AWS Glossary

Reference
 AWS Glossary Reference

AWS Glossary: Reference

Copyright © 2023 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not
Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or
discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may
or may not be affiliated with, connected to, or sponsored by Amazon.
 AWS Glossary Reference

Table of Contents
AWS glossary ..................................................................................................................................... 1

iii
 AWS Glossary Reference

AWS glossary

Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Numbers and symbols

100-continue A method that gives a client the ability to see whether a server can accept a
request before actually sending it. For large PUT requests, this method can save
both time and bandwidth charges.

A
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

AAD See additional authenticated data.

access control list (ACL) A document that defines who can access a particular bucket (p. 7) or
object. Each bucket (p. 7) and object in Amazon S3 (p. 50) has an ACL.
This document defines what each type of user can do, such as write and read
permissions.

access identifiers See credentials.

access key The combination of an access key ID (p. 1) (for example,

AKIAIOSFODNN7EXAMPLE) and a secret access key (p. 53) (for example,
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign
API requests that you make to AWS.

access key ID A unique identifier that's associated with a secret access key (p. 53); the
access key ID and secret access key are used together to sign programmatic AWS
requests cryptographically.

access key rotation A method to increase security by changing the AWS access key ID. You can use
this method to retire an old key at your discretion.

1

access policy language
account
account activity
AWS Account Management
ACL
ACM
action
active trusted key groups
active trusted signers
additional authenticated data
administrative suspension
alarm
AWS Glossary Reference
A language for writing documents (specifically, policies (p. 43)) that specify
who can access a particular AWS resource (p. 48) and under what conditions.
A formal relationship with AWS that's associated with all of the following:
• The owner email address and password
• The control of resources created under its umbrella
• Payment for the AWS activity related to those resources
The AWS account has permission to do anything and everything with all the
AWS account resources. This is in contrast to a user (p. 62), which is an entity
contained within the account.
A webpage showing your month-to-date AWS usage and costs. The account
activity page is located at https://aws.amazon.com/account-activity/.
AWS Account Management is a tool that you can use to update the contact
information for each of your AWS accounts.
See Also https://aws.amazon.com/organizations.
See access control list (ACL).
AWS Certificate Manager is a web service for provisioning, managing, and
deploying Secure Sockets Layer/Transport Layer Security (p. 62) (SSL/TLS)
certificates for use with AWS services.
See Also https://aws.amazon.com/certificate-manager/.
An API function. Also called operation or call. The activity the principal (p. 44)
has permission to perform. The action is B in the statement "A has permission
to do B to C where D applies." For example, Jane sends a request to Amazon
SQS (p. 57) with Action=ReceiveMessage.
CloudWatch (p. 10): The response initiated by the change in an alarm's state
(for example, from OK to ALARM). The state change might be caused by a metric
reaching the alarm threshold, or by a SetAlarmState request. Each alarm can
have one or more actions assigned to each state. Actions are performed once each
time the alarm changes to a state that has an action assigned. Example actions
include an Amazon SNS (p. 56) notification, running an Amazon EC2 Auto
Scaling (p. 19) policy (p. 43), and an Amazon EC2 instance (p. 19) stop/
terminate action.
A list that shows each of the trusted key groups (p. 62), and the IDs of the
public keys in each key group, that are active for a distribution in Amazon
CloudFront. CloudFront can use the public keys in these key groups to verify the
signatures of CloudFront signed URLs and signed cookies.
See active trusted key groups (p. 2).
Information that's checked for integrity but not encrypted, such as headers or
other contextual metadata.
Amazon EC2 Auto Scaling (p. 19) might suspend processes for Auto Scaling
group (p. 6) that repeatedly fail to launch instances. Auto Scaling groups
that most commonly experience administrative suspension have zero running
instances, have been trying to launch instances for more than 24 hours, and have
not succeeded in that time.
An item that watches a single metric over a specified time period and starts an
Amazon SNS (p. 56) topic (p. 61) or an Amazon EC2 Auto Scaling (p. 19)
2
 AWS Glossary Reference

policy (p. 43). These actions are started if the value of the metric crosses a
threshold value over a predetermined number of time periods.

allow One of two possible outcomes (the other is deny (p. 17)) when an
IAM (p. 27) access policy (p. 43) is evaluated. When a user makes a request
to AWS, AWS evaluates the request based on all permissions that apply to the
user and then returns either allow or deny.

Amazon Machine Image (AMI) An Amazon Machine Image (AMI) is an encrypted machine image stored in
Amazon EBS (p. 19) or Amazon S3 (p. 50). AMIs function similarly to a
template of a computer's root drive. They contain the operating system and can
also include software and layers of your application, such as database servers,
middleware, and web servers.

Amazon Web Services (AWS) An infrastructure web services platform in the cloud for companies of all sizes.
See Also https://aws.amazon.com/what-is-cloud-computing/.

AMI See Amazon Machine Image (AMI).

Amplify AWS Amplify is a complete solution that frontend web and mobile developers
can use to build and deploy secure, scalable full-stack applications powered by
AWS. Amplify provides two services: Amplify Hosting (p. 3) and Amplify
Studio (p. 3).
See Also https://aws.amazon.com/amplify/ .

Amplify Android Amplify Android is a collection of open-source client libraries that provides
interfaces for specific use cases across many AWS services. Amplify Android is the
recommended way to build native Android applications powered by AWS.
See Also https://aws.amazon.com/amplify/ .

Amplify Hosting AWS Amplify Hosting is a fully managed continuous integration and continuous
delivery (CI/CD) and hosting service for fast, secure, and reliable static and server-
side rendered apps. Amplify Hosting provides a Git-based workflow for hosting
full-stack serverless web apps with continuous deployment.
See Also https://aws.amazon.com/amplify/hosting/ .

Amplify iOS Amplify iOS is a collection of open-source client libraries that provides interfaces
for specific use cases across many AWS services. Amplify iOS is the recommended
way to build native iOS applications powered by AWS.
See Also https://aws.amazon.com/amplify/ .

Amplify Studio AWS Amplify Studio is a visual development environment that web and mobile
developers can use to build the frontend UI components and the backend
environment for a full-stack application.
See Also https://aws.amazon.com/amplify/studio/ .

analysis rules AWS Clean Rooms (p. 9): The query restrictions that authorize a specific type
of query.

analysis scheme CloudSearch (p. 10): Language-specific text analysis options that are applied to
a text field to control stemming and configure stopwords and synonyms.

API Gateway Amazon API Gateway is a fully managed service that developers can use to create,
publish, maintain, monitor, and secure APIs at any scale.
See Also https://aws.amazon.com/api-gateway.

AWS App2Container AWS App2Container is a transformation tool that modernizes .NET and Java
applications by migrating them into containerized applications.
See Also https://aws.amazon.com/app2container.

3

AWS AppConfig
Amazon AppFlow
application
Application Auto Scaling
Application Billing
Application Composer
Application Cost Profiler
Application Discovery Service
application revision
application specification file
application version
AWS Glossary Reference
AWS AppConfig is a service used to update software at runtime without deploying
new code. With AWS AppConfig, you can configure, validate, and deploy feature
flags and application configurations.
See Also https://aws.amazon.com/systems-manager/features/appconfig.
Amazon AppFlow is a fully managed integration service that you can use to
transfer data securely between software as a service (SaaS) applications and AWS
services.
See Also https://aws.amazon.com/appflow.
Elastic Beanstalk (p. 20): A logical collection of components, including
environments, versions, and environment configurations. An application is
conceptually similar to a folder.
CodeDeploy (p. 11): A name that uniquely identifies the application to be
deployed. AWS CodeDeploy uses this name to ensure the correct combination of
revision, deployment configuration, and deployment group are referenced during
a deployment.
AWS Application Auto Scaling is a web service that you can use to configure
automatic scaling for AWS resources beyond Amazon EC2, such as Amazon ECS
services, Amazon EMR clusters, and DynamoDB tables.
See Also https://aws.amazon.com/autoscaling/.
The location where your customers manage the Amazon DevPay products they've
purchased. The web address is http://www.amazon.com/dp-applications.
AWS Application Composer is a visual designer that you can use to build
serverless applications from multiple AWS services. As you design an application,
Application Composer automatically generates a YAML template with
CloudFormation (p. 10) and AWS SAM (p. 50) template resources.
See Also https://aws.amazon.com/application-composer/ .
AWS Application Cost Profiler is a solution to track the consumption of shared
AWS resources used by software applications and report granular cost breakdown
across tenant base.
See Also https://aws.amazon.com/aws-cost-management/aws-application-cost-
profiler/.
AWS Application Discovery Service is a web service that helps you plan to migrate
to AWS by identifying IT assets in a data center—including servers, virtual
machines, applications, application dependencies, and network infrastructure.
See Also https://aws.amazon.com/application-discovery/.
CodeDeploy (p. 11): An archive file containing source content—such as
source code, webpages, executable files, and deployment scripts—along with
an application specification file (p. 4). Revisions are stored in Amazon
S3 (p. 50) buckets (p. 7) or GitHub (p. 25) repositories. For Amazon S3, a
revision is uniquely identified by its Amazon S3 object key and its ETag, version, or
both. For GitHub, a revision is uniquely identified by its commit ID.
CodeDeploy (p. 11): A YAML-formatted file used to map the source files in
an application revision to destinations on the instance. The file is also used to
specify custom permissions for deployed files and specify scripts to be run on
each instance at various stages of the deployment process.
Elastic Beanstalk (p. 20): A specific, labeled iteration of an application that
represents a functionally consistent set of deployable application code. A version
points to an Amazon S3 (p. 50) object (a JAVA WAR file) that contains the
application code.
4
 AWS Glossary Reference

AppSpec file See application specification file.

AppStream 2.0 Amazon AppStream 2.0 is a fully managed, secure service for streaming desktop
applications to users without rewriting those applications.
See Also https://aws.amazon.com/appstream/.

AWS AppSync AWS AppSync is an enterprise-level, fully managed GraphQL service with real-
time data synchronization and offline programming features.
See Also https://aws.amazon.com/appsync/.

ARN See Amazon Resource Name (ARN).

artifact CodePipeline (p. 11): A copy of the files or changes that are worked on by the
pipeline.

asymmetric encryption Encryption (p. 21) that uses both a public key and a private key.

asynchronous bounce A type of bounce (p. 7) that occurs when a receiver (p. 47) initially accepts
an email message for delivery and then subsequently fails to deliver it.

Athena Amazon Athena is an interactive query service that you can use to analyze data
in Amazon S3 using ANSI SQL. Athena is serverless, so there's no infrastructure
to manage. Athena scales automatically and is simple to use, so you can start
analyzing your datasets within seconds.
See Also https://aws.amazon.com/athena/.

atomic counter DynamoDB: A method of incrementing or decrementing the value of an existing

attribute without interfering with other write requests.

attribute A fundamental data element, something that doesn't need to be broken down
any further. In DynamoDB, attributes are similar in many ways to fields or
columns in other database systems.

Amazon Machine Learning: A unique, named property within an observation in a

dataset. In tabular data, such as spreadsheets or comma-separated values (.csv)
files, the column headings represent the attributes, and the rows contain values
for each attribute.

AUC Area Under a Curve. An industry-standard metric to evaluate the quality of a

binary classification machine learning model. AUC measures the ability of the
model to predict a higher score for positive examples, those that are “correct,”
than for negative examples, those that are “incorrect.” The AUC metric returns a
decimal value from 0 to 1. AUC values near 1 indicate an ML model that's highly
accurate.

Aurora Amazon Aurora is a fully managed MySQL-compatible relational database engine

that combines the speed and availability of commercial databases with the
simplicity and cost-effectiveness of open-source databases.
See Also https://aws.amazon.com/rds/aurora/.

authenticated encryption Encryption (p. 21) that provides confidentiality, data integrity, and authenticity
assurances of the encrypted data.

authentication The process of proving your identity to a system.

AWS Auto Scaling AWS Auto Scaling is a fully managed service that you can use to quickly discover
the scalable AWS resources that are part of your application and to configure
dynamic scaling.
See Also https://aws.amazon.com/autoscaling/.

5
 AWS Glossary Reference

Auto Scaling group A representation of multiple EC2 instances (p. 19) that share similar
characteristics, and that are treated as a logical grouping for the purposes of
instance scaling and management.

Availability Zone A distinct location within a Region (p. 47) that's insulated from failures in other
Availability Zones, and provides inexpensive, low-latency network connectivity to
other Availability Zones in the same Region.

AWS See Amazon Web Services (AWS).

B
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Backint Agent AWS Backint Agent for SAP HANA is an SAP-certified backup and restore solution
for SAP HANA workloads running on Amazon EC2 instances in the cloud.
See Also https://aws.amazon.com/backint-agent.

AWS Backup AWS Backup is a managed backup service that you can use to centralize and
automate the backup of data across AWS services in the cloud and on premises.
See Also https://aws.amazon.com/backup/.

basic monitoring Monitoring of AWS provided metrics derived at a 5-minute frequency.

batch See document batch.

batch prediction Amazon Machine Learning: An operation that processes multiple input data
observations at one time (asynchronously). Unlike real-time predictions, batch
predictions aren't available until all predictions have been processed.
See Also real-time predictions.

BGP ASN Border Gateway Protocol Autonomous System Number is a unique identifier for a
network, for use in BGP routing. Amazon EC2 (p. 19) supports all 2-byte ASN
numbers in the range of 1 – 65335, with the exception of 7224, which is reserved.

billing See Billing and Cost Management.

Billing and Cost Management
AWS Billing and Cost Management is the AWS Cloud computing model where
you pay for services on demand and use as much or as little as you need. While
resources (p. 48) are active under your account, you pay for the cost of
allocating those resources. You also pay for any incidental usage associated with
those resources, such as data transfer or allocated storage.
See Also https://aws.amazon.com/billing/new-user-faqs/.

binary attribute Amazon Machine Learning: An attribute for which one of two possible values is
possible. Valid positive values are 1, y, yes, t, and true answers. Valid negative
values are 0, n, no, f, and false. Amazon Machine Learning outputs 1 for positive
values and 0 for negative values.
See Also attribute.

binary classification model Amazon Machine Learning: A machine learning model that predicts the answer to
questions where the answer can be expressed as a binary variable. For example,
questions with answers of “1” or “0”, “yes” or “no”, “will click” or “will not click”
are questions that have binary answers. The result for a binary classification

6
 AWS Glossary Reference

model is always either a “1” (for a “true” or affirmative answers) or a “0” (for a
“false” or negative answers).

block A dataset. Amazon EMR (p. 21) breaks large amounts of data into subsets. Each
subset is called a data block. Amazon EMR assigns an ID to each block and uses a
hash table to keep track of block processing.

block device A storage device that supports reading and (optionally) writing data in fixed-size
blocks, sectors, or clusters.

block device mapping A mapping structure for every AMI (p. 3) and instance (p. 29) that specifies
the block devices attached to the instance.

AWS Blockchain Templates See Managed Blockchain.

blue/green deployment CodeDeploy: A deployment method where the instances in a deployment group
(the original environment) are replaced by a different set of instances (the
replacement environment).

bootstrap action A user-specified default or custom action that runs a script or an application on
all nodes of a job flow before Hadoop (p. 26) starts.

Border Gateway Protocol See BGP ASN.

Autonomous System Number

bounce A failed email delivery attempt.

Braket Amazon Braket is a fully managed quantum computing service that helps you run
quantum algorithms to accelerate your research and discovery.
See Also https://aws.amazon.com/braket.

breach Amazon EC2 Auto Scaling (p. 19): The condition where a user-set
threshold (upper or lower boundary) is passed. If the duration of the breach is
significant, as set by a breach duration parameter, it can possibly start a scaling
activity (p. 51).

bucket Amazon S3 (p. 50): A container for stored objects. Every object is contained in
a bucket. For example, if the object named photos/puppy.jpg is stored in the
DOC-EXAMPLE-BUCKET bucket, then authorized users can access the object with
the URL https://s3-bucket-endpoint/DOC-EXAMPLE-BUCKET/photos/
puppy.jpg.

bucket owner The person or organization that owns a bucket (p. 7) in Amazon S3 (p. 50).
In the same way that Amazon is the only owner of the domain name
Amazon.com, only one person or organization can own a bucket.

bundling A commonly used term for creating an Amazon Machine Image (AMI) (p. 3). It
specifically refers to creating instance store-backed AMIs (p. 29).

C
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

cache cluster A logical cache distributed over multiple cache nodes (p. 8). A cache cluster
can be set up with a specific number of cache nodes.

7
 AWS Glossary Reference

cache cluster identifier Customer-supplied identifier for the cache cluster that must be unique for that
customer in an AWS Region (p. 47).

cache engine version The version of the Memcached service that's running on the cache node.

cache node A fixed-size chunk of secure, network-attached RAM. Each cache node runs an
instance of the Memcached service, and has its own DNS name and port. Multiple
types of cache nodes are supported, each with varying amounts of associated
memory.

cache node type An EC2 instance (p. 19) type used to run the cache node.

cache parameter group A container for cache engine parameter values that can be applied to one or more
cache clusters.

cache security group A group maintained by ElastiCache that combines inbound authorizations
to cache nodes for hosts belonging to Amazon EC2 (p. 19) security
groups (p. 53) that are specified through the console or the API or command
line tools.

campaign Amazon Personalize (p. 43): A deployed solution version (trained model)
with provisioned dedicated transaction capacity for creating real-time
recommendations for your application users. After you create a campaign, you
use the getRecommendations or getPersonalizedRanking personalization
operations to get recommendations.
See Also recommendations, solution version.

canned access policy A standard access control policy that you can apply to a bucket (p. 7)
or object. Options include: private, public-read, public-read-write, and
authenticated-read.

canonicalization The process of converting data into a standard format that a service such as
Amazon S3 (p. 50) can recognize.

capacity The amount of available compute size at a given time. Each Auto Scaling
group (p. 6) is defined with a minimum and maximum compute size. A scaling
activity (p. 51) increases or decreases the capacity within the defined minimum
and maximum values.

Cartesian product A mathematical operation that returns a product from multiple sets.

Cartesian product processor A processor that calculates a Cartesian product. Also known as a Cartesian data
processor.

AWS CDK AWS Cloud Development Kit (AWS CDK) is an open-source software development
framework for defining your cloud infrastructure in code and provisioning it
through AWS CloudFormation.
See Also https://aws.amazon.com/cdk/.

CDN See content delivery network (CDN).

certificate A credential that some AWS products use to authenticate AWS accounts (p. 2)
and users. Also known as an X.509 certificate (p. 65). The certificate is paired
with a private key.

chargeable resources Features or services whose use incurs fees. Although some AWS products are
free, others include charges. For example, in an CloudFormation (p. 10)
stack (p. 57), AWS resources (p. 48) that have been created incur charges.
The amount charged depends on the usage load. Use the Amazon Web Services

8
 AWS Glossary Reference

Simple Monthly Calculator to estimate your cost prior to creating instances,

stacks, or other resources.

AWS Chatbot AWS Chatbot is an interactive agent that makes it easier to monitor, troubleshoot,
and operate AWS resources in your Slack channels and Amazon Chime chat
rooms.
See Also https://aws.amazon.com/chatbot.

Amazon Chime Amazon Chime is a secure, real-time, unified communications service that
transforms meetings by making them more efficient and easier to conduct.
See Also https://aws.amazon.com/chime/.

CIDR block Classless Inter-Domain Routing. An internet protocol address allocation and route
aggregation methodology.
See Also Classless Inter-Domain Routing on Wikipedia.

ciphertext Information that has been encrypted (p. 21), as opposed to plaintext (p. 43),
which is information that has not.

classification In machine learning, a type of problem that seeks to place (classify) a data sample
into a single category or “class.” Often, classification problems are modeled to
choose one category (class) out of two. These are binary classification problems.
Problems with more than two available categories (classes) are called "multiclass
classification" problems.
See Also binary classification model, multiclass classification model.

