CLF-C02 Exam Glossary - 243 Terms

Search the terminology pack for AWS Certified Cloud Practitioner. Use these definitions with the study guide and practice questions.

Download App Study Guide Free Practice Exam

#

11 nines of durability: A durability level of 99.999999999% described in the text for S3 and some S3 storage classes.
4 nines of availability: An availability level of 99.99% described in the text for S3.

A

Access Control List: A subnet-level firewall layer that cannot grant permissions to users in the account, but can grant basic read/write permissions to other AWS accounts for buckets and objects.
Amazon Alexa: A voice assistant powered by AWS Lex, according to the text.
Amazon CloudFront: AWS’s global edge network service that uses edge locations to improve performance and reliability for fast content delivery.
Amazon Connect: An AWS cloud contact center service that provides customer service functionality at lower cost and can improve help desk productivity.
Amazon EC2: An AWS compute service that operates in multiple global locations and is used as an example of Infrastructure as a Service.
Amazon Outposts: A fully managed off-premises private cloud solution from AWS.
Amazon Web Services (AWS): Amazon’s cloud computing platform that provides globally distributed infrastructure and managed services, offering advantages such as rapid deployment, elasticity, and pay-as-you-go pricing over traditional on-premises data centers.
Amazon WorkSpaces: An AWS virtual desktop infrastructure service that hosts virtual desktops in the cloud. It enables employees to work from home without data stored on local devices.
Apache Kafka: A streaming platform managed by AWS MSK for ingesting and processing log and event streams.
API Gateway: An AWS service used to build, manage, secure, and scale APIs; it can invoke services such as Lambda and supports RESTful and WebSocket APIs.
Application Discovery Service: An AWS service used to determine the cost of migrating to the cloud, plan migration projects, and estimate TCO. It can discover servers, group them into applications, and track migration status from Migration Hub.
Application Migration Service: An AWS service for lift-and-shift migration of applications from source infrastructure running supported operating systems. The text says it is the next generation of CloudEndure Migration.
Artifact: An AWS service that provides access to independent software vendor compliance reports, including SOC and PCI reports, through a self-service portal.
Athena: An AWS serverless SQL query service for analyzing data where it lives, including petabyte-scale data in S3. The text says it can run federated queries across multiple data source types.
Aurora: An AWS-built cloud database compatible with MySQL and PostgreSQL that scales automatically by adding capacity and storage while providing durability and high availability.
authentication: The process of verifying an identity using credentials such as a username and password.
authorization: The process that determines which AWS services and resources an identity can access, with permissions granted via a policy.
Availability Zone (AZ): One or more data centers within an AWS Region, built with redundant power, networking, and connectivity to provide high availability and fault tolerance.
Availability Zones: Isolated locations within an AWS Region that are part of the infrastructure AWS is responsible for supporting.
AWS Backup: An AWS backup and recovery service used to create backup plans for storage.
AWS Certificate Manager: An AWS service that provisions public and private SSL/TLS certificates for free and provides managed certificate renewal.
AWS CLI: The AWS Command Line Interface; a programmatic interface for AWS that has the same features as the AWS Management Console and often receives new features first.
AWS Cloud9: An AWS service used as an example of Platform as a Service for application development.
AWS CloudTrail: An AWS service used for comprehensive logging and auditing actions in the context of security.
AWS CodeCommit: An AWS service used for versioning in the context of operational excellence.
AWS Direct Connect: A dedicated physical network connection from an on-premises data center to AWS that carries data over a private network and supports hybrid cloud architectures and large data transfers.
AWS Encryption SDK: An AWS data encryption library used to encrypt data within applications.
AWS Global Accelerator: An AWS service that improves application availability, performance, and security using the AWS global network, and is used for global traffic management, API acceleration, global static IPs, and low-latency gaming and media workloads.
AWS Lambda: An AWS serverless compute service cited as an excellent choice for serverless workloads.
AWS License Manager: An AWS service for managing AWS and on-premises licenses.
AWS Management Console: The web-browser-based interface for managing AWS resources; described as easy to navigate and suitable for non-technical roles.
AWS MGN: An acronym used in the text for AWS Application Migration Service, the successor to AWS Server Migration Service.
AWS Organizations: An AWS account management service that lets you consolidate multiple AWS accounts into an organization you create and centrally manage, supporting billing, budgetary, security, and compliance needs.
AWS Partner Network (APN): A global community of approved AWS partners that offer solutions and consulting services.
AWS Price List API: An AWS API used to query the prices of AWS services using JSON or CSV, including bulk price queries or individual API calls. It can also be used to receive price alerts when prices change.
AWS Regions: Separate geographic areas in AWS that provide redundancy and disaster recovery; regions are fully independent and may offer different services and resources.
AWS SDK: A software development kit that can be used to make programmatic changes to the AWS environment.
AWS Shared Responsibility Model: The AWS security and compliance framework that divides responsibilities between AWS and the customer. AWS is responsible for security of the cloud, while the customer is responsible for security in the cloud.
AWS Transit Gateway: An AWS service that connects Amazon Virtual Private Clouds and on-premises networks through a central hub, reducing complex peering relationships and acting as a highly scalable cloud router.
AWS Trust & Safety Team: The AWS team customers contact to report suspected abuse of AWS resources.
AWS VPN: An AWS service for site-to-site VPN connections that creates a secure connection between an internal network and AWS VPCs over the public internet.
AWS Well-Architected Framework: AWS guidance for designing cloud architectures that are robust, efficient, and secure, organized around operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
AZs: Abbreviation for Availability Zones.

