snowmobile (AWS Snowmobile): An exabyte-scale data transfer service that uses a 45-foot long ruggedized shipping container.

SOA-C02 Exam Objectives: The official topics and skills that the AWS Certified SysOps Administrator - Associate exam assesses.

SOC Reports (Service Organization Control Reports): Independent third-party examination reports that demonstrate how a company achieves key compliance controls and objectives.

Software Development Kits (SDKs): See AWS SDKs.

Solutions (AWS Solutions): Pre-built, well-architected solutions for common business problems on AWS.

Sort Key (DynamoDB): An attribute that defines the order of items within a partition in DynamoDB.

Spaced Repetition: A learning technique that involves reviewing material at increasing intervals to improve long-term retention.

Spark: An open-source, distributed processing system used for big data workloads.

Spot Instances (EC2 Spot Instances): A purchasing option for EC2 that leverages unused EC2 capacity for up to 90% discount, ideal for fault-tolerant workloads.

SQS (Amazon SQS): Amazon Simple Queue Service, a fully managed message queuing service.

SQL (Structured Query Language): A domain-specific language used in programming and designed for managing data held in a relational database management system.

SQL Server: A relational database management system developed by Microsoft.

SSL/TLS Certificates: Digital certificates that authenticate the identity of a website and encrypt information sent to the server using SSL or TLS technology.

SSM Agent (Systems Manager Agent): See Systems Manager Agent.

SSM Associations (Systems Manager Associations): Configurations defined using an SSM Document and applied to a target set of instances by Systems Manager State Manager.

SSM Documents (Systems Manager Documents): JSON or YAML documents that define a series of steps to perform on AWS resources using Systems Manager.

Stack Policies (CloudFormation Stack Policies): Prevent unintended updates or deletions to specific stack resources in CloudFormation.

StackSets (CloudFormation StackSets): A CloudFormation feature that extends stacks to deploy common AWS resources from a single template across multiple target AWS accounts and specified AWS Regions.

State Manager (Systems Manager State Manager): A capability of AWS Systems Manager that allows you to define and enforce a consistent state for your EC2 instances and on-premises servers.

Stateless Firewalls: Firewalls that treat each packet as an independent entity and do not keep track of the state of connections.

st1 (Throughput Optimized HDD): An EBS volume type designed for frequently accessed, throughput-intensive workloads.

Storage Classes (S3 Storage Classes): See S3 Storage Classes.

Storage Gateway (AWS Storage Gateway): See AWS Storage Gateway.

Strongly Consistent Reads (DynamoDB): Returns the most up-to-date data, reflecting all prior writes in DynamoDB.

Subnet Segmentation: Dividing a VPC into smaller subnets to isolate resources and control traffic flow.

Subnets: Subdivisions of a VPC defined by CIDR blocks.

Sustainability Pillar: A pillar of the AWS Well-Architected Framework that focuses on minimizing the environmental impact of running cloud workloads.

Synthetic Monitoring (CloudWatch Synthetic Monitoring): Configurable scripts that run on a schedule to monitor endpoints and APIs, simulating user behavior.

Systems Manager (AWS Systems Manager): See AWS Systems Manager.

Systems Manager Agent (SSM Agent): A piece of software installed on your EC2 instances or on-premises servers that processes requests from the AWS Systems Manager service.

Systems Manager Automation: See Systems Manager Automation.

Systems Manager Documents (SSM Documents): See SSM Documents.

Systems Manager Inventory: A capability of AWS Systems Manager that collects and displays detailed information about your instances.

Systems Manager OpsCenter: A capability of AWS Systems Manager that provides a central location to view, investigate, and resolve operational issues.

Systems Manager Patch Manager: See Systems Manager Patch Manager.

Systems Manager Run Command: See Systems Manager Run Command.

Systems Manager Session Manager: See Systems Manager Session Manager.

Systems Manager State Manager: See Systems Manager State Manager.

Tagging Strategy: A consistent plan for applying tags to AWS resources for organization, cost allocation, and automation.

Target Tracking Scaling: An Auto Scaling policy that maintains a specified target value for a metric.

TCP/UDP: Transmission Control Protocol/User Datagram Protocol, common network protocols.

TCO (Total Cost of Ownership): A financial estimate of all direct and indirect costs associated with a product or system.

Templates (CloudFormation Templates): Text files (JSON or YAML) that define the AWS resources you want to provision using CloudFormation.

Threat Detection Service: A service that continuously monitors for malicious activity and unauthorized behavior.

Timestream (Amazon Timestream): A fully managed, serverless time series database.

TLS (Transport Layer Security): The cryptographic protocol widely used for securing communication over networks.

Total Cost of Ownership (TCO): See TCO.

Traffic Distribution: Spreading incoming requests across multiple healthy targets.

Traffic Flow Control: Managing how network traffic is allowed or denied between different parts of a network.

Trails (CloudTrail Trails): Configurations in CloudTrail that deliver CloudTrail events to an Amazon S3 bucket for long-term storage and to Amazon CloudWatch Logs for real-time monitoring and alerting.

Transit Gateway (AWS Transit Gateway): See AWS Transit Gateway.

Transitive Routing: The ability for network traffic to pass through an intermediate network device to reach a destination.

Troubleshooting: The process of identifying and resolving problems in a system.

Under-provisioning: Allocating fewer resources than are actually needed for a workload, leading to performance issues.

Unified Log Management: Consolidating logs from various sources into a single system for easier management and analysis.

User Data Scripts: Scripts that are executed when an EC2 instance is launched, often used for initial configuration.

User Experience: The overall experience of a person using a product or service.

Version Control: A system that records changes to a file or set of files over time so that you can recall specific versions later.

Virtual Private Cloud (VPC): See VPC.

Visualizations: Graphical representations of data, such as charts and graphs.

VM Import/Export: A service that imports virtual machine images from your existing virtualization environment to Amazon EC2 and exports them back.

VMware: A leading virtualization and cloud computing software provider.

VPC (Amazon Virtual Private Cloud): A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

VPC Components: The building blocks of an Amazon VPC, such as subnets, route tables, Internet Gateways, and NAT Gateways.

VPC Endpoints: Allow you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

VPC Flow Logs: A feature that captures IP traffic information for network interfaces in your Amazon VPC.

VPC Peering: A networking connection between two VPCs that enables you to route traffic between them privately.

VPC Sizing: Planning the CIDR blocks for a VPC to accommodate future growth and minimize routing complexity.

WAF (AWS WAF): AWS Web Application Firewall, a service that protects web applications or APIs from common web exploits and bots.

Warm Standby: A disaster recovery strategy where a scaled-down, fully functional production replica is continuously running and updated in the DR Region.

Well-Architected Framework (AWS Well-Architected Framework): A set of best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.

Windows File Server (Amazon FSx for Windows File Server): See FSx for Windows File Server.

Windows Server: A server operating system developed by Microsoft.

WORM (Write Once Read Many): A data storage technology that allows data to be written once and read many times, but not modified or deleted.

X-Ray (AWS X-Ray): See AWS X-Ray.

Zendesk: A customer service software company.