AWS Clean Rooms AWS Clean Rooms is an AWS service that helps multiple parties to join their data
together in a secure collaboration workspace.
See Also https://aws.amazon.com/clean-rooms/.

Client VPN AWS Client VPN is a client-based, managed VPN service that remote clients can
use to securely access your AWS resources using an Open VPN-based software
client.
See Also https://aws.amazon.com/vpn/client-vpn.

AWS Cloud Control API AWS Cloud Control API is a set of standardized application programming
interfaces (APIs) that developers can use to create, read, update, delete, and list
supported cloud infrastructure.
See Also https://aws.amazon.com/cloudcontrolapi.

Cloud Directory Amazon Cloud Directory is a service that provides a highly scalable directory store
for your application's multihierarchical data.
See Also https://aws.amazon.com/cloud-directory/.

AWS Cloud Map AWS Cloud Map is a service that you use to create and maintain a map of the
backend services and resources that your applications depend on. With AWS
Cloud Map, you can name and discover your AWS Cloud resources.
See Also https://aws.amazon.com/cloud-map.

cloud service provider (CSP) A cloud service provider is a company that provides subscribers with access to
internet-hosted computing, storage, and software services.

AWS Cloud WAN AWS Cloud WAN is a managed wide-area networking service used to build,
manage, and monitor a unified global network.
See Also https://aws.amazon.com/cloud-wan.

AWS Cloud9 AWS Cloud9 is a cloud-based integrated development environment (IDE) that you
use to write, run, and debug code.
See Also https://aws.amazon.com/cloud9/.

9
 AWS Glossary Reference

CloudFormation AWS CloudFormation is a service for writing or changing templates that create
and delete related AWS resources (p. 48) together as a unit.
See Also https://aws.amazon.com/cloudformation.

CloudFront Amazon CloudFront is an AWS content delivery service that helps you improve the
performance, reliability, and availability of your websites and applications.
See Also https://aws.amazon.com/cloudfront.

CloudHSM AWS CloudHSM is a web service that helps you meet corporate, contractual,
and regulatory compliance requirements for data security by using dedicated
hardware security module (HSM) appliances within the AWS Cloud.
See Also https://aws.amazon.com/cloudhsm/.

CloudSearch Amazon CloudSearch is a fully managed service in the AWS Cloud that you can
use to set up, manage, and scale a search solution for your website or application.
See Also https://aws.amazon.com/cloudsearch/.

CloudTrail AWS CloudTrail is a web service that records AWS API calls for your account and
delivers log files to you. The recorded information includes the identity of the API
caller, the time of the API call, the source IP address of the API caller, the request
parameters, and the response elements that the AWS service returns.
See Also https://aws.amazon.com/cloudtrail/.

CloudWatch Amazon CloudWatch is a web service that you can use to monitor and manage
various metrics, and configure alarm actions based on data from those metrics.
See Also https://aws.amazon.com/cloudwatch.

CloudWatch Events Amazon CloudWatch Events is a web service that you can use to deliver a timely
stream of system events that describe changes in AWS resources (p. 48) to
Lambda (p. 33) functions, streams in Kinesis Data Streams (p. 33), Amazon
SNS (p. 56) topics, or built-in targets.
See Also https://aws.amazon.com/cloudwatch.

CloudWatch Logs Amazon CloudWatch Logs is a web service for monitoring and troubleshooting
your systems and applications from your existing system, application, and custom
log files. You can send your existing log files to CloudWatch Logs and monitor
these logs in near-real time.
See Also https://aws.amazon.com/cloudwatch.

cluster A logical grouping of container instances (p. 13) that you can place
tasks (p. 60) on.

OpenSearch Service (p. 41): A logical grouping of one or more data nodes,
optional dedicated master nodes, and storage required to run Amazon
OpenSearch Service (OpenSearch Service) and operate your OpenSearch Service
domain.
See Also data node, dedicated master node, node.

cluster compute instance A type of instance (p. 29) that provides a great amount of CPU power
coupled with increased networking performance, making it well suited for High
Performance Compute (HPC) applications and other demanding network-bound
applications.

cluster placement group A logical cluster compute instance (p. 10) grouping to provide lower latency
and high-bandwidth connectivity between the instances (p. 29).

cluster status OpenSearch Service (p. 41): An indicator of the health of a cluster. A status
can be green, yellow, or red. At the shard level, green means that all shards are
allocated to nodes in a cluster, yellow means that the primary shard is allocated

10
 AWS Glossary Reference

but the replica shards aren't, and red means that the primary and replica shards
of at least one index aren't allocated. The shard status determines the index
status, and the index status determines the cluster status.

CNAME Canonical Name Record. A type of resource record (p. 49) in the Domain
Name System (DNS) that specifies that the domain name is an alias of another,
canonical domain name. Specifically, it's an entry in a DNS table that you can use
to alias one fully qualified domain name to another.

Code Signing for AWS IoT A service for signing code that you create for any IoT device that's supported by
Amazon Web Services (AWS).

CodeBuild AWS CodeBuild is a fully managed continuous integration service that compiles
source code, runs tests, and produces software packages that are ready to deploy.
See Also https://aws.amazon.com/codebuild.

CodeCommit AWS CodeCommit is a fully managed source control service that companies can
use to host secure and highly scalable private Git repositories.
See Also https://aws.amazon.com/codecommit.

CodeDeploy AWS CodeDeploy is a service that automates code deployments to any instance,
including EC2 instances (p. 19) and instances (p. 29) running on-premises.
See Also https://aws.amazon.com/codedeploy.

AWS CodeDeploy agent AWS CodeDeploy agent is a software package that, when installed and configured
on an instance, enables that instance to be used in CodeDeploy deployments.

CodeGuru Amazon CodeGuru is a collection of developer tools that automate code reviews
and provide intelligent recommendations to optimize application performance.
See Also https://aws.amazon.com/codeguru.

CodePipeline AWS CodePipeline is a continuous delivery service for fast and reliable application
updates.
See Also https://aws.amazon.com/codepipeline.

Amazon Cognito Amazon Cognito is a web service that you can use to save mobile user data in the
AWS Cloud without writing any backend code or managing any infrastructure.
Examples of mobile user data that you can save include app preferences and
game states. Amazon Cognito offers mobile identity management and data
synchronization across devices.
See Also https://aws.amazon.com/cognito/.

collaboration AWS Clean Rooms (p. 9): A secure logical boundary in AWS Clean Rooms in
which members can perform SQL queries on configured tables.

AWS CLI AWS Command Line Interface is a unified downloadable and configurable tool for
managing AWS services. Control multiple AWS services from the command line
and automate them through scripts.
See Also https://aws.amazon.com/cli/.

complaint The event where a recipient (p. 47) who doesn't want to receive an email
message chooses "Mark as Spam" within the email client, and the internet service
provider (ISP) (p. 29) sends a notification to Amazon SES (p. 54).

compound query CloudSearch (p. 10): A search request that specifies multiple search criteria
using the Amazon CloudSearch structured search syntax.

Amazon Comprehend Amazon Comprehend is a natural language processing (NLP) service that uses
machine learning to find insights and relationships in text.

11
 AWS Glossary Reference

See Also https://aws.amazon.com/comprehend/.

Amazon Comprehend Medical Amazon Comprehend Medical is a HIPAA-eligible natural language processing
(NLP) service that uses machine learning (ML), and has been pre-trained to
understand and extract health data from medical text, such as prescriptions,
procedures, or diagnoses.
See Also https://aws.amazon.com/comprehend/medical.

condition IAM (p. 27): Any restriction or detail about a permission. The condition is D in
the statement "A has permission to do B to C where D applies."

AWS WAF (p. 64): A set of attributes that AWS WAF searches for in web
requests to AWS resources (p. 48) such as Amazon CloudFront (p. 10)
distributions. Conditions can include values such as the IP addresses that web
requests originate from or values in request headers. Based on the specified
conditions, you can configure AWS WAF to allow or block web requests to AWS
resources.

conditional parameter See mapping.

AWS Config AWS Config is a fully managed service that provides an AWS resource (p. 48)
inventory, configuration history, and configuration change notifications for
better security and governance. You can create rules that automatically check the
configuration of AWS resources that AWS Config records.
See Also https://aws.amazon.com/config/.

configuration API CloudSearch (p. 10): The API call that you use to create, configure, and manage
search domains.

configuration template A series of key–value pairs that define parameters for various AWS products so
that Elastic Beanstalk (p. 20) can provision them for an environment.

Amazon Connect Amazon Connect is a service solution that offers self-service configuration and
provides dynamic, personal, and natural customer engagement at any scale.
See Also https://aws.amazon.com/connect/.

consistency model The method a service uses to achieve high availability. For example, it could
involve replicating data across multiple servers in a data center.
See Also eventual consistency.

console See AWS Management Console.

Console Mobile Application AWS Console Mobile Application lets AWS customers monitor and manage a
select set of resources to stay informed and connected with their AWS resources
while on the go.
See Also https://aws.amazon.com/console/mobile.

consolidated billing A feature of the AWS Organizations service for consolidating payment for
multiple AWS accounts. You create an organization that contains your AWS
accounts, and you use the management account of your organization to pay for
all member accounts. You can see a combined view of AWS costs that are incurred
by all accounts in your organization, and you can get detailed cost reports for
individual accounts.

container A container is a standard unit of software that contains application code and all
relevant dependencies.

container definition A container definition specifies the details that are associated with running a
container (p. 12) on Amazon ECS. More specifically, a container definition
specifies details such as the container image to use and how much CPU and

12
 AWS Glossary Reference

memory the container is allocated. The container definition is included as part of

an Amazon ECS task definition (p. 60).

container instance A container instance is a self-managed EC2 instance (p. 19) or an on-
premises server or virtual machine (VM) that's running the Amazon Elastic
Container Service (Amazon ECS) container agent and has been registered into
a cluster (p. 10). A container instance serves as the infrastructure that your
Amazon ECS workloads are run on.

container registry A container registry is a collection of repositories that store container images.
One example is Amazon Elastic Container Registry (Amazon ECR).

content delivery network A web service that speeds up distribution of your static and dynamic web content
(CDN) —such as .html, .css, .js, media files, and image files—to your users by using
a worldwide network of data centers. When a user requests your content, the
request is routed to the data center that provides the lowest latency (time delay).
If the content is already in the location with the lowest latency, the CDN delivers
it immediately. If not, the CDN retrieves it from an origin that you specify (for
example, a web server or an Amazon S3 bucket). With some CDNs, you can help
secure your content by configuring an HTTPS connection between users and data
centers, and between data centers and your origin. Amazon CloudFront is an
example of a CDN.

contextual metadata Amazon Personalize (p. 43): Interactions data that you collect about a user's
browsing context (such as device used or location) when an event (such as a click)
occurs. Contextual metadata can improve recommendation relevance for new and
existing users.
See Also Interactions dataset, event.

continuous delivery A software development practice where code changes are automatically built,
tested, and prepared for a release to production.
See Also https://aws.amazon.com/devops/continuous-delivery/.

continuous integration A software development practice where developers regularly merge code changes
into a central repository, after which automated builds and tests are run.
See Also https://aws.amazon.com/devops/continuous-integration/.

AWS Control Tower AWS Control Tower is a service used to set up and govern a secure, multi-account
AWS environment.
See Also https://aws.amazon.com/controltower.

cooldown period Amount of time that Amazon EC2 Auto Scaling (p. 19) doesn't allow the
desired size of the Auto Scaling group (p. 6) to be changed by any other
notification from an CloudWatch (p. 10) alarm (p. 2).

core node An EC2 instance (p. 19) that runs Hadoop (p. 26) map and reduce tasks and
stores data using the Hadoop Distributed File System (HDFS). Core nodes are
managed by the master node (p. 36), which assigns Hadoop tasks to nodes and
monitors their status. The EC2 instances you assign as core nodes are capacity
that must be allotted for the entire job flow run. Because core nodes store data,
you can't remove them from a job flow. However, you can add more core nodes to
a running job flow.

Core nodes run both the DataNodes and TaskTracker Hadoop daemons.

corpus CloudSearch (p. 10): A collection of data that you want to search.

Corretto Amazon Corretto is a no-cost, multiplatform, production-ready distribution of the

Open Java Development Kit (OpenJDK).

13
 AWS Glossary Reference

See Also https://aws.amazon.com/corretto/.

coverage Amazon Personalize (p. 43): An evaluation metric that tells you the proportion
of unique items that Amazon Personalize might recommend using your model
out of the total number of unique items in Interactions and Items datasets. To
make sure Amazon Personalize recommends more of your items, use a model
with a higher coverage score. Recipes that feature item exploration, such as user-
personalization, have higher coverage than those that don’t, such as popularity-
count.
See Also metrics, Items dataset, Interactions dataset, item exploration, user-
personalization recipe, popularity-count recipe.

credential helper CodeCommit (p. 11): A program that stores credentials for repositories
and supplies them to Git when making connections to those repositories. The
AWS CLI (p. 11) includes a credential helper that you can use with Git when
connecting to CodeCommit repositories.

credentials Also called access credentials or security credentials. In authentication and

authorization, a system uses credentials to identify who is making a call and
whether to allow the requested access. In AWS, these credentials are typically the
access key ID (p. 1) and the secret access key (p. 53).

cross-account access
The process of permitting limited, controlled use of resources (p. 48) in
one AWS account (p. 2) by a user in another AWS account. For example,
in CodeCommit (p. 11) and CodeDeploy (p. 11) you can configure cross-
account access so that a user in AWS account A can access an CodeCommit
repository created by account B. Or a pipeline in CodePipeline (p. 11)
created by account A can use CodeDeploy resources created by account B. In
IAM (p. 27) you use a role (p. 49) to delegate (p. 16) temporary access to
a user (p. 62) in one account to resources in another.

cross-Region replication A solution for replicating data across different AWS Regions (p. 47), in near-
real time.

Cryptographic Computing for AWS Clean Rooms (p. 9): A capability in AWS Clean Rooms that organizations
Clean Rooms (C3R) can use to bring sensitive data together to derive new insights from data analytics
while cryptographically limiting what any party in the process can learn.

customer gateway A router or software application on your side of a VPN tunnel that's managed
by Amazon VPC (p. 64). The internal interfaces of the customer gateway are
attached to one or more devices in your home network. The external interface is
attached to the virtual private gateway (VGW) (p. 63) across the VPN tunnel.

customer managed policy An IAM (p. 27) managed policy (p. 35) that you create and manage in your
AWS account (p. 2).

customer master key (CMK) We no longer use customer master key or CMK. These terms are replaced by
AWS KMS key (first mention) and KMS key (subsequent mention). For more
information, see KMS key (p. 33).

D
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

dashboard See service health dashboard.

14
 AWS Glossary Reference

data consistency A concept that describes when data is written or updated successfully and
all copies of the data are updated in all AWS Regions (p. 47). However, it
takes time for the data to propagate to all storage locations. To support varied
application requirements, DynamoDB (p. 18) supports both eventually
consistent and strongly consistent reads.
See Also eventual consistency, eventually consistent read, strongly consistent
read.

AWS Data Exchange AWS Data Exchange is a service that helps you find, subscribe to, and use third-
party data in the cloud.
See Also https://aws.amazon.com/data-exchange.

Amazon Data Lifecycle Amazon Data Lifecycle Manager is an Amazon service that automates and
Manager manages the lifecycle of Amazon EBS snapshots and Amazon EBS-backed
AMIs (p. 19).

data node OpenSearch Service (p. 41): An OpenSearch instance that holds data and
responds to data upload requests.
See Also dedicated master node, node.

Data Pipeline AWS Data Pipeline is a web service for processing and moving data between
different AWS compute and storage services, as well as on-premises data sources,
at specified intervals.
See Also https://aws.amazon.com/datapipeline.

data schema See schema.

data source The database, file, or repository that provides information required by an
application or database. For example, in OpsWorks (p. 41), valid data sources
include an instance (p. 29) for a stack's MySQL layer or a stack's Amazon
RDS (p. 46) service layer. In Amazon Redshift (p. 47), valid data sources
include text files in an Amazon S3 (p. 50) bucket (p. 7), in an Amazon
EMR (p. 21) cluster, or on a remote host that a cluster can access through an
SSH connection.
See Also datasource.

database engine The database software and version running on the DB instance (p. 16).

database name The name of a database hosted in a DB instance (p. 16). A DB instance can host
multiple databases, but databases hosted by the same DB instance must each
have a unique name within that instance.

dataset Amazon Personalize (p. 43): A container for the data used by Amazon
Personalize. There are three types of Amazon Personalize datasets: Users, Items,
and Interactions.
See Also Interactions dataset, Users dataset, Items dataset.

dataset group Amazon Personalize (p. 43): A container for Amazon Personalize components,
including datasets, event trackers, solutions, filters, campaigns, and batch
inference jobs. A dataset group organizes your resources into independent
collections, so resources from one dataset group can’t influence resources in any
other dataset group.
See Also dataset, event tracker, solution, campaign.

datasource Amazon ML (p. 37): An object that contains metadata about the input data.
Amazon ML reads the input data, computes descriptive statistics on its attributes,
and stores the statistics—along with a schema and other information—as part
of the datasource object. Amazon ML uses datasources to train and evaluate a
machine learning model and generate batch predictions.
See Also data source.

15

DataSync
DB compute class
DB instance
DB instance identifier
DB parameter group
DB security group
DB snapshot
Dedicated Host
Dedicated Instance
dedicated master node
Dedicated Reserved Instance
AWS DeepComposer
AWS DeepLens
AWS DeepRacer
delegation
delete marker
AWS Glossary Reference
AWS DataSync is an online data transfer service that simplifies, automates, and
accelerates moving data between storage systems and services.
See Also https://aws.amazon.com/datasync.
The size of the database compute platform used to run the instance.
An isolated database environment running in the cloud. A DB instance can contain
multiple user-created databases.
User-supplied identifier for the DB instance. The identifier must be unique for
that user in an AWS Region (p. 47).
A container for database engine parameter values that apply to one or more DB
instances (p. 16).
A method that controls access to the DB instance (p. 16). By default, network
access is turned off to DB instances. After inbound traffic is configured for a
security group (p. 53), the same rules apply to all DB instances associated with
that group.
A user-initiated point backup of a DB instance (p. 16).
A physical server with EC2 instance (p. 19) capacity fully dedicated to a user.
An instance (p. 29) that's physically isolated at the host hardware level and
launched within a Amazon VPC (p. 64).
OpenSearch Service (p. 41): An OpenSearch instance that performs cluster
management tasks, but doesn't hold data or respond to data upload requests.
Amazon OpenSearch Service (OpenSearch Service) uses dedicated master nodes
to increase cluster stability.
See Also data node, node.
An option that you purchase to guarantee that sufficient capacity will be available
to launch Dedicated Instances (p. 16) into a Amazon VPC (p. 64).
AWS DeepComposer is a web service designed specifically to educate developers
through tutorials, sample code, and training data.
See Also https://aws.amazon.com/deepcomposer.
AWS DeepLens is a tool that provides AWS customers with a centralized place
to search, discover, and connect with trusted APN Technology and Consulting
Partners, based on customers' business needs.
See Also https://aws.amazon.com/deeplens.
AWS DeepRacer is a cloud-based 3D racing simulator, global racing league, and
fully autonomous 1/18th-scale race car driven by reinforcement learning.
See Also https://aws.amazon.com/deepracer.
Within a single AWS account (p. 2): Giving AWS users (p. 62) access to
resources (p. 48) your AWS account.
Between two AWS accounts: Setting up a trust between the account that owns
the resource (the trusting account), and the account that contains the users that
need to access the resource (the trusted account).
See Also trust policy.
An object with a key and version ID, but without content. Amazon S3 (p. 50)
inserts delete markers automatically into versioned buckets (p. 7) when an
object is deleted.
16
 AWS Glossary Reference

deliverability The likelihood that an email message arrives at its intended destination.

deliveries The number of email messages, sent through Amazon SES (p. 54), that
were accepted by an internet service provider (ISP) (p. 29) for delivery to
recipients (p. 47) over a period of time.

deny The result of a policy (p. 43) statement that includes deny as the effect, so
that a specific action or actions are expressly forbidden for a user, group, or role.
Explicit deny take precedence over explicit allow (p. 3).

deployment configuration CodeDeploy (p. 11): A set of deployment rules and success and failure
conditions used by the service during a deployment.

deployment group CodeDeploy (p. 11): A set of individually tagged instances (p. 29) or EC2
instances (p. 19) in Auto Scaling groups (p. 6), or both.