B

Basic: The free AWS support plan, which provides email support and discussion forums only.
Batch: An AWS service for processing large workloads in smaller chunks by dynamically provisioning instances based on volume.
Budgets: An AWS cost-management service used to set custom budgets for cost and usage tracking and generate alerts. It supports cost, usage, and reservation budgets.
Business: An AWS support plan costing $100 per month, intended for production workloads, with unlimited contacts, full Trusted Advisor access, and 24/7 email, phone, and chat support.

C

CapEx: Capital expenditure; substantial upfront spending on resources or infrastructure that AWS’s operational model helps avoid.
CDN: Content Delivery Network; a globally distributed network used to deliver content with low latency.
Chef: A configuration management tool mentioned as part of AWS OpsWorks automation.
CI-CD: Continuous integration and continuous delivery.
CIAM: Customer identity and access management; the identity model provided by Amazon Cognito for application users.
CIDR reservation: A range of IPv4 or IPv6 addresses set aside so AWS cannot assign them to your network interfaces.
Cloud Financial Management: A cost-management practice referenced in the Well-Architected Framework’s cost optimization pillar.
Cloud9: An AWS browser-based IDE used to write and debug code and to build serverless applications.
CloudEndure Migration: The predecessor service to AWS Application Migration Service, as stated in the text.
CloudFormation: An AWS infrastructure as code service that uses templates to describe resources and dependencies and launch them as stacks.
CloudFront: AWS’s content delivery network service that provides low-latency global distribution of static and dynamic web content using edge locations to cache content.
CloudHSM: AWS CloudHSM; a service for managing single-tenant hardware security modules on AWS, including dedicated FIPS 140-2 Level 3 HSM instances.
CloudTrail: An AWS audit trail service that records actions taken by a user, role, or AWS service as events. It is used to log and retain account activity and unusual activity for operational and risk auditing, governance, and compliance.
CloudWatch: An AWS monitoring and management service for AWS, hybrid, and on-premises applications and infrastructure resources. It collects performance and operational data as logs and metrics, can detect anomalies, and supports alarms and automated actions.
CloudWatch metrics: Metrics used to receive real-time notifications of suspected DDoS incidents and to support monitoring during attacks.
CodeBuild: An AWS build service that compiles source code, runs tests, and produces build artifacts ready for deployment.
CodeCommit: An AWS source control service for private Git repositories.
CodeDeploy: An AWS deployment service that automates code deployment to maintain application uptime and supports rolling deployments.
CodePipeline: An AWS release pipeline service that automates CI/CD release pipelines.
CodeStar: An AWS service that provides a pre-configured CI/CD toolchain using CodeCommit, CodeBuild, CodeDeploy, and CodePipeline.
Cognito: AWS customer identity and access management (CIAM) service that provides adaptive authentication, supports compliance and data residency requirements, scales to millions of users, and federates sign-in using OIDC or SAML 2.0.
Comprehend: An AWS natural language processing service that finds relationships in text and supports sentiment analysis.
Config: An AWS service used to assess, audit, and evaluate resource configurations, with recording and alerts stored in S3.
configuration management: A shared responsibility control involving maintaining and controlling system configurations by both AWS and the customer, depending on the layer involved.
consolidated billing: A billing arrangement in AWS Organizations where the management account pays the charges of all member accounts, allowing multiple AWS accounts to be consolidated for billing and payments.
Control Tower: An AWS service for setting up well-architected multi-account environments with pre-configured controls and a dashboard for account management.
Cost Allocation Tags: Key-value tags used to label resources so costs can be tracked in cost allocation reports.
Cost and Usage Reports: A downloadable AWS report that breaks down costs by hour, day, or month, by product, product resource, or user-defined tags, and provides detailed usage data at daily, hourly, or monthly granularity.
Cost Explorer: An AWS tool for visualizing, understanding, and managing AWS costs and usage over time. It supports forecasting, custom applications via APIs, and granular filtering.
Cost Optimization: A Well-Architected pillar focused on consumption-based pricing, Cloud Financial Management, measuring efficiency, and paying only for the resources applications require.
Customer Controls: Controls that are the customer’s responsibility only, including service and communications protection and zone security.

