Reading Time: < 1 minutes

Enterprise Cloud Glossary


See additional authenticated data.

access control list (ACL)

An Access control list is a document that specifies who can access a particular bucket of object. It defines what each type of user can do.

access identifiers

See credentials.

access key

An access key is the combination of an access key ID and a secret access key. Access keys are used to sign API requests that you make to AWS.

access key ID

An access key ID is a unique identifier that is associated with a secret access key. An access key ID and secret access key are used together to sign programmatic AWS requests cryptographically. An access key ID is an alphanumeric string that is linked to a specific service or user account.

access key rotation

Access key rotation is a method to increase security by altering the AWS access key. This method can be used to retire an old key.

access policy language

Access policy language is used to write documents that specify who can access particular AWS resources and under what conditions.


An account is a formal relationship with AWS that involves the owner's email address and password, the control of resources under the account, and payment for AWS activity related to those resources. The AWS account has permission to do anything and everything with all the AWS account resources.

account activity

Account activity shows your month-to-date AWS usage and costs.


See access control list (ACL).


ACM, or AWS Certificate Manager, is a web service used to provision, manage, and deploy Secure Sockets Layer or Transport Layer Security certificates to be used with AWS services.


Action is an API function, also known as an operation or call. It is the activity a user is able to perform.

active trusted key groups

Active trusted key groups are a list showing each of the trusted key groups and the IDs of the public keys in each key group that are active for a distribution in Amazon CloudFront. CloudFront can use the public keys in these key groups to verify the signatures of CloudFront signed URLs and signed cookies.

active trusted signers

See active trusted key groups.

additional authenticated data

Additional authenticated data is information that's checked for integrity but is not encrypted. This includes headers and other contextual metadata.

administrative suspension

Administrative suspension occurs when Auto Scaling groups who repeatedly fail to launch instances have their processes suspended by Amazon EC2 Auto Scaling.


An alarm watches over a single metric and initiates an Amazon SNS topic or Amazon EC2 Auto Scaling policy if the value of the metric crosses a certain threshold value within a certain period of time.


When users make a request to AWS, the request is evaluated based on the permissions granted to that user and returns with either allow or deny.

Amazon AppFlow

Amazon AppFlow is a fully-managed integration service that enables you to securely exchange data between software as a service (SaaS) applications and AWS services.

Amazon Chime

Amazon Chime can be used for secure, unified communication. It makes meetings easier and more efficient.

Amazon Cognito

Amazon Cognito can be used to save mobile user data in the AWS Cloud without writing backend code or managing the infrastructure. It also allows you to manage your mobile identity and synchronize data across devices.

Amazon Comprehend

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text.

Amazon Comprehend Medical

Amazon Comprehend Medical is a HIPAA-eligible NLP service that uses machine learning and is pre-trained to understand and select health data from medical text, such as prescriptions, procedures, and diagnoses.

Amazon Connect

Amazon Connect offers self-service configuration and provides dynamic, personal, and natural customer engagement at any scale.

Amazon Data Lifecycle Manager

Amazon Data Lifecycle Manager is an Amazon service that automates and manages the lifecycle of Amazon EBS snapshots and EBS-backed AMIs.

Amazon DevOps Guru

Amazon DevOps Guru is a fully managed operations service powered by machine learning (ML), designed to improve an application's operational performance and availability.

Amazon DocumentDB

Amazon DocumentDB (with MongoDB compatibility) is a managed database service that you can use to set up, operate, and scale MongoDB-compatible databases in the cloud.

Amazon DynamoDB Encryption Client

Amazon DynamoDB Encryption Client is a software library that helps you protect your table data before you send it to DynamoDB.

Amazon DynamoDB Storage Backend for Titan

Amazon DynamoDB Storage Backend for Titan is a graph database implemented on top of Amazon DynamoDB. Titan is a scalable graph database optimized for storing and querying graphs.

Amazon EBS

Amazon EBS, also known as Amazon Elastic Block Store, provides block level storage volumes for use with EC2 instances.

Amazon EBS-backed AMI

Amazon EBS-backed AMI is a type of Amazon Machine Image (AMI) whose instances use an Amazon EBS volume as their root device.

Amazon EC2

Amazon Elastic Compute Cloud is a web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers.

Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling launches or terminates instances automatically based on user-defined policies, schedules, and health checks.

Amazon ECR

Amazon ECR, also known as Amazon Elastic Container Registry, is a fully managed Docker container registry that you can use to store, manage, and deploy Docker container images.

Amazon ECS

Amazon ECS, also known as Amazon Elastic Container Service, is a highly scalable, fast, container management service that you can use to run, stop, and manage Docker containers on a cluster of EC2 instances.

Amazon EFS

Amazon Elastic File System is a file storage service for EC2 instances. Amazon EFS provides an interface that you can use to create and configure file systems. Amazon EFS storage capacity grows and shrinks automatically as you add and remove files.

Amazon EKS

Amazon Elastic Kubernetes Service is a managed service that you can use to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane.

Amazon EMR

Amazon Elastic Map Reduce is a web service that you can use to process large amounts of data efficiently.

Amazon Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed report with prioritized steps for remediation.

Amazon Kendra

Amazon Kendra is a search service powered by machine learning (ML) that developers can use to add search capabilities to their applications so their end users can discover information stored within the vast amount of content spread across their company.

Amazon Keyspaces

Amazon Keyspaces is a scalable, highly available, and managed Apache Cassandra-compatible database service.

Amazon Lex

Amazon Lex is a fully managed artificial intelligence (AI) service with advanced natural language models to design, build, test, and deploy conversational interfaces in applications.

Amazon Location

Amazon Location Service is a fully managed service that makes it easy for a developer to add location functionality, such as maps, points of interest, geocoding, routing, tracking, and geofencing, to their applications, without sacrificing data security, user privacy, data quality, or cost.

Amazon Machine Image (AMI)

An Amazon Machine Image (AMI) is a supported and maintained image provided by AWS that provides all the information required to launch an instance. It contains the operating system, software, and layers of your application.

Amazon Managed Grafana

Managed Grafana is a fully managed and secure data visualization service that you can use to instantly query, correlate, and visualize operational metrics, logs, and traces from multiple data sources.

Amazon Managed Service for Prometheus

Amazon Managed Service for Prometheus is a service that provides highly available, secure, and managed monitoring for your containers.

Amazon ML

Amazon Machine Learning is a cloud-based service that creates machine learning models by finding patterns in your data and uses these models to process new data and generate predictions.

Amazon Monitron

Amazon Monitron is an end-to-end system that uses machine learning (ML) to detect abnormal behavior in industrial machinery. It can be used to implement predictive maintenance and reduce unplanned downtime.

Amazon MQ

Amazon MQ is a managed message broker service for Apache ActiveMQ that you can use to set up and operate message brokers in the cloud.

Amazon MWAA

Amazon MWAA, also known as Amazon Managed Workflows for Apache Airflow, is a managed orchestration service for Apache Airflow to assist in setting up and operating end-to-end data pipelines in the cloud at scale.

Amazon Personalize

Amazon Personalize is an artificial intelligence service for creating individualization product and content recommendations.

Amazon Pinpoint

Amazon Pinpoint is a multichannel communications service that helps organizations send timely, targeted content through SMS, email, mobile push notifications, voice messages, and in-application channels.

Amazon Polly

Amazon Polly is a text-to-speech (TTS) service that turns text into natural-sounding human speech. It provides dozens of lifelike voices across a broad set of languages so that you can build speech-enabled applications that work in many different countries.

Amazon QLDB

Amazon QLDB, also known as Amazon Quantum Ledger Database, is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority.

Amazon RDS

Amazon Relational Database Service is a web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.

Amazon Redshift

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. With Amazon Redshift, you can analyze your data using your existing business intelligence tools.

Amazon Rekognition

Amazon Rekognition is a machine learning service that identifies objects, people, text, scenes, and activities, including inappropriate content, in either image or video files.

Amazon Resource Name (ARN)

Amazon Resource Name is a standardized way to refer to an AWS resource.

Amazon S3

Amazon S3 is storage for the internet.

Amazon S3 Glacier

Amazon S3 Glacier is a secure, durable, and low-cost storage service for data archiving and long-term backup.

Amazon S3-Backed AMI

See instance store-backed AMI.

Amazon SES

Amazon Simple Email Service is a simple and cost-effective email solution for applications.

Amazon SNS

Amazon Simple Notification Service is a web service that applications, users, and devices can use to instantly send and receive notifications from the cloud.

Amazon SQS

Amazon Simple Queue Service is a reliable and scalable hosted queue for storing messages as they travel between computers.

Amazon SWF

Simple Workflow Service helps developers build, run, and scale background jobs that have parallel or sequential steps. It functions similarly to a state tracker and task coordinator in the AWS Cloud.

Amazon Textract

Amazon Textract is a service that automatically extracts text and data from scanned documents. It goes beyond simple optical character recognition (OCR) to also identify the contents of fields in forms and information stored in tables.

Amazon Transcribe

Amazon Transcribe is a machine learning service that uses automatic speech recognition (ASR) to quickly and accurately convert speech to text.

Amazon Transcribe Medical

Amazon Transcribe Medical is an automatic speech recognition (ASR) service for adding medical speech-to-text capabilities to voice-enabled clinical documentation applications.

Amazon Translate

Amazon Translate is a neural machine translation service that delivers fast, high-quality, and affordable language translation.

Amazon VPC

Amazon Virtual Private Cloud is a web service for provisioning a logically isolated section of the AWS Cloud virtual network that you define. You control your virtual networking environment by selecting your own IP address range, creating subnets, and configuring route tables and network gateways.

Amazon WAM

AWS WAM, also known as Amazon WorkSpaces Application Manager, is a web service for deploying and managing applications for WorkSpaces. Amazon WAM accelerates software deployment, upgrades, patching, and retirement by packaging Windows desktop applications into virtualized application containers.

Amazon Web Services (AWS)

Amazon Web Services (AWS) is an infrastructure web services platform in the cloud for companies of all sizes.

Amazon WorkLink

WorkLink is a cloud-based service that provides secure access to internal websites and web apps from mobile devices.


See Amazon Machine Image (AMI)

analysis scheme

Analysis scheme is language-specific text analysis options that are applied to a text field to control stemming and configure stopwords and synonyms.

API Gateway

API Gateway is a fully managed service that developers can use to create, publish, maintain, monitor, and secure APIs at any scale.


An application is a collection of components, such as environments, versions, and environment configurations.

Application Auto Scaling

Application Auto Scaling is a web service used by developers and system administrators to automatically scale scalable resources for AWS services beyond EC2.

Application Billing

Application Billing is where your customers manage the Amazon DevPay products they've purchased.

Application Cost Profiler

Application Cost Profiler tracks the consumption of shared AWS resources used by software applications and reports granular cost breakdown across tenant base.

Application Discovery Service

Application Discovery Service helps you plan your migration to the AWS cloud by collecting usage and configuration data about your on-premises servers.

application revision

An application revision is an archive file containing source content—such as source code, webpages, executable files, and deployment scripts—along with an application specification file. Revisions are stored in Amazon S3 buckets or GitHub repositories.

application specification file

An application specification file, also known as an AppSpec file, is a YAML-formatted file used to map the source files in an application revision to destinations on the instance. The file is also used to specify custom permissions for deployed files and specify scripts to be run on each instance at various stages of the deployment process.

application version

An application version is a specific, labeled iteration of an application that represents a functionally consistent set of deployable application code. An Amazon S3 object will contain the application code.

AppSpec file

See application specification file

AppStream 2.0

AppStream 2.0 is a fully managed service used for desktop application streaming to users without rewriting those applications.


See Amazon Resource Name (ARN).


An artifact is a copy of the files or changes that are worked on by the pipeline.

asymmetric encryption

Asymmetric encryption uses both a public and private key.

asynchronous bounce

An asynchronous bounce occurs when a receiver initially accepts an email message but later fails to deliver it.