Description property A property added to parameters, resources (p. 48), resource properties,
mappings, and outputs to help you to document CloudFormation (p. 10)
template elements.

detailed monitoring Monitoring of AWS provided metrics derived at a 1-minute frequency.

Detective Amazon Detective is a service that collects log data from your AWS resources to
analyze and identify the root cause of security findings or suspicious activities.
The Detective behavior graph provides visualizations to help you to determine
the nature and extent of possible security issues and conduct an efficient
investigation.
See Also https://aws.amazon.com/detective/.

Device Farm AWS Device Farm is an app testing service that you can use to test Android, iOS,
and web apps on real, physical phones and tablets that are hosted by AWS.
See Also https://aws.amazon.com/device-farm/.

Amazon DevOps Guru Amazon DevOps Guru is a fully managed operations service powered by machine
learning (ML), designed to improve an application's operational performance and
availability.
See Also https://aws.amazon.com/devops-guru/.

dimension A name–value pair (for example, InstanceType=m1.small, or EngineName=mysql),

that contains additional information to identify a metric.

Direct Connect AWS Direct Connect is a web service that simplifies establishing a dedicated
network connection from your premises to AWS. Using AWS Direct Connect, you
can establish private connectivity between AWS and your data center, office, or
colocation environment.
See Also https://aws.amazon.com/directconnect.

Directory Service AWS Directory Service is a managed service for connecting your AWS
resources (p. 48) to an existing on-premises Microsoft Active Directory or to set
up and operate a new, standalone directory in the AWS Cloud.
See Also https://aws.amazon.com/directoryservice.

discussion forums A place where AWS users can post technical questions and feedback to help
accelerate their development efforts and to engage with the AWS community. For
more information, see the Amazon Web Services Discussion Forums.

distribution A link between an origin server (such as an Amazon S3 (p. 50)

bucket (p. 7)) and a domain name, which CloudFront (p. 10) automatically
assigns. Through this link, CloudFront identifies the object you have stored in your
origin server (p. 41).

17
 AWS Glossary Reference

DKIM DomainKeys Identified Mail is a standard that email senders use to sign their
messages. ISPs use those signatures to verify that messages are legitimate. For
more information, see https://tools.ietf.org/html/rfc6376.

AWS DMS AWS Database Migration Service is a web service that can help you migrate data
to and from many widely used commercial and open-source databases.
See Also https://aws.amazon.com/dms.

DNS See Domain Name System.

Docker image A layered file system template that's the basis of a Docker container (p. 12).
Docker images can comprise specific operating systems or applications.

document CloudSearch (p. 10): An item that can be returned as a search result. Each
document has a collection of fields that contain the data that can be searched or
returned. The value of a field can be either a string or a number. Each document
must have a unique ID and at least one field.

document batch CloudSearch (p. 10): A collection of add and delete document operations. You
use the document service API to submit batches to update the data in your search
domain.

document service API CloudSearch (p. 10): The API call that you use to submit document batches to
update the data in a search domain.

document service endpoint CloudSearch (p. 10): The URL that you connect to when sending document
updates to an Amazon CloudSearch domain. Each search domain has a unique
document service endpoint that remains the same for the life of the domain.

Amazon DocumentDB Amazon DocumentDB (with MongoDB compatibility) is a managed database

service that you can use to set up, operate, and scale MongoDB-compatible
databases in the cloud.
See Also https://aws.amazon.com/documentdb/.

domain OpenSearch Service (p. 41): The hardware, software, and data exposed by
Amazon OpenSearch Service (OpenSearch Service) endpoints. An OpenSearch
Service domain is a service wrapper around an OpenSearch cluster. An
OpenSearch Service domain encapsulates the engine instances that process
OpenSearch Service requests, the indexed data that you want to search,
snapshots of the domain, access policies, and metadata.
See Also cluster, Elasticsearch.

Domain Name System Domain Name System is a service that routes internet traffic to websites by
translating human-readable domain names (for example, www.example.com)
into the numeric IP addresses, such as 192.0.2.1, which computers use to connect
to each other.

Donation button An HTML-coded button to provide a simple and secure way for US-based, IRS-
certified 501(c)(3) nonprofit organizations to solicit donations.

DynamoDB Amazon DynamoDB is a fully managed NoSQL database service that provides fast
and predictable performance with seamless scalability.
See Also https://aws.amazon.com/dynamodb/.

Amazon DynamoDB Amazon DynamoDB Encryption Client is a software library that helps you protect
Encryption Client your table data before you send it to DynamoDB (p. 18).

Amazon DynamoDB Storage Amazon DynamoDB Storage Backend for Titan is a graph database implemented
Backend for Titan on top of Amazon DynamoDB. Titan is a scalable graph database optimized for
storing and querying graphs.

18
 AWS Glossary Reference

See Also https://aws.amazon.com/dynamodb/.

DynamoDB Streams Amazon DynamoDB Streams is an AWS service that captures a time-ordered
sequence of item-level modifications in any Amazon DynamoDB table. This
service also stores this information in a log for up to 24 hours. Applications can
access this log and view the data items as they appeared before and after they
were modified, in near-real time.
See Also https://aws.amazon.com/dynamodb/.

E
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Amazon EBS Amazon Elastic Block Store is a service that provides block level storage
volumes (p. 64) or use with EC2 instances (p. 19).
See Also https://aws.amazon.com/ebs.

Amazon EBS-backed AMI An Amazon EBS-backed AMI is a type of Amazon Machine Image (AMI) (p. 3)
whose instances use an Amazon EBS (p. 19) volume (p. 64) as their root
device. Compare this with instances launched from instance store-backed
AMIs (p. 29), which use the instance store (p. 29) as the root device.

Amazon EC2 Amazon Elastic Compute Cloud is a web service for launching and managing
Linux/UNIX and Windows Server instances (p. 29) in Amazon data centers.
See Also https://aws.amazon.com/ec2.

Amazon EC2 Auto Scaling Amazon EC2 Auto Scaling is a web service that launches or terminates instances
automatically based on user-defined policies (p. 43), schedules, and health
checks (p. 26).
See Also https://aws.amazon.com/ec2/autoscaling.

EC2 instance A compute instance (p. 29) in the Amazon EC2 (p. 19) service. Other AWS
services use the term EC2 instance to distinguish these instances from other types
of instances they support.

Amazon ECR Amazon Elastic Container Registry (Amazon ECR) is a fully managed Docker
container registry that you can use to store, manage, and deploy Docker container
images. Amazon ECR is integrated with Amazon ECS (p. 19) and IAM (p. 27).
See Also https://aws.amazon.com/ecr.

Amazon ECS Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast,
container (p. 12) management service that you can use to run, stop, and
manage Docker containers on a cluster (p. 10) of EC2 instances.
See Also https://aws.amazon.com/ecs.

edge location edge location is a data center that an AWS service uses to perform service-specific
operations. For example, CloudFront (p. 10) uses edge locations to cache
copies of your content, so the content is closer to your users and can be delivered
faster regardless of their location. Route 53 (p. 50) uses edge locations to
speed up the response to public DNS queries.

Amazon EFS Amazon Elastic File System is a file storage service for EC2 (p. 19)
instances (p. 29). Amazon EFS provides an interface that you can use to create
and configure file systems. Amazon EFS storage capacity grows and shrinks
automatically as you add and remove files.
See Also https://aws.amazon.com/efs/.

19
 AWS Glossary Reference

Amazon EKS Amazon Elastic Kubernetes Service is a managed service that you can use to
run Kubernetes on AWS without needing to stand up or maintain your own
Kubernetes control plane.
See Also https://aws.amazon.com/eks/.

Elastic A company that provides open-source solutions—including OpenSearch,

Logstash, Kibana, and Beats—that take data from any source and search, analyze,
and visualize it in real time.

Amazon OpenSearch Service (OpenSearch Service) is an AWS managed service for

deploying, operating, and scaling OpenSearch in the AWS Cloud.
See Also OpenSearch Service, Elasticsearch.

Elastic Beanstalk AWS Elastic Beanstalk is a web service for deploying and managing applications
in the AWS Cloud without worrying about the infrastructure that runs those
applications.
See Also https://aws.amazon.com/elasticbeanstalk.

Elastic Block Store See Amazon EBS.

Elastic Inference Amazon Elastic Inference is a resource that customers can use to attach low-cost
GPU-powered acceleration to Amazon EC2 and SageMaker instances, or Amazon
ECS tasks, to reduce the cost of running deep learning inference by up to 75%.
See Also https://aws.amazon.com/machine-learning/elastic-inference.

Elastic IP address A fixed (static) IP address that you have allocated in Amazon EC2 (p. 19) or
Amazon VPC (p. 64) and then attached to an instance (p. 29). Elastic IP
addresses are associated with your account, not a specific instance. They are
elastic because you can easily allocate, attach, detach, and free them as your
needs change. Unlike traditional static IP addresses, Elastic IP addresses allow you
to mask instance or Availability Zone (p. 6) failures by rapidly remapping your
public IP addresses to another instance.

ELB Elastic Load Balancing is a web service that improves an application's availability
by distributing incoming traffic between two or more EC2 instances (p. 19).
See Also https://aws.amazon.com/elasticloadbalancing.

elastic network interface An additional network interface that can be attached to an instance (p. 29).
Elastic network interfaces include a primary private IP address, one or more
secondary private IP addresses, an Elastic IP Address (optional), a MAC address,
membership in specified security groups (p. 53), a description, and a source/
destination check flag. You can create an elastic network interface, attach it to an
instance, detach it from an instance, and attach it to another instance.

Elastic Transcoder Amazon Elastic Transcoder is a cloud-based media transcoding service. Elastic
Transcoder is a highly scalable tool for converting (or transcoding) media files
from their source format into versions that play on devices such as smartphones,
tablets, and PCs.
See Also https://aws.amazon.com/elastictranscoder/.

ElastiCache Amazon ElastiCache is a web service that simplifies deploying, operating, and
scaling an in-memory cache in the cloud. The service improves the performance
of web applications by providing information retrieval from fast, managed, in-
memory caches, instead of relying entirely on slower disk-based databases.
See Also https://aws.amazon.com/elasticache/.

Elasticsearch An open-source, real-time distributed search and analytics engine used for full-
text search, structured search, and analytics. OpenSearch was developed by the
Elastic company.

20
 AWS Glossary Reference

Amazon OpenSearch Service (OpenSearch Service) is an AWS managed service for

deploying, operating, and scaling OpenSearch in the AWS Cloud.
See Also OpenSearch Service, Elastic.

AWS Elemental MediaConnect AWS Elemental MediaConnect is a fully-managed live video distribution service
that reliably and securely ingests video into the AWS Cloud and transports it to
multiple destinations within the AWS network and the internet.
See Also https://aws.amazon.com/mediaconnect.

AWS Elemental MediaConvert AWS Elemental MediaConvert is a file-based media conversion service that
transforms content into formats for traditional broadcast and internet streaming.
See Also https://aws.amazon.com/mediaconvert.

AWS Elemental MediaLive AWS Elemental MediaLive is a cloud-based live video encoding service that
creates high-quality streams for delivery to broadcasts and internet-connected
devices.
See Also https://aws.amazon.com/medialive.

AWS Elemental MediaPackage AWS Elemental MediaPackage is a highly-scalable video origination and
packaging service that delivers video securely and reliably.
See Also https://aws.amazon.com/mediapackage.

AWS Elemental MediaStore AWS Elemental MediaStore is a storage service optimized for media that provides
the performance, consistency, and low latency required to deliver live and on-
demand video content at scale.
See Also https://aws.amazon.com/mediastore.

AWS Elemental MediaTailor AWS Elemental MediaTailor is a channel assembly and personalized ad-insertion
service for over-the-top (OTT) video and audio applications.
See Also https://aws.amazon.com/mediatailor.

EMP The AWS End-of-Support Migration Program for Windows Server provides the
technology and guidance to migrate your applications running on Windows
Server 2003, Windows Server 2008, and Windows Server 2008 R2 to the latest,
supported versions of Windows Server running on Amazon Web Services (AWS).

Amazon EMR Amazon Elastic Map Reduce is a web service that you can use to process large
amounts of data efficiently. Amazon EMR uses Hadoop (p. 26) processing
combined with several AWS products to do such tasks as web indexing, data
mining, log file analysis, machine learning, scientific simulation, and data
warehousing.
See Also https://aws.amazon.com/elasticmapreduce.

encrypt To use a mathematical algorithm to make data unintelligible to unauthorized

users (p. 62). Encryption also gives authorized users a method (such as a key or
password) to convert the altered data back to its original state.

encryption context A set of key–value pairs that contains additional information associated with AWS
KMS (p. 33)–encrypted information.

AWS Encryption SDK AWS Encryption SDK is a client-side encryption library that you can use to encrypt
and decrypt data using industry standards and best practices.
See Also https://aws.amazon.com/blogs/security/tag/aws-encryption-sdk/.

endpoint A URL that identifies a host and port as the entry point for a web service. Every
web service request contains an endpoint. Most AWS products provide endpoints
for a Region to enable faster connectivity.

ElastiCache (p. 20): The DNS name of a cache node (p. 8).

21
 AWS Glossary Reference

Amazon RDS (p. 46): The DNS name of a DB instance (p. 16).

CloudFormation (p. 10): The DNS name or IP address of the server that receives
an HTTP request.

endpoint port ElastiCache (p. 20): The port number used by a cache node (p. 8).

Amazon RDS (p. 46): The port number used by a DB instance (p. 16).

envelope encryption The use of a master key and a data key to algorithmically protect data. The
master key is used to encrypt and decrypt the data key and the data key is used to
encrypt and decrypt the data itself.

environment Elastic Beanstalk (p. 20): A specific running instance of an

application (p. 4). The application has a CNAME and includes an application
version and a customizable configuration (which is inherited from the default
container type).

CodeDeploy (p. 11): Instances in a deployment group in a blue/green

deployment. At the start of a blue/green deployment, the deployment group is
made up of instances in the original environment. At the end of the deployment,
the deployment group is made up of instances in the replacement environment.

environment configuration A collection of parameters and settings that define how an environment and its
associated resources behave.

ephemeral store See instance store.

epoch The date from which time is measured. For most Unix environments, the epoch is
January 1, 1970.

ETL See extract, transform, and load (ETL).

evaluation Amazon Machine Learning: The process of measuring the predictive performance
of a machine learning (ML) model.

Also a machine learning object that stores the details and result of an ML model
evaluation.

evaluation datasource The data that Amazon Machine Learning uses to evaluate the predictive accuracy
of a machine learning model.

event Amazon Personalize (p. 43): A user activity—such as a click, a purchase, or a

video viewing—that you record and upload to an Amazon Personalize Interactions
dataset. You record events individually in real time or record and upload events in
bulk.
See Also dataset, Interactions dataset.

event tracker Amazon Personalize (p. 43): Specifies a destination dataset group for event
data that you record in real time. When you record events in real time, you
provide the ID of the event tracker so that Amazon Personalize knows where to
add the data.
See Also dataset group, event.

EventBridge Amazon EventBridge is a serverless event bus service that you can use to connect
your applications with data from a variety of sources and routes that data to
targets such as AWS Lambda. You can set up routing rules to determine where to
send your data to build application architectures that react in real time to all of
your data sources.

22

eventual consistency
eventually consistent read
eviction
exbibyte (EiB)
expiration
explicit impressions
explicit launch permission
exponential backoff
expression
extract, transform, and load
(ETL)
AWS Glossary Reference
See Also https://aws.amazon.com/eventbridge/.
The method that AWS services use to achieve high availability. This involves
replicating data across multiple servers in Amazon data centers. When data is
written or updated and Success is returned, all copies of the data are updated.
However, it takes time for the data to propagate to all storage locations. The data
will eventually be consistent, but an immediate read might not show the change.
Consistency is usually reached within seconds.
See Also data consistency, eventually consistent read, strongly consistent read.
A read process that returns data from only one Region and might not show the
most recent write information. However, if you repeat your read request after a
short time, the response should eventually return the latest data.
See Also data consistency, eventual consistency, strongly consistent read.
The deletion by CloudFront (p. 10) of an object from an edge
location (p. 19) before its expiration time. If an object in an edge location
isn't frequently requested, CloudFront might evict the object (remove the object
before its expiration date) to make room for objects that are more popular.
A contraction of exa binary byte. An exbibyte (EiB) is 2^60 or
1,152,921,504,606,846,976 bytes. An exabyte (EB) is 10^18 or
1,000,000,000,000,000,000 bytes. 1,024 EiB is a zebibyte (ZiB) (p. 66).
For CloudFront (p. 10) caching, the time when CloudFront stops responding
to user requests with an object. If you don't use headers or CloudFront
distribution (p. 17) settings to specify how long you want objects to stay in
an edge location (p. 19), the objects expire after 24 hours. The next time a
user requests an object that has expired, CloudFront forwards the request to the
origin (p. 41).
Amazon Personalize (p. 43): A list of items that you manually add to an
Amazon Personalize Interactions dataset to influence future recommendations.
Unlike implicit impressions, where Amazon Personalize automatically derives the
impressions data, you choose what to include in explicit impressions.
See Also recommendations, Interactions dataset, impressions data, implicit
impressions.
An Amazon Machine Image (AMI) (p. 3) launch permission granted to a
specific AWS account (p. 2).
A strategy that incrementally increases the wait between retry attempts in order
to reduce the load on the system and increase the likelihood that repeated
requests will succeed. For example, client applications might wait up to 400
milliseconds before attempting the first retry, up to 1600 milliseconds before the
second, and up to 6400 milliseconds (6.4 seconds) before the third.
CloudSearch (p. 10): A numeric expression that you can use to control how
search hits are sorted. You can construct Amazon CloudSearch expressions using
numeric fields, other rank expressions, a document's default relevance score, and
standard numeric operators and functions. When you use the sort option to
specify an expression in a search request, the expression is evaluated for each
search hit and the hits are listed according to their expression values.
A process that's used to integrate data from multiple sources. Data is collected
from sources (extract), converted to an appropriate format (transform), and
written to a target data store (load) for purposes of analysis and querying.
ETL tools combine these three functions to consolidate and move data from one
environment to another. AWS Glue (p. 26) is a fully managed ETL service for
23
 AWS Glossary Reference

discovering and organizing data, transforming it, and making it available for
search and analytics.

F
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

facet CloudSearch (p. 10): An index field that represents a category that you want to
use to refine and filter search results.

facet enabled CloudSearch (p. 10): An index field option that enables facet information to be
calculated for the field.