D

data at rest: Data stored in a persistent state rather than being transmitted.
data centers: Facilities within AWS’s infrastructure that AWS is responsible for supporting as part of the cloud environment.
data in transit: Data being transmitted between systems or locations.
Database Migration Service: An AWS service used to migrate databases to or within AWS. It supports homogeneous and heterogeneous database migrations with virtually no downtime and continuously synchronizes data between the source and target.
DataSync: An AWS data transfer service for online data movement. The text says it is up to 10x faster and supports cross-region and cross-account replication.
DDoS: Distributed denial-of-service; an attack type that AWS Shield is designed to protect against.
Dedicated Host: A dedicated bare-metal physical server rented exclusively for one customer, often used for software licensed by host size.
Dedicated Instance: An EC2 instance that runs on hardware dedicated to a single customer within a VPC.
Developer: An AWS support plan costing $29 per month, intended for development and testing, with one contact and email support from a cloud support associate during business hours.
DNS: Domain Name System; a system in which a DNS server translates a domain name to an IP address.
DocumentDB: A fully managed document database that supports MongoDB and is serverless, scaling enterprise workloads using a native JSON document database.
durability: A data protection property referring to long-term preservation and storage of data.
DynamoDB: A fully managed serverless NoSQL key-value and document database that scales automatically to massive workloads and adds capacity automatically.

E

EBS: Elastic Block Storage; scalable block storage used for raw volumes and database storage. The text says it is independent of the instance it is attached to.
EC2: AWS Elastic Compute Cloud, the service whose guest operating systems the customer must regularly patch.
EC2 Auto-scaling: An AWS capability used to automatically adjust EC2 resource usage to optimize resource utilization.
EC2 Instance Storage: Temporary block-level storage that lasts for the life of an EC2 instance and provides the fastest local I/O.
ECS: Elastic Container Service; AWS’s container service for running highly secure, reliable, and scalable containers.
edge locations: AWS infrastructure locations outside core regions and data centers that AWS is responsible for supporting.
EFS: Elastic File System; a regional serverless network file system for shared file storage across multiple instances. The text says it is Linux-only and has 11 nines of durability and 4 nines of availability.
EKS: Elastic Kubernetes Service; AWS’s managed Kubernetes service for starting, running, and scaling Kubernetes.
Elastic Beanstalk: An AWS orchestration service for deploying web applications and services that automatically handles deployments, capacity provisioning, load balancing, and auto-scaling.
ElastiCache: An in-memory caching service that provides microsecond latency, is compatible with Redis and Memcache, and offers high performance and low latency without durability.
Elasticity: The ability to add or remove resources based on demand.
ELB: Elastic Load Balancing; an AWS service that distributes network traffic to improve application scalability and includes classic, application, gateway, and network load balancers.
EMR: An acronym for Amazon EMR, used in the text for processing large amounts of data with MapReduce and for Hadoop and Apache Spark workloads.
Enterprise: An AWS support plan costing $15k per month, intended for mission-critical production workloads, with a Technical Account Manager, concierge support team, and infrastructure event support.
ETL: Extract, transform, load; a data integration process used to discover, prepare, and integrate data.

