DOP-C02 Exam Glossary - 144 Terms

Search the terminology pack for AWS Certified DevOps Engineer - Professional. Use these definitions with the study guide and practice questions.

Download App Study Guide Free Practice Exam

A

ACM: Abbreviation for AWS Certificate Manager.
ADOT: AWS Distro for OpenTelemetry, an AWS distribution used for collecting observability data.
ALB: Application Load Balancer, a load balancer type used for application traffic distribution and weighted target groups.
ALB weighted target groups: An Application Load Balancer traffic-shifting mechanism that distributes traffic across target groups using weights.
Amazon CloudFront: An AWS content delivery network used for edge caching.
Amazon ECR: Amazon Elastic Container Registry, an AWS artifact repository used for container images.
Amazon EventBridge: An AWS event bus service used to route events between sources and targets.
Amazon EventBridge rules: EventBridge matching rules that route events to targets based on event patterns.
Amazon GuardDuty: An AWS threat detection service.
Amazon Kinesis Data Streams: An AWS streaming service used here for log ingestion.
Amazon Macie: An AWS service for discovering sensitive data.
Amazon OpenSearch Service: An AWS service used for log analytics and visualization.
Amazon S3: An AWS storage service used here as an artifact repository.
Amazon SNS: An AWS pub/sub notification service used for decoupling and notifications.
Amazon SQS: An AWS message queue service used to decouple components; the text references Standard and FIFO queues.
anomaly detection: A CloudWatch alarm type that detects unusual metric behavior compared with expected patterns.
AppConfig: An AWS Systems Manager capability for application configuration management.
Application Auto Scaling: An AWS service that automatically adjusts capacity for supported resources such as ECS, Lambda, and DynamoDB.
Aurora Global Database: An Amazon Aurora feature that provides cross-Region database replication for disaster recovery and global access.
Auto Scaling Group: An AWS scaling construct that automatically adjusts the number of EC2 instances based on policies and demand.
Automation: An AWS Systems Manager capability for automating operational tasks and remediation.
AWS Account Factory: A Control Tower capability used to create and onboard AWS accounts.
AWS Amplify: An AWS service used for deployments, according to the text.
AWS App Runner: An AWS service used for deployments, according to the text.
AWS Audit Manager: An AWS service used to collect evidence and generate compliance reports.
AWS Backup: An AWS service for centralized backup management and recovery.
AWS CDK for Terraform: A CDK-based approach for defining Terraform infrastructure as code.
AWS Certificate Manager: An AWS service for provisioning and managing TLS certificates.
AWS Chatbot: An AWS service that delivers ChatOps notifications and integrates with chat tools.
AWS Cloud Development Kit: An infrastructure-as-code framework for defining cloud resources using programming languages.
AWS CloudFormation: An infrastructure-as-code service used to define cloud infrastructure and reusable components for provisioning and lifecycle management.
AWS CloudHSM: An AWS service that provides dedicated hardware security modules for cryptographic operations.
AWS CodeArtifact: An AWS artifact repository service used to store and manage build artifacts.
AWS CodeBuild: An AWS service used for build and test automation for source code within CI/CD pipelines.
AWS CodeCommit: An AWS service used as a source code repository in CI/CD workflows.
AWS CodeDeploy: An AWS deployment service used for EC2, ECS, and Lambda deployments.
AWS CodeGuru Profiler: An AWS service used for application profiling and performance analysis.
AWS CodeGuru Reviewer: An AWS service used for code-level review and automated code analysis.
AWS CodePipeline: An AWS service used to build CI/CD pipelines with stages, actions, transitions, approvals, and manual gates.
AWS Config aggregator: A multi-account AWS Config capability used to aggregate configuration data.
AWS Config rules: Rules in AWS Config that evaluate resource configurations for compliance or desired state.
AWS Control Tower: An AWS service used to set up and govern multi-account AWS environments.
AWS Elastic Beanstalk: An AWS service used for deployments, according to the text.
AWS Elastic Disaster Recovery: An AWS service for disaster recovery replication and failover, abbreviated DRS in the text.
AWS Global Accelerator: An AWS service that improves global application availability and performance by routing traffic through AWS edge locations.
AWS Health Dashboard: An AWS service that provides service health events and status information.
AWS Inspector: An AWS service used for code-level scans in CI/CD pipelines, according to the text.
AWS Key Management Service: An AWS service for creating and managing encryption keys.
AWS Lambda: An AWS serverless compute service used as an event target and for custom remediation.
AWS Landing Zone Accelerator: An AWS solution for deploying a secure, multi-account, multi-region landing zone.
AWS OpsWorks: An AWS service for configuration management using Chef Automate, Puppet Enterprise, and stacks.
AWS Organizations: An AWS service for centrally managing multiple AWS accounts.
AWS Proton: An AWS service for managing reusable infrastructure and application templates.
AWS SAM: AWS Serverless Application Model, an AWS framework for defining and deploying serverless applications.
AWS Secrets Manager: An AWS service for storing and managing secrets.
AWS Security Hub: An AWS service that aggregates and prioritizes security findings.
AWS Service Catalog: An AWS service for packaging and distributing approved reusable cloud products and patterns.
AWS Step Functions: An AWS orchestration service used to coordinate workflows and incident response processes.
AWS Systems Manager: An AWS service suite for operational management, automation, patching, session access, parameter storage, and application configuration.
AWS X-Ray: An AWS distributed tracing service used to trace requests and analyze service behavior.

