AWS Terms

There are many terms in AWS that use confusing names for simple things.
Even working with AWS for over a year, I really miss out on some terms. That's why I wrote this article. Typing whatever I remember. I am studying these for my AWS exam, which I will take in a few weeks!

So here are the terms:

Terms

1. Access control list (ACL): A firewall/security layer on the subnet level
2. Auto scaling: Automates the process of adding or removing EC2 instances based on traffic demand for your application
3. Buckets: Root-level “folders”
4. CloudFront: Content delivery network (CDN) that allows you to store your content at “edge locations” located all around the world, allowing customers to access your content more quickly
5. CloudTrail: Allows you to monitor all actions taken by IAM users
6. CloudWatch: Service that allows you to monitor various elements of your AWS account
7. Consolidated billing: Allows you to view, manage, and pay bills for multiple AWS accounts in one user interface
8. DNS server: A database of website domains and their corresponding IP addresses
9. DynamoDB: NoSQL database service that does not provide other NoSQL software options
10. Elastic Compute Cloud (EC2): A virtual computer, very similar to a desktop/laptop computer
11. Elastic Load Balancing (ELB): Evenly distributes traffic between EC2 instances that are associated with it
12. ElastiCache: Data caching service used to help improve the speed/performance of web applications running on AWS
13. Elasticity: The ability of a system to increase and decrease in size
14. Fault tolerance: Property that enables a system to continue operating properly in the event of the failure of one or more components
15. Firewall: A type of software that either allows or blocks certain kinds of internet traffic to pass through it
16. Folder: Any “subfolder” created in a bucket
17. High availability: Refers to systems that are durable and likely to operate continuously without failure for a long time
18. IAM users: Individuals who have been granted access to an AWS account
19. Identity and Access Management (IAM): Service where AWS user accounts and their access to various AWS services are managed
20. Lambda: Serverless computing that will replace EC2 instances, for the most part
21. Object availability: Percent over a one-year time period that a file stored in S3 will be accessible
22. Object durability: Percent over a one-year time period that a file stored in S3 will not be lost
23. Object lifecycle: Set rules to automatically transfer objects between storage classes at defined time intervals
24. Object sharing: Ability to make any object publicly available via a URL link
25. Object versioning: Automatically keep multiple versions of an object (when enabled)
26. Organizations: Allow you or your company access to manage billing and access to multiple AWS accounts in one user interface
27. Principle of least privilege: Giving a user only the rights/access to the AWS services and resources they need to do their job and nothing more
28. Publishers: Human/alarm/event that gives SNS the message that needs to be sent
29. Relational Database Service (RDS): SQL database service that provides a wide range of SQL database options to select from
30. RedShift: Data warehouse database service designed to handle petabytes of data for analysis
31. Roles: How different AWS services are granted permission to communicate and share data
32. Route 53: Where you configure and manage web domains for websites or applications you host on AWS
33. Scalability: The ability of a system to easily increase in size and capacity in a cost-effective way
34. Security group (SG): Firewall/security layer on the server/instance level
35. Shared responsibility model: Defines what you and AWS are responsible for when it comes to security and compliance
36. Simple Notification Service (SNS): AWS service that allows you to automate the sending of email or text messaging notifications based on events that happen in your AWS account
37. Simple Storage Service (S3): Online bulk storage service you can access from almost any device
38. Storage class: Represents “classification” assigned to each object in S3 (standard, RRS, S3-IA, Glacier)
39. Subnet: A subsection of a network and generally includes all the computers in a specific location
40. Subscriptions: Endpoints to which a topic sends messages
41. Topics: How you label and group different endpoints to which you send messages
42. Trusted Advisor: Service that “advises” and helps you optimize aspects of your AWS account
43. User credentials: IAM user’s username and password for logging in to AWS
44. Virtual Private Cloud (VPC): A private subsection of AWS you control and in which you can place AWS resources

Do tell me what I've missed! It will help both me and the community. :-)

Comments

[Thomas H Jones II]

Access control list (ACL): A firewall/security layer on the subnet level

ACLs have several contexts (e.g., you can set them on entire S3 buckets or individual objects within a bucket)

Auto scaling: Automates the process of adding or removing EC2 instances based on traffic demand for your application

That's one use-case. Another very common one is for availability or automated, scheduled re-deployments. In the former case, if you experience a node-fault, the faulted node is rebuilt (even if there's only one node under management). In the latter case, you can use scheduled scale-down/scale-up actions (useful when you have Internet-facing resources that you'd like to ensure won't be home to advanced, persistent threats.