F

failover: A mechanism that switches operations to a redundant system or component when the primary one fails.
Fargate: A serverless compute engine for containers that manages containers such as Docker and scales automatically.
Fault Tolerance: The property that enables a system to continue operating properly when one or more of its components fail.
FIPS 140-2 Level 3: A compliance level referenced for dedicated single-tenant HSM instances in AWS CloudHSM.
Firewall: A network security control used here by AWS Network Firewall to protect managed infrastructure and automatically scale with demand.
Free Tier: The Lambda pricing allowance that includes 1 million free requests each month.

G

Glacier: An S3 storage class for cheap long-term storage with retrieval options of 1-5 minutes, 3-5 hours, or 5-12 hours.
Glacier Deep Archive: The cheapest S3 storage class for long-term archival data accessed once or twice a year. The text says retrieval options are 12 hours or 48 hours and that it has standard durability but no availability.
Glue: An AWS ETL service used to discover, prepare, and integrate data at scale.
GuardDuty: An AWS threat detection service that continuously monitors workloads for malicious activity and delivers security findings for visibility and remediation.
guest operating systems: The operating systems running inside EC2 instances that the customer is responsible for patching and maintaining.

H

High Availability: The property of a system to serve the business without failure over a given period of time.
HSM: Hardware security module; a dedicated device used to generate and use cryptographic keys, as referenced in AWS CloudHSM.
Hybrid Cloud: A cloud hosting model that integrates a customer’s data center with AWS cloud infrastructure; AWS Direct Connect is cited as enabling this integration.

I

IaC: Infrastructure as code.
IAM: Identity and Access Management; an AWS web service used to securely control access to AWS resources.
IAM Credentials Report: A downloadable report that supports compliance and auditing by listing all IAM users in an account and the status of their credentials, including MFA devices.
IAM group: A collection of IAM users used to conveniently apply common permissions.
IAM role: An IAM identity that defines access permissions and is temporarily assumed by an IAM user or service; roles are used for cross-account access and for granting applications on EC2 instances access to services such as S3 without credentials or access keys.
IAM user: An IAM entity representing a person or application that can be granted access to AWS resources; applications can use access keys as IAM users.
IDE: Integrated development environment.
Identity and Access Management: The customer responsibility for managing identities and controlling access to AWS systems and resources.
Infrastructure as a Service (IaaS): A cloud computing model in which the provider supplies virtualized infrastructure, while the customer manages the operating environment and applications; Amazon EC2 is given as an example.
infrastructure as code: A practice of defining and managing infrastructure through scripts or code rather than manual configuration.
Infrequent Access: An S3 storage class for long-lived, infrequently accessed data with millisecond access when needed. The text says it has 3 nines of availability.
Inherited Controls: Controls that are fully inherited from AWS and are AWS-only responsibilities, including physical and environmental controls.
Inspector: An AWS vulnerability management service that continually scans workloads for software vulnerabilities and unintended network exposure across EC2, Lambda, and ECR container images.
Intelligent Tiering: An S3 storage class for unknown or changing access patterns. The text says it has standard durability with 3 nines of availability.

K

Kinesis: An AWS stream processing service used to collect, process, and analyze video and data streams in real time.
KMS: AWS Key Management Service; a multi-tenant encryption key management service used to create and control encryption keys managed by AWS for encrypting or digitally signing data.