Fault Injection Simulator AWS Fault Injection Simulator is a managed service that you can use to perform
(AWS FIS) fault injection experiments on your AWS workloads.
See Also https://aws.amazon.com/fis.

FBL See feedback loop (FBL).

feature transformation Amazon Machine Learning: The machine learning process of constructing more
predictive input representations or “features” from the raw input variables to
optimize a machine learning model’s ability to learn and generalize. Also known
as data transformation or feature engineering.

federated identity Allows individuals to sign in to different networks or services, using the same
management (FIM) group or personal credentials to access data across all networks. With identity
federation in AWS, external identities (federated users) are granted secure access
to resources (p. 48) in an AWS account (p. 2) without having to create IAM
users (p. 62). These external identities can come from a corporate identity
store (such as LDAP or Windows Active Directory) or from a third party (such as
Login with Amazon, Facebook, or Google). AWS federation also supports SAML
2.0.

federated user See federated identity management (FIM).

federation See federated identity management (FIM).

feedback loop (FBL) The mechanism by which a mailbox provider (for example, an internet service
provider (ISP) (p. 29)) forwards a recipient (p. 47)'s complaint (p. 11) back
to the sender (p. 53).

field weight The relative importance of a text field in a search index. Field weights control how
much matches in particular text fields affect a document's relevance score.

filter A criterion that you specify to limit the results when you list or describe your
Amazon EC2 (p. 19) resources (p. 48).

filter query A way to filter search results without affecting how the results are scored and
sorted. Specified with the CloudSearch (p. 10) fq parameter.

FIM See federated identity management (FIM).

FinSpace Amazon FinSpace is a data management and analytics service purpose-built for
the financial services industry (FSI).
See Also https://aws.amazon.com/finspace.

Firehose See Kinesis Data Firehose.

24
 AWS Glossary Reference

Firewall Manager AWS Firewall Manager is a service that you use with AWS WAF to simplify your
AWS WAF administration and maintenance tasks across multiple accounts and
resources. With AWS Firewall Manager, you set up your firewall rules only once.
The service automatically applies your rules across your accounts and resources,
even as you add new resources.
See Also https://aws.amazon.com/firewall-manager.

Forecast Amazon Forecast is a fully managed service that uses statistical and machine
learning algorithms to produce highly accurate time-series forecasts.
See Also https://aws.amazon.com/forecast/.

format version See template format version.

forums See discussion forums.

function See intrinsic function.

fuzzy search A simple search query that uses approximate string matching (fuzzy matching) to
correct for typographical errors and misspellings.

G
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

GameKit AWS GameKit is an open-source SDK and game engine plugin that empowers
game developers to build and deploy cloud-based features with AWS from their
game engine.
See Also https://aws.amazon.com/gamekit/.

Amazon GameLift Amazon GameLift is a managed service for deploying, operating, and scaling
session-based multiplayer games.
See Also https://aws.amazon.com/gamelift/.

GameSparks Amazon GameSparks is a fully managed AWS service that provides a multi-service
backend for game developers.
See Also https://aws.amazon.com/gamesparks/.

geospatial search A search query that uses locations specified as a latitude and longitude to
determine matches and sort the results.

gibibyte (GiB) A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes.
A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte
(TiB) (p. 60).

GitHub A web-based repository that uses Git for version control.

Global Accelerator AWS Global Accelerator is a network layer service that you use to create
accelerators that direct traffic to optimal endpoints over the AWS global network.
This improves the availability and performance of your internet applications that
are used by a global audience.
See Also https://aws.amazon.com/global-accelerator.

global secondary index An index with a partition key and a sort key that can be different from those on
the table. A global secondary index is considered global because queries on the
index can span all of the data in a table, across all partitions.

25
 AWS Glossary Reference

See Also local secondary index.

AWS Glue AWS Glue is a fully managed extract, transform, and load (ETL) (p. 23) service
that you can use to catalog data and load it for analytics. With AWS Glue, you
can discover your data, develop scripts to transform sources into targets, and
schedule and run ETL jobs in a serverless environment.
See Also https://aws.amazon.com/glue.

AWS GovCloud (US) AWS GovCloud (US) is an isolated AWS Region that hosts sensitive workloads
in the cloud, ensuring that this work meets the US government's regulatory
and compliance requirements. The AWS GovCloud (US) Region adheres to
United States International Traffic in Arms Regulations (ITAR), Federal Risk and
Authorization Management Program (FedRAMP) requirements, Department of
Defense (DOD) Cloud Security Requirements Guide (SRG) Levels 2 and 4, and
Criminal Justice Information Services (CJIS) Security Policy requirements.
See Also https://aws.amazon.com/govcloud-us/.

grant AWS KMS (p. 33): A mechanism for giving AWS principals (p. 44) long-term
permissions to use KMS keys.

grant token A type of identifier that allows the permissions in a grant (p. 26) to take effect
immediately.

ground truth The observations used in the machine learning (ML) model training process
that include the correct value for the target attribute. To train an ML model to
predict house sales prices, the input observations would typically include prices
of previous house sales in the area. The sale prices of these houses constitute the
ground truth.

group A collection of IAM (p. 27) users (p. 62). You can use IAM groups to simplify
specifying and managing permissions for multiple users.

GuardDuty Amazon GuardDuty is a continuous security monitoring service. Amazon

GuardDuty can help to identify unexpected and potentially unauthorized or
malicious activity in your AWS environment.
See Also https://aws.amazon.com/guardduty/.

H
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Hadoop Software that enables distributed processing for big data by using clusters
and simple programming models. For more information, see http://
hadoop.apache.org.

hard bounce A persistent email delivery failure such as "mailbox does not exist."

hardware VPN A hardware-based IPsec VPN connection over the internet.

AWS Health AWS Health is a service that provides ongoing visibility into AWS customers'
accounts and the availability of their AWS services and resources.
See Also https://aws.amazon.com/premiumsupport/technology/aws-health-
dashboard.

health check A system call to check on the health status of each instance in an Amazon EC2
Auto Scaling (p. 19) group.

26
 AWS Glossary Reference

HealthLake AWS HealthLake is a HIPAA-eligible service that helps customers store, query,
and generate artificial intelligence (AI) and machine learning (ML) insights from
healthcare data and enables healthcare data interoperability.
See Also https://aws.amazon.com/healthlake.

highlight enabled CloudSearch (p. 10): An index field option that enables matches within the
field to be highlighted.

highlights CloudSearch (p. 10): Excerpts returned with search results that show where the
search terms appear within the text of the matching documents.

high-quality email Email that recipients find valuable and want to receive. Value means different
things to different recipients and can come in such forms as offers, order
confirmations, receipts, or newsletters.

hit A document that matches the criteria specified in a search request. Also referred
to as a search result.

HMAC Hash-based Message Authentication Code is a specific construction for calculating

a message authentication code (MAC) involving a cryptographic hash function in
combination with a secret key. You can use it to verify both the data integrity and
the authenticity of a message at the same time. AWS calculates the HMAC using a
standard, cryptographic hash algorithm, such as SHA-256.

hosted zone A collection of resource record (p. 49) sets that Route 53 (p. 50) hosts.
Similar to a traditional DNS zone file, a hosted zone represents a collection of
records that are managed together under a single domain name.

HRNN Amazon Personalize (p. 43): A hierarchical recurrent neural network machine
learning algorithm that models changes in user behavior and predicts the items
that a user might interact with in personal recommendation applications.

HTTP-Query See Query.

HVM virtualization Hardware Virtual Machine virtualization. Allows the guest VM to run as though it's
on a native hardware platform, except that it still uses paravirtual (PV) network
and storage drivers for improved performance.
See Also PV virtualization.

I
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

IAM AWS Identity and Access Management is a web service that Amazon Web Services
(AWS) (p. 3) customers can use to manage users and user permissions within
AWS.
See Also https://aws.amazon.com/iam.

IAM Access Analyzer Access Management Access Analyzer is a feature of IAM (p. 27) that you can
use to identify the resources in your organization and accounts that are shared
with an external entity. Example resources include Amazon S3 buckets or IAM
roles.
See Also https://aws.amazon.com/about-aws/whats-new/2019/12/introducing-
aws-identity-and-access-management-access-analyzer/.

IAM group See group.

27
 AWS Glossary Reference

IAM Identity Center AWS IAM Identity Center (successor to AWS Single Sign-On) is a cloud-based
service that brings together administration of users and their access to AWS
accounts and cloud applications. You can control single sign-on access and user
permissions across all your AWS accounts in AWS Organizations.
See Also https://aws.amazon.com/single-sign-on/.

IAM policy simulator See policy simulator.

IAM role See role.

IAM user See user.

Identity and Access See IAM.

Management

identity provider (IdP) An IAM (p. 27) entity that holds metadata about external identity providers.

IdP See identity provider (IdP) .

image See Amazon Machine Image (AMI).

Image Builder EC2 Image Builder is a service that facilitates building, maintaining, and
distributing customized server images that launch EC2 instances, or that run in
Docker containers.
See Also https://aws.amazon.com/image-builder.

implicit impressions Amazon Personalize (p. 43): The recommendations that your application shows
a user. Unlike explicit impressions, where you manually record each impression,
Amazon Personalize automatically derives implicit impressions from your
recommendation data.
See Also recommendations, impressions data, explicit impressions.

import log A report that contains details about how Import/Export (p. 28) processed your
data.

Import/Export AWS Import/Export is a service for transferring large amounts of data between
AWS and portable storage devices.
See Also https://aws.amazon.com/importexport.

import/export station A machine that uploads or downloads your data to or from Amazon S3 (p. 50).

impressions data Amazon Personalize (p. 43): The list of items that you presented to a user
when they interacted with a particular item such as by clicking it, watching it,
or purchasing it. Amazon Personalize uses impressions data to calculate the
relevance of new items for a user based on how frequently users have selected or
ignored the same item.
See Also explicit impressions, implicit impressions.

index See search index.

index field A name–value pair that's included in an CloudSearch (p. 10) domain's index. An
index field can contain text or numeric data, dates, or a location.

indexing options Configuration settings that define an CloudSearch (p. 10) domain's index fields,
how document data is mapped to those index fields, and how the index fields can
be used.

inline policy An IAM (p. 27) policy (p. 43) that's embedded in a single IAM user (p. 62),
group (p. 26), or role (p. 49).

in-place deployment CodeDeploy: A deployment method where the application on each instance in the
deployment group is stopped, the latest application revision is installed, and the

28
 AWS Glossary Reference

new version of the application is started and validated. You can choose to use a
load balancer so each instance is deregistered during its deployment and then
restored to service after the deployment is complete.

input data Amazon Machine Learning: The observations that you provide to Amazon
Machine Learning to train and evaluate a machine learning model and generate
predictions.

Amazon Inspector Amazon Inspector is an automated security assessment service that helps improve
the security and compliance of applications deployed on AWS. Amazon Inspector
automatically assesses applications for vulnerabilities or deviations from best
practices. After performing an assessment, Amazon Inspector produces a detailed
report with prioritized steps for remediation.
See Also https://aws.amazon.com/inspector.

instance A copy of an Amazon Machine Image (AMI) (p. 3) running as a virtual server in
the AWS Cloud.

instance family A general instance type (p. 29) grouping using either storage or CPU capacity.

instance group A Hadoop (p. 26) cluster contains one master instance group that contains
one master node (p. 36), a core instance group that contains one or more core
node (p. 13) and an optional task node (p. 60) instance group, which can
contain any number of task nodes.

instance profile A container that passes IAM (p. 27) role (p. 49) information to an EC2
instance (p. 19) at launch.

instance store Disk storage that's physically attached to the host computer for an EC2
instance (p. 19), and therefore has the same lifespan as the instance. When the
instance is terminated, you lose any data in the instance store.

instance store-backed AMI A type of Amazon Machine Image (AMI) (p. 3) whose instances (p. 29) use
an instance store (p. 29) volume (p. 64) as the root device. Compare this
with instances launched from Amazon EBS-backed AMIs (p. 19), which use an
Amazon EBS volume as the root device.

instance type A specification that defines the memory, CPU, storage capacity, and usage cost for
an instance (p. 29). Some instance types are for standard applications, whereas
others are for CPU-intensive, memory-intensive applications.

Interactions dataset Amazon Personalize (p. 43): A container for historical and real-time data
collected from interactions between users and items (called events). Interactions
data can include impressions data and contextual metadata.
See Also dataset, event, impressions data, contextual metadata.

internet gateway Connects a network to the internet. You can route traffic for IP addresses outside
your Amazon VPC (p. 64) to the internet gateway.

internet service provider (ISP) A company that provides subscribers with access to the internet. Many ISPs are
also mailbox providers (p. 35). Mailbox providers are sometimes referred to as
ISPs, even if they only provide mailbox services.

intrinsic function A special action in a CloudFormation (p. 10) template that assigns values
to properties not available until runtime. These functions follow the format
Fn::Attribute, such as Fn::GetAtt. Arguments for intrinsic functions can be
parameters, pseudo parameters, or the output of other intrinsic functions.

AWS IoT 1-Click AWS IoT 1-Click is a service that simple devices can use to launch AWS Lambda
functions.
See Also https://aws.amazon.com/iot-1-click.

29
 AWS Glossary Reference

AWS IoT Analytics AWS IoT Analytics is a fully managed service used to run sophisticated analytics
on massive volumes of IoT data.
See Also https://aws.amazon.com/iot-analytics.

AWS IoT Core AWS IoT Core is a managed cloud platform that lets connected devices easily and
securely interact with cloud applications and other devices.
See Also https://aws.amazon.com/iot.

AWS IoT Device Defender AWS IoT Device Defender is an AWS IoT security service that you can use to audit
the configuration of your devices, monitor your connected devices to detect
abnormal behavior, and to mitigate security risks.
See Also https://aws.amazon.com/iot-device-defender.

AWS IoT Device Management AWS IoT Device Management is a service used to securely onboard, organize,
monitor, and remotely manage IoT devices at scale.
See Also https://aws.amazon.com/iot-device-management.

AWS IoT Events AWS IoT Events is a fully managed AWS IoT service that you can use to detect and
respond to events from IoT sensors and applications.
See Also https://aws.amazon.com/iot-events.

AWS IoT FleetWise AWS IoT FleetWise is a service that you can use to collect, transform, and transfer
vehicle data to the cloud at scale.
See Also https://aws.amazon.com/iot-fleetwise.

AWS IoT Greengrass AWS IoT Greengrass is a software that you can use to run local compute,
messaging, data caching, sync, and ML inference capabilities for connected
devices in a secure way.
See Also https://aws.amazon.com/greengrass.

AWS IoT RoboRunner AWS IoT RoboRunner is a solution that provides infrastructure for integrating
robots with work management systems and building robotics fleet management
applications.
See Also https://aws.amazon.com/roborunner.

AWS IoT SiteWise AWS IoT SiteWise is a managed service that you can use to collect, organize, and
analyze data from industrial equipment at scale.
See Also https://aws.amazon.com/iot-sitewise.

AWS IoT Things Graph AWS IoT Things Graph is a service that you can use to visually connect different
devices and web services to build IoT applications.
See Also https://aws.amazon.com/iot-things-graph.

IP address A numerical address (for example, 192.0.2.44) that networked devices use
to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 19) is assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 39)):
a private IP address (following RFC 1918) and a public IP address. Instances
launched in a VPC (p. 64) are assigned only a private IP address. Instances
launched in your default VPC are assigned both a private IP address and a public
IP address.

IP match condition AWS WAF (p. 64): An attribute that specifies the IP addresses or IP
address ranges that web requests originate from. Based on the specified IP
addresses, you can configure AWS WAF to allow or block web requests to AWS
resources (p. 48) such as Amazon CloudFront (p. 10) distributions.

AWS IQ AWS IQ is a cloud service that AWS customers can use to find, engage, and pay
AWS Certified third-party experts for on-demand project work.

30
 AWS Glossary Reference

See Also ???TITLE???.

ISP See internet service provider (ISP).

issuer The person who writes a policy (p. 43) to grant permissions to a
resource (p. 48). The issuer (by definition) is always the resource owner. AWS
doesn't permit Amazon SQS (p. 57) users to create policies for resources they
don't own. If John is the resource owner, AWS authenticates John's identity when
he submits the policy he's written to grant permissions for that resource.

item A group of attributes that's uniquely identifiable among all of the other items.
Items in DynamoDB (p. 18) are similar in many ways to rows, records, or tuples
in other database systems.

item exploration Amazon Personalize (p. 43): The process that Amazon Personalize uses to test
different item recommendations, including recommendations of new items with
no or little interaction data, and learn how users respond. You configure item
exploration at the campaign level for solution versions created with the user-
personalization recipe.
See Also recommendations, campaign, solution version, user-personalization
recipe.

Items dataset Amazon Personalize (p. 43): A container for metadata about items, such as
price, genre, or availability.
See Also dataset.

item-to-item similarities Amazon Personalize (p. 43): A RELATED_ITEMS recipe that uses the data from
(SIMS) recipe an Interactions dataset to make recommendations for items that are similar to
a specified item. The SIMS recipe calculates similarity based on the way users
interact with items instead of matching item metadata, such as price or age.
See Also recipe, RELATED_ITEMS recipes, Interactions dataset.

J
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

job flow Amazon EMR (p. 21): One or more steps (p. 57) that specify all of the
functions to be performed on the data.

job ID A five-character, alphanumeric string that uniquely identifies an Import/

Export (p. 28) storage device in your shipment. AWS issues the job ID in
response to a CREATE JOB email command.

job prefix An optional string that you can add to the beginning of an Import/
Export (p. 28) log file name to prevent collisions with objects of the same
name.
See Also key prefix.

JSON JavaScript Object Notation. A lightweight data interchange format. For

information about JSON, see http://www.json.org/.

junk folder The location where email messages that various filters determine to be of lesser
value are collected so that they don't arrive in the recipient (p. 47)'s inbox but
are still accessible to the recipient. This is also referred to as a spam (p. 56) or
bulk folder.

31
 AWS Glossary Reference

K
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Amazon Kendra Amazon Kendra is a search service powered by machine learning (ML) that
developers can use to add search capabilities to their applications so their end
users can discover information stored within the vast amount of content spread
across their company.
See Also https://aws.amazon.com/kendra/.

key A credential that identifies an AWS account (p. 2) or user (p. 62) to AWS
(such as the AWS secret access key (p. 53)).

Amazon S3 (p. 50), Amazon EMR (p. 21): The unique identifier for an object
in a bucket (p. 7). Every object in a bucket has exactly one key. Because a
bucket and key together uniquely identify each object, you can think of Amazon
S3 as a basic data map between the bucket + key, and the object itself. You
can uniquely address every object in Amazon S3 through the combination of
the web service endpoint, bucket name, and key, as in this example: http://
doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl, where doc is the
name of the bucket, and 2006-03-01/AmazonS3.wsdl is the key.

Import/Export (p. 28): The name of an object in Amazon S3. It's a sequence
of Unicode characters whose UTF-8 encoding can't exceed 1024 bytes. If a key
(for example, logPrefix + import-log-JOBID) is longer than 1024 bytes, Elastic
Beanstalk (p. 20) returns an InvalidManifestField error.

IAM (p. 27): In a policy (p. 43), a specific characteristic that's the basis for
restricting access (such as the current time or the IP address of the requester).

Tagging resources: A general tag (p. 59) label that acts like a category for more
specific tag values. For example, you might have EC2 instance (p. 19) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 48)
with up to 10 key–value pairs. Not all AWS resources can be tagged.

key pair A set of security credentials that you use to prove your identity electronically. A
key pair consists of a private key and a public key.

key prefix A string of characters that is a subset of an object key name, starting with the first
character. The prefix can be any length, up to the maximum length of the object
key name (1,024 bytes).