Athena is an interactive query service that you can use to analyze data in Amazon S3 using ANSI SQL. It is serverless, so there's no infrastructure to manage. Athena scales automatically and is simple to use, so you can start analyzing your datasets within seconds.

atomic counter

Atomic counter is a method of incrementing or decrementing the value of an existing attribute without interfering with other write requests.


An attribute is a fundamental data element that doesn't need to be broken down any further.


AUC, or Area Under a Curve, is an industry-standard metric used to evaluate the quality of a binary classification machine learning model. It measures the ability of a model to predict a higher score for positive examples than negative examples.


Aurora is a MySQL-compatible relational database engine that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases.

authenticated encryption

Authenticated encryption provides confidentiality, data integrity, and authenticity assurances of encrypted data.


Authentication is the process of proving your identity to a system.

Auto Scaling group

Auto Scaling group contains a collection of EC2 instances that are treated as a logical grouping for automatic scaling and management purposes.

Availability Zone

The Availability Zone is a location within a Region that's protected from the failures in other Availability Zones. It provides affordable, low-latency network connectivity to other Availability Zones in the same Region.


See Amazon Web Services.

AWS Account Management

With AWS Account Management, you can update the contact information for each of your AWS accounts.

AWS App2Container

AWS App2Container is a command line tool used to migrate and modernize Java and .NET web applications into container format.

AWS AppConfig

AWS AppConfig is a service used to update software at runtime without deploying new code. You can use it to configure, validate, and deploy feature flags and application configurations.

AWS AppSync

AWS AppSynch is a fully managed GraphQL service with real-time data synchronization and offline programming features.

AWS Auto Scaling

AWS Auto Scaling can help you quickly discover the scalable AWS resources that are part of your application and configure dynamic scaling.

AWS Backup

AWS Backup is a managed backup service that you can use to centralize and automate backups of data in AWS services in the cloud.

AWS Blockchain Templates

See Managed Blockchain.


AWS CDK, also known as AWS Cloud Development Kit, is an open-source software development framework that defines your cloud's infrastructure in code and provisions it through AWS CloudFormation.

AWS Chatbot

AWS Chatbot is an interactive agent that helps you monitor, troubleshoot, and operate AWS resources in your Slack channels and Amazon Chime chatrooms.


AWS CLI, or Command Line Interface, is a unified downloadable and configurable tool used to manage AWS services. Multiple services can be controlled from the command line and automated through scripts.

AWS Cloud Control API

AWS Cloud Control API is a set of standardized application programming interfaces (APIs) that developers use to create, read, and modify list supported cloud infrastructure.

AWS Cloud Map

AWS Cloud Map is used to create and maintain a map of the backend of services and resources that your applications depend on. You can use it to name and discover your AWS Cloud Resources.


AWS Cloud WAN is a managed wide-area networking service used for building, managing, and monitoring a unified global network.

AWS Cloud9

AWS Cloud9 is a cloud-based integrated development environment (IDE) that is used to write, run, and debug code.

AWS CodeDeploy agent

AWS CodeDeploy agent is a software package that, when installed and configured on an instance, enables that instance to be used in CodeDeploy deployments.

AWS Config

AWS Config provides an AWS resource inventory, configuration history, and configuration change notifications for better security and governance. You can establish rules that automatically check the configuration of AWS resources that AWS Config records.

AWS Control Tower

AWS Control Tower is used to set up and govern a secure, multi-account AWS environment.

AWS Data Exchange

AWS Data Exchange is a service that helps you find, subscribe to, and use third-party data in the cloud.

AWS DeepComposer

AWS DeepComposer educates developers through tutorials, sample code, and training data.

AWS DeepLens

AWS DeepLens provides AWS customers with a centralized place to search, discover, and connect with trusted APN Technology and Consulting Partners, based on customers' business needs.

AWS DeepRacer

AWS DeepRacer is a cloud-based 3D racing simulator, global racing league, and fully autonomous 1/18th-scale-race car driven by reinforcement learning.


AWS Database Migration Service is a web service that can help you migrate data to and from many widely used commercial and open-source databases.

AWS Elemental MediaConnect

Elemental MediaConnect is a fully-managed live video distribution service that reliably and securely ingests video into the AWS Cloud and transports it to multiple destinations within the AWS network and the internet.

AWS Elemental MediaConvert

Elemental MediaConvert is a file-based media conversion service that transforms content into formats for traditional broadcast and internet streaming.

AWS Elemental MediaLive

Elemental MediaLive is a cloud-based live video encoding service that creates high-quality streams for delivery to broadcasts and internet-connected devices.

AWS Elemental MediaPackage

Elemental MediaPackage is a highly-scalable video origination and packaging service that delivers video securely and reliably.

AWS Elemental MediaStore

Elemental MediaStore is a storage service optimized for media that provides the performance, consistency, and low latency required to deliver live and on-demand video content at scale.

AWS Elemental MediaTailor

Elemental MediaTailor is a channel assembly and personalized ad-insertion service for over-the-top (OTT) video and audio applications.

AWS Encryption SDK

AWS Encryption SDK is a client-side encryption library that you can use to encrypt and decrypt data using industry standards and best practices.

AWS Glue

AWS Glue is a fully managed extract, transform, and load (ETL) service that you can use to catalog data and load it for analytics. With AWS Glue, you can discover your data, develop scripts to transform sources into targets, and schedule and run ETL jobs in a serverless environment.

AWS GovCloud (US)

AWS GovCloud (US) is an isolated AWS Region that hosts sensitive workloads in the cloud, ensuring that this work meets the US government's regulatory and compliance requirements.

AWS Health

AWS Health is a service that provides ongoing visibility into AWS customers' accounts and the availability of their AWS services and resources.

AWS IoT 1-Click

AWS IoT 1-Click is a service that simple devices can use to launch AWS Lambda functions.

AWS IoT Analytics

AWS IoT Analytics runs sophisticated analytics on massive volumes of IoT data.

AWS IoT Core

AWS IoT Core is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.

AWS IoT Device Defender

AWS IoT Device Defender is an AWS IoT security service that you can use to audit the configuration of your devices, monitor your connected devices to detect abnormal behavior, and mitigate security risks.

AWS IoT Device Management

AWS IoT Device Management is a service used to securely onboard, organize, monitor, and remotely manage IoT devices at scale.

AWS Iot Events

AWS IoT Events is a fully managed AWS IoT service that you can use to detect and respond to events from IoT sensors and applications.

AWS IoT FleetWise

AWS IoT FleetWise is a service that you can use to collect, transform, and transfer vehicle data to the cloud at scale.

AWS IoT Greengrass

AWS IoT Greengrass is software that you can use to securely run local computing, messaging, data caching, sync, and ML inference capabilities for connected devices.

AWS IoT RoboRunner

AWS IoT RoboRunner is a solution that provides infrastructure for integrating robots with work management systems and building robotics fleet management applications.

AWS IoT SiteWise

AWS IoT SiteWise is a managed service that you can use to collect, organize, and analyze data from industrial equipment at scale.

AWS IoT Things Graph

AWS IoT Things Graph is a service that you can use to visually connect different devices and web services to build IoT applications.


AWS IQ can be used to find, engage, and pay AWS Certified third-party experts for on-demand project work.


AWS Key Management Service is a managed service that simplifies the creation and control of encryption keys that are used to encrypt data.

AWS Mainframe Modernization

AWS Mainframe Modernization is a cloud native platform for migration, modernization, execution, and operation of mainframe applications.

AWS managed key

AWS managed key is one type of KMS key in AWS KMS.

AWS managed policy

AWS managed policy is an IAM managed policy that's created and managed by AWS.

AWS Management Console

AWS Management Console is a graphical interface to manage compute, storage, and other cloud resources.

AWS Marketplace

AWS Marketplace is a web portal where qualified partners market and sell their software to AWS customers. It's an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.

AWS Microservice Extractor for .NET

AWS Microservice Extractor for .NET is an assistive modernization tool that helps to reduce the time and effort required to break down large, monolithic applications running on the AWS Cloud or on premises into smaller, independent services. These services can be operated and managed independently.

AWS Mobile SDK

AWS Mobile SDK is a software development kit whose libraries, code examples, and documentation help you build high-quality mobile apps for the iOS, Android, Fire OS, Unity, and Xamarin platforms.

AWS Panorama

AWS Panorama is a machine learning (ML) Appliance and Software Development Kit (SDK) that organizations can use to bring computer vision (CV) to on-premises cameras to make predictions locally.

AWS ParalletlCluster

AWS ParallelCluster is an AWS supported open source cluster management tool that helps you to deploy and manage high performance computing (HPC) clusters in the AWS Cloud.

AWS Private CA

AWS Private Certificate Authority is a hosted private certificate authority service for issuing and revoking private digital certificates.


AWS Resource Access Manager is a web service that AWS customers can use to securely share AWS resources with any AWS account or within your organization.

AWS RoboMaker

AWS RoboMaker is a cloud-based simulation service that robotics developers use to run, scale, and automate simulation without managing any infrastructure.


AWS Serverless Application Model is an open-source framework for building and running serverless applications. AWS SAM provides a command line interface tool and a shorthand syntax template specification that you can use to quickly iterate through your serverless application lifecycle.


AWS Schema Conversion Tool is a desktop application that automates heterogeneous database migrations.


AWS SDK for .NET is a software development kit that provides .NET API operations for AWS services including Amazon S3, Amazon EC2, IAM, and more.

AWS Serverless Application Repository

Serverless Application Repository is a managed repository that teams, organizations, and individual developers can use to store and share reusable applications and assemble and deploy serverless architectures in powerful new ways.

AWS Service Catalog

AWS Service Catalog is a web service that helps organizations create and manage catalogs of IT services that are approved for use on AWS.

AWS Service Management Connector

AWS Service Management Connector enables customers to provision, manage, and operate AWS resources and capabilities in familiar IT Service Management (ITSM) tooling.


AWS Server Migration Service is a service that combines data collection tools with automated server replication to speed the migration of on-premises servers to AWS.


AWS Security Token Service is a web service for requesting temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users).

AWS Toolkit for Eclipse

AWS Toolkit for Eclipse is an open-source plugin for the Eclipse Java integrated development environment (IDE) that makes it easier to develop, debug, and deploy Java applications using Amazon Web Services.

AWS Toolkit for JetBrains

AWS Toolkit for JetBrains is an open-source plugin for the integrated development environments (IDEs) from JetBrains that makes it easier to develop, debug, and deploy serverless applications using Amazon Web Services.

AWS Toolkit for Microsoft Azure DevOps

AWS Toolkit for Microsoft Azure DevOps provides tasks you can use in build and release definitions in VSTS to interact with AWS services.

AWS Toolkit for Visual Studio

AWS Toolkit for Visual Studio is an extension for Visual Studio that helps in developing, debugging, and deploying .NET applications using Amazon Web Services.

AWS Toolkit for Visual Studio Code

AWS Toolkit for Visual Studio Code is an open-source plugin for the Visual Studio Code (VS Code) editor that makes it easier to develop, debug, and deploy applications using Amazon Web Services.

AWS Tools for Powershell

AWS Tools for PowerShell is a set of PowerShell cmdlets to help developers and administrators manage their AWS services from the PowerShell scripting environment.


AWS Virtual Private Network provides functionality that establishes encrypted connections between your network or device, and AWS. It is comprised of two services: AWS Client VPN and AWS Site-to-Site VPN.

AWS VPN CloudHub

AWS VPN CloudHub is a feature that enables secure communication between branch offices using a simple hub-and-spoke model, with or without a VPN.


AWS WAF is a web application firewall service that controls access to content by allowing or blocking web requests based on specified criteria.

AWS Wavelength

AWS Wavelength is a service by AWS that embeds AWS compute and storage services within 5G networks to provide mobile edge computing infrastructure. Use AWS Wavelength to develop, deploy, and scale ultra-low-latency applications to mobile devices and end users.