L

Lake Formation: An AWS service for building, managing, and securing data lakes. The text says it provides database-like features for creating, administering, and protecting data lakes quickly.
Lambda: AWS’s serverless compute service that lets you write functions and deploy them while AWS manages the servers; it scales automatically and runs code in response to events, timers, or other triggers.
least privilege: A security principle that gives a user only the minimum access required to get the job done.
Lex: An AWS conversational AI service for building chatbots and conversational interfaces. The text says it can recognize speech and understand language.
Lightsail: An AWS service that quickly launches the resources needed for small projects, designed to be simple for users with little cloud experience and offering low, predictable fees.
Local Zones: AWS extensions of a Region placed closer to users to provide low-latency communication for latency-sensitive applications.
low latency: Minimal delay between user requests and responses.

M

Macie: An AWS service that uses machine learning to discover and protect sensitive data in S3 environments, including PII such as passport numbers and SSNs.
Managed Services: An AWS offering that augments internal staff with additional resources to manage AWS, including patch management, monitoring, event management, and cost optimization.
MapReduce: A distributed processing model used to process large amounts of data.
Marketplace: An AWS digital catalog of prebuilt solutions that can be purchased or licensed.
Memcache: A caching technology referenced here as a compatibility target for ElastiCache.
MFA: Multi-factor authentication; a security control used to protect the root account and can also be enabled for an Amazon S3 bucket.
MSK: Managed Streaming for Apache Kafka.
MTTR: Mean time to resolution, a metric used to describe how long it takes to resolve an issue.
Multi-AZ deployment: An RDS deployment option used to provide high availability and fault tolerance.
multi-AZ deployments: Deployments that use multiple Availability Zones to improve high availability and resilience.
multi-region deployments: Deployments that use more than one AWS Region to improve resilience and performance.

N

NACL: A stateless network access control list at the subnet level that supports allow and deny rules, has an implicit deny, and processes rules in order.
NDC: Nested diagnostic context, used in the text for distributed tracing in microservices.
Neptune: A fully managed, serverless graph database service used for user profiles, social connections, Customer 360, fraud detection, machine learning predictions, and security detection and investigation.
NLP: Natural language processing.

O

OIDC: OpenID Connect; a federation protocol supported by Amazon Cognito for sign-in.
On-Demand: An EC2 pricing model where capacity is billed by the second, with no upfront payment or long-term commitment. It is intended for development or unpredictable workloads that should not be interrupted.
On-Demand Capacity Reservation: An option to buy upfront EC2 capacity to help mitigate capacity constraints in a specific Availability Zone.
One-Zone Infrequent Access: An S3 storage class that costs 20% less than Infrequent Access and is intended for recreatable data with infrequent millisecond access. The text says its availability is 99.5%.
OpenSearch: An AWS service for interactive log analytics and searching petabytes of unstructured data.
Operational Excellence: A Well-Architected pillar focused on planning for failure, making smaller reversible changes, using infrastructure as code, and continuously learning from failures.
OpEx: Operational expenditure; a model in which you pay for resources and services as you use them rather than making substantial upfront capital expenditures.
OpsWorks: An AWS operations automation service that uses Chef and Puppet and includes offerings for Chef Automate, Puppet Enterprise, and OpsWorks Stacks.
Organizations: An AWS service for centrally managing multiple accounts, consolidating billing, sharing reserved instances, applying policies, and creating accounts programmatically at no additional charge.
Outposts: AWS infrastructure and services run on premises to provide a consistent hybrid cloud architecture, useful for latency or data sovereignty needs.

P

patch management: A shared responsibility control involving the management and application of software patches by both AWS and the customer, depending on the layer involved.
Performance Efficiency: A Well-Architected pillar focused on using resources efficiently through serverless architectures, multi-region deployments, delegation to cloud vendors, and experimentation with virtual resources.
Personal Health Dashboard: An AWS service that alerts you to impacts on your AWS environment.
PII: Personally identifiable information; sensitive data that Amazon Macie can uncover in S3.
Platform as a Service (PaaS): A cloud computing model that provides a platform for application development, reducing the amount of infrastructure management the customer must handle; AWS Cloud9 is given as an example.
policy: A JSON policy document attached to IAM users, groups, or roles to manage permissions; the policy is decoupled from the IAM identity.
Polly: An AWS text-to-speech service that generates natural-sounding speech in dozens of languages and supports SSML tags.
principle of least privilege: A security principle stating that every program and every user should operate using the least set of privileges necessary to complete the job, limiting damage from accidents or errors.
Private Cloud: A cloud hosting model that includes on-premises virtualization and fully managed off-premises private cloud solutions such as Amazon Outposts.
Professional Services: An AWS offering that helps move to a cloud-based operating model and provides solutions and architecture support for moving from on-premises to cloud.
Public Cloud: A cloud hosting model in which cloud services are fully publicly hosted and managed and accessible to customers worldwide.
Puppet: A configuration management tool mentioned as part of AWS OpsWorks automation.