Elastic Load Balancing (ELB): Evenly distributes traffic between EC2 instances that are associated with it

You'd probably want to drop the "evenly". Depending on what distribution-policy you set on an ELB and the nature of the distributed workloads, the resultant distribution can be far from even.

Folder: Any “subfolder” created in a bucket

Don't technically exist. Buckets don't really have hierarchical storage like you have on traditional filesystems. The thing that's presented to you in the S3 web UI as though it were a folder is simply a groupable "key".

High availability: Refers to systems that are durable and likely to operate continuously without failure for a long time

Should be defined less in terms of "systems" than "services": a given service can be made highly-available (frequently with things like clustering or scaling-groups paired ELBs) even though the underlying systems (EC2s, containers, etc.) may be quite ephemeral or perishable.

Roles: How different AWS services are granted permission to communicate and share data

Like ACLs, roles have more than a single context. Basically, you use roles (and associated IAM policies) to grant permissions to other AWS-hosted/managed resources. Roles can be assigned to Instances, users, managed-service components, etc.

Route 53: Where you configure and manage web domains for websites or applications you host on AWS

Basically just a managed-DNS solution with hooks to other AWS services (e.g., availability-monitoring). As a DNS solution, it can be used to host:IP mapping for more than just web-servers ...and, can include supporting things like email sender-validation, directory referrals, etc..

Scalability: The ability of a system to easily increase in size and capacity in a cost-effective way

Again, probably better framing in terms of "services" rather than systems. While you may be able to scale individual systems it's not super common to do so. The usual goal is to size a service's backing components to match demand.

Security group (SG): Firewall/security layer on the server/instance level

SGs operate at the cloud/network layer. Servers/instances that implement firewalling capabilities do so through things like Windows' Advanced Firewall or Linux's firewalld.

Subnet: A subsection of a network and generally includes all the computers in a specific location

You'd be better off stopping immediately after the word "network". Groupings of "all computers in a specific location" are "availability zones" (and groupings of availability zones are "regions"). Within a given region, you'd assign a contiguous block of IPs, then subdivide that block across however many zones you want to include in the VPC. Even measured in terms of availability zones, it's very common that your network design locates networked assets across multiple subnets.

At any rate, all that subnets really are - whether in cloud or legacy hosting-environments - are logical segmentations of larger network address-blocks.

[Alok Prateek]

Thank you sir!

Your notes has been really insightful!
Made me reach out for the book I'm reading and the course by linuxacademy, some of points are valid but aren't presented in the book or the online course.

Again thank you a lot!
It made my day!

Regards,
Alok

[Thomas H Jones II]

Coming up on four years of providing cloud-enablement services for a few different organizations. Have also had to pass the architecture and DevOps AWS exams twice, now (fortunately, AWS shifted to a three-year renewal-schedule, recently). That "enablement" has been split between writing tools and documentation for those organizations as well as walk-throughs and after action reports. :p

[Alok Prateek]

PS: I'm editing the article based on your notes. 😁

[Helen Anderson]

Great list!

I wrote something similar at the end of last year with links to the Devs who write about AWS here on Dev.to:

AWS Series: Concepts from A to Z

Helen Anderson ・ Dec 10 '18 ・ 11 min read

#beginners #aws #architect

[Alok Prateek]

Wow!

Just read your article! It's really comprehensive. It will sure help for my preparations for the exam!

Also there are lot of names that I missed!

Thanks for share!
love,
Alok