B

Backup-Restore: A disaster recovery strategy in which data is restored from backups after a failure.
blue/green deployment: A deployment pattern in which traffic is shifted from one environment version to another to reduce deployment risk.

C

canaries: Synthetic monitoring scripts or checks used by CloudWatch Synthetics to test availability and performance.
canary deployment: A deployment pattern that shifts traffic gradually to a new version before full rollout.
ChatOps: An operational model that uses chat tools to receive notifications and take action on operational events.
Chef Automate: A configuration management tool referenced as part of AWS OpsWorks.
CI/CD pipeline: An automated software delivery pipeline used to implement continuous integration and continuous delivery/deployment, including stages, actions, transitions, approvals, and manual gates.
CloudFront access logs: Logs generated by Amazon CloudFront that record access activity.
CloudTrail: An AWS auditing service that records account activity and can be used in multi-account logging setups.
CloudTrail data events: AWS CloudTrail events that record resource-level activity such as object access.
CloudTrail insight events: AWS CloudTrail events that help detect unusual API activity.
CloudWatch alarms: CloudWatch alerts that trigger when metrics or other conditions meet defined thresholds; the text includes metric, composite, and anomaly detection alarms.
CloudWatch Evidently: An Amazon CloudWatch feature for experimentation and feature flag evaluation.
CloudWatch Logs: An Amazon CloudWatch service for collecting and storing log data, including log groups, retention, and subscription filters.
CloudWatch Logs Insights: A CloudWatch feature for querying and analyzing log data.
CloudWatch metrics: Amazon CloudWatch measurements used to monitor AWS resources and applications; the text distinguishes standard and custom metrics.
CloudWatch Metrics Insights: A CloudWatch feature for querying and analyzing metrics data.
CloudWatch RUM: Amazon CloudWatch Real User Monitoring, used to collect client-side application performance data from real users.
CloudWatch ServiceLens: An Amazon CloudWatch feature that provides application observability by correlating metrics, traces, and logs.
CloudWatch Synthetics: An Amazon CloudWatch feature that uses canaries to monitor endpoints and user journeys.
composite alarm: A CloudWatch alarm that combines multiple alarms using Boolean logic.
configuration history: AWS Config records showing how resource configurations change over time.
conformance packs: AWS Config bundles of rules and remediation guidance used to assess compliance.
continuous integration: A development practice in which code changes are built and tested automatically as they are integrated into the main codebase.
custom resources: CloudFormation resources that let templates invoke custom logic during stack operations.

D

drift detection: A CloudFormation capability that detects differences between deployed resources and the expected template configuration.
DRS: Abbreviation for AWS Elastic Disaster Recovery.
DynamoDB Global Tables: A DynamoDB feature that replicates tables across Regions for global availability.

E

Elastic Load Balancing: An AWS service that distributes incoming traffic across targets and supports health checks.
ELB access logs: Logs generated by Elastic Load Balancing that record request and traffic details.
event buses: Amazon EventBridge event routing channels that can be default, custom, or partner.

F

federated access: Access to AWS using external identity providers through IAM Identity Center or similar federation mechanisms.
FIFO: First-In, First-Out; a queue type in Amazon SQS that preserves message order.

G

GLB: Gateway Load Balancer, a load balancer type mentioned in the text.
guardrails: Organization-wide controls used to constrain account behavior and enforce governance.

H

health checks: Checks used by load balancers and other services to determine whether a target is healthy and should receive traffic.