Backint Agent

Backint Agent is an SAP-certified backup and restore solution for SAP HANA workloads that are running on Amazon EC2 instances in the cloud.

basic monitoring

Basic monitoring monitors AWS provided metrics at a 5-minute frequency.


See document batch.

batch prediction

Batch predictions are used to generate predictions for a set of observations at one time, then take action on a certain percentage of those observations.


BGP ASN, also known as Border Gateway Protocol Autonomous System Number, is a unique identifier for a network, to be used in BGP routing.


See Billing and Cost Management.

Billing and Cost Management

Billing and Cost Management is a computing model where services are paid for on-demand and can be used as much or little as needed.

binary attribute

A binary attribute produces one of two possible values.

binary classification model

Binary classification model predicts the answers to questions where the answer can be a binary variable.


A block is a dataset that is produced after breaking large amounts of data into subsets.

block device

Block devices are storage devices that support reading and writing data in blocks, sectors, or clusters.

block device mapping

Block device mapping is a mapping structure that specifies the block devices attached to an instance.

blue/green deployment

Blue/green deployment is used to replace instances in a deployment group (the original environment) with a different set of instances.

bootstrap action

Boostrap action is a user-specified action that runs a script or application on all nodes of a job flow before Hadoop starts.

Border Gateway Protocol Autonomous System Number



A bounce is an unsuccessful email delivery.


Amazon Braket is a fully managed quantum computing service that allows you to run quantum algorithms to make your research and discovery faster and easier.


A breach occurs when a user-set threshold is passed. Significant breaches can result in a scaling activity.


A bucket contains stored objects.

bucket owner

A bucket owner is a person or organization that owns a bucket. Only one person or organization can own a bucket.


Bundling is used to create an Amazon Machine Image and refers to creating instance store-backed AMIs.

cache cluster

A cache cluster is a logical cache cluster that's distributed over multiple cache nodes and can be set up with a specific number of cache nodes.

cache cluster identifier

A cache cluster identifier is supplied by a customer for a cache cluster and has to be unique to that customer in an AWS Region.

cache engine version

A cache engine version is the version of the Memcached service that runs on the cache node.

cache node

A cache node is a chunk of secure, network-attached RAM. Caches run on instances of the Memcached service and have their own DNS names and ports. Different types of cache nodes with varying amounts of associated memory are supported.

cache node type

A cache node type is an EC2 instance type that's used to run the cache node.

cache parameter group

A cache perimeter group is a container for cache engine parameter values that can be applied to cache clusters.

cache security group

A cache security group is maintained by ElastiCache and combines inbound authorizations to cache nodes for hosts belonging to Amazon EC2 security groups, which are specified by the console, API, or command line tools.


A campaign is a solution version that creates real-time recommendations for application users.

canned access policy

Canned access policy can be applied to a bucket or object.


Canonicalization converts data into a standard format that services like Amazon S3 can recognize.


Capacity is the compute size that's available at any given time. Auto Scaling groups are defined with minimum and maximum compute sizes. Scaling activities increase or decrease the capacity within defined minimum and maximum values.

Cartesian product

Cartesian product is a mathematical operation that returns a product from multiple sets.

Cartesian product processor

Cartesian product processor calculates a Cartesian product. Also known as a Cartesian data processor.


See content delivery network (CDN).


A certificate is a credential that's used by some AWS products to authenticate accounts and users. It is paired with a private key.

chargeable resources

Chargeable resources incur fees when used. The amount charged depends on the usage load.

CIDR block

CIDR block, also known as Classless Inter-Domain Routing, is an internet protocol address allocation and route aggregation methodology.


Ciphertext is information that has been encrypted.


Classification puts a data sample into a single category or "class".

Client VPN

AWS Client VPN is a client-based, managed VPN service used by remote clients to securely access AWS resources using an Open VPN-based software client.

Cloud Directory

The Cloud Directory provides a highly scalable directory store for your application's multi-hierarchical data.

cloud service provider (CSP)

A cloud service provider gives subscribers access to internet-hosted computing, storage, and software services.


CloudFormation is a service used to write and change templates that create and delete related AWS resources together as a unit.


CloudFront is a content delivery service that helps improve the performance, reliability, and availability of your website and applications.


CloudHSM is a web service that helps you meet corporate, contractual, and regulatory compliance requirements regarding data security by using dedicated security module (HSM) appliances in the AWS Cloud.


CloudSearch is a fully managed service that can be used to set up, manage, and scale a search solution for your application or website.


CloudTrail records AWS API calls for your account and delivers log files to you.


CloudWatch is used to monitor and manage various metrics and configure alarm actions based on the data from those metrics.

CloudWatch Events

CloudWatch Events is used to deliver a stream of system events that describe changes in AWS resources to Lambda functions, streams in Kinesis Data Streams, Amazon SNS topics, or built-in targets.

CloudWatch Logs

CloudWatch Logs monitors and troubleshoots the systems and applications from your existing system, application, and custom log files.


A cluster is a group of container instances that you can put tasks on.

cluster compute instance

A cluster compute instance produces a large amount of CPU power while also increasing network performance, making it suited for High Performance Compute (HPC) applications and other demanding network-bound applications.

cluster placement group

A cluster placement group is a cluster compute instance grouping that provides lower latency and high-bandwidth connectivity between instances.

cluster status

A cluster status communicates the health of a cluster. A status can be green, yellow, or red.


CNAME, also known as Canonical Name Record, is a type of resource record in the Domain Name System (DNS) that specifies that the domain name is an alias of another canonical domain name.

Code Signing for AWS IoT

Code Signing for AWS IoT signs code that is created for IoT devices supported by AWS.


CodeBuild is a fully managed continuous integration service that pulls together source code, runs tests, and creates software packages that are ready to deploy.


CodeCommit is a fully managed source control service used by companies to host secure and scalable private Git repositories.


CodeDeploy automates code deployments to any instance.


CodeGuru is a collection of developer tools that automate code reviews and provide recommendations for optimizing application performance.


CodePipeline is a continuous delivery service for quick and reliable application updates.


A complaint occurs when a recipient doesn't want to receive an email message and marks it as spam. The internet service provider then sends a notification to Amazon SES.

compound query

A compound query is a search request that specifies multiple search criteria using the Amazon CloudSearch specified search syntax.


A condition is a restriction or detail about a permission.

conditional parameter

See mapping.

configuration API

Configuration API is used to create, configure, and manage search domains.

configuration template

A configuration template is a series of key-value pairs that define the parameters for different AWS products so that Elastic Beanstalk can use them for an environment.

consistency model

The consistency model is used to achieve high availability, such as replicating data across multiple servers in a data center.


See AWS Management Console.

Console Mobile Application

Console Mobile Application allows AWS customers to monitor and manage a select set of resources to stay informed and connected with their AWS resources while on the go.

consolidated billing

Consolidated billing consolidates payment for multiple AWS accounts.


A container is a standard unit of software that holds application code and all relevant dependencies.

container definition

A container definition specifies the details that are associated with running a container on Amazon ECS. It specifies details such as the container image that should be used and how much CPU and memory the container can use.

container instance

A container instance is a self-managed EC2 instance or an on-premises server or virtual machine that's running the Amazon Elastic Container Service container agent and has been registered into a cluster. It is the infrastructure that your Amazon ECS workloads are run on.

container registry

A container registry is a collection of repositories that store container images.

content delivery network (CDN)

A container delivery network (CDN) speeds up the distribution of your static and dynamic web content to your users by using a worldwide network of data centers.

contextual metadata

Contextual metadata is interactions data that you collect about a user's browsing context when an event occurs. It can improve recommendation relevance for new and existing users.

continuous delivery

Continuous delivery occurs when code changes are automatically built, tested, and prepared for a release to production.

continuous integration

Continuous integration occurs when developers regularly merge code changes into a central repository, after which automated builds and tests are run.

cooldown period

Cooldown period is the time that Amazon EC2 Auto Scaling doesn't allow the desired size of the Auto Scaling group to be changed by any other notification from a CloudWatch alarm.

core node

A core node is an EC2 instance that runs Hadoop map and reduces tasks and stores data using the Hadoop Distributed File System (HDFS). It is managed by the master node, which assigns Hadoop tasks to nodes and monitors their status. Core nodes store data and can't be removed from a job flow, but more core nodes can be added to a running job flow.


Corpus is a collection of data that you want to research.


Corretto is a no-cost, multiplatform, production-ready distribution of the Open Java Development Kit.


Coverage is an evaluation metric that tells you the portion of unique items Amazon Personalize may recommend using your model out of the total amount of unique items in Interactions and Items datasets.

credential helper

A credential helper stores credentials for repositories and supplies them to Git when making connections to those repositories.


Credentials, also called access credentials or security credentials, are used to identify who is making a call and whether the request for access should be allowed. These are typically the access key ID and the secret access key.

cross-account access

Cross-account access is the process of permitting limited, controlled use of resources in one AWS account by a user in another AWS account.

cross-Region replication

Cross-Region replication is used to replicate data across different AWS Regions, in near-real time.

customer gateway

Customer gateway is a router or software application on your side of a VPN tunnel that's managed by Amazon VPC. Internal interfaces of the customer gateway are attached to one or more devices in your home network, and the external interface is attached to the virtual private gateway across the VPN tunnel.

customer managed policy

A customer manged policy is an IAM managed policy that you create and manage in your AWS account.

customer master key (CMK)

Customer master key was replaced by AWS KMS key. See KMS key for more information.


See service health dashboard.

data consistency

Data consistency describes when data is written or updated successfully and all copies of the data are updated in all AWS Regions. It takes time for the data to propagate to all storage locations.

data node

A data node is an OpenSearch instance that holds data and responds to data upload requests.

Data Pipeline

Data Pipeline processes and moves data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals.

data schema

See schema.

data source

A data source is the database, file, or repository that provides information required by an application or database.

database engine

A database engine is the database software and version running on the DB instance.

database name

A database name is the name of a database hosted in a DB instance. If there are multiple databases on a DB instance, each database must have a different name.


A dataset is the container for the data used by Amazon Personalize. There are three types: Users, Items, and Interactions.

dataset group

A dataset group is a container for Amazon Personalize components that organizes your resources into independent collections.


A dataset group is an object that contains metadata about the input data.


DataSync is an online data transfer service that simplifies, automates, and accelerates moving data between storage systems and services.

DB compute class

DB compute class is the size of the database compute platform used to run the instance.

DB instance

A DB instance is an isolated database environment running in the cloud. It can contain multiple user-created databases.

DB instance identifier

A DB instance identifier is a user-supplied identifier for the DB instance. It must be unique for that user in an AWS Region.

DB parameter group

A DB parameter group is a container for database engine parameter values that apply to one or more DB instances.

DB security group

A DB security group controls access to the DB instance.

DB snapshot

A DB snapshot is a user-initiated point backup of a DB instance.

Dedicated Host

A Dedicated Host is a physical server with EC2 instance capacity fully dedicated to a user.

Dedicated Instance

A Dedicated Instance is physically isolated at the host hardware level and launched within an Amazon VPC.

dedicated master node

A dedicated master node is an OpenSearch instance that performs cluster management tasks but doesn't hold data or respond to data upload requests.

Dedicated Reserved Instance

A Dedicated Reserved Instance is purchased to guarantee that sufficient capacity will be available to launch Dedicated Instances into Amazon VPC.


For a single AWS account, delegation entails giving AWS users access to resources in your AWS account. For two AWS accounts, delegation entails setting up a trust between the account that owns the resource (the trusting account), and the account that contains the users that need to access the resource (the trusted account).

delete marker

A delete marker is an object with a key and version ID but without content.


Deliverability is the likelihood that an email message arrives at its intended destination.


Deliveries are the number of emails accepted by a recipient over a period of time.


Deny is the result of a policy statement that forbids a user from performing certain actions.

deployment configuration

Deployment configuration is a set of deployment rules and success and failure conditions used by the service during a deployment.

deployment group

A deployment group is a set of individually tagged instances or EC2 instances in Auto Scaling groups, or both.