Q

QuickSight: An AWS business analytics and visualization service that provides interactive dashboards embeddable in applications.

R

RDS: Relational Database Service; AWS’s managed relational database service for launching, managing, and scaling relational databases in the cloud.
Redis: An in-memory data store/cache referenced here as a compatibility target for ElastiCache.
Redshift: An AWS data warehouse service for storing and analyzing historical data from disparate sources. The text describes it as supporting business intelligence and exabyte-scale data.
redundancy: The use of duplicate components or capacity to improve availability and resilience.
Rekognition: An AWS computer vision service used to automate image and video analysis and identify custom labels.
Relational Database Service: AWS’s managed relational database service for launching, managing, and scaling relational databases in the cloud; it supports Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and SQL Server.
Reliability: A Well-Architected pillar focused on automatically recovering from failures, scaling horizontally, automating change management, and testing recovery procedures.
Report Amazon AWS abuse form: The form used to report suspected abuse of AWS resources to the AWS Trust & Safety Team.
Reserved: An EC2 pricing model based on an upfront capacity reservation commitment for long-running workloads. It requires a contract and can be purchased with all upfront, partial upfront, or no upfront payment.
Root Organization: The master payer account in AWS Organizations that pays for all accounts in the organization.
root user: The single AWS account identity that is automatically created when an AWS account is created and can exclusively perform certain account-level actions, including deleting the account, changing account settings, restoring IAM user permissions, activating IAM access to the Billing and Cost Management console, closing the account, and other restricted tasks.
Route 53: AWS’s DNS service that routes users to internet applications, translates domain names to IP addresses, performs health checks on AWS resources, and supports hybrid cloud architectures.