I

IAM: AWS Identity and Access Management, the service used to control access to AWS resources through users, groups, roles, policies, permission boundaries, and session policies.
IAM Access Analyzer: An AWS service that identifies unused-access and access-related findings.
IAM groups: Collections of IAM users that share permissions.
IAM Identity Center: An AWS service for federated access and centralized identity management across multiple AWS accounts; formerly called SSO.
IAM policies: Documents that define permissions for IAM identities and resources.
IAM roles: IAM identities that can be assumed to obtain temporary permissions.
IAM users: Individual IAM identities for people or applications that need access to AWS resources.
immutable infrastructure: An infrastructure pattern in which systems are replaced rather than modified in place to reduce configuration drift.

K

Kinesis Data Firehose: An AWS delivery service used here for log ingestion.
KMS: Abbreviation for AWS Key Management Service.

L

Lambda alias weights: A traffic-shifting mechanism for AWS Lambda that assigns weighted traffic to aliases.
lifecycle hooks: Auto Scaling hooks that let you run custom actions during instance lifecycle transitions.
log groups: Containers in CloudWatch Logs used to organize log streams and control retention.

M

Multi-AZ: A high-availability pattern that deploys resources across multiple Availability Zones.
Multi-Site Active-Active: A disaster recovery strategy in which multiple sites actively serve traffic at the same time.

N

nested stacks: CloudFormation stacks that are included within another stack to support modular infrastructure definitions.
NLB: Network Load Balancer, a load balancer type used for high-performance traffic distribution.

P

Parameter Store: An AWS Systems Manager capability for storing configuration data and parameters.
Patch Manager: An AWS Systems Manager capability for patching managed systems.
permission boundaries: IAM controls that set the maximum permissions an identity can receive.
Pilot Light: A disaster recovery strategy that keeps a minimal core environment running and scales it up during recovery.
Pulumi: An infrastructure-as-code tool mentioned as an alternative for defining reusable cloud infrastructure.
Puppet Enterprise: A configuration management tool referenced as part of AWS OpsWorks.

Q

quality gates: Checks in a pipeline that evaluate test results or other criteria before allowing progression to later stages.

R

remediation actions: Automated actions taken to correct noncompliant or undesired configurations.
Route 53 failover routing: An Amazon Route 53 routing policy that directs traffic to a healthy endpoint when the primary endpoint fails.
RPO: Recovery Point Objective, the maximum acceptable data loss measured in time.
RTO: Recovery Time Objective, the maximum acceptable time to restore service after a disruption.
Run Command: An AWS Systems Manager capability for running commands on managed instances.
runbooks: Automated operational procedures, such as AWS Systems Manager Automation runbooks, used for remediation.

S

S3 CRR: Amazon S3 Cross-Region Replication, used to replicate S3 data across Regions.
SCPs: Abbreviation for Service Control Policies, organization-level permission guardrails in AWS Organizations.
semantic versioning: A versioning scheme mentioned alongside version pinning and immutable tags for managing artifact versions.
Service Control Policies: Organization-level policies in AWS Organizations that set permission guardrails across accounts.
ServiceLens: An AWS observability feature that combines metrics, traces, and logs for application monitoring.
Session Manager: An AWS Systems Manager capability for secure shell-less session access to managed instances.
session policies: Policies passed during role assumption that further restrict the permissions of the resulting session.
SSO: Abbreviation for single sign-on; in the text, the former name of IAM Identity Center.
Stacks: An AWS OpsWorks concept for grouping and managing application resources.
StackSets: An AWS CloudFormation feature for deploying stacks across multiple accounts or Regions.
State Manager: An AWS Systems Manager capability for maintaining desired configuration state.
step scaling policy: An Auto Scaling policy that changes capacity in steps based on alarm thresholds.
subscription filters: CloudWatch Logs filters that route matching log events to destinations for processing or analysis.

T

target tracking scaling policy: An Auto Scaling policy that adjusts capacity to maintain a specified metric target.
TLS: Transport Layer Security, the protocol used to secure communications with certificates managed by ACM.
transforms: A CloudFormation feature used to process templates before deployment.

V

VPC Flow Logs: Logs that capture information about IP traffic going to and from network interfaces in a VPC.

W

Warm Standby: A disaster recovery strategy that maintains a scaled-down but ready-to-use environment.

About These Definitions

These definitions are loaded from the shared release pack. Use them with the study guide and practice questions to connect vocabulary to exam scenarios.

Download App Read the full study guide Take the free practice exam