Description property

A description property is a property added to parameters, resources, resource properties, mappings, and outputs to help you to document CloudFormation template elements.

detailed monitoring

Detailed monitoring is the monitoring of AWS provided metrics derived at a 1-minute frequency.


Detective collects log data from your AWS resources to analyze and identify the root cause of security findings or suspicious activities. It provides visualizations to help you determine the nature and extent of possible security issues and conduct an investigation.

Device Farm

Device Farm is an app testing service that allows developers to test Android, iOS, and Fire OS devices on real, physical phones and tablets that are hosted by AWS.


A dimension is a name-value pair that contains additional information to identify a metric.

Direct Connect

Direct Connect is a web service that simplifies establishing a dedicated network connection from your premises to AWS.

Directory Service

Directory Service is a managed service for connecting your AWS resources to an existing on-premises Microsoft Active Directory or for setting up and operating a new, standalone directory in the AWS Cloud.

discussion forums

Discussion forums are where users can post technical questions and feedback to help with development efforts and engage with the AWS community.


A distribution is a link between an origin server and a domain name that is automatically assigned by CloudFront. CloudFront uses the link to identify the object stored in your original server.


DKIM, also known as DomainKeys Identified Mail, is a standard that email senders use to sign their messages. They are used by ISPs to verify that messages are legitimate.


See Domain Name System.

Docker image

A Docker image is a layered file system template that's the basis of a Docker container. It can comprise specific operating systems or applications.


A document is an item that can be returned as a search result. Each document has a collection of fields that contain the data that can be searched or returned. The value of a field can be either a string or a number. Each document must have a unique ID and at least one field.

document batch

A document batch is a collection of add and delete document operations.

document service API

A document service API is the API call used to submit document batches to update the data in a search domain.

document service endpoint

A document service endpoint is the URL that you connect to when sending document updates to an Amazon CloudSearch domain. Each search domain has a unique document service endpoint that remains the same for the life of the domain.


A domain is the hardware, software, and data exposed by Amazon OpenSearch Service (OpenSearch Service) endpoints.

Domain Name System

Domain Name System steers internet traffic toward websites by translating numeric IP addresses into human-readable domain names.

Donation button

A donation button is an HTML-coded button to provide a simple and secure way for US-based, IRS-certified 501(c)(3) nonprofit organizations to solicit donations.


DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.

DynamoDB Streams

Amazon DynamoDB Streams is an AWS service that captures a time-ordered sequence of item-level modifications in any Amazon DynamoDB table. This service also stores this information in a log for up to 24 hours. Applications can access this log and view the data items as they appeared before and after they were modified, in near-real time.

EC2 instance

AN EC2 instance is a compute instance in the Amazon EC2 service.

edge location

Edge location is a data center that an AWS service uses to perform service-specific operations.


Elastic is a company that provides open-source solutions—including OpenSearch, Logstash, Kibana, and Beats—that take data from any source and search, analyze, and visualize it in real time.

Elastic Beanstalk

AWS Elastic Beanstalk deploys and managers applications in the AWS Cloud without worrying about the infrastructure that runs those applications.

Elastic Block Store

See Amazon EBS.

Elastic Inference

Elastic Inference is a resource that customers can use to attach low-cost GPU-powered acceleration to Amazon EC2 and SageMaker instances, or Amazon ECS tasks, to reduce the cost of running deep learning inference by up to 75%.

Elastic IP address

An Elastic IP address is a static IP address you have allocated in Amazon EC2 or Amazon VPC and then attached to an instance. They are associated with your account, not a specific instance. You can easily allocate, attach, detach, and free them as your needs change. They allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses to another instance.

elastic network interface

Elastic network interface is an additional network interface that can be attached to an instance. Elastic network interfaces include a primary private IP address, one or more secondary private IP addresses, an Elastic IP Address (optional), a MAC address, membership in specified security groups, a description, and a source/destination check flag. You can create an elastic network interface, attach it to an instance, detach it from an instance, and attach it to another instance.

Elastic Transcoder

Elastic Transcoder is a cloud-based media transcoding service that is a highly scalable tool for converting (or transcoding) media files from their source format into versions that play on devices such as smartphones, tablets, and PCs.


ElastiCache simplifies deploying, operating, and scaling an in-memory cache in the cloud. It improves the performance of web applications by providing information retrieval from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases


Elasticsearch is an open-source, real-time distributed search and analytics engine used for full-text search, structured search, and analytics.


ELB, also known as Elastic Load Balancing, improves an application's availability by distributing incoming traffic between two or more EC2 instances.


EMP, also known as End-of-Support Migration Program for Windows Server provides the technology and guidance to migrate your applications running on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 to the latest, supported versions of Windows Server running on Amazon Web Services (AWS).


Encrypt means using a mathematical algorithm to make data unintelligible to unauthorized users. It can also be used by authorized users to convert altered data back to its original state.

encryption context

Encryption context is a set of key-value pairs that contains additional information associated with AWS KMS-encrypted information.


An endpoint is a URL that identifies a host and port as the entry point for a web service. Every web service request contains an endpoint. Most AWS products provide endpoints for a Region to enable faster connectivity.

endpoint port

ElastiCache: The port number used by a cache node. Amazon RDS: The port number used by a DB instance.

envelope encryption

Envelope encryption means using a master key and a data key to algorithmically protect data.


An environment is a specific running instance of an application.

environment configuration

Environment configuration is a collection of parameters and settings that define how an environment and its associated resources behave.

ephemeral store

See instance store.


Epoch is a measure of time that starts on a specified date.


See extract, transform, and load (ETL).


Evaluation is the process of measuring the predictive performance of a machine learning model.

evaluation datasource

Evaluation datasource is the data that Amazon Machine Learning uses to evaluate the predictive accuracy of a machine learning model.


An event is a user activity that is recorded and uploaded to an Amazon Personalize Interactions dataset.

event tracker

An event tracker specifies a destination dataset group for event data that you record in real time.


EventBridge is a serverless event bus service that you can use to connect your applications with data from a variety of sources and route that data to targets such as AWS Lambda. You can set up routing rules to determine where to send your data to build application architectures that react in real time to all of your data sources.

eventual consistency

Eventual consistency is a method used to achieve high availability which involves replicating data across multiple servers in Amazon data centers.

eventually consistent read

Eventually consistent read returns data from only one Region and might not show the most recent information. A repeated request should elicit a response with the latest data.


Eviction is the deletion by CloudFront of an object from an edge location before its expiration time. This happens if an object is not popular to make room for more popular objects.

exbibyte (EiB)

An exbibyte (EiB) is a contraction of exa binary byte.


Expiration is when CloudFront stops responding to user requests with an object. If you don't specify how long you want objects to remain in an edge location, they expire after 24 hours.

explicit impressions

Explicit impressions are a list of items that you manually add to an Amazon Personalize Interactions dataset to influence future recommendations. You can choose what to include in explicit impressions.

explicit launch permission

Explicit launch permission is an Amazon Machine Image (AMI) launch permission granted to a specific AWS account.

exponential backoff

Exponential backoff is a strategy that incrementally increases the wait between retry attempts in order to reduce the load on the system and increase the likelihood that repeated requests will succeed.


Expression is a numeric expression used to control how search hits are sorted.

extract, transform, and load (ETL)

Extract, transform, and load is a process that's used to integrate data from multiple sources. Data is collected from sources (extract), converted to an appropriate format (transform), and written to a target data store (load) for purposes of analysis and querying.


A facet is an index field that represents a category that you want to use to refine and filter search results.

facet enabled

Facet enabled is an index field option that enables facet information to be calculated for the field.

Fault Injection Simulator (AWS FIS)

Fault Injection Simulator is a managed service that you can use to perform fault injection experiments on your AWS workloads.


See feedback loop (FBL).

feature transformation

Feature transformation is the machine learning process of constructing more predictive input representations or “features” from the raw input variables to optimize a machine learning model’s ability to learn and generalize. Also known as data transformation or feature engineering.

federated identity management (FIM)

Federated identity management (FIM) allows individuals to sign in to different networks or services, using the same group or personal credentials to access data across all networks.

federated user

See federated identity management (FIM).


See federated identity management (FIM).

feedback loop (FBL)

A feedback loop (FBL) occurs when a mailbox provider forwards a recipient's complaint back to the sender.

field weight

Field weight is the relative importance of a text field in a search index.


Filters are used to specify limits put on results when you list or describe your Amazon EC2 resources.

filter query

A filter query filters search results without affecting how the results are scored and sorted.


See federated identity management (FIM).


FinSpace is a data management and analytics service purpose-built for the financial services industry (FSI).


See Kinesis Data Firehouse.

Firewall Manager

Firewall Manager is a service that you use with AWS WAF to simplify your AWS WAF administration and maintenance tasks across multiple accounts and resources. The rules are only set up once, and the service automatically applies your rules across your accounts and resources, even as you add new resources.


Forcast is a fully managed service that uses statistical and machine learning algorithms to produce highly accurate time-series forecasts.

format version

See template format version.


See discussion forums.


See intrinsic function.

fuzzy search

Fuzzy search is a simple search query used to approximate string matching (fuzzy matching) to correct typographical errors and misspellings.


GameKit is an open-source SDK and game-engine plugin that empowers game developers to build and deploy cloud-based features with AWS from their game engine.


GameLift is a managed service for deploying, operating, and scaling session-based multiplayer games.


GameSparks provides multi-service backend for game developers.

geospatial search

Geospatial search is a search query that uses locations specified as a latitude and longitude to determine matches and sort the results.

gibibyte (GiB)

Gibibyte (GiB) is a contraction of giga binary byte. A gibibyte is 2^30 or 1,073,741,824 bytes. A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte (TiB).


GitHub is a web-based repository that uses Git for version control.

Global Accelerator

Global Accelerator is a network layer service that you use to create accelerators that direct traffic to optimal endpoints over the AWS global network. This improves the availability and performance of your internet applications that are used by a global audience.

global secondary index

A global secondary index is an index with a partition key and a sort key that can be different from those on the table. It is considered global because queries on the index can span all of the data in a table, across all partitions.


A grant is a mechanism for giving AWS principles long-term permissions to use KMS keys.

grant token

A grant token is a type of identifier that allows the permissions in a grant to take effect immediately.

ground truth

Ground truth is the observations used in the machine learning model training process that include the correct value for the target attribute.


A group is a collection of IAM users.


GuardDuty is a continuous security monitoring service that helps identify unexpected and potentially unauthorized or malicious activity in your AWS environment.


Hadoop is a software that enables distributed processing for big data by using clusters and simple programming models.

hard bounce

A hard bounce occurs when there's a persistent email delivery failure such as "mailbox does not exist".

hardware VPM

Hardware VPN is a hardware-based IPsec VPN connection over the internet.

health check

Health check is a system call that checks on the health status of each instance in an Amazon EC2 Auto Scaling group.


HealthLake is a HIPAA-eligible service that helps customers store, query, and generate artificial intelligence (AI) and machine learning (ML) insights from healthcare data and enables healthcare data interoperability.

high-quality email

High-quality email is email that recipients find valuable and want to receive.

highlight enabled

Highlight enabled is an index field that enables matches within the field to be highlighted.


Highlights are excerpts returned with search results that show where the search terms appear within the text of the matching documents.


A hit is a document that matches the criteria specified in a search request. It's also referred to as a search result.


HMAC, also known as Hash-based Message Authentication Code, is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. You can use it to verify both the data integrity and the authenticity of a message at the same time. AWS calculates the HMAC using a standard, cryptographic hash algorithm, such as SHA-256.

hosted zone

A hosted zone is a collection of resource record sets that Route 53 hosts. It represents a collection of records that are managed together under a single domain name.


HRNN is a hierarchical recurrent neural network machine learning algorithm that models changes in user behavior and predicts the items that a user might interact with in personal recommendation applications.


See Query.

HVM virtualization

HVM virtualization, also known as Hardware Virtual Machine virtualization, allows the guest VM to run as though it's on a native hardware platform, except that it still uses paravirtual network and storage drivers for improved performance.