S

S3: Amazon Simple Storage Service, a regional storage service with a global namespace and bucket policies. The text says it has 11 nines of durability and 4 nines of availability.
S3 Intelligent Tiering: An Amazon S3 storage feature used for cost-effective data management by automatically optimizing storage tiering.
S3 Storage Class: A category of Amazon S3 storage options with different durability, availability, cost, and retrieval characteristics.
S3 Transfer Acceleration: A feature that improves uploads and downloads to and from S3 buckets by 50% to 500%, especially over long distances.
SageMaker: An AWS machine learning service used to build, train, and deploy machine learning models.
SAML 2.0: A federation standard supported by Amazon Cognito for sign-in.
Savings Plan: A compute usage commitment for 1 or 3 years that applies across multiple compute services and can save up to 72% versus On-Demand. It is a billing discount mechanism, not a capacity reservation.
Scalability: The ability to handle increased workload by repeatedly applying a cost-effective strategy for extending a system’s capacity.
Secrets Manager: An AWS service for securely storing secrets, managing access with fine-grained policies, automating secret rotation, and auditing and monitoring secret usage.
secrets rotation: The automated process of changing stored secrets, such as database credentials or API keys, in AWS Secrets Manager.
Security: A Well-Architected pillar focused on automating security tasks, encrypting data in transit and at rest, applying least privilege, and tracking and auditing actions across all layers.
Security Group: A virtual firewall for EC2 instances that controls incoming and outgoing traffic.
security in the cloud: The customer’s responsibility for securing what they deploy and use in AWS, including data, applications, identity and access management, network traffic, firewall settings, and patching guest operating systems.
security of the cloud: AWS’s responsibility for the underlying infrastructure and services that support the cloud environment, including hardware, software, networking, and facilities across regions, Availability Zones, data centers, and edge locations.
Server Migration Service: An AWS migration service that automatically replicates live server volumes to AWS and creates Amazon Machine Images (AMIs) as needed. The text says it is deprecated in favor of AWS Application Migration Service.
serverless: An architecture in which the cloud provider manages underlying infrastructure, allowing customers to focus on code and workloads.
Service Control Policies: Policies that can be applied across all member accounts within an AWS Organization.
SES: Simple Email Service; an AWS service for sending rich-text HTML email from applications.
Shared Controls: Controls whose responsibilities are shared between AWS and the customer, including patch management, configuration management, awareness, and training.
Shield: An AWS managed DDoS protection service; Shield Standard is free, while Shield Advanced provides access to AWS experts for a fee.
Snow Family: A set of AWS physical data transfer devices used to move large amounts of data to and from AWS or to process data at the edge.
Snowball: A Snow Family device with 80 TB of storage, used for cheaper large-scale data migration.
Snowball Edge: A Snow Family device used for petabyte-scale data migration that also provides local processing in remote environments and supports EC2 and Lambda.
Snowcone: The smallest member of the Snow Family. The text says it holds 8 TB of usable storage.
Snowmobile: A Snow Family device with 100 PB of capacity used for multi-petabyte or exabyte-scale data transfer. The text says data is loaded to S3 and securely transported with an escort vehicle.
SNS: Simple Notification Service; a fully managed pub/sub service for application-to-application and application-to-person messaging.
Software as a Service (SaaS): A cloud computing model that delivers ready-to-use software solutions to customers; the text cites SageMaker as an example.
Spot: A pricing model for unused EC2 capacity sold at the lowest cost, but with no guarantee of runtime and possible interruptions. The instance receives a 2-minute warning via instance metadata before shutdown.
SQL injection: A common web attack that AWS WAF can protect against.
SQS: Simple Queue Service; a fully managed message queuing service for microservices, distributed systems, and serverless applications.
SSL/TLS: Security protocols for certificates supported by AWS Certificate Manager.
SSML: Speech Synthesis Markup Language, used to customize text-to-speech output.
Storage Gateway: An AWS hybrid storage service that extends on-premises storage to the cloud and can be used for backups and low-latency local files.
Subnet: A range of IP addresses within a VPC that forms a sub-network for launching resources such as EC2 instances; each subnet must reside entirely within one Availability Zone.
Sustainability: A Well-Architected pillar focused on understanding environmental impact, setting sustainability goals, maximizing resource utilization, leveraging managed services, and reducing downstream impact.
Systems Manager: An AWS service that provides operational insight into AWS, other cloud, and on-premises resources, and automates configuration, ongoing management, patching, and command execution across multiple resources.

T

TCO: Total Cost of Ownership: the direct and indirect cost of running AWS workloads. The text notes that it does not consider networking or data costs, personnel costs, or facilities costs.
Translate: An AWS service that provides language translation and supports many languages and content formats.
Trusted Advisor: An AWS service that checks cost, performance, security, fault tolerance, and service limits. Some checks require paid support plans.

U

User Credentials: The unique credentials associated with each identity in AWS, including account root user, IAM user, IAM Identity Center user, and federated identity.

V

VDI: Virtual Desktop Infrastructure, a model for hosting and delivering virtual desktops from the cloud or a centralized environment.
Virtual Private Cloud: A foundational AWS service that creates a private virtual network to launch resources; it spans Availability Zones in a Region.
VPC peering: A connection between VPCs that lets them act as one logical VPC; it can be created between your own VPCs or with a VPC in another AWS account, including across Regions.
VPN: Virtual Private Network; a secure network connection used here for site-to-site connectivity between an internal network and AWS.

W

WAF: Web Application Firewall; an AWS service that protects against common web attacks such as XSS and SQL injection.
Wavelength Zones: Isolated zones within a carrier location that provide low-latency access for specific applications.

X

X-Ray: An AWS tracing and diagnostics service that uses trace data to generate a service map and help identify bottlenecks and latency spikes.
XSS: Cross-site scripting; a common web attack that AWS WAF can protect against.

About These Definitions

These definitions are loaded from the shared release pack. Use them with the study guide and practice questions to connect vocabulary to exam scenarios.

Download App Read the full study guide Take the free practice exam