Amazon Keyspaces Amazon Keyspaces (for Apache Cassandra) is a scalable, highly available, and
managed Apache Cassandra-compatible database service.
See Also https://aws.amazon.com/keyspaces/.

kibibyte (KiB) A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB)
is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB) (p. 36).

Kinesis Amazon Kinesis is a platform for streaming data on AWS. Kinesis offers services
that simplify the loading and analysis of streaming data.
See Also https://aws.amazon.com/kinesis/.

Kinesis Data Firehose Amazon Kinesis Data Firehose is a fully managed service for loading streaming
data into AWS. Kinesis Data Firehose can capture and automatically load

32
 AWS Glossary Reference

streaming data into Amazon S3 (p. 50) and Amazon Redshift (p. 47),
enabling near real-time analytics with existing business intelligence tools and
dashboards. Kinesis Data Firehose automatically scales to match the throughput
of your data and requires no ongoing administration. It can also batch, compress,
and encrypt the data before loading it.
See Also https://aws.amazon.com/kinesis/firehose/.

Kinesis Data Streams
Amazon Kinesis Data Streams is a web service for building custom applications
that process or analyze streaming data for specialized needs. Amazon Kinesis
Data Streams can continuously capture and store terabytes of data per hour from
hundreds of thousands of sources.
See Also https://aws.amazon.com/kinesis/streams/.

AWS KMS AWS Key Management Service is a managed service that simplifies the creation
and control of encryption keys that are used to encrypt data.
See Also https://aws.amazon.com/kms.

KMS key The primary resource in AWS Key Management Service. In general, KMS keys
are created, used, and deleted entirely within KMS. KMS supports symmetric
and asymmetric KMS keys for encryption and signing. KMS keys can be either
customer managed, AWS managed, or AWS owned. For more information, see
AWS KMS keys in the AWS Key Management Service Developer Guide.

L
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

labeled data In machine learning, data for which you already know the target or “correct”
answer.

Lake Formation AWS Lake Formation is a managed service that makes it easy to set up, secure,
and manage your data lakes. Lake Formation helps you discover your data sources
and then catalog, cleanse, and transform the data.
See Also https://aws.amazon.com/lake-formation.

Lambda AWS Lambda is a web service that you can use to run code without provisioning
or managing servers. You can run code for virtually any type of application
or backend service with zero administration. You can set up your code to
automatically start from other AWS services or call it directly from any web or
mobile app.
See Also https://aws.amazon.com/lambda/.

launch configuration A set of descriptive parameters used to create new EC2 instances (p. 19) in an
Amazon EC2 Auto Scaling (p. 19) activity.

A template that an Auto Scaling group (p. 6) uses to launch new EC2
instances. The launch configuration contains information such as the Amazon
Machine Image (AMI) (p. 3) ID, the instance type, key pairs, security
groups (p. 53), and block device mappings, among other configuration
settings.

launch permission An Amazon Machine Image (AMI) (p. 3) attribute that allows users to launch
an AMI.

Launch Wizard AWS Launch Wizard is a cloud solution that offers a guided way of sizing,
configuring, and deploying AWS resources for third-party applications, such as

33
 AWS Glossary Reference

Microsoft SQL Server Always On and HANA based SAP systems, without the need
to manually identify and provision individual AWS resources.
See Also https://aws.amazon.com/launchwizard.

Amazon Lex Amazon Lex is a fully managed artificial intelligence (AI) service with advanced
natural language models to design, build, test, and deploy conversational
interfaces in applications.
See Also https://aws.amazon.com/lex/.

lifecycle The lifecycle state of the EC2 instance (p. 19) contained in an Auto Scaling
group (p. 6). EC2 instances progress through several states over their lifespan;
these include Pending, InService, Terminating and Terminated.

lifecycle action An action that can be paused by Auto Scaling, such as launching or terminating
an EC2 instance.

lifecycle hook A feature for pausing Auto Scaling after it launches or terminates an EC2 instance
so that you can perform a custom action while the instance isn't in service.

Lightsail Amazon Lightsail is a service used to launch and manage a virtual private server
with AWS. Lightsail offers bundled plans that include everything you need to
deploy a virtual private server, for a low monthly rate.
See Also https://aws.amazon.com/lightsail/.

load balancer A DNS name combined with a set of ports, which together provide a destination
for all requests intended for your application. A load balancer can distribute
traffic to multiple application instances across every Availability Zone (p. 6)
within a Region (p. 47). Load balancers can span multiple Availability Zones
within an AWS Region into which an Amazon EC2 (p. 19) instance was
launched. But load balancers can't span multiple Regions.

local secondary index An index that has the same partition key as the table, but a different sort key. A
local secondary index is local in the sense that every partition of a local secondary
index is scoped to a table partition that has the same partition key value.
See Also local secondary index.

Amazon Location Amazon Location Service is a fully managed service that makes it easy for
a developer to add location functionality, such as maps, points of interest,
geocoding, routing, tracking, and geofencing, to their applications, without
sacrificing data security, user privacy, data quality, or cost.
See Also https://aws.amazon.com/location/.

logical name A case-sensitive unique string within an CloudFormation (p. 10) template that
identifies a resource (p. 48), mapping (p. 36), parameter, or output. In an
AWS CloudFormation template, each parameter, resource (p. 48), property,
mapping, and output must be declared with a unique logical name. You use the
logical name when dereferencing these items using the Ref function.

Lookout for Equipment Amazon Lookout for Equipment is a machine learning service that uses data from
sensors mounted on factory equipment to detect abnormal behavior so you can
take action before machine failures occur.
See Also https://aws.amazon.com/lookout-for-equipment/.

Lookout for Metrics Amazon Lookout for Metrics is a machine learning (ML) service that automatically
detects and diagnoses anomalies in business and operational data, such as a
sudden dip in sales revenue or customer acquisition rates.
See Also https://aws.amazon.com/lookout-for-metrics.

Lookout for Vision Amazon Lookout for Vision is a machine learning service that uses computer
vision (CV) to find defects in industrial products. Amazon Lookout for Vision can

34
 AWS Glossary Reference

identify missing components in an industrial product, damage to vehicles or

structures, irregularities in production lines, and even minuscule defects in silicon
wafers—or any other physical item where quality is important.
See Also https://aws.amazon.com/lookout-for-vision/.

Lumberyard See O3DE.

M
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Macie Amazon Macie is a security service that uses machine learning to automatically
discover, classify, and protect sensitive data in AWS.
See Also http://aws.amazon.com/macie/.

Mail Transfer Agent (MTA) Software that transports email messages from one computer to another by using
a client-server architecture.

mailbox provider An organization that provides email mailbox hosting services. Mailbox providers
are sometimes referred to as internet service providers (ISPs) (p. 29), even if
they only provide mailbox services.

mailbox simulator A set of email addresses that you can use to test an Amazon SES (p. 54)-based
email-sending application without sending messages to actual recipients. Each
email address represents a specific scenario (such as a bounce or complaint) and
generates a typical response that's specific to the scenario.

main route table The default route table (p. 50) that any new Amazon VPC (p. 64)
subnet (p. 58) uses for routing. You can associate a subnet with a different
route table of your choice. You can also change which route table is the main
route table.

AWS Mainframe AWS Mainframe Modernization service is a cloud native platform for migration,
Modernization modernization, execution, and operation of mainframe applications.
See Also https://aws.amazon.com/mainframe-modernization.

Managed Blockchain Amazon Managed Blockchain is a fully managed service for creating and
managing scalable blockchain networks using popular open source frameworks.
See Also http://aws.amazon.com/managed-blockchain/.

Amazon Managed Grafana Amazon Managed Grafana is a fully managed and secure data visualization
service that you can use to instantly query, correlate, and visualize operational
metrics, logs, and traces from multiple data sources.
See Also https://aws.amazon.com/grafana/.

AWS managed key One type of KMS key in AWS KMS (p. 33).

managed policy A standalone IAM (p. 27) policy (p. 43) that you can attach to
multiple users (p. 62), groups (p. 26), and roles (p. 49)s in your IAM
account (p. 2). Managed policies can either be AWS managed policies (which
are created and managed by AWS) or customer managed policies (which you
create and manage in your AWS account).

AWS managed policy An IAM (p. 27) managed policy (p. 35) that's created and managed by AWS.

Amazon Managed Service for Amazon Managed Service for Prometheus is a service that provides highly
Prometheus available, secure, and managed monitoring for your containers.

35
 AWS Glossary Reference

See Also https://aws.amazon.com/prometheus/.

AWS Management Console AWS Management Console is a graphical interface to manage compute, storage,
and other cloud resources (p. 48).
See Also https://aws.amazon.com/console.

management portal AWS Management Portal for vCenter is a web service for managing your AWS
resources (p. 48) using VMware vCenter. You install the portal as a vCenter
plugin within your existing vCenter environment. After it's installed, you can
migrate VMware VMs to Amazon EC2 (p. 19) and manage AWS resources from
within vCenter.
See Also https://aws.amazon.com/ec2/vcenter-portal/.

manifest When sending a create job request for an import or export operation, you describe
your job in a text file called a manifest. The manifest file is a YAML-formatted
file that specifies how to transfer data between your storage device and the AWS
Cloud.

manifest file Amazon Machine Learning: The file used for describing batch predictions. The
manifest file relates each input data file with its associated batch prediction
results. It's stored in the Amazon S3 output location.

mapping A way to add conditional parameter values to an CloudFormation (p. 10)

template. You specify mappings in the template's optional Mappings section and
retrieve the desired value using the FN::FindInMap function.

marker See pagination token.

AWS Marketplace AWS Marketplace is a web portal where qualified partners market and sell their
software to AWS customers. AWS Marketplace is an online software store that
helps customers find, buy, and immediately start using the software and services
that run on AWS.
See Also https://aws.amazon.com/partners/aws-marketplace/.

master node A process running on an Amazon Machine Image (AMI) (p. 3) that keeps track
of the work its core and task nodes complete.

maximum price The maximum price you pay to launch one or more Spot Instances (p. 56).
If your maximum price exceeds the current Spot price (p. 56) and your
restrictions are met, Amazon EC2 (p. 19) launches instances on your behalf.

maximum send rate The maximum number of email messages that you can send per second using
Amazon SES (p. 54).

mean reciprocal rank at 25 Amazon Personalize (p. 43): An evaluation metric that assesses the relevance
of a model’s highest ranked recommendation. Amazon Personalize calculates
this metric using the average accuracy of the model when ranking the most
relevant recommendation out of the top 25 recommendations over all requests
for recommendations.
See Also metrics, recommendations.

mebibyte (MiB) A contraction of mega binary byte. A mebibyte (MiB) is 2^20 or 1,048,576
bytes. A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte
(GiB) (p. 25).

member resources See resource.

MemoryDB Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory

database service that's purpose-built for modern applications with microservices
architectures.
See Also https://aws.amazon.com/memorydb.

36
 AWS Glossary Reference

message ID Amazon SES (p. 54): A unique identifier that's assigned to every email message
that's sent.

Amazon SQS (p. 57): The identifier returned when you send a message to a
queue.

metadata Information about other data or objects. In Amazon S3 (p. 50) and Amazon
EMR (p. 21) metadata takes the form of name–value pairs that describe
the object. These include default metadata such as the date last modified and
standard HTTP metadata (for example, Content-Type). Users can also specify
custom metadata at the time they store an object. In Amazon EC2 (p. 19)
metadata includes data about an EC2 instance (p. 19) that the instance can
retrieve to determine things about itself, such as the instance type or the IP
address.

metric An element of time-series data defined by a unique combination of exactly

one namespace (p. 39), exactly one metric name, and between zero and
ten dimensions. Metrics and the statistics derived from them are the basis of
CloudWatch (p. 10).

metric name The primary identifier of a metric, used with a namespace (p. 39) and optional
dimensions.

metrics Amazon Personalize (p. 43): Evaluation data that Amazon Personalize
generates when you train a model. You use metrics to evaluate the performance
of the model, view the effects of modifying a solution’s configuration, and
compare results between solutions that use the same training data but were
created with different recipes.
See Also solution, recipe.

MFA See multi-factor authentication (MFA).

micro instance A type of EC2 instance (p. 19) that's more economical to use if you have
occasional bursts of high CPU activity.

AWS Microservice Extractor AWS Microservice Extractor for .NET is an assistive modernization tool that
for .NET helps to reduce the time and effort required to break down large, monolithic
applications running on the AWS Cloud or on premises into smaller, independent
services. These services can be operated and managed independently.

Migration Hub AWS Migration Hub is a service that provides a single location to track migration
tasks across multiple AWS tools and partner solutions.
See Also https://aws.amazon.com/migration-hub/.

MIME See Multipurpose Internet Mail Extensions (MIME).

Amazon ML Amazon Machine Learning is a cloud-based service that creates machine learning
(ML) models by finding patterns in your data, and uses these models to process
new data and generate predictions.
See Also http://aws.amazon.com/machine-learning/.

ML model In machine learning (ML), a mathematical model that generates predictions by

finding patterns in data. Amazon Machine Learning supports three types of ML
models: binary classification, multiclass classification, and regression. Also known
as a predictive model.
See Also binary classification model, multiclass classification model, regression
model.

Mobile Analytics Amazon Mobile Analytics is a service for collecting, visualizing, understanding,
and extracting mobile app usage data at scale.

37
 AWS Glossary Reference

See Also https://aws.amazon.com/mobileanalytics.

Mobile Hub See Amplify.

AWS Mobile SDK See Amplify.

Mobile SDK for Android See Amplify Android.

Mobile SDK for iOS See Amplify iOS.

Mobile SDK for Unity The AWS Mobile SDK for Unity is included in the AWS SDK for .NET (p. 51).

Mobile SDK for Xamarin The AWS Mobile SDK for Xamarin is included in the AWS SDK for .NET (p. 51).

Amazon Monitron Amazon Monitron is an end-to-end system that uses machine learning (ML) to
detect abnormal behavior in industrial machinery. Use Amazon Monitron to
implement predictive maintenance and reduce unplanned downtime.
See Also https://aws.amazon.com/monitron/.

Amazon MQ Amazon MQ is a managed message broker service for Apache ActiveMQ that you
can use to set up and operate message brokers in the cloud.
See Also https://aws.amazon.com/amazon-mq/.

MTA See Mail Transfer Agent (MTA).

Multi-AZ deployment A primary DB instance (p. 16) that has a synchronous standby replica in a
different Availability Zone (p. 6). The primary DB instance is synchronously
replicated across Availability Zones to the standby replica.

multiclass classification A machine learning model that predicts values that belong to a limited, pre-
model defined set of permissible values. For example, "Is this product a book, movie, or
clothing?"

multi-factor authentication An optional AWS account (p. 2) security feature. After you enable AWS
(MFA) MFA, you must provide a six-digit, single-use code in addition to your sign-in
credentials whenever you access secure AWS webpages or the AWS Management
Console (p. 36). You get this single-use code from an authentication device
that you keep in your physical possession.
See Also https://aws.amazon.com/mfa/.

multipart upload A feature that you can use to upload a single object as a set of parts.

Multipurpose Internet Mail An internet standard that extends the email protocol to include non-ASCII text
Extensions (MIME) and nontext elements, such as attachments.

Multitool A cascading application that provides a simple command-line interface for

managing large datasets.

multi-valued attribute An attribute with more than one value.

Amazon MWAA Amazon Managed Workflows for Apache Airflow is a managed orchestration
service for Apache Airflow to assist in setting up and operating end-to-end data
pipelines in the cloud at scale.
See Also https://aws.amazon.com/managed-workflows-for-apache-airflow.

N
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)

38
 AWS Glossary Reference

| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

namespace An abstract container that provides context for the items (names, or technical
terms, or words) it holds, and allows disambiguation of homonym items residing
in different namespaces.

NAT Network address translation. A strategy of mapping one or more IP addresses

to another while data packets are in transit across a traffic routing device. This
is commonly used to restrict internet communication to private instances while
allowing outgoing traffic.
See Also Network Address Translation and Protocol Translation, NAT gateway,
NAT instance.

NAT gateway A NAT (p. 39) device, managed by AWS, that performs network address
translation in a private subnet (p. 58), to secure inbound internet traffic. A NAT
gateway uses both NAT and port address translation.
See Also NAT instance.

NAT instance A NAT (p. 39) device, configured by a user, that performs network address
translation in a Amazon VPC (p. 64) public subnet (p. 58) to secure inbound
internet traffic.
See Also NAT gateway.

Neptune Amazon Neptune is a managed graph database service that you can use to
build and run applications that work with highly connected datasets. Neptune
supports the popular graph query languages Apache TinkerPop Gremlin and
W3C's SPARQL, enabling you to build queries that efficiently navigate highly
connected datasets.
See Also https://aws.amazon.com/neptune/.

network ACL An optional layer of security that acts as a firewall for controlling traffic in and
out of a subnet (p. 58). You can associate multiple subnets with a single
network ACL (p. 1), but a subnet can be associated with only one network ACL
at a time.

Network Address Translation (NAT (p. 39)-PT) An internet protocol standard defined in RFC 2766.
and Protocol Translation See Also NAT instance, NAT gateway.

Network Firewall AWS Network Firewall is a managed service that deploys essential network
protections for all Amazon Virtual Private Clouds (Amazon VPCs).
See Also https://aws.amazon.com/network-firewall.

n-gram processor A processor that performs n-gram transformations.

See Also n-gram transformation.

n-gram transformation
Amazon Machine Learning: A transformation that aids in text string analysis.
An n-gram transformation takes a text variable as input and outputs strings by
sliding a window of size n words, where n is specified by the user, over the text,
and outputting every string of words of size n and all smaller sizes. For example,
specifying the n-gram transformation with window size =2 returns all the two-
word combinations and all of the single words.

NICE Desktop Cloud A remote visualization technology for securely connecting users to graphic-
Visualization intensive 3D applications hosted on a remote, high-performance server.

Nimble Studio Amazon Nimble Studio is a managed AWS cloud service for creative studios to
produce visual effects, animation, and interactive content—from storyboard to
final deliverable.

39
 AWS Glossary Reference

See Also https://aws.amazon.com/nimble-studio/.

node OpenSearch Service (p. 41): An OpenSearch instance. A node can be either a
data instance or a dedicated master instance.
See Also dedicated master node.

NoEcho A property of CloudFormation (p. 10) parameters that prevent the otherwise
default reporting of names and values of a template parameter. Declaring the
NoEcho property causes the parameter value to be masked with asterisks in the
report by the cfn-describe-stacks command.

normalized discounted
cumulative gain (NCDG) at K
(5/10/25)
Amazon Personalize (p. 43): An evaluation metric that tells you about the
relevance of your model’s highly ranked recommendations, where K is a sample
size of 5, 10, or 25 recommendations. Amazon Personalize calculates this by
assigning weight to recommendations based on their position in a ranked list,
where each recommendation is discounted (given a lower weight) by a factor
dependent on its position. The normalized discounted cumulative gain at K
assumes that recommendations that are lower on a list are less relevant than
recommendations higher on the list.
See Also metrics, recommendations.

NoSQL Nonrelational database systems that are highly available, scalable, and optimized
for high performance. Instead of the relational model, NoSQL databases (for
example, DynamoDB (p. 18)) use alternate models for data management, such
as key–value pairs or document storage.

null object A null object is one whose version ID is null. Amazon S3 (p. 50) adds a null
object to a bucket (p. 7) when versioning (p. 63) for that bucket is
suspended. It's possible to have only one null object for each key in a bucket.

number of passes The number of times that you allow Amazon Machine Learning to use the same
data records to train a machine learning model.