AWS Identity and Access Management is used by Amazon Web Services (AWS) customers to manage users and user permissions within AWS.

IAM Access Analyzer

Access Management Access Analyzer is a feature of IAM that you can use to identify the resources in your organization and accounts that are shared with an external entity.

IAM group

See group.

IAM Identity Center

IAM Identity Center is a cloud-based service that brings together administration of users and their access to AWS accounts and cloud applications.

IAM policy simulator

See policy simulator.

IAM role

See role.

IAM uesr

See user.

Identity and Access Management

See IAM.

identity provider (IdP)

An identity provider (IdP) is an IAM entity that holds metadata about external identity providers.


See identity provider (IdP).


See Amazon Machine Image (AMI).

Image Builder

Image Builder facilitates building, maintaining, and distributing customized server images that launch EC2 instances, or that run Docker containers.

implicit impressions

Implicit impressions are recommendations that your application shows a user.

import log

Import log is a report that contains details about how Import/Export processed your data.


AWS Import/Export is a service for transferring large amounts of data between AWS and portable storage devices.

import/export station

The import/export station is a machine that uploads or downloads your data to or from Amazon S3.

impressions data

Impressions data is the list of items that you presented to a user when they interacted with a particular item such as by clicking it, watching it, or purchasing it.

in-place deployment

In-place deployment is a deployment method where the application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated. You can choose to use a load balancer so each instance is deregistered during its deployment and then restored to service after the deployment is complete.


See search index.

index field

The index field is a name-value pair that's included in a CloudSearch domain's index. It can contain text or numeric data, dates, or a location.

indexing options

Indexing options are configuration settings that define a CloudSearch domain's index fields, how document data is mapped to those fields, and how the index fields can be used.

inline policy

An inline policy is an IAM policy that's embedded in a single IAM user, group, or role.

input data

Input data is the observations that you provide to Amazon Machine Learning to train and evaluate a machine learning model and generate predictions.


An instance is a copy of an Amazon Machine Image (AMI) running as a virtual server in the AWS Cloud.

instance family

An instance family is a general instance type grouping using either storage or CPU capacity.

instance group

An instance group is a Hadoop cluster containing one master instance group that contains one master node, a core instance group that contains one or more core nodes, and an optional task node instance group, which can contain any number of task nodes.

instance store

Instance store is disk storage that's physically attached to the host computer for an EC2 instance, so it has the same lifespan as the instance. Data from the instance store is lost when an instance is terminated.

instance store-backed AMI

Instance store-backed AMI is a type of Amazon Machine Image whose instances use an instance store volume as the root device.

instance type

Instance type is a specification that defines the memory, CPU, storage capacity, and usage cost for an instance.

Interactions dataset

Interactions dataset is a container for historical and real-time data collected from interactions between users and items (called events). Interactions data can include impressions data and contextual metadata.

internet gateway

Internet gateway connects a network to the internet.

internet service provider (ISP)

An Internet service provider (ISP) is a company that gives users access to the internet. Many ISPs are also mailbox providers.

intrinsic function

Intrinsic function is a special action in a CloudFormation template that assigns values to properties not available until runtime.

IP address

An IP address is a numerical address that networked devices use to communicate with one another using the Internet Protocol (IP).

IP match condition

IP match condition is an attribute that specifies the IP address or IP address ranges that the requests originate from.


See internet service provider (ISP).


An issuer is a person who writes policy to grant permissions to a resource. The issuer is always the resource owner.


An item is a group of attributes that's uniquely identifiable among all of the other items.

item exploration

Item exploration is the process that Amazon Personalize uses to test different item recommendations, including recommendations of new items with no or little interaction data, and learn how users respond.

item-to-item similarities (SIMS) recipe

An item-to-item similarities (SIMS) recipe is a RELATED_ITEMS recipe that uses the data from an Interactions dataset to make recommendations for items that are similar to a specified item.

Items dataset

Items dataset is a container for metadata about items, such as price, genre, or availability.

job flow

Job flow is one or more steps that specify all of the functions to be performed on the data.

job ID

Job ID is a five-character, alphanumeric string that uniquely identifies an Import/Export storage dive in your shipment.

job prefix

Job prefix is an optional string that you can add to the beginning of an Import/Export log file name to prevent collisions with objects of the same name.


JSON, also known as JavaScript Object Notation, is a lightweight data interchange format.

junk folder

A junk folder is where email messages considered to be of lesser value are collected so that they don't clutter an inbox but are still available to read.


A key is a credential that identifies an AWS account or user to AWS. A unique identifier for an object in a bucket.

key pair

A key pair is a set of security credentials that you use to prove your identity electronically. It consists of a private key and a public key.

key prefix

A key prefix is a string of characters that is a subset of an object name, starting with the first character.

kibibyte (KiB)

A kibibyte (KiB) is a contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB) is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB).


Kinesis is a platform for streaming data on AWS. It offers services that simplify the loading and analysis of streaming data.

Kinesis Data Firehose

Kinesis Data Firehose is a fully managed service for loading streaming data into AWS.

Kinesis Data Streams

Kinesis Data Streams is a web service for building custom applications that process or analyze streaming data for specialized needs. Amazon Kinesis Data Streams can continuously capture and store terabytes of data per hour from hundreds of thousands of sources.

KMS key

KMS key is the primary resource in AWS Key Management Service. They are created, used, and deleted entirely within KMS. KMS supports symmetric and asymmetric KMS keys for encryption and signing. KMS keys can be either customer managed, AWS managed, or AWS owned.

labeled data

Labeled data is data for which you already know the target or correct answer.

Lake Formation

Lake Formation makes it easy to set up, secure, and manage your data lakes. It helps you discover your data sources and then catalog, cleanse, and transform data.


Lamba runs code without provisioning or managing servers.

launch configuration

Launch configuration is a set of descriptive parameters used to create new EC2 instances in Amazon EC2 Auto Scaling activity.

launch permission

Launch permission is an Amazon Machine Image attribute that allows users to launch an AMI.

Launch Wizard

Launch Wizard is a cloud solution that offers a guided way of sizing, configuring, and deploying AWS resources for third-party applications. without the need to manually identify and provision individual AWS resources.


A lifecycle is the state of the EC2 instance contained in an Auto Scaling group. EC2 instances progress through several states over their lifespan; these include Pending, InService, Terminating and Terminated.

lifecycle action

Lifecycle action is an action that can be paused by Auto Scaling, such as launching or terminating an EC2 instance.

lifecycle hook

Lifecyle hook is a feature for pausing Auto Scaling after it launches or terminates an EC2 instance so that you can perform a custom action while the instance isn't in service.


Lightsail is a service used to launch and manage a virtual private server with AWS.

load balancer

A load balancer is a DNS name combined with a set of ports, which together provide a destination for all requests intended for your application. It can distribute traffic to multiple application instances across every Availability Zone within a Region.

local secondary index

A local secondary index is an index that has the same partition key as the table, but a different sort key. It is local in the sense that every partition of a local secondary index is scoped to a table partition that has the same partition key value.

logical name

A case-sensitive unique string within a CloudFormation template that identifies a resource, mapping, parameter, or output.

Lookout for Equipment

Lookout for Equipment is a machine learning service that uses data from sensors mounted on factory equipment to detect abnormal behavior so you can take action before machine failures occur.

Lookout for Metrics

Lookout for Metrics is a machine learning (ML) service that automatically detects and diagnoses anomalies in business and operational data, such as a sudden dip in sales revenue or customer acquisition rates.

Lookout for Vision

Lookout for Vision is a machine learning service that uses computer vision (CV) to find defects in industrial products. It can identify missing components in an industrial product, damage to vehicles or structures, irregularities in production lines, and even minuscule defects in silicon wafers—or any other physical item where quality is important.


Lumberyard is a cross-platform, 3D game engine for creating high-quality games.


Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

Mail Transfer Agent (MTA)

Mail Transfer Agent (MTA) is a software that transports email messages from one computer to another by using a client-server architecture.

mailbox provider

A mailbox provider is an organization that provides email mailbox hosting services.

mailbox simulator

A mailbox simulator is a set of email addresses that you can use to test an Amazon SES-based email-sending application without sending messages to actual recipients.

main route table

Main route table is the default route table that any new Amazon VPC subnet uses for routing. You can associate a subnet with a different route table of your choice. You can also change which route table is the main route table.

Managed Blockchain

Managed Blockchain is a fully managed service for creating and managing scalable blockchain networks using popular open source frameworks.

managed policy

Managed policy is a standalone IAM policy that you can attach to multiple users, groups, and roles in your IAM account.

management portal

AWS Management Portal for vCenter is a web service for managing your AWS resources using VMware vCenter. You install the portal as a vCenter plugin within your existing vCenter environment. After it's installed, you can migrate VMware VMs to Amazon EC2 and manage AWS resources from within vCenter.


A manifest is a text file that describes your job when you send a create job request for an import or export operation. It specifies how to transfer data between your storage device and the AWS Cloud.

manifest file

A manifest file is used for describing batch predictions. It relates each input data file with its associated batch predictions results and is stored in the Amazon S3 output location


Mapping is a way to add conditional parameter values to a CloudFormation template.


See pagination token.

master node

Master node is a process running on an Amazon Machine Image (AMI) that keeps track of the work its core and task nodes complete.

maximum price

Maximum price is the most you'll pay to launch one or more Spot Instances. If your maximum price exceeds the current Spot Price and your restrictions are met, Amazon EC2 launches instances on your behalf.

maximum send rate

Maximum second rate is the maximum number of email messages that you can send per second using Amazon SES.

mean reciprocal rank at 25

Mean reciprocal rank at 25 is an evaluation metric that assesses the relevance of a model’s highest ranked recommendation.

mebibyte (MiB)

A mebibyte is a contraction of mega binary byte. A mebibyte (MiB) is 2^20 or 1,048,576 bytes. A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte (GiB).

member resources

See resource.


MemoryDB for Redis is a Redis-compatible, durable, in-memory database service that's purpose-built for modern applications with microservices architectures.

message ID

Amazon SES: A unique identifier that's assigned to every email message that's sent. Amazon SQS: The identifier returned when you send a message to a queue.


Metadata is information about other data or objects.


Metric is an element of time-series data defined by a unique combination of exactly one namespace, exactly one metric name, and between zero and ten dimensions.

metric name

A metric name is the primary identifier of a metric, used with namespace and optional dimensions.


Metrics are evaluation data that Amazon Personalize generates when you train a model.


See multi-factor authentication (MFA).

micro instance

A micro instance is a type of EC2 instance that's more economical to use if you have occasional bursts of high CPU activity.

Migration Hub

Migration Hub is a service that provides a single location to track migration tasks across multiple AWS tools and partner solutions.


See Multipurpose Internet Mail Extensions (MIME).

ML model

A ML model is a mathematical model that generates predictions by finding patterns in data. Three types of models are supported: binary classification, multiclass classification, and regression. Also known as a predictive model.

Mobile Analytics

Mobile Analytics is a service that collects, visualizes, understands, and extracts mobile app usage data at scale.

Mobile Hub

Mobile Hub is an integrated console for building, testing, and monitoring mobile apps.

Mobile SDK for Unity

The AWS Mobile SDK for Unity is included in the AWS SDK for .NET.

Mobile SDK for Xamarin

The AWS Mobile SDK for Xamarin is included in the AWS SDK for .NET.


See Mail Transfer Agent (MTA).

Multi-AZ deployment

Multi-AZ deployment is A primary DB instance that has a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to the standby replica.

multi-factor authentication (MFA)

Multi-factor authentical (MFA) is an optional AWS account security feature. After you enable AWS MFA, you must provide a six-digit, single-use code in addition to your sign-in credentials whenever you access secure AWS webpages or the AWS Management Console. You get this single-use code from an authentication device that you keep in your physical possession.

multi-valued attribute

Multi-valued attribute is an attribute with more than one value.

multiclass classification model

Multiclass classification model is a machine learning model that predicts values that belong to a limited, pre-defined set of permissible values.

multipart upload

Multipart upload is a feature that you can use to upload a single object as a set of parts.

