AWS is the biggest and the most popular cloud provider in the world. As of now, AWS Cloud spans 84 Availability Zones spread across 26 geographical regions around the world, with upcoming plans to add 24 more Availability Zones in 8 regions. Features like high availability, high scalability, number of regions, and on-the-go pricing models, make AWS the top choice as your Cloud Provider. With the increasing popularity of AWS, there is an ever-increasing demand for skilled AWS developers and architects. This is the best time to get your hands dirty with cloud technologies like AWS to advance your career. But, it is not easy to start learning an unfamiliar technology. AWS has over 200 services, and it can get confusing fast. If you are a beginner in AWS or a tech professional who wants to understand AWS terminologies at a high level, this article is for you. In this article, we will look at some key AWS terminologies to help you start your AWS cloud journey.
AWS Key Terminologies : AWS Services
Here is a list of AWS services that are most commonly used: AWS Key Management Service: AWS Key Management Service, or KMS, is a simple solution by AWS to create and manage encryption keys.
PostgreSQLOracleMySQLMSSQLMariaDB
AWS CloudFormation: CloudFormation is an Infrastructure as a code service from AWS that allows us to create, modify and delete AWS resources using YAML or JSON code. AWS Cloud Development Kit (CDK): AWS CDK is an open-source software development framework to define and provision cloud infrastructure using code in familiar programming languages like C++, JAVA, Python, etc. AWS CDK internally converts your code to CloudFormation Templates and then uses the AWS CloudFormation service to provision your cloud infrastructure. AWS CodePipeline: CodePipeline is a continuous delivery service for fast and reliable application deployments. AWS CodeBuild: AWS CodeBuild is a serverless continuous integration service from AWS. It allows us to pull code from repositories, run testing and other building jobs and create deployment-ready packages. AWS CodeDeploy: AWS CodeDeploy is an automatic deployment tool from AWS that uses deployment-ready packages to deploy applications to servers on AWS or on-premise data centers. AWS CodeCommit: AWS CodeCommit is a service that allows you to host private Git repositories like BitBucket or GitHub. AWS CloudTrail: AWS CloudTrail records all the API calls in your account. So, if you want to see the identity of users making changes to your account, you can find this in the CloudTrail console. Apart from the user Identity, Cloudtrail also captures the timestamp of the API call, the source IP, and the response, if any, returned by AWS. AWS Elastic Beanstalk: A web service for quickly deploying and managing applications in the AWS Cloud without having to provision and maintain the Cloud Infrastructure that runs these applications. AWS Lambda: AWS Lambda is a serverless compute service from AWS that allows you to run your code without provisioning or maintaining servers. It is a highly used AWS Service that can be integrated with many AWS Services. AWS Secrets Manager: AWS SecretsManager is an AWS service used to store, rotate and encrypt credentials for AWS Services. For example, you can store and encrypt usernames and passwords for database access. AWS Snowball: AWS Snowball is a petabyte-scale data migration service from AWS. You can use the AWS Snowball service to order a briefcase-sized hard disk which can be used to transfer terabytes of data to AWS.
AWS Key Terminologies: General
Here is a list of some general key AWS Terminology that you should know: Access control list: The access control list, also called ACL, is a document that defines access to the data in an S3 bucket. Each bucket has an ACL that defines which actions a user can take on what data in the bucket. For example, you use ACL to limit access to all ‘.json’ files for a user and only allow them to access other files in a bucket. Alarm: The team alarm in AWS is generally used to refer to the AWS CloudWatch Alarms. A CloudWatch alarm is an entity that watches a certain metric and triggers when this metric breaches the threshold set by you. When an alarm is triggered, it either sends a message to SNS or can do a certain action defined by you. Policy: The term policy in AWS is used to refer to an IAM policy or AWS EC2 AutoScaling Policy.
IAM Policy: An IAM policy is a permission document that can be applied to an IAM User, Role, or Group. It holds allow or deny permissions that are applied to the resources (IAM User, Role, or Group) to which this policy is attached. EC2 AutoScaling Policy: An AutoScaling policy is attached to an AutoScaling group (ASG) and it defines triggers that help AWS decide when to launch a new instance in the ASG or terminate an instance from the ASG. A common example is that you can have a scaling policy to add 1 or more EC2 instances when the network connections to your applications reach a certain threshold.