O
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

O3DE Open 3D Engine (successor to Amazon Lumberyard) is an open-source 3D

development engine for creating games and simulations. O3DE is licensed under
Apache 2.0 and maintained by a community of contributors, including Amazon.
See Also https://www.o3de.org/, https://aws.amazon.com/lumberyard/, https://
docs.aws.amazon.com/lumberyard/.

object Amazon S3 (p. 50): The fundamental entity type stored in Amazon S3. Objects
consist of object data and metadata. The data portion is opaque to Amazon S3.

CloudFront (p. 10): Any entity that can be served either over HTTP or a version
of RTMP.

observation Amazon Machine Learning: A single instance of data that Amazon Machine
Learning (Amazon ML) uses to either train a machine learning model how to
predict or to generate a prediction. Each row in an Amazon ML input data file is
an observation.

On-Demand Instance An Amazon EC2 (p. 19) pricing option that charges you for compute capacity
by the hour or second (minimum of 60 seconds) with no long-term commitment.

40
 AWS Glossary Reference

Open 3D Engine See O3DE.

OpenSearch Service Amazon OpenSearch Service is an AWS managed service for deploying, operating,
and scaling OpenSearch, an open-source search and analytics engine, in the AWS
Cloud. Amazon OpenSearch Service (OpenSearch Service) also offers security
options, high availability, data durability, and direct access to the OpenSearch API.
See Also https://aws.amazon.com/elasticsearch-service.

operation An API function. Also called an action.

OpsWorks AWS OpsWorks is a configuration management service that helps you use Chef
to configure and operate groups of instances and applications. You can define
the application's architecture and the specification of each component including
package installation, software configuration, and resources (p. 48) such as
storage. You can automate tasks based on time, load, or lifecycle events.
See Also https://aws.amazon.com/opsworks/.

optimistic locking A strategy to ensure that an item that you want to update has not been modified
by others before you perform the update. For DynamoDB (p. 18), optimistic
locking support is provided by the AWS SDKs.

organization Organizations (p. 41): An entity that you create to consolidate and manage
your AWS accounts. An organization has one management account along with
zero or more member accounts.

organizational unit Organizations (p. 41): A container for accounts within a root (p. 49) of an
organization. An organizational unit (OU) can contain other OUs.

Organizations AWS Organizations is an account management service that you can use to
consolidate multiple AWS accounts into an organization that you create and
centrally manage.
See Also https://aws.amazon.com/organizations/.

origin access identity Also called OAI. When using Amazon CloudFront (p. 10) to serve content with
an Amazon S3 (p. 50) bucket (p. 7) as the origin, a virtual identity that you
use to require users to access your content through CloudFront URLs instead of
Amazon S3 URLs. Usually used with CloudFront private content (p. 44).

origin server The Amazon S3 (p. 50) bucket (p. 7) or custom origin containing
the definitive original version of the content you deliver through
CloudFront (p. 10).

original environment The instances in a deployment group at the start of an CodeDeploy blue/green
deployment.

OSB transformation Orthogonal sparse bigram transformation. In machine learning, a transformation

that aids in text string analysis and that's an alternative to the n-gram
transformation. OSB transformations are generated by sliding the window of size
n words over the text, and outputting every pair of words that includes the first
word in the window.
See Also n-gram transformation.

OU See organizational unit.

Outposts AWS Outposts is a fully managed service by AWS that extends AWS infrastructure,
services, APIs, and tools to on-premises data centers and edge locations. Use AWS
Outposts for workloads and devices requiring low latency access to on-premises
systems, local data processing, data residency, and application migration with
local system interdependencies.
See Also https://aws.amazon.com/outposts.

41
 AWS Glossary Reference

output location Amazon Machine Learning: An Amazon S3 location where the results of a batch
prediction are stored.

P
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

pagination The process of responding to an API request by returning a large list of records in
small separate parts. Pagination can occur in the following situations:

• The client sets the maximum number of returned records to a value below the
total number of records.
• The service has a default maximum number of returned records that's lower
than the total number of records.

When an API response is paginated, the service sends a subset of the large list
of records and a pagination token that indicates that more records are available.
The client includes this pagination token in a subsequent API request, and the
service responds with the next subset of records. This continues until the service
responds with a subset of records and no pagination token, indicating that all
records have been sent.

pagination token A marker that indicates that an API response contains a subset of a larger list of
records. The client can return this marker in a subsequent API request to retrieve
the next subset of records until the service responds with a subset of records and
no pagination token, indicating that all records have been sent.
See Also pagination.

paid AMI An Amazon Machine Image (AMI) (p. 3) that you sell to other Amazon
EC2 (p. 19) users on AWS Marketplace (p. 36).

AWS Panorama AWS Panorama is a machine learning (ML) Appliance and Software Development
Kit (SDK) that organizations can use to bring computer vision (CV) to on-premises
cameras to make predictions locally.
See Also https://aws.amazon.com/panorama.

AWS ParallelCluster AWS ParallelCluster is an AWS supported open source cluster management tool
that helps you to deploy and manage high performance computing (HPC) clusters
in the AWS Cloud.

paravirtual virtualization See PV virtualization.

part A contiguous portion of the object's data in a multipart upload request.

partition key A simple primary key, composed of one attribute (also known as a hash attribute).
See Also primary key, sort key.

PAT Port address translation.

pebibyte (PiB) A contraction of peta binary byte, a pebibyte is 2^50 or 1,125,899,906,842,624

bytes. A petabyte (PB) is 10^15 or 1,000,000,000,000,000 bytes. 1,024 PiB is an
exbibyte (EiB) (p. 23).

period See sampling period.

42

permission
persistent storage
Amazon Personalize
PERSONALIZED_RANKING
recipes
personalized-ranking recipe
physical name
Amazon Pinpoint
pipeline
plaintext
policy
policy generator
policy simulator
AWS Glossary Reference
A statement within a policy (p. 43) that allows or denies access to a particular
resource (p. 48). You can state any permission in the following way: "A has
permission to do B to C." For example, Jane (A) has permission to read messages
(B) from John's Amazon SQS (p. 57) queue (C). Whenever Jane sends a
request to Amazon SQS to use John's queue, the service checks to see if she has
permission. It further checks to see if the request satisfies the conditions John set
forth in the permission.
A data storage solution where the data remains intact until it's deleted. Options
within AWS (p. 3) include: Amazon S3 (p. 50), Amazon RDS (p. 46),
DynamoDB (p. 18), and other services.
Amazon Personalize is an artificial intelligence service for creating individualized
product and content recommendations.
See Also https://aws.amazon.com/personalize/.
Amazon Personalize (p. 43): Recipes that provide item recommendations in
ranked order based on the predicted interest for a user.
See Also recipe, recommendations, personalized-ranking recipe, popularity-count
recipe.
Amazon Personalize (p. 43): A PERSONALIZED_RANKING recipe that ranks a
collection of items that you provide based on the predicted interest level for a
specific user. Use the personalized-ranking recipe to create curated lists of items
or ordered search results that are personalized for a specific user.
See Also recipe, PERSONALIZED_RANKING recipes.
A unique label that CloudFormation (p. 10) assigns to each resource (p. 48)
when creating a stack (p. 57). Some AWS CloudFormation commands accept
the physical name as a value with the --physical-name parameter.
Amazon Pinpoint is a multichannel communications service that helps
organizations send timely, targeted content through SMS, email, mobile push
notifications, voice messages, and in-application channels.
See Also https://aws.amazon.com/pinpoint.
CodePipeline (p. 11): A workflow construct that defines the way software
changes go through a release process.
Information that has not been encrypted (p. 21), as opposed to
ciphertext (p. 9).
IAM (p. 27): A document defining permissions that apply to a user, group,
or role; the permissions in turn determine what users can do in AWS. A policy
typically allows (p. 3) access to specific actions, and can optionally grant
that the actions are allowed for specific resources (p. 48), such as EC2
instances (p. 19) or Amazon S3 (p. 50) buckets (p. 7). Policies can also
explicitly deny (p. 17) access.
Amazon EC2 Auto Scaling (p. 19): An object that stores the information that's
needed to launch or terminate instances for an Auto Scaling group. Running
the policy causes instances to be launched or terminated. You can configure an
alarm (p. 2) to invoke an Auto Scaling policy.
A tool in the IAM (p. 27) AWS Management Console (p. 36) that helps you
build a policy (p. 43) by selecting elements from lists of available options.
A tool in the IAM (p. 27) AWS Management Console (p. 36) that helps you
test and troubleshoot policies (p. 43) so you can see their effects in real-world
scenarios.
43
 AWS Glossary Reference

policy validator A tool in the IAM (p. 27) AWS Management Console (p. 36) that examines
your existing IAM access control policies (p. 43) to ensure that they comply
with the IAM policy grammar.

Amazon Polly Amazon Polly is a text-to-speech (TTS) service that turns text into natural-
sounding human speech. Amazon Polly provides dozens of lifelike voices across
a broad set of languages so that you can build speech-enabled applications that
work in many different countries.
See Also https://aws.amazon.com/polly/.

popularity-count recipe Amazon Personalize (p. 43): A USER_PERSONALIZATION recipe that

recommends the items that have had the most interactions with unique users.
See Also recipe, USER_PERSONALIZATION recipes.

Porting Assistant for .NET Porting Assistant for .NET is a compatibility analyzer that reduces the manual
effort required to port Microsoft .NET Framework applications to open
source .NET Core.

precision at K (5/10/25) Amazon Personalize (p. 43): An evaluation metric that tells you how relevant
your model’s recommendations are based on a sample size of K (5, 10, or 25)
recommendations. Amazon Personalize calculates this metric based on the
number of relevant recommendations out of the top K recommendations, divided
by K, where K is 5, 10, or 25.
See Also metrics, recommendations.

prefix See job prefix.

Premium Support A one-on-one, fast-response support channel that AWS customers can subscribe
to for support for AWS infrastructure services.
See Also https://aws.amazon.com/premiumsupport/.

presigned URL A web address that uses query string authentication (p. 46).

primary key One or two attributes that uniquely identify each item in a DynamoDB (p. 18)
table, so that no two items can have the same key.
See Also partition key, sort key.

primary shard See shard.

principal The user (p. 62), service, or account (p. 2) that receives permissions that
are defined in a policy (p. 43). The principal is A in the statement "A has
permission to do B to C."

AWS Private CA AWS Private Certificate Authority is a hosted private certificate authority service
for issuing and revoking private digital certificates (p. 8).
See Also https://aws.amazon.com/certificate-manager/private-certificate-
authority/.

private content When using Amazon CloudFront (p. 10) to serve content with an Amazon
S3 (p. 50) bucket (p. 7) as the origin, a method of controlling access to
your content by requiring users to use signed URLs. Signed URLs can restrict user
access based on the current date and time, the IP addresses that the requests
originate from, or both.

private IP address A private numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 19) is assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 39)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 64) are assigned only a private IP address.

44
 AWS Glossary Reference

private subnet A Amazon VPC (p. 64) subnet (p. 58) whose instances can't be reached from
the internet.

product code An identifier provided by AWS when you submit a product to AWS
Marketplace (p. 36).

properties See resource property.

property rule A JSON (p. 31)-compliant markup standard for declaring properties, mappings,
and output values in an CloudFormation (p. 10) template.

Provisioned IOPS A storage option that delivers fast, predictable, and consistent I/O performance.
When you specify an IOPS rate while creating a DB instance, Amazon
RDS (p. 46) provisions that IOPS rate for the lifetime of the DB instance.

pseudo parameter A predefined setting (for example, AWS:StackName) that can be used in
CloudFormation (p. 10) templates without having to declare them. You can use
pseudo parameters anywhere you can use a regular parameter.

public AMI An Amazon Machine Image (AMI) (p. 3) that all AWS accounts (p. 2) have
permission to launch.

public dataset A large collection of public information that can be seamlessly integrated into
applications that are based in the AWS Cloud. Amazon stores public datasets
at no charge to the community and, similar to other AWS services, users pay
only for the compute and storage they use for their own applications. These
datasets currently include data from the Human Genome Project, the US Census,
Wikipedia, and other sources.
See Also https://aws.amazon.com/publicdatasets.

public IP address A public numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 19) is assigned two IP addresses at launch, which are directly
mapped to each other through Network Address Translation (NAT (p. 39)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 64) are assigned only a private IP address.

public subnet A subnet (p. 58) whose instances can be reached from the internet.

PV virtualization Paravirtual virtualization allows guest VMs to run on host systems that don't have
special support extensions for full hardware and CPU virtualization. Because PV
guests run a modified operating system that doesn't use hardware emulation,
they can't provide hardware-related features, such as enhanced networking or
GPU support.
See Also HVM virtualization.

Q
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Amazon QLDB Amazon Quantum Ledger Database (Amazon QLDB) is a fully managed ledger
database that provides a transparent, immutable, and cryptographically verifiable
transaction log owned by a central trusted authority.
See Also https://aws.amazon.com/qldb.

45
 AWS Glossary Reference

quartile binning Amazon Machine Learning: A process that takes two inputs, a numerical variable
transformation and a parameter called a bin number, and outputs a categorical variable. Quartile
binning transformations discover non-linearity in a variable's distribution by
enabling the machine learning model to learn separate importance values for
parts of the numeric variable’s distribution.

Query A type of web service that generally uses only the GET or POST HTTP method and
a query string with parameters in the URL.
See Also REST.

query string authentication An AWS feature that you can use to place the authentication information in the
HTTP request query string instead of in the Authorization header, which
provides URL-based access to objects in a bucket (p. 7).

queue A sequence of messages or jobs that are held in temporary storage awaiting
transmission or processing.

queue URL A web address that uniquely identifies a queue.

QuickSight Amazon QuickSight is a fast, cloud-powered business analytics service that you
can use to build visualizations, perform analysis, and quickly get business insights
from your data.
See Also https://aws.amazon.com/quicksight/.

quota The maximum value for your resources, actions, and items in your AWS account

R
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

AWS RAM AWS Resource Access Manager is a web service that AWS customers can use to
securely share AWS resources with any AWS account or within your organization.
See Also https://aws.amazon.com/ram.

range GET A request that specifies a byte range of data to get for a download. If an object is
large, you can break up a download into smaller units by sending multiple range
GET requests that each specify a different byte range to GET.

raw email A type of sendmail request with which you can specify the email headers and
MIME types.

Amazon RDS Amazon Relational Database Service is a web service that makes it easier to set
up, operate, and scale a relational database in the cloud. It provides cost-efficient,
resizable capacity for an industry-standard relational database and manages
common database administration tasks.
See Also https://aws.amazon.com/rds.

read replica Amazon RDS (p. 46): An active copy of another DB instance. Any updates to
the data on the source DB instance are replicated to the read replica DB instance
using the built-in replication feature of MySQL 5.1.

real-time predictions Amazon Machine Learning: Synchronously generated predictions for individual
data observations.
See Also batch prediction.

46
 AWS Glossary Reference

receipt handle Amazon SQS (p. 57): An identifier that you get when you receive a message
from the queue. This identifier is required to delete a message from the queue or
when changing a message's visibility timeout.

receiver The entity that consists of the network systems, software, and policies that
manage email delivery for a recipient (p. 47).

recipe Amazon Personalize (p. 43): An Amazon Personalize algorithm

that's preconfigured to predict the items that a user interacts with (for
USER_PERSONALIZATION recipes), or calculate items that are similar to specific
items that a user has shown interest in (for RELATED_ITEMS recipes), or rank a
collection of items that you provide based on the predicted interest for a specific
user (for PERSONALIZED_RANKING recipes).
See Also USER_PERSONALIZATION recipes, RELATED_ITEMS recipes,
PERSONALIZED_RANKING recipes.

recipient Amazon SES (p. 54): The person or entity receiving an email message. For
example, a person named in the "To" field of a message.

recommendations Amazon Personalize (p. 43): A list of items that Amazon Personalize predicts
that a user interacts with. Depending on the Amazon Personalize recipe used,
recommendations can be either a list of items (with USER_PERSONALIZATION
recipes and RELATED_ITEMS recipes), or a ranking of a collection of items you
provided (with PERSONALIZED_RANKING recipes).
See Also recipe, campaign, solution version, USER_PERSONALIZATION recipes,
RELATED_ITEMS recipes, PERSONALIZED_RANKING recipes.

Redis A fast, open-source, in-memory key-value data structure store. Redis comes with
a set of versatile in-memory data structures with which you can easily create a
variety of custom applications.

Amazon Redshift Amazon Redshift is a fully managed, petabyte-scale data warehouse service in
the cloud. With Amazon Redshift, you can analyze your data using your existing
business intelligence tools.
See Also https://aws.amazon.com/redshift/.

reference A means of inserting a property from one AWS resource (p. 48) into another.
For example, you could insert an Amazon EC2 (p. 19) security group (p. 53)
property into an Amazon RDS (p. 46) resource.

Region A named set of AWS resources (p. 48) that's in the same geographical area. A
Region comprises at least three Availability Zones (p. 6).

regression model Amazon Machine Learning: Preformatted instructions for common data
transformations that fine-tune machine learning model performance.

regression model A type of machine learning model that predicts a numeric value, such as the exact
purchase price of a house.

regularization A machine learning (ML) parameter that you can tune to obtain higher-quality
ML models. Regularization helps prevent ML models from memorizing training
data examples instead of learning how to generalize the patterns it sees (called
overfitting). When training data is overfitted, the ML model performs well on the
training data, but doesn't perform well on the evaluation data or on new data.

Amazon Rekognition Amazon Rekognition is a machine learning service that identifies objects, people,
text, scenes, and activities, including inappropriate content, in either image or
video files. With Amazon Rekognition Custom Labels, you can create a customized
ML model that detects objects and scenes specific to your business in images.
See Also https://aws.amazon.com/rekognition/.

47
 AWS Glossary Reference

RELATED_ITEMS recipes Amazon Personalize (p. 43)Recipes that recommend items that are similar to a
specified item, such as the item-to-item (SIMS) recipe.
See Also recipe, item-to-item similarities (SIMS) recipe.

replacement environment The instances in a deployment group after the CodeDeploy blue/green
deployment.

replica shard See shard.

reply path The email address that an email reply is sent to. This is different from the return
path (p. 49).

representational state See REST.

transfer

reputation 1. An Amazon SES (p. 54) metric, based on factors that might include
bounces (p. 7), complaints (p. 11), and other metrics, regarding whether a
customer is sending high-quality email.

2. A measure of confidence, as judged by an internet service provider

(ISP) (p. 29) or other entity that an IP address that they are receiving email
from isn't the source of spam (p. 56).

requester The person (or application) that sends a request to AWS to perform a specific
action. When AWS receives a request, it first evaluates the requester's permissions
to determine whether the requester is allowed to perform the request action (if
applicable, for the requested resource (p. 48)).

Requester Pays An Amazon S3 (p. 50) feature that allows a bucket owner (p. 7) to specify
that anyone who requests access to objects in a particular bucket (p. 7) must
pay the data transfer and request costs.

reservation A collection of EC2 instances (p. 19) started as part of the same launch
request. This is not to be confused with a Reserved Instance (p. 48).

Reserved Instance A pricing option for EC2 instances (p. 19) that discounts the on-
demand (p. 40) usage charge for instances that meet the specified parameters.
Customers pay for the entire term of the instance, regardless of how they use it.

Reserved Instance An online exchange that matches sellers who have reserved capacity that they
Marketplace no longer need with buyers who are looking to purchase additional capacity.
reserved instances (p. 48) that you purchase from third-party sellers have less
than a full standard term remaining and can be sold at different upfront prices.
The usage or reoccurring fees remain the same as the fees set when the Reserved
Instances were originally purchased. Full standard terms for Reserved Instances
available from AWS run for one year or three years.