Multipurpose Internet Mail Extensions (MIME)

Multipurpose Internet Mail Extensions (MIME) is an internet standard that extends the email protocol to include non-ASCII text and nontext elements, such as attachments.


Multitool is a cascading application that provides a simple command-line interface for managing large datasets.

n-gram processor

An n-gram processor is a processor that performs n-gram transformations.

n-gram transformation

An n-gram transformation aids in text string analysis. It takes a text variable as input and outputs strings by sliding a window of size n words over the text and outputting every string of words of size n and all smaller sizes.


Namespace is an abstract container that gives context for the items it holds and allows disambiguation of homonym items residing in different namespaces.


NAT, also known as network address translation, is a strategy of mapping one or more IP addresses to another while data packets are in transit across a traffic routing device.

NAT gateway

NAT gateway is a NAT device that performs network address translation in a private subnet to secure inbound internet traffic. It uses both NAT and port address translation.

NAT instance

NAT instance is a NAT device that's configured by a user to perform network address translation in an Amazon VPC public subnet to secure inbound internet traffic.


Neptune is a managed graph database service that you can use to build and run applications that work with highly connected datasets. It supports the popular graph query languages Apache TinkerPop Gremlin and W3C's SPARQL, enabling you to build queries that efficiently navigate highly connected datasets.

network ACL

Network ACL is an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. Multiple subnets can be associated with a single network ACL, but a subnet can only be associated with one network ACL at a time.

Network Address Translation and Protocol Translation

Network Address Translation and Protocol Translation is an internet protocol standard defined in RFC 2766.

Network Firewall

Network Firewall is a managed service that deploys essential network protections for all Amazon Virtual Private Clouds.

NICE Desktop Cloud Visualization

NICE Desktop Cloud Visualization is a remote visualization technology that securely connects users to graphic-intensive 3D applications hosted on a remote, high-performance server.

Nimble Studio

Nimble Studio is a managed AWS cloud service for creative studios to produce visual effects, animation, and interactive content—from storyboard to final deliverable.


A node is an OpenSearch instance that can be either a data instance or a dedicated master instance.


NoEcho is a property of CloudFormation parameters that prevent the otherwise default reporting of names and values of a template parameter.

normalized discounted cumulative gain (NCDG) at K (5/10/25)

Normalized discounted cumulative gain (NCDG) at K (5/10/25) is an evaluation metric that tells you about the relevance of your model’s highly ranked recommendations, where K is a sample size of 5, 10, or 25 recommendations.


NoSQL, also known as nonrelational database systems, is highly available, scalable, and optimized for high performance. They use alternate models for data management, such as key-value pairs or document storage.

null object

A null object is one whose version ID is null.

number of passes

Number of passes is the number of times that you allow Amazon Machine Learning to use the same data records to train a machine learning model.


An object is the fundamental entity type stored in Amazon S3. It consists of object data and metadata.


An observation is a single instance of data that Amazon Machine Learning uses to train a machine learning model how to predict or generate a prediction.

On-Demand Instance

On-Demand Instance is an Amazon EC2 pricing option that charges you for compute capacity by the hour or second with no long-term commitment.

OpenSearch Service

OpenSearch Service is an AWS managed service for deploying, operating, and scaling OpenSearch, an open-source search and analytics engine, in the AWS Cloud. It also offers security options, high availability, data durability, and direct access to the OpenSearch API.


An operation is an API function. Also called an action.


OpsWorks is a configuration management service that helps you use Chef to configure and operate groups of instances and applications. You can define the application's architecture and the specification of each component including package installation, software configuration, and resources such as storage. You can automate tasks based on time, load, or lifecycle events.

optimistic locking

Optimistic locking is a strategy to ensure that an item that you want to update has not been modified by others before you perform the update.


An organization is an entity that you create to consolidate and manage your AWS accounts. An organization has one management account along with zero or more member accounts.

organizational unit

An organizational unit is a container for accounts within a root of an organization.


Organizations is an account management service used to consolidate multiple AWS accounts into an organization that you create and centrally manage.

origin access identity

Origin access identity, also called OAI, is a virtual identity used to require users to access your content through CloudFront URLs instead of Amazon S3 URLs.

origin server

Origin server is the Amazon S3 bucket or custom origin containing the definitive original version of the content you deliver through CloudFront.

original environment

Original environment is the instances in a deployment group at the start of a CodeDeploy blue/green deployment.

OSB transformation

OSB transformation, also known as orthogonal sparse bigram transformation, aids in text string analysis and is an alternative to the n-gram transformation. OSB transformations are generated by sliding the window of size n words over the text and outputting every pair of words that includes the first word in the window.


See organizational unit.


Outposts is a fully managed service by AWS that extends AWS infrastructure, services, APIs, and tools to on-premises data centers and edge locations.

output location

Output location is an Amazon S3 location where the results of a batch prediction are stored.


Pagination is the process of responding to an API request by returning a large list of records in small separate parts.

pagination token

A pagination token is a marker that indicates that an API response contains a subset of a larger list of records.

paid AMI

Paid AMI is an Amazon Machine Image that you sell to other Amazon EC2 users on AWS Marketplace.

paravirtual virtualization

See PV virtualization.


A part is a contiguous portion of the object's data in a multipart upload request.

partition key

A partition key is a simple primary key composed of one attribute. Also known as a hash attribute.


PAT is a port address translation.

pebibyte (PiB)

A pebibyte (PiB) is a contraction of peta binary byte, a pebibyte is 2^50 or 1,125,899,906,842,624 bytes. A petabyte (PB) is 10^15 or 1,000,000,000,000,000 bytes. 1,024 PiB is an exbibyte (EiB).


See sampling period.


Permission is a statement within a policy that allows or denies access to a particular resource.

persistent storage

Persistent storage is a data storage solution where the data remains intact until its deleted.


PERSONALIZE_RANKING recipes provide item recommendations in ranked order based on the predicted interest for a user.

personalized-ranking recipe

Personalized-ranking recipe is a PERSONALIZE_RANKING recipe that ranks a collection of items that you provide based on the predicted interest levels for a specific user.

physical name

The physical name is a unique label that CloudFormation assigns to each resource when creating a stack.


A pipeline is a workflow construct that defines the way software changes go through a release process.


Plaintext is information that has not been encrypted.


A policy is a document defining permissions that apply to a user, group, or role. It determines what users can do in AWS. It typically allows access to specific actions and can grant that actions are allowed for specific resources. It can also deny access.

policy generator

Policy generator is a tool in the IAM AWS Management Console that helps you build a policy by selecting elements from lists of available options.

policy simullator

Policy simulator is a tool in IAM AWS Management Console that helps you test and troubleshoot policies so you can see their effects in real-world scenarios.

policy validator

Policy validator is a tool in the IAM AWS Management Console that examines your existing IAM access control policies to ensure that they comply with the IAM policy grammar.

popularity-count recipe

Popularity-count recipe is a USER_PERSONALIZATION recipe that recommends items that have had the most interactions with unique users.

Porting Assistant for .NET

Porting Assistant for .NET is a compatibility analyzer that reduces the manual effort required to port Microsoft .NET Framework applications to open source .NET Core.

precision at K (5/10/25)

Precision at K (5/10/25) is an evaluation metric that tells you how relevant your model’s recommendations are based on a sample size of K (5, 10, or 25) recommendations.


See job prefix.

Premium Support

Premium Support is a one-on-one, fast-response support channel that AWS customers can subscribe to for support for AWS infrastructure services.

presigned URL

A presigned URL is a web address that uses query string authentication.

primary key

Primary key is one or two attributes that uniquely identify each item in a DynamoDB table, so that no two items can have the same key.

primary shard

See shard.


A principle is the user, service, or account that receives permissions that are defined in a policy.

private content

Private content is a method of controlling access to your content by requiring users to use signed URLs.

private IP address

A private IP address is a private numerical address (for example, that networked devices use to communicate with one another using the Internet Protocol (IP).

private subnet

A private subnet is an Amazon VPC subnet whose instances can't be reached from the internet.

product code

Product code is an identifier provided by AWS when you submit a product to AWS Marketplace.


See resource property.

property rule

Property rule is a JSON-compliant markup standard for declaring properties, mappings, and output values in a CloudFormation template.

Provisioned IOPS

Provisioned IOPS is a storage option that delivers fast, predictable, and consistent I/O performance.

pseudo parameter

A pseudo parameter is a predefined setting that can be used in CloudFormation templates without having to declare them.

public AMI

Public AMI is an Amazon Machine Image that all AWS accounts have permission to launch.

public dataset

Public dataset is a large collection of public information that can be seamlessly integrated into applications that are based in the AWS Cloud. Amazon stores public datasets at no charge to the community and, similar to other AWS services, users pay only for the compute and storage they use for their own applications.

public IP address

Public IP address is public numerical address that networked devices use to communicate with one another using the Internet Protocol (IP).

public subnet

A public subnet is a subnet whose instances can be reached from the internet.

PV virtualization

PV virtualization allows guest VMs to run on host systems that don't have special support extensions for full hardware and CPU virtualization.

quartile binning transformation

Quartile binning transformation is a process that takes two inputs, a numerical variable and a parameter called a bin number, and outputs a categorical variable. Quartile binning transformations discover non-linearity in a variable's distribution by enabling the machine learning model to learn separate importance values for parts of the numeric variable’s distribution.


Query is a type of web service that generally uses only the GET or POST HTTP method and a query string with parameters in the URL.

query string authentication

Query string authentication is an AWS feature that you can use to place the authentication information in the HTTP request query string instead of in the Authorization header, which provides URL-based access to objects in a bucket.


A queue is a sequence of messages or jobs that are held in temporary storage awaiting transmission or processing.

queue URL

A queue URL is a web address that uniquely identifies a queue.


QuickSight is a fast, cloud-powered business analytics service that you can use to build visualizations, perform analysis, and quickly get business insights from your data.


Quota is the maximum value for your resources, actions, and items in your AWS account.

range GET

Range GET is a request that specifies a byte range of data to get for a download. Large objects can be downloaded in smaller units by sending multiple range GET requests that each specify a different byte range to GET.

raw email

A raw email is a type of sendmail request with which you can specify the email headers and MIME types.

read replica

Read replica is an active copy of another DB instance. Any updates to the data on the source DB instance are replicated to the read replica DB instance using the built-in replication feature of MySQL 5.1.

real-time predictions

Real-time predictions are synchronously generated predictions for individual data observations.

receipt handle

A receipt handle is an identifier that you get when you receive a message from the queue. It is required to delete a message from the queue or when changing a message's visibility timeout.


A receiver is an entity that consists of the network systems, software, and policies that manage email delivery for a recipient.


Recipe is an Amazon Personalize algorithm that's preconfigured to predict the items that a user interacts with (for USER_PERSONALIZATION recipes), or calculate items that are similar to specific items that a user has shown interest in (for RELATED_ITEMS recipes), or rank a collection of items that you provide based on the predicted interest for a specific user (for PERSONALIZED_RANKING recipes).


A recipient is the person or entity receiving an email message.


Recommendations are a list of items that Amazon Personalize predicts that a user interacts with. Depending on the recipe used, recommendations can be either a list of items or a ranking of a collection of items you provided.


Redis is a fast, open-source, in-memory key-value data structure store. It comes with a set of versatile in-memory data structures with which you can easily create a variety of custom applications.


A reference is a means of inserting a property from one AWS resource into another.


A Region is a named set of AWS resources that are in the same geographical area. It comprises at least three Availability Zones.

regression model

Regression model is a type of machine learning model that predicts a numeric value, such as the exact purchase price of a house.


Regularization is A machine learning (ML) parameter that you can tune to obtain higher-quality ML models. It helps prevent ML models from memorizing training data examples instead of learning how to generalize the patterns it sees (called overfitting). When training data is overfitted, the ML model performs well on the training data but doesn't perform well on the evaluation data or on new data.