Customer Managed Policy: IAM policies managed by the AWS users are known as customer-managed policies. These policies are created and maintained by users. AWS Managed Policy: IAM policies that are created and maintained by AWS are called the AWS managed policies. All accounts have some default AWS-managed policies that are free to use. Health Checks: Health Check is a system to check the status of your EC2 instance or an application running on the EC2 instance. For example, you can create a health check that makes a call to your web application running in an EC2 every 10 seconds. If this request fails, your health check will fail. This health check can further be connected to a CloudWatch Alarm that triggers an action to fix the application status. Edge Locations: Edge locations are data centers for AWS Services to perform certain actions. For example, CloudFront uses Edge locations to cache your static data and decrease the latency of your application. Volume: Volume in AWS will usually mean EBS volumes which are the virtual block storage devices provisioned from EBS service. Service Health Dashboard: Service health dashboard is a webpage that shows up-to-the-minute information about the availability of AWS Services. You can go to the service health dashboard and check if there is an outage in the AWS regions. Availability Zone: Availability Zone, also sometimes called AZ, is a distinct data center in a Region. Each AZ is isolated from failures in other AZs in the region. Hence spreading your application servers across AZs is the recommended approach for high availability requirements. Auto Scaling group: Auto Scaling Group, also called ASG, is a logical group of multiple EC2 instances that share similar characteristics and support one application. As the name suggests, the ASGs can scale up and down automatically based on EC2 AutoScaling Policies. AWS Command Line Interface: AWS CLI is a downloadable and configurable tool that can be used to control, provision, and maintain cloud resources using commands. AWS Software Development Kit: An AWS SDK is a software package that provides APIs to connect Applications with AWS services. For example, you need to use the AWS SQS SDK for JAVA to be able to connect your JAVA application to an SQS queue. Block Device: A storage device that supports reading and writing data in fixed-size blocks is called a block device. Bucket: Bucket is a logical entity (like folders) in which we store our objects (files) when using AWS S3. We can create buckets using the AWS S3 console. Bucket Owner: The organization or the person who owns an AWS S3 bucket is called a bucket owner. Buckets are unique globally; you can never have two buckets with the same names, even in different AWS Accounts. So, for example, if I have a bucket named my-geekflare-bucket in my account, I am its owner. You cannot create another bucket with this same name on AWS. CIDR block: CIDR blocks are groups of IP addresses that share the same prefix. For example, 10.0.0.0/8 is a CIDR block that has all the IP addresses starting from 10.0.0.0 to 10.255.255.255. Continuous Delivery: The term continuous delivery is not specific to AWS. It is a DevOps software development practice to automatically build, test, and prepare code changes for a production release. Continuous Integration: Continuous Integration is a DevOps software development practice to regularly merge code changes to a central repository. Cross-account Access: The process of permitting users in another AWS account to use resources in your account. For example, you might want a user in a different account to access some data in your S3 bucket. To do something like this, you will have to grant the other account user cross-account access to your account. Cross-Region replication: Cross-Region Replication or CRR is a feature of AWS S3 to asynchronously replicate changes in a bucket in one region to another bucket in a different AWS region. Note that this term may also be generally used to specify sharing of data to different AWS regions. Customer Master Key: CMKs are the encryption keys managed by the AWS Key Management Service. DB snapshot: Snapshots are point-in-time backups of your databases, typically stored in AWS S3. Dedicated Instance: A dedicated instance is an instance that is deployed on a physical host that is only used by you. When using dedicated instances, you do not have control or visibility about instance placement. AWS ensures that your dedicated host EC2 instances are physically isolated at the host hardware level. Decrypt: It is the process of using Encryption keys to make encrypted data intelligible. Encrypt: It is the process of using mathematical algorithms to make your data unintelligible to prevent unauthorized users from getting any information out of it. Even if a malicious entity gets encrypted data, they cannot read it without decrypting it first. IAM group: IAM groups are logical groups of IAM users. You can use IAM Groups to simplify attaching policies to multiple users. For example, you can attach a ‘developer policy’ to an IAM group ‘developers’ and AWS will attach this policy to all the IAM users in this group will IAM policy simulator: IAM policy simulator is a tool in IAM that allows you