Resilience Hub AWS Resilience Hub gives you a central place to define, validate, and track the
resiliency of your AWS application. It helps you to protect your applications from
disruptions, and reduce recovery costs to optimize business continuity to help
meet compliance and regulatory requirements.
See Also https://aws.amazon.com/resilience-hub.

resource An entity that users can work with in AWS, such as an EC2 instance (p. 19),
an DynamoDB (p. 18) table, an Amazon S3 (p. 50) bucket (p. 7), an
IAM (p. 27) user, or an OpsWorks (p. 41) stack (p. 57).

Resource Groups AWS Resource Groups is a web service that AWS customers can use to manage
and automate tasks on large numbers of resources at one time.
See Also AWS Resource Groups.

48
 AWS Glossary Reference

Amazon Resource Name Amazon Resource Name is a standardized way to refer to an AWS
(ARN) resource (p. 48) (for example, arn:aws:iam::123456789012:user/
division_abc/subdivision_xyz/Bob).

resource property A value required when including an AWS resource (p. 48) in an
CloudFormation (p. 10) stack (p. 57). Each resource can have one or more
properties associated with it. For example, an AWS::EC2::Instance resource
might have a UserData property. In an AWS CloudFormation template, resources
must declare a properties section, even if the resource has no properties.

resource record Also called resource record set. The fundamental information elements in the
Domain Name System (DNS).
See Also Domain Name System on Wikipedia.

REST Representational state transfer. A simple stateless architecture that generally runs
over HTTPS/TLS. REST emphasizes that resources have unique and hierarchical
identifiers (URIs), are represented by common media types (such as HTML, XML,
or JSON (p. 31)), and that operations on the resources are either predefined or
discoverable within the media type. In practice, this generally results in a limited
number of operations.
See Also Query, WSDL, SOAP.

RESTful web service Also known as RESTful API. A web service that follows REST (p. 49)
architectural constraints. The API operations must use HTTP methods explicitly,
expose hierarchical URIs, and transfer either XML, JSON (p. 31), or both.

return enabled CloudSearch (p. 10): An index field option that enables the field's values to be
returned in the search results.

return path The email address that bounced email is returned to. The return path is specified
in the header of the original email. This is different from the reply path (p. 48).

revision CodePipeline (p. 11): A change that's made to a source that's configured in a
source action, such as a pushed commit to a GitHub (p. 25) repository or an
update to a file in a versioned Amazon S3 (p. 50) bucket (p. 7).

AWS RoboMaker AWS RoboMaker is a cloud-based simulation service that robotics developers use
to run, scale, and automate simulation without managing any infrastructure.
See Also https://aws.amazon.com/robomaker.

role A tool for giving temporary access to AWS resources (p. 48) in your AWS
account (p. 2).

rollback A return to a previous state that follows the failure to create an object, such
as CloudFormation (p. 10) stack (p. 57). All resources (p. 48) that
are associated with the failure are deleted during the rollback. For AWS
CloudFormation, you can override this behavior using the --disable-rollback
option on the command line.

root Organizations (p. 41): A parent container for the accounts in your organization.
If you apply a service control policy (p. 54) to the root, it applies to every
organizational unit (p. 41) and account in the organization.

root credentials Authentication information associated with the AWS account (p. 2) owner.

root device volume A volume (p. 64) that contains the image used to boot the instance (p. 29)
(also known as a root device). If you launched the instance from an AMI (p. 3)
backed by instance store (p. 29), this is an instance store volume (p. 64)
created from a template stored in Amazon S3 (p. 50). If you launched the

49
 AWS Glossary Reference

instance from an AMI backed by Amazon EBS (p. 19), this is an Amazon EBS
volume created from an Amazon EBS snapshot.

route table A set of routing rules that controls the traffic leaving any subnet (p. 58) that's
associated with the route table. You can associate multiple subnets with a single
route table, but a subnet can be associated with only one route table at a time.

Route 53 Amazon Route 53 is a web service that you can use to create a new DNS service or
to migrate your existing DNS service to the cloud.
See Also https://aws.amazon.com/route53.

row identifier Amazon Machine Learning: An attribute in the input data that you can include
in the evaluation or prediction output to make it easier to associate a prediction
with an observation.

rule AWS WAF (p. 64): A set of conditions that AWS WAF searches for in web
requests to AWS resources (p. 48) such as Amazon CloudFront (p. 10)
distributions. You add rules to a web ACL (p. 65), and then specify whether you
want to allow or block web requests based on each rule.

S
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

Amazon S3 Amazon S3 is storage for the internet. You can use it to store and retrieve any
amount of data at any time, from anywhere on the web.
See Also https://aws.amazon.com/s3.

Amazon S3 Glacier Amazon S3 Glacier is a secure, durable, and low-cost storage service for data
archiving and long-term backup. You can reliably store large or small amounts of
data for significantly less than on-premises solutions. S3 Glacier is optimized for
infrequently accessed data, where a retrieval time of several hours is suitable.
See Also https://aws.amazon.com/glacier/.

Amazon S3-Backed AMI See instance store-backed AMI.

SageMaker Amazon SageMaker is a fully managed cloud service that builds, trains, and
deploys machine learning (ML) models by using AWS infrastructure, tools, and
workflows.
See Also https://aws.amazon.com/sagemaker.

AWS SAM AWS Serverless Application Model is an open-source framework for building and
running serverless applications. AWS SAM provides a command line interface tool
and a shorthand syntax template specification that you can use to quickly iterate
through your serverless application lifecycle.
See Also https://aws.amazon.com/serverless/sam/.

sampling period A defined duration of time, such as one minute, which CloudWatch (p. 10)
computes a statistic (p. 57) over.

sandbox A testing location where you can test the functionality of your application without
affecting production, incurring charges, or purchasing products.

Amazon SES (p. 54): An environment that developers can use to test and
evaluate the service. In the sandbox, you have full access to the Amazon SES
API, but you can only send messages to verified email addresses and the mailbox

50
 AWS Glossary Reference

simulator. To get out of the sandbox, you must apply for production access.
Accounts in the sandbox also have lower sending limits (p. 53) than production
accounts.

scale in To remove EC2 instances from an Auto Scaling group (p. 6).

scale out To add EC2 instances to an Auto Scaling group (p. 6).

scaling activity A process that changes the size, configuration, or makeup of an Auto Scaling
group (p. 6) by launching or terminating instances.

scaling policy A description of how Auto Scaling automatically scales an Auto Scaling
group (p. 6) in response to changing demand.
See Also scale in, scale out.

scheduler The method used for placing tasks (p. 60) on container instances (p. 13).

schema Amazon Machine Learning: The information that's needed to interpret the input
data for a machine learning model, including attribute names and their assigned
data types, and the names of special attributes.

score cut-off value
Amazon Machine Learning: A binary classification model outputs a score that
ranges from 0 to 1. To decide whether an observation is classified as 1 or 0, you
pick a classification threshold, or cut-off, and Amazon ML compares the score
against it. Observations with scores higher than the cut-off are predicted as target
equals 1, and scores lower than the cut-off are predicted as target equals 0.

SCP See service control policy.

AWS SCT AWS Schema Conversion Tool is a desktop application that automates
heterogeneous database migrations. You can use AWS SCT to convert database
schemas and code objects, SQL code in your applications, and ETL scripts to a
format compatible with the target database. Then, you can use AWS SCT data
extraction agents to migrate data to your target database.
See Also https://aws.amazon.com/dms/schema-conversion-tool.

AWS SDK for .NET
AWS SDK for .NET is a software development kit that provides .NET API
operations for AWS services including Amazon S3 (p. 50), Amazon
EC2 (p. 19), IAM (p. 27), and more. You can download the SDK as multiple
service-specific packages on NuGet.
See Also https://aws.amazon.com/sdk-for-net/.

SDK for C++ AWS SDK for C++ is a software development kit that provides C++ APIs for
many AWS services including Amazon S3 (p. 50), Amazon EC2 (p. 19),
DynamoDB (p. 18), and more. The single, downloadable package includes the
AWS C++ library, code examples, and documentation.
See Also https://aws.amazon.com/sdk-for-cpp/.

SDK for Go AWS SDK for Go is a software development kit for integrating your Go application
with the full suite of AWS services.
See Also https://aws.amazon.com/sdk-for-go/.

SDK for Java AWS SDK for Java is a software development kit that provides Java API operations
for many AWS services including Amazon S3 (p. 50), Amazon EC2 (p. 19),
DynamoDB (p. 18), and more. The single, downloadable package includes the
AWS Java library, code examples, and documentation.
See Also https://aws.amazon.com/sdk-for-java/.

SDK for JavaScript in Node.js AWS SDK for JavaScript in Node.js is a software development kit for accessing
AWS services from JavaScript in Node.js. The SDK provides JavaScript objects

51
 AWS Glossary Reference

for AWS services, including Amazon S3 (p. 50), Amazon EC2 (p. 19),
DynamoDB (p. 18), and Amazon SWF (p. 57). The single, downloadable
package includes the AWS JavaScript library and documentation.
See Also https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/.

SDK for JavaScript in the AWS SDK for JavaScript in the Browser is a software development kit for
Browser accessing AWS services from JavaScript code running in the browser. Authenticate
users through Facebook, Google, or Login with Amazon using web identity
federation. Store application data in DynamoDB (p. 18), and save user files to
Amazon S3 (p. 50).
See Also https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/.

SDK for PHP AWS SDK for PHP is a software development kit and open-source PHP library for
integrating your PHP application with AWS services such as Amazon S3 (p. 50),
Amazon S3 Glacier (p. 50), and DynamoDB (p. 18).
See Also https://aws.amazon.com/sdk-for-php/.

SDK for Python (Boto3) AWS SDK for Python (Boto3) is a software development kit for using Python
to access AWS services such as Amazon EC2 (p. 19), Amazon EMR (p. 21),
Amazon EC2 Auto Scaling (p. 19), Kinesis (p. 32), or Lambda (p. 33).
See Also http://boto.readthedocs.org/en/latest/.

SDK for Ruby AWS SDK for Ruby is a software development kit for accessing AWS services from
Ruby. The SDK provides Ruby classes for many AWS services including Amazon
S3 (p. 50), Amazon EC2 (p. 19), DynamoDB (p. 18) and more. The single,
downloadable package includes the AWS Ruby Library and documentation.
See Also https://aws.amazon.com/sdk-for-ruby/.

SDK for Rust AWS SDK for Rust is a software development kit that provides APIs and utilities
for developers. It enables Rust applications to integrate with AWS services such as
Amazon S3 and Amazon EC2.

SDK for Swift AWS SDK for Swift is a software development kit that provides support for
accessing AWS infrastructure and services using the Swift language.

search API CloudSearch (p. 10): The API that you use to submit search requests to a search
domain (p. 52).

search domain CloudSearch (p. 10): Encapsulates your searchable data and the search
instances that handle your search requests. You typically set up a separate
Amazon CloudSearch domain for each different collection of data that you want
to search.

search domain configuration CloudSearch (p. 10): A domain's indexing options, analysis schemes (p. 3),
expressions (p. 23), suggesters (p. 58), access policies, and scaling and
availability options.

search enabled CloudSearch (p. 10): An index field option that enables the field data to be
searched.

search endpoint CloudSearch (p. 10): The URL that you connect to when sending search
requests to a search domain. Each Amazon CloudSearch domain has a unique
search endpoint that remains the same for the life of the domain.

search index CloudSearch (p. 10): A representation of your searchable data that facilitates
fast and accurate data retrieval.

search instance CloudSearch (p. 10): A compute resource (p. 48) that indexes your data
and processes search requests. An Amazon CloudSearch domain has one or

52
 AWS Glossary Reference

more search instances, each with a finite amount of RAM and CPU resources.
As your data volume grows, more search instances or larger search instances
are deployed to contain your indexed data. When necessary, your index is
automatically partitioned across multiple search instances. As your request
volume or complexity increases, each search partition is automatically replicated
to provide additional processing capacity.

search request CloudSearch (p. 10): A request that's sent to an Amazon CloudSearch domain's
search endpoint to retrieve documents from the index that match particular
search criteria.

search result CloudSearch (p. 10): A document that matches a search request. Also referred
to as a search hit.

secret access key A key that's used with the access key ID (p. 1) to cryptographically sign
programmatic AWS requests. Signing a request identifies the sender and prevents
the request from being altered. You can generate secret access keys for your AWS
account (p. 2), individual IAM users (p. 62)and temporary sessions.

Secrets Manager AWS Secrets Manager is a service for securely encrypting, storing, and rotating
credentials for databases and other services.
See Also https://aws.amazon.com/secrets-manager/.

security group A named set of allowed inbound network connections for an instance. (Security
groups in Amazon VPC (p. 64) also include support for outbound connections.)
Each security group consists of a list of protocols, ports, and IP address ranges. A
security group can apply to multiple instances, and multiple groups can regulate a
single instance.

Security Hub AWS Security Hub is a service that provides a comprehensive view of the security
state of your AWS resources. Security Hub collects security data from AWS
accounts and services and helps you analyze your security trends to identify and
prioritize the security issues across your AWS environment.
See Also https://aws.amazon.com/security-hub/.

sender The person or entity sending an email message.

Sender ID A Microsoft controlled version of SPF (p. 56). An email authentication and
anti-spoofing system. For more information about Sender ID, see Sender ID in
Wikipedia.

sending limits The sending quota (p. 53) and maximum send rate (p. 36) that are
associated with every Amazon SES (p. 54) account.

sending quota The maximum number of email messages that you can send using Amazon
SES (p. 54) in a 24-hour period.

AWS Serverless Application
Repository
AWS Serverless Application Repository is a managed repository that teams,
organizations, and individual developers can use to store and share reusable
applications, and assemble and deploy serverless architectures in powerful new
ways.
See Also https://aws.amazon.com/serverless/serverlessrepo/.

server-side encryption (SSE) The encrypting (p. 21) of data at the server level. Amazon S3 (p. 50)
supports three modes of server-side encryption: SSE-S3, where Amazon S3
manages the keys; SSE-C, where the customer manages the keys; and SSE-KMS,
where AWS KMS (p. 33) manages keys.

Service Catalog AWS Service Catalog is a web service that helps organizations create and manage
catalogs of IT services that are approved for use on AWS. These IT services can

53
 AWS Glossary Reference

include everything from virtual machine images, servers, software, and databases
to complete multitier application architectures.
See Also https://aws.amazon.com/servicecatalog/.

service control policy Organizations (p. 41): A policy-based control that specifies the services and
actions that users and roles can use in the accounts that the service control policy
(SCP) affects.

service endpoint See endpoint.

service health dashboard A webpage showing up-to-the-minute information about AWS service availability.
The dashboard is located at http://status.aws.amazon.com/.

AWS Service Management AWS Service Management Connector enables customers to provision, manage,
Connector and operate AWS resources and capabilities in familiar IT Service Management
(ITSM) tooling.
See Also https://aws.amazon.com/service-management-connector.

Service Quotas A service for viewing and managing your quotas easily and at scale as your AWS
workloads grow. Quotas, also referred to as limits, are the maximum number of
resources that you can create in an AWS account.

service role An IAM (p. 27) role (p. 49) that grants permissions to an AWS service so it
can access AWS resources (p. 48). The policies that you attach to the service
role determine which AWS resources the service can access and what it can do
with those resources.

Amazon SES Amazon Simple Email Service is an simple and cost-effective email solution for
applications.
See Also https://aws.amazon.com/ses.

session The period when the temporary security credentials that are provided by AWS
STS (p. 58) allow access to your AWS account.

SHA Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS
has replaced with SHA256.

shard OpenSearch Service (p. 41): A partition of data in an index. You can split an
index into multiple shards, which can include primary shards (original shards) and
replica shards (copies of the primary shards). Replica shards provide failover. This
means that, if a cluster node that contains a primary shard fails, a replica shard is
promoted to a primary shard. Replica shards also can handle requests.

shared AMI An Amazon Machine Image (AMI) (p. 3) that a developer builds and makes
available for others to use.

Shield AWS Shield is a service that helps to protect your resources—such as Amazon
EC2 instances, Elastic Load Balancing load balancers, Amazon CloudFront
distributions, and Route 53 hosted zones—against DDoS attacks. AWS Shield is
automatically included at no extra cost beyond what you already pay for AWS
WAF and your other AWS services. For added protection against DDoS attacks,
AWS offers AWS Shield Advanced.
See Also https://aws.amazon.com/shield.

shutdown action Amazon EMR (p. 21): A predefined bootstrap action that launches a script that
runs a series of commands in parallel before terminating the job flow.

signature Refers to a digital signature, which is a mathematical way to confirm the

authenticity of a digital message. AWS uses signatures to authenticate the

54
 AWS Glossary Reference

requests you send to our web services. For more information, to https://
aws.amazon.com/security.

SIGNATURE file Import/Export (p. 28): A file that you copy to the root directory of your storage
device. The file contains a job ID, manifest file, and a signature.

Signature Version 4 Protocol for authenticating inbound API requests to AWS services in all AWS
Regions.

Signer AWS Signer is a fully managed code-signing service used to ensure the
authenticity and integrity of an AWS customer's code.

Silk Amazon Silk is a next-generation web browser that's available only on Fire OS
tablets and phones. Built on a split architecture that divides processing between
the client and the AWS Cloud, Amazon Silk creates a faster, more responsive
mobile browsing experience.

Simple Mail Transfer Protocol See SMTP.

Simple Object Access Protocol See SOAP.

SimSpace Weaver AWS SimSpace Weaver is a managed service that you can use to build and run
large-scale spatial simulations in the AWS Cloud.
See Also https://aws.amazon.com/simspaceweaver/.

SIMS recipe See item-to-item similarities (SIMS) recipe.

single sign-on An authentication scheme that allows users to sign in one time to access multiple
applications and websites. The service name AWS Single Sign-On is now AWS IAM
Identity Center (successor to AWS Single Sign-On).
See Also IAM Identity Center.

Single-AZ DB instance A standard (non-Multi-AZ) DB instance (p. 16) that's deployed in one
Availability Zone (p. 6), without a standby replica in another Availability Zone.
See Also Multi-AZ deployment.

Site-to-Site VPN AWS Site-to-Site VPN is a fully managed service that you can use to establish
Internet Protocol security (IPsec) VPN connections between your AWS networks
and your on-premises networks.
See Also https://aws.amazon.com/vpn/site-to-site-vpn.

sloppy phrase search A search for a phrase that specifies how close the terms must be to one another
to be considered a match.

AWS SMS AWS Server Migration Service is a service that combines data collection tools with
automated server replication to speed the migration of on-premises servers to
AWS.
See Also https://aws.amazon.com/server-migration-service.

SMTP Simple Mail Transfer Protocol. The standard that's used to exchange email
messages between internet hosts for the purpose of routing and delivery.

snapshot Amazon EBS (p. 19): A backup of your volumes (p. 64) that's stored in
Amazon S3 (p. 50). You can use these snapshots as the starting point for new
Amazon EBS volumes or to protect your data for long-term durability.
See Also DB snapshot.

Snowball AWS Snowball is a petabyte-scale data transport solution that uses devices that
are secure to transfer large amounts of data into and out of the AWS Cloud.
See Also https://aws.amazon.com/snowball.

55
 AWS Glossary Reference

Amazon SNS Amazon Simple Notification Service is a web service that applications, users, and
devices can use to instantly send and receive notifications from the cloud.
See Also https://aws.amazon.com/sns.