RELATED_ITEMS recipes recommend items that are similar to a specified item, such as the item-to-item (SIMS) recipe.

replacement environment

Replacement environment is the instances in a deployment group after the CodeDeploy blue/green deployment.

replica shard

See shard.

reply path

Reply path is the email address an email reply is sent to.

representational state transfer



Reputation is an Amazon S3 metric that's based on factors including bounces, complaints, and other metrics and that shows whether a customer is sending high-quality email. It's also the level of confidence that an IP address an email was sent from isn't a source of spam.


A requester is the person (or application) that sends a request to AWS to perform a specific action.

Requester Pays

Requester Pays is an Amazon S3 feature that allows a bucket owner to specify that anyone who requests access to objects in a particular bucket must pay the data transfer and request costs.


Reservation is a collection of EC2 instances started as part of the same launch request.

Reserved Instance

Reservation Instance is a pricing option for EC2 instances that discounts the on-demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.

Reserved Instance Marketplace

Reserved Instance Marketplace is an online exchange that matches sellers who have reserved capacity that they no longer need with buyers who are looking to purchase additional capacity. Reserved instances that you purchase from third-party sellers have less than a full standard term remaining and can be sold at different upfront prices. The usage or reoccurring fees remain the same as the fees set when the Reserved Instances were originally purchased. Full standard terms for Reserved Instances available from AWS run for one year or three years.

RESful web service

RESTful web service, also known as RESTful API, is a web service that follows REST architectural constraints. API operations must use HTTP methods explicitly, expose hierarchical URIs, and transfer either XML, JSON, or both.

Resilience Hub

Resilience Hub gives you a central place to define, validate, and track the resiliency of your AWS application. It helps you to protect your applications from disruptions, and reduce recovery costs to optimize business continuity to help meet compliance and regulatory requirements.


A resource is an entity that users can work with in AWS.

Resource Groups

Resource Groups is a web service that AWS customers can use to manage and automate tasks on large numbers of resources at one time.

resource property

Resource property is a value required when including an AWS resource in a CloudFormation stack. Each resource can have one or more properties associated with it.

resource record

Resource record, also called resource record set, is the fundamental information elements in the Domain Name System.


REST, also known as representational state transfer, is a simple stateless architecture that generally runs over HTTPS/TLS. It emphasizes that resources have unique and hierarchical identifiers (URIs), are represented by common media types (such as HTML, XML, or JSON), and that operations on the resources are either predefined or discoverable within the media type. In practice, this generally results in a limited number of operations.

return enabled

Return enabled is an index field option that enables the field's values to be returned in the search results.

return path

Return path is the email address that bounced email is returned to. It is specified in the header of the original email.


Revision is a change that's made to a source that's configured in a source action, such as a pushed commit to a GitHub repository or an update to a file in a versioned Amazon S3 bucket.


Role gives temporary access to AWS resources in your AWS account.


Rollback is a return to a previous state that follows the failure to create an object, such as a CloudFormation stack. All resources that are associated with the failure are deleted during the rollback. For AWS CloudFormation, you can override this behavior using the --disable-rollback option on the command line.


Root is a parent container for the accounts in your organization.

root credentials

Root credentials are authentication information associated with the AWS account owner.

root device volume

Root device volume contains the image used to boot the instance.

Route 53

Route 53 is a web service that you can use to create a new DNS service or to migrate your existing DNS service to the cloud.

route table

Route table is a set of routing rules that controls the traffic leaving any subnet that's associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.

row identifier

Row identifier is an attribute in the input data that you can include in the evaluation or prediction output to make it easier to associate a prediction with an observation.


A rule is a set of conditions that AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions. You add rules to a web ACL, and then specify whether you want to allow or block web requests based on each rule.


SageMaker is a fully managed cloud service that builds, trains, and deploys machine learning (ML) models by using AWS infrastructure, tools, and workflows.

sampling period

A sampling period is a defined duration of time during which CloudWatch computes a statistic.


Sandbox is a testing location where you can test the functionality of your application without affecting production, incurring charges, or purchasing products.

scale in

Scale in means to remove EC2 instances from an Auto Scaling group.

scale out

Scale out means to add EC2 instances to an Auto Scaling group.

scaling activity

A scaling activity is a process that changes the size, configuration, or makeup of an Auto Scaling group by launching or terminating instances.

scaling policy

Scaling policy is a description of how Auto Scaling automatically scales an Auto Scaling group in response to changing demand.


Scheduler is the method used to place tasks on container instances.


Schema is the information needed to interpret the input data for a machine learning model, including attribute names and their assigned data types, and the names of special attributes.

score cut-off value

Score cut-off value is a binary classification model which outputs a score that ranges from 0 to 1. To decide whether an observation is classified as 1 or 0, you pick a classification threshold, or cut-off, and Amazon ML compares the score against it. Observations with scores higher than the cut-off are predicted as target equals 1, and scores lower than the cut-off are predicted as target equals 0.


See service control policy.

SDK for C++

AWS SDK for C++ is a software development kit that provides C++ APIs for many AWS services including Amazon S3, Amazon EC2, DynamoDB, and more.

SDK for Go

AWS SDK for Go is a software development kit for integrating your Go application with the full suite of AWS services.

SDK for Java

AWS SDK for Java is a software development kit that provides Java API operations for many AWS services including Amazon S3, Amazon EC2, DynamoDB, and more.

SDK for JavaScript in Node.js

AWS SDK for JavaScript in Node.js is a software development kit for accessing AWS services from JavaScript in Node.js. The SDK provides JavaScript objects for AWS services, including Amazon S3, Amazon EC2, DynamoDB, and Amazon SWF.

SDK for JavaScript in the Browser

AWS SDK for JavaScript in the Browser is a software development kit for accessing AWS services from JavaScript code running in the browser.


AWS SDK for PHP is a software development kit and open-source PHP library for integrating your PHP application with AWS services such as Amazon S3, Amazon S3 Glacier, and DynamoDB.

SDK for Python (Boto3)

AWS SDK for Python (Boto3) is a software development kit for using Python to access AWS services such as Amazon EC2, Amazon EMR, Amazon EC2 Auto Scaling, Kinesis, or Lambda.

SDK for Ruby

AWS SDK for Ruby is a software development kit for accessing AWS services from Ruby. The SDK provides Ruby classes for many AWS services including Amazon S3, Amazon EC2, DynamoDB, and more.

SDK for Rust

AWS SDK for Rust is a software development kit that provides APIs and utilities for developers. It enables Rust applications to integrate with AWS services such as Amazon S3 and Amazon EC2.

SDK for Swift

AWS SDK for Swift is a software development kit that provides support for accessing AWS infrastructure and services using the Swift language.

search API

Search API is the API used to submit search requests in a search domain.

search domain

Search domain encapsulates your searchable data and the search instances that handle your search requests.

search domain configuration

Search domain configuration is a domain's indexing options, analysis schemes, expressions, suggesters, access policies, and scaling and availability options.

search enabled

Search enabled is an index field option that enables the field data to be searched.

search endpoint

Search endpoint is the URL that you connect to when sending search requests to a search domain.

search index

Search index is a representation of your searchable data that facilitates fast and accurate data retrieval.

search instance

Search instance is a compute resource that indexes your data and processes search requests.

search request

Search request is sent to Amazon CloudSearch domain's search endpoint to retrieve the documents from the index that match particular search criteria.

search result

Search result is a document that matches a search request. Also known as a search hit.

secret access key

Secret access key is used with the access key ID to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and prevents the request from being altered. You can generate secret access keys for your AWS account, individual IAM users, and temporary sessions.

Secrets Manager

Secrets Manager is a service for securely encrypting, storing, and rotating credentials for databases and other services.

security group

Security group is a named set of allowed inbound network connections for an instance.

Security Hub

Security Hub is a service that provides a comprehensive view of the security state of your AWS resources. It collects security data from AWS accounts and services and helps you analyze your security trends to identify and prioritize the security issues across your AWS environment.


A sender is the person or entity sending an email message.

Sender ID

Sender ID is an email authentication and anti-spoofing system.

sending limits

Sending limits are the sending quota and maximum send rate that are associated with every Amazon SES account.

sending quota

Sending quota is the maximum number of email messages that you can send in a 24-hour period.

server-side encryption (SSE)

Server-side encryption (SSE) is the encrypting of data at a server level.

service control policy

Service control policy is a policy-based control that specifies the services and actions that users and roles can use in the accounts that the service control policy (SCP) affects.

service endpoint

See endpoint.

service health dashboard

Service health dashboard is a webpage showing up-to-the-minute information about AWS service availability.

Service Quotas

Service Quotas helps you view and manage your quotas easily and at scale as your AWS workloads grow. Quotas, or limits, are the maximum number of resources that you can create in an AWS account.

service role

Service role is an IAM role that grants permissions to an AWS service so it can access AWS resources. The policies that you attach to the service role determine which AWS resources the service can access and what it can do with those resources.


A session is a period when the temporary security credentials that are provided by AWS STS allow access to your AWS account.


SHA is a Secure Hash Algorithm.


A shard is a partition of data in an index.

shared AMI

Shared AMI is an Amazon Machine Image that a developer builds and makes available for others to use.


Shield helps you protect your resources against DDoS attacks.

shutdown action

Shutdown action is a predefined bootstrap action that launches a script that runs a series of commands in parallel before terminating the job flow.


A signature is a digital signature, which is a mathematical way to confirm the authenticity of a digital message.


A SIGNATURE file can be copied to the root directory of your storage device. The file contains a job ID, a manifest file, and a signature.

Signature Version 4

Signature Version 4 is a protocol for authenticating inbound API requests to AWS services in all AWS Regions.


Signer is a fully managed code-signing service used to ensure the authenticity and integrity of an AWS customer's code.


Silk is a next-generation web browser that's available only on Fire OS tablets and phones. It's built on a split architecture that divides processing between the client and the AWS Cloud to create a faster, more responsive mobile browsing experience.

Simple Mail Transfer Protocol


Simple Object Access Protocol


SIMS recipe

See item-to-item similarities (SIMS) recipe.

single sign-on

Single sign-on is an authentication scheme that allows users to sign in one time to access multiple applications and websites. The service name AWS Single Sign-On is now AWS IAM Identity Center.

Single-AZ DB instance

Single-AZ DB instance is a standard (non-Multi-AZ) DB instance that's deployed in one Availability Zone, without a standby replica in another Availability Zone.

Site-to-Site VPN

Site-to-Site VPN is a fully managed service that you can use to establish Internet Protocol security (IPsec) VPN connections between your AWS networks and your on-premises networks.

sloppy phrase search

A sloppy phrase search is a search for a phrase that specifies how close the terms must be to each other to be considered a match.


SMTP, also known as Simple Mail Transfer Protocol, is the standard used to exchange email messages between internet hosts for the purpose of routing and delivery.


A snapshot is a backup of your volumes stored in Amazon S3. Snapshots can be used as a starting point for new Amazon EBS volumes or to protect your data for long-term durability.


Snowball is a petabyte-scale data transport solution that uses devices that are secure to transfer large amounts of data into and out of the AWS Cloud.


SOAP, also known as Simple Object Access Protocol, is an XML-based protocol that you can use to exchange information over a particular protocol (for example, HTTP or SMTP) between applications.

soft bounce

A soft bounce is a temporary email delivery failure, such as one resulting from a full mailbox.

software VPN

A software VPN is a software appliance-based VPN connection over the internet.


A solution is the recipe, customized parameters, and trained models that can be used to generate recommendations.

solution version

A solution version is a trained model that you create as part of a solution in Amazon Personalize. You deploy a solution version in a campaign to generate recommendations.

sort enabled

Sort enabled is an index field option that enables a field to be used to sort the search results.

sort key

Sort key is an attribute used to sort the order of partition keys in a composite primary key, also known as a range attribute.

source/destination checking

Source/destination checking is a security measure that verifies that an instance isn't relaying traffic.