to test and troubleshoot IAM policies. IAM role: An IAM role is an entity used to give access to AWS Services. For example, you can create a policy with S3 read permissions and attach this policy to a role. This role can then be assigned to an AWS Service like EC2 or AWS Lamba to be able to perform read operations in S3. IAM user: IAM users are entities that a person assumes to be able to access AWS Services. For example, if you want another person in your team to have access to your AWS account, you can create an IAM user for this person, with appropriate policies. Once you give the username and password associated with the IAM user to your teammate, they will be able to log in to AWS as an IAM user. Instance Store: Instance store is disk storage that is physically attached to the host of the EC2 instance. Other AWS storage services like EBS are connected to EC2 via a network. Some EC2 instance types have instance stores for quick data access. Internet Gateway: It is a virtual device that can be attached to VPCs to give internet access to resources created within VPCs. Load Balancer: It is a virtual device/machine used to distribute requests to multiple endpoints like databases, EC2 instances, on-prem servers, and more. Object: The files stored in AWS S3 are called objects. On-Demand Instance: EC2 instances that are provisioned on-demand, that is, without any long-term commitment, are called on-demand instances. Reserved Instances: EC2 instances provisioned with long-term commitment are called Reserved Instances. Using Reserved Instances provides a heavy discount (up to 70%) compared to on-demand instances. Customers pay for the entire term of the instance (for example, one year), regardless of how they use it. Principal: Principal is the entity addressed in Policies. For example, in a scenario where you give an IAM user permission to perform read operations on an S3 bucket, the IAM user is the principal. Principals can be a user, service, or a different AWS account. Region: An AWS region is a physical geographical location in the world where AWS has its data centers. Subnet: Subent is a logical part of the VPC CIDR block where we can launch our AWS resources. This helps us group resources as per the security and network needs. Route Table: A Route Table is a set of routing tables that control the traffic leaving a subnet. Public Subnets: Public Subnets are the subnets that have a route table entry to the Internet Gateway. Resources in public subnets are accessible over the internet. You should deploy your customer-facing applications and resources in Public Subnets. Private Subnets. Subnets that do not have a route table rule to access the internet gateway are called private subnets. The resources in private subnets can only be accessed by other resources within the VPC. You should deploy back-end applications and databases in Private Subnets. Scale in: Scale in means to decrease the capacity of a service. For example, terminating instances in an AutoScaling Group. Scale out: Scale out means to increase the capacity of a service: For example, launching instances in an AutoScaling group. Vertical Scaling: Vertical scaling means changing the size of instances or resources to perform scaling activities, for example, changing a 1GB RAM instance to a 5 GB RAM. Horizontal Scaling: Horizontal scaling means changing the number of instances or resources to perform scaling activities. Launching and terminating instances in an AutoScaling Group are examples of Horizontal Scaling. Security Group: Security group is a logical set of inbound and outbound rules to allow traffic in and out of AWS resources. For example, you can attach a security group to an EC2 instance and create an inbound rule to allow HTTP connections over port 80. This rule will allow this instance to serve web traffic. Security groups are frequently used in AWS. Sticky session: Sticky session is a feature of load balancers to route all requests from one user session to a specific EC2 instance. Server-side encryption: Running encryption jobs AWS and not on your on-prem servers is called Server Side Encryption or SSE. The term SSE is usually used to refer to an encryption mode of S3 where we use Keys from AWS KMS or supply keys from the local system to encrypt files on S3. Client-side encryption: Encryption data on on-prem servers before sending it to AWS is called client-side encryption. Tags: Most AWS Services have key-value pairs of metadata called Tags. Transport Layer Security: TLS is a cryptographic protocol that provides security for communication over the internet. VPC endpoint: VPC endpoint is a feature that you can use to create a private connection between your VPC and another AWS service without requiring access over the internet. For example-: S3 buckets are not created within VPC, so instances in an AWS VPC have to access S3 buckets just like we access buckets from our local computers over the internet. VPC endpoint feature allows us to create a private connection for instances in VPC to access S3 buckets. So, this was all about the AWS Key Terminologies. I hope you like this helps you develop a basic understanding of AWS Services and some key features. Here is a list of AWS Abbreviations and Acronyms.