SOAP Simple Object Access Protocol. An XML-based protocol that you can use to
exchange information over a particular protocol (for example, HTTP or SMTP)
between applications.
See Also REST, WSDL.

soft bounce A temporary email delivery failure such as one resulting from a full mailbox.

software VPN A software appliance-based VPN connection over the internet.

solution Amazon Personalize (p. 43): The recipe, customized parameters, and trained
models (solution versions) that can be used to generate recommendations.
See Also recipe, solution version, recommendations.

solution version Amazon Personalize (p. 43): A trained model that you create as part of a
solution in Amazon Personalize. You deploy a solution version in a campaign to
generate recommendations.
See Also solution, campaign, recommendations.

sort enabled CloudSearch (p. 10): An index field option that enables a field to be used to
sort the search results.

sort key An attribute used to sort the order of partition keys in a composite primary key
(also known as a range attribute).
See Also partition key, primary key.

source/destination checking
A security measure to verify that an EC2 instance (p. 19) is the origin of all
traffic that it sends and the ultimate destination of all traffic that it receives.
In other words, this measure verifies that the instance isn't relaying traffic. By
default, source/destination checking is turned on. For instances that function
as gateways, such as Amazon VPC (p. 64) NAT (p. 39) instances, source/
destination checking must be disabled.

spam Unsolicited bulk emails.

spamtrap An email address that's set up by an anti-spam (p. 56) entity. This email
address isn't for correspondence but rather for monitoring unsolicited emails. This
is also called a honeypot.

SPF Sender Policy Framework. A standard for authenticating email.

SPICE A robust in-memory engine that is part of Amazon QuickSight (p. 46).
Engineered for the cloud, SPICE (Super-fast, Parallel, In-memory Calculation
Engine) uses a combination of storage and in-memory technologies. It uses
these to get faster results from interactive queries and advanced calculations on
large datasets. SPICE automatically replicates data for high availability. SPICE
makes it possible for Amazon QuickSight to support hundreds of thousands of
simultaneous analyses across a variety of data sources.

Spot Instance A type of EC2 instance (p. 19) that you can bid on to use unused Amazon
EC2 (p. 19) capacity.

Spot price The price for a Spot Instance (p. 56) at any given time. If your maximum price
exceeds the current price and your restrictions are met, Amazon EC2 (p. 19)
launches instances on your behalf.

SQL injection match condition AWS WAF (p. 64): An attribute that specifies the part of web requests (such as
a header or a query string) that AWS WAF inspects for malicious SQL code. Based

56
 AWS Glossary Reference

on the specified conditions, you can configure AWS WAF to allow or block web
requests to an AWS resource (p. 48), such as an Amazon CloudFront (p. 10)
distribution.

Amazon SQS Amazon Simple Queue Service is a reliable and scalable hosted queues for storing
messages as they travel between computers.
See Also https://aws.amazon.com/sqs.

Amazon SWF Amazon Simple Workflow Service is a fully managed service that helps developers
build, run, and scale background jobs that have parallel or sequential steps.
Amazon SWF functions similar to a state tracker and task coordinator in the AWS
Cloud.
See Also https://aws.amazon.com/swf/.

SSE See server-side encryption (SSE).

SSL Secure Sockets Layer

See Also Transport Layer Security (TLS).

stack CloudFormation (p. 10): A collection of AWS resources that you create and
delete as a single unit.

OpsWorks (p. 41): A set of instances that you manage collectively, typically
because they have a common purpose such as serving PHP applications. A stack
serves as a container and handles tasks that apply to the group of instances as a
whole, such as managing applications and cookbooks.

station CodePipeline (p. 11): A portion of a pipeline workflow where one or more
actions are performed.

station A place at an AWS facility where your AWS Import/Export data is transferred on
to, or off of, your storage device.

statistic One of five functions of the values submitted for a given sampling
period (p. 50). These functions are Maximum, Minimum, Sum, Average, and
SampleCount.

stem The common root or substring shared by a set of related words.

stemming The process of mapping related words to a common stem. This enables matching
on variants of a word. For example, a search for "horse" could return matches for
horses, horseback, and horsing, as well as horse. CloudSearch (p. 10) supports
both dictionary based and algorithmic stemming.

step Amazon EMR (p. 21): A single function applied to the data in a job
flow (p. 31). The sum of all steps comprises a job flow.

Step Functions AWS Step Functions is a web service that coordinates the components of
distributed applications as a series of steps in a visual workflow.
See Also https://aws.amazon.com/step-functions/.

step type Amazon EMR (p. 21): The type of work done in a step. There are a limited
number of step types, such as moving data from Amazon S3 (p. 50) to Amazon
EC2 (p. 19) or from Amazon EC2 to Amazon S3.

sticky session A feature of the ELB (p. 20) load balancer that binds a user's session to a
specific application instance. This is so that all requests that are coming from the
user during the session are sent to the same application instance. By contrast, a
load balancer defaults to route each request independently to the application
instance with the smallest load.

57
 AWS Glossary Reference

stopping The process of filtering stop words from an index or search request.

stopword A word that isn't indexed and is automatically filtered out of search requests
because it's either insignificant or so common that including it results in too many
matches to be useful. Stopwords are language specific.

Storage Gateway AWS Storage Gateway is a web service that connects an on-premises software
appliance with cloud-based storage. Storage Gateway provides seamless and
secure integration between an organization's on-premises IT environment and
AWS storage infrastructure.
See Also https://aws.amazon.com/storagegateway/.

streaming Amazon EMR (p. 21): A utility that comes with Hadoop (p. 26) that you can
use to develop MapReduce executables in languages other than Java.

CloudFront (p. 10): The ability to use a media file in real time—as it's
transmitted in a steady stream from a server.

streaming distribution A special kind of distribution (p. 17) that serves streamed media files using a
Real Time Messaging Protocol (RTMP) connection.

Streams See Kinesis Data Streams.

string match condition AWS WAF (p. 64): An attribute that specifies the strings that AWS WAF
searches for in a web request, such as a value in a header or a query string.
Based on the specified strings, you can configure AWS WAF to allow or block
web requests to an AWS resource (p. 48), such as a CloudFront (p. 10)
distribution.

string-to-sign Before you calculate an HMAC (p. 27) signature, you first assemble the required
components in a canonical order. The preencrypted string is the string-to-sign.

strongly consistent read A read process that returns a response with the most up-to-date data. This data
reflects the updates from all previous write operations that were successful—
regardless of the Region.
See Also data consistency, eventual consistency, eventually consistent read.

structured query Search criteria that are specified using the CloudSearch (p. 10) structured
query language. You use the structured query language to construct compound
queries that use advanced search options and combine multiple search criteria
using Boolean operators.

AWS STS AWS Security Token Service is a web service for requesting temporary, limited-
privilege credentials for IAM (p. 27) users or for users that you authenticate
(federated users (p. 24)).
See Also https://aws.amazon.com/iam/.

subnet A segment of the IP address range of a Amazon VPC (p. 64) that an EC2
instance (p. 19) can be attached to. You can create subnets to group instances
according to security and operational needs.

Subscription button An HTML-coded button that provides a simple way to charge customers a
recurring fee.

suggester CloudSearch (p. 10): Specifies an index field for getting autocomplete
suggestions and options that can enable fuzzy matches and control how
suggestions are sorted.

suggestions Documents that contain a match for the partial search string in the field that's
designated by the suggester (p. 58). CloudSearch (p. 10) suggestions include

58
 AWS Glossary Reference

the document IDs and field values for each matching document. To be a match,
the string must match the contents of the field starting from the beginning of the
field.

Sumerian Amazon Sumerian is a set of tools for creating and running high-quality 3D,
augmented reality (AR), and virtual reality (VR) applications on the web.
See Also https://aws.amazon.com/sumerian/.

supported AMI An Amazon Machine Image (AMI) (p. 3) similar to a paid AMI (p. 42), except
that the owner charges for additional software or a service that customers use
with their own AMIs.

SWF See Amazon SWF.

symmetric encryption Encryption (p. 21) that uses a private key only.
See Also asymmetric encryption.

synchronous bounce A type of bounce (p. 7) that occurs while the email servers of the
sender (p. 53) and receiver (p. 47) are actively communicating.

synonym A word that's the same or nearly the same as an indexed word and that likely
produces the same results when specified in a search request. For example, a
search for "Rocky Four" or "Rocky 4" likely returns the fourth Rocky movie. You
can do this by designating that four and 4 are synonyms for IV. Synonyms are
language specific.

Systems Manager AWS Systems Manager is the operations hub for AWS and hybrid cloud
environments that can help achieve secure operations at scale. It provides a
unified user interface for users to view operations data from multiple AWS
services and automate tasks across their AWS resources.
See Also https://aws.amazon.com/systems-manager.

T
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

table A collection of data. Similar to other database systems, DynamoDB stores data in
tables.

tag Metadata that you can define and assign to AWS resources (p. 48), such as an
EC2 instance (p. 19). Not all AWS resources can be tagged.

tagging Tagging resources: Applying a tag (p. 59) to an AWS resource (p. 48).

Amazon SES (p. 54): Also called labeling. A way to format return path (p. 49)
email addresses so that you can specify a different return path for each
recipient of a message. You can use tagging to support VERP (p. 63). For
example, if Andrew manages a mailing list, he can use the return paths andrew
[email protected] and [email protected] so that
he can determine which email bounced.

target attribute Amazon Machine Learning (Amazon ML): The attribute in the input data that
contains the “correct” answers. Amazon ML uses the target attribute to learn how
to make predictions on new data. For example, if you were building a model for
predicting the sale price of a house, the target attribute would be “target sale
price in USD.”

59
 AWS Glossary Reference

target revision CodeDeploy (p. 11): The most recent version of the application revision that
has been uploaded to the repository and will be deployed to the instances in a
deployment group. In other words, the application revision currently targeted
for deployment. This is also the revision that will be pulled for automatic
deployments.

task An instantiation of a task definition (p. 60) that's running on a container

instance (p. 13).

task definition The blueprint for your task. Specifies the name of the task (p. 60), revisions,
container definitions (p. 12), and volume (p. 64) information.

task node An EC2 instance (p. 19) that runs Hadoop (p. 26) map and reduce tasks,
but doesn't store data. Task nodes are managed by the master node (p. 36),
which assigns Hadoop tasks to nodes and monitors their status. While a job flow
is running, you can increase and decrease the number of task nodes. Because they
don't store data and can be added and removed from a job flow, you can use task
nodes to manage the EC2 instance capacity your job flow uses, increasing capacity
to handle peak loads and decreasing it later.

Task nodes only run a TaskTracker Hadoop daemon.

tebibyte (TiB) A contraction of tera binary byte. A tebibyte (TiB) is 2^40 or 1,099,511,627,776
bytes. A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a
pebibyte (PiB) (p. 42).

template format version The version of an CloudFormation (p. 10) template design that determines the
available features. If you omit the AWSTemplateFormatVersion section from
your template, AWS CloudFormation assumes the most recent format version.

template validation The process of confirming the use of JSON (p. 31) code in an
CloudFormation (p. 10) template. You can validate any AWS CloudFormation
template using the cfn-validate-template command.

temporary security Authentication information that's provided by AWS STS (p. 58) when you
credentials call an STS API action. Includes an access key ID (p. 1), a secret access
key (p. 53), a session (p. 54) token, and an expiration time.

Amazon Textract Amazon Textract is a service that automatically extracts text and data from
scanned documents. Amazon Textract goes beyond simple optical character
recognition (OCR) to also identify the contents of fields in forms and information
stored in tables.
See Also https://aws.amazon.com/textract/.

throttling The automatic restricting or slowing down of a process based on one or more
limits. For example, Kinesis Data Streams (p. 33) throttles operations if an
application (or group of applications operating on the same stream) attempts to
get data from a shard at a rate faster than the shard limit. API Gateway (p. 3)
uses throttling to limit the steady-state request rates for a single account.
Amazon SES (p. 54) uses throttling to reject attempts to send email that
exceeds the sending limits (p. 53).

time-series data Data that's provided as part of a metric. The time value is assumed to
be when the value occurred. A metric is the fundamental concept for
CloudWatch (p. 10) and represents a time-ordered set of data points. You
publish metric data points into CloudWatch and later retrieve statistics about
those data points as a time-series ordered dataset.

timestamp A date/time string in the ISO 8601 format (more specifically, in the YYYY-MM-DD
format).

60
 AWS Glossary Reference

Timestream Amazon Timestream is a scalable and serverless time series database service for
real-time analytics, DevOps, and IoT applications that you can use to store and
analyze trillions of events per day.
See Also https://aws.amazon.com/timestream.

TLS See Transport Layer Security (TLS).

tokenization The process of splitting a stream of text into separate tokens on detectable
boundaries such as white space and hyphens.

AWS Toolkit for Eclipse AWS Toolkit for Eclipse is an open-source plugin for the Eclipse Java integrated
development environment (IDE) that makes it easier to develop, debug, and
deploy Java applications using Amazon Web Services.
See Also https://aws.amazon.com/eclipse/.

AWS Toolkit for JetBrains AWS Toolkit for JetBrains is an open-source plugin for the integrated
development environments (IDEs) from JetBrains that makes it easier to develop,
debug, and deploy serverless applications using Amazon Web Services.
See Also https://aws.amazon.com/intellij/, https://aws.amazon.com/pycharm/.

AWS Toolkit for Microsoft AWS Toolkit for Microsoft Azure DevOps provides tasks you can use in build and
Azure DevOps release definitions in VSTS to interact with AWS services.
See Also https://aws.amazon.com/vsts/.

AWS Toolkit for Visual Studio AWS Toolkit for Visual Studio is an extension for Visual Studio that helps in
developing, debugging, and deploying .NET applications using Amazon Web
Services.
See Also https://aws.amazon.com/visualstudio/.

AWS Toolkit for Visual Studio AWS Toolkit for Visual Studio Code is an open-source plugin for the Visual
Code Studio Code (VS Code) editor that makes it easier to develop, debug, and deploy
applications using Amazon Web Services.
See Also https://aws.amazon.com/visualstudiocode/.

AWS Tools for PowerShell AWS Tools for PowerShell is a set of PowerShell cmdlets to help developers
and administrators manage their AWS services from the PowerShell scripting
environment.
See Also https://aws.amazon.com/powershell/.

topic A communication channel to send messages and subscribe to notifications. It

provides an access point for publishers and subscribers to communicate with each
other.

Traffic Mirroring An Amazon VPC feature that you can use to copy network traffic from an elastic
network interface of Amazon EC2 instances. You can then send this network
traffic to out-of-band security and monitoring appliances for content inspection,
threat monitoring, and troubleshooting.
See Also https://aws.amazon.com/vpc/.

training datasource A datasource that contains the data that Amazon Machine Learning uses to train
the machine learning model to make predictions.

Amazon Transcribe Amazon Transcribe is a machine learning service that uses automatic speech
recognition (ASR) to quickly and accurately convert speech to text.
See Also https://aws.amazon.com/transcribe/.

Amazon Transcribe Medical Amazon Transcribe Medical is an automatic speech recognition (ASR) service
for adding medical speech-to-text capabilities to voice-enabled clinical
documentation applications.
See Also https://aws.amazon.com/transcribe/medical/.

61
 AWS Glossary Reference

Transfer Family AWS Transfer Family offers fully managed support for transferring files over SFTP,
FTPS, and FTP into and out of Amazon S3 or Amazon EFS, as well as support
for the Applicability Statement 2 (AS2) protocol for business-to-business (B2B)
transfers.
See Also https://aws.amazon.com/aws-transfer-family.

transition CodePipeline (p. 11): The act of a revision in a pipeline continuing from one
stage to the next in a workflow.

Amazon Translate Amazon Translate is a neural machine translation service that delivers fast, high-
quality, and affordable language translation.
See Also https://aws.amazon.com/translate/.

Transport Layer Security (TLS) A cryptographic protocol that provides security for communication over the
internet. Its predecessor is Secure Sockets Layer (SSL).

trust policy An IAM (p. 27) policy (p. 43) that's an inherent part of an IAM role (p. 49).
The trust policy specifies which principals are allowed to use the role.

Trusted Advisor AWS Trusted Advisor is a web service that inspects your AWS environment and
makes recommendations for saving money, improving system availability and
performance, and helping to close security gaps.
See Also https://aws.amazon.com/premiumsupport/trustedadvisor/.

trusted key groups Amazon CloudFront key groups whose public keys CloudFront can use to verify
the signatures of CloudFront signed URLs and signed cookies.

trusted signers See trusted key groups (p. 62).

tuning Selecting the number and type of AMIs (p. 3) to run a Hadoop (p. 26) job
flow most efficiently.

tunnel A route for transmission of private network traffic that uses the internet to
connect nodes in the private network. The tunnel uses encryption and secure
protocols such as PPTP to prevent the traffic from being intercepted as it passes
through public routing nodes.

U
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

unbounded The number of potential occurrences isn't limited by a set number. This
value is often used when defining a data type that's a list (for example,
maxOccurs="unbounded"), in WSDL (p. 65).

unit Standard measurement for the values submitted to CloudWatch (p. 10) as
metric data. Units include seconds, percent, bytes, bits, count, bytes/second, bits/
second, count/second, and none.

usage report An AWS record that details your usage of a particular AWS service. You can
generate and download usage reports from https://aws.amazon.com/usage-
reports/.

user A person or application under an account (p. 2) that makes API calls to
AWS products. Each user has a unique name within the AWS account, and a set
of security credentials that aren't shared with other users. These credentials

62
 AWS Glossary Reference

are separate from the security credentials for the AWS account. Each user is
associated with one and only one AWS account.

USER_PERSONALIZATION Amazon Personalize (p. 43): Recipes that are used to build a recommendation
recipes system that predicts the items that a user interacts with based on data provided
in Interactions, Items, and Users datasets.
See Also recipe, user-personalization recipe, popularity-count recipe, HRNN.

user-personalization recipe Amazon Personalize (p. 43): An HRNN-based USER_PERSONALIZATION recipe

that predicts the items that a user interacts with. The user-personalization recipe
can use item exploration and impressions data to generate recommendations for
new items.
See Also HRNN, recipe, USER_PERSONALIZATION recipes, item exploration,
impressions data, recommendations.

Users dataset Amazon Personalize (p. 43): A container for metadata about your users, such as
age, gender, or loyalty membership.
See Also dataset.

V
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

validation See template validation.

value Instances of attributes (p. 5) for an item, such as cells in a spreadsheet. An

attribute might have multiple values.

Tagging resources: A specific tag (p. 59) label that acts as a descriptor within a
tag category (key). For example, you might have EC2 instance (p. 19) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 48)
with up to 10 key–value pairs. Not all AWS resources can be tagged.

Variable Envelope Return See VERP.

Path

verification The process of confirming that you own an email address or a domain so that you
can send email from or to it.

VERP Variable Envelope Return Path. A way that email-sending applications can match
bounced (p. 7) email with the undeliverable address that caused the bounce
by using a different return path (p. 49) for each recipient. VERP is typically
used for mailing lists. With VERP, the recipient's email address is embedded in the
address of the return path, which is where bounced email is returned. This makes
it possible to automate the processing of bounced email without having to open
the bounce messages, which might vary in content.

versioning Every object in Amazon S3 (p. 50) has a key and a version ID. Objects with the
same key, but different version IDs can be stored in the same bucket (p. 7).
Versioning is enabled at the bucket layer using PUT Bucket versioning.

VGW See virtual private gateway (VGW).

virtual private gateway (VGW) The Amazon side of a VPN connection (p. 64) that maintains connectivity.
The internal interfaces of the virtual private gateway connect to your Amazon

63
 AWS Glossary Reference

VPC (p. 64) through the VPN attachment. The external interfaces connect to
the VPN connection, which leads to the customer gateway (p. 14).

virtualization Allows multiple guest virtual machines (VM) to run on a host operating system.
Guest VMs can run on one or more levels above the host hardware, depending on
the type of virtualization.
See Also PV virtualization, HVM virtualization.