Spam is unsolicited bulk emails.


A spamtrap is an email address set up by an anti-spam entity to monitor unsolicited emails. Also called a honeypot.


SPF, also known as Sender Policy Framework, is a standard for authenticating email.


SPICE (Super-fast, Parallel, In-memory Calculation Engine) is a robust in-memory engine that is part of Amazon QuickSight. It was made for the cloud and uses a combination of storage and in-memory technologies. It uses these to get faster results from interactive queries and advanced calculations on large datasets. SPICE automatically replicates data for high availability. SPICE makes it possible for Amazon QuickSight to support hundreds of thousands of simultaneous analyses across a variety of data sources.

Spot Instance

Spot Instance is a type of EC2 instance that you can bid on to use unused Amazon EC2 capacity.

Spot price

Spot price is the price for a Spot Instance at any given time. If your maximum price exceeds the current price and your restrictions are met, Amazon EC2 launches instances on your behalf.

SQL injection match condition

SQL injection match condition is an attribute that specifies the part of web requests (such as a header or a query string) that AWS WAF inspects for malicious SQL code. Based on the specified conditions, you can configure AWS WAF to allow or block web requests to an AWS resource, such as an Amazon CloudFront distribution.


See server-side encryption (SSE).


Secure Sockets Layer; See Transport Layer Security (TLS).


A stack is a collection of AWS resources that you create and delete as a single unit. It's a set of instances that you manage collectively, typically because they have a common purpose.


A station is a place at an AWS facility where your AWS Import/Export data is transferred on to, or off of, your storage device.


A statistic is one of five functions of the values submitted for a given sampling period.


A stem is a common root or substring shared by a set of related words.


Stemming is the process of mapping related words to a common stem, which enables matching on variants of a word.


A step is a single function applied to the data in a job flow. The sum of all steps comprises a job flow.

Step Functions

Step Functions is a web service that coordinates the components of distributed applications as a series of steps in a visual workflow.

step type

Step type is the type of work done in a step.

sticky session

Sticky session is a feature of the ELB load balancer that binds a user's session to a specific application instance.


Stopping is the process of filtering stop words from an index or search request.


A stopword isn't indexed and is automatically filtered out of search requests because it's either insignificant or so common that including it results in too many matches to be useful. It is language specific.

Storage Gateway

Storage Gateway is a web service that connects an on-premises software appliance with cloud-based storage. Storage Gateway provides seamless and secure integration between an organization's on-premises IT environment and AWS storage infrastructure.


Amazon EMR: A utility that comes with Hadoop that you can use to develop MapReduce executables in languages other than Java. CloudFront: The ability to use a media file in real time—as it's transmitted in a steady stream from a server.

streaming distribution

Streaming distribution is a special kind of distribution that serves streamed media files using a Real Time Messaging Protocol (RTMP) connection.


See Kinesis Data Streams.

string match condition

String match condition is an attribute that specifies the strings that AWS WAF searches for in a web request, such as a value in a header or a query string. Based on the specified strings, you can configure AWS WAF to allow or block web requests to an AWS resource, such as a CloudFront distribution.


Before you calculate an HMAC signature, you first assemble the required components in a canonical order. The preencrypted string is the string-to-sign.

strongly consistent read

Strongly consistent read is a process that returns a response with the most up-to-date data.

structured query

Structured query is specified using the CloudSearch structured query language. It can be used to construct compound queries that use advanced search options and combine multiple search criteria using Boolean operators.


A subnet is a segment of the IP address range of an Amazon VPC that an EC2 instance can be attached to. You can create subnets to group instances according to security and operational needs.

Subscription button

A subscription button is pressed by users to active a recurring fee.


A suggester specifies an index field for getting autocomplete suggestions and options that can enable fuzzy matches and control how suggestions are sorted.


Suggestions are documents that contain a match for the partial search string in the field that's designated by the suggester. CloudSearch suggestions include the document IDs and field values for each matching document. To be a match, the string must match the contents of the field starting from the beginning of the field.


Sumerian is a set of tools for creating and running high-quality 3D, augmented reality (AR), and virtual reality (VR) applications on the web.

supported AMI

Supported AMI is an Amazon Machine Image (AMI) similar to a paid AMI, except that the owner charges for additional software or a service that customers use with their own AMIs.


See Amazon SWF.

symmetric encryption

Symmetric encryption is encryption that uses a private key.

synchronous bounce

A synchronous bounce occurs when the email servers of the sender and receiver are actively communicating.


A synonym is a word that is similar to another word.

Systems Manager

Systems Manager is the operations hub for AWS and hybrid cloud environments that can help achieve secure operations at scale. It provides a unified user interface for users to view operations data from multiple AWS services and automate tasks across their AWS resources.


A table is a collection of data.


A tag is metadata that can be defined and assigned to AWS resources.


Tagging means to apply a tag to an AWS resource. Also known as labeling, tagging is a way to format return path email addresses so that you can specify a different return path for each recipient of a message.

target attribute

A target attribute is the attribute in the input data that contains the correct answers.

target revision

A target revision is the most recent version of an application revision that has been uploaded to the repository and will be deployed to the instances in a deployment group.


A task is an instantiation of a task definition that's running on a container instance.

task definition

Task definition is the blueprint for your task that specifies the name of the task, revisions, container definitions, and volume information.

task node

A task node is an EC2 instance that runs Hadoop map and reduces tasks but doesn't store data. They are managed by the master node.

tebibyte (TiB)

A tebibyte (TiB) is a contraction of tera binary byte. A tebibyte (TiB) is 2^40 or 1,099,511,627,776 bytes. A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a pebibyte (PiB).

template format version

Template format version is the version of a CloudFormation template design that determines the available features.

template validation

Template validation is the process of confirming the use of JSON code in a CloudFormation template.

temporary security credentials

Temporary security credentials are authentication information that's provided by AWS STS when you call an STS API action. Includes an access key ID, a secret access key, a session token, and an expiration time.


Throttling is the automatic restricting or slowing down of a process based on one or more limits.

time-series data

Time-series data is provided as part of a metric and is what the time value is assumed to be when the value occurred.


A timestamp is the date/time string in the ISO 8601 format.


Timestream is a scalable and serverless time series database service for real-time analytics, DevOps, and IoT applications that you can use to store and analyze trillions of events per day.


See Transport Layer Security.


Tokenization is the process if splitting a stream of text into separate tokens on detectable boundaries such as white space and hyphens.


A topic is a communication channel used to send messages and subscribe to notifications. It provides an access point for publishers and subscribers to communicate with each other.

Traffic Mirroring

Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send this network traffic to out-of-band security and monitoring appliances for content inspection, threat monitoring, and troubleshooting.

training datasource

Training datasource contains the data that Amazon Machine Learning uses to train the machine learning model to make predictions.

Transfer Family

AWS Transfer Family offers fully managed support for transferring files over SFTP, FTPS, and FTP into and out of Amazon S3 or Amazon EFS, as well as support for the Applicability Statement 2 (AS2) protocol for business-to-business (B2B) transfers.


Transition is the act of a revision in a pipeline continuing from one stage to the next in a workflow.

Transport Layer Security (TLS)

Transport Layer Security is a cryptographic protocol that provides security for communication over the internet. Its predecessor is Secure Sockets Layer (SSL).

trust policy

Trust policy is an IAM policy that's an inherent part of an IAM role. It specifies which principles are allowed to use the role.

Trusted Advisor

Trusted Advisor is a web service that inspects your AWS environment and makes recommendations for saving money, improving system availability and performance, and helping to close security gaps.

trusted key groups

Trusted key groups are Amazon CloudFront key groups whose public keys CloudFront can use to verify the signatures of CloudFront signed URLs and signed cookies.

trusted signers

See trusted key groups.


Tuning is selecting the number and type of AMIs to run a Hadoop job flow most efficiently.


A tunnel is a route for transmission of private network traffic that uses the internet to connect nodes in the private network. It uses encryption and secure protocols such as PPTP to prevent the traffic from being intercepted as it passes through public routing nodes.


Unbounded means the number of potential occurrences isn't limited by a set number. This value is often used when defining a data type. that's a list in WSDL.


Unit is a standard measurement for the values submitted to CloudWatch as metric data.

usage report

Usage report is an AWS record that details your usage of a particular AWS service.


A user is a person or application under an account that makes API calls to AWS products. Each user has a unique name within the AWS account and a set of security credentials that aren't shared with other users. These credentials are separate from the security credentials for the AWS account. Each user is associated with one and only one AWS account.


USER_PERSONALIZATION recipes are used to build a recommendation system that predicts the items a user interacts with based on data provided in Interactions, Items, and Users datasets.

user-personalization recipe

User-personalization recipe is an HRNN-based USER_PERSONALIZATION recipe that predicts the items that a user interacts with. The user-personalization recipe can use item exploration and impressions data to generate recommendations for new items.

Users dataset

Users dataset is a container for metadata about your users, such as age, gender, or loyalty membership.


See template validation.


Value is instances of attributes for an item. An attribute may have multiple values.

Variable Envelope Return Path



Verification is the process of confirming that you own an email address or a domain so that you can send an email to or from it.


VERP, also known as Variable Envelope Return Path, is a way that email-sending applicants can match bounced email with the undeliverable address that caused the bounce by using a different return path for each recipient.


Versioning means that every object in Amazon S3 has a key and version ID.


See virtual private gateway (VGW).

virtual private gateway (VGW)

Virtual private gateway is the Amazon side of a VPN connection that maintains connectivity.


Virtualization allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.

visibility timeout

Visibility timeout is a period of time when a message is invisible to the rest of your application after an application component gets it from the queue. During the visibility timeout, the component that received the message usually processes it and then deletes it from the queue. This prevents multiple components from processing the same message.

VM Import/Export

VM Import/Export is a service for importing virtual machine (VM) images from your existing virtualization environment to Amazon EC2 and then exporting them back.


Volume is a fixed amount of storage on an instance. It can share data between more than one container and persist the data on the container instance when the containers are no longer running.

VPC endpoint

VCP endpoint is a feature that can help you create a private connection between your Amazon VPC and another AWS service without requiring access over the internet, through a NAT instance, a VPN connection, or Direct Connect.


See virtual private gateway (VGW).

VPN connection

VPN connection is the IPsec connection that's between an Amazon VPC and some other network, such as a corporate data center, home network, or colocation facility.

web access control list (web ACL)

Web access control list is a set of rules that defines the conditions that AWS WAF searches for in web requests to an AWS resource, such as an Amazon CloudFront distribution. A web access control list (web ACL) specifies if to allow, block, or count the requests.

Web Services Description Language



WorkDocs is a managed, secure enterprise document storage and sharing service with administrative controls and feedback capabilities.


WorkMail is a managed, secure business email and calendar service with support for existing desktop and mobile email clients.


WorkSpaces is a managed, secure desktop computing service for provisioning cloud-based desktops and providing users access to documents, applications, and resources from supported devices.


WSDL, also known as Web Services Description Language, is used to describe the actions that a web service can perform, along with the syntax of action requests and responses.


X-Ray is a web service that collects data about requests that your application serves. X-Ray provides tools that you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization.

X.509 certificate

X.509 certificate is a digital document that uses the X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the entity that's described in the certificate.

yobibyte (YiB)

A yobibyte (YiB) is a contraction of yotta binary byte. A yobibyte (YiB) is 2^80 or 1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or 1,000,000,000,000,000,000,000,000 bytes.

zebibyte (ZiB)

A zebibyte (ZiB) is a contraction of zetta binary byte. A zebibyte (ZiB) is 2^70 or 1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or 1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB).

zone awareness

Zone awareness is a configuration that distributes nodes in a cluster across two Availability Zones in the same Region. It helps prevent data loss and minimize downtime if a node and data center fails.

Let’s talk about how we can transform your business and save you money. A lot of it!

Our team of specialists are ready to take your call and talk you through a personalized solution for your business.

Get a Demo

0 NPS Score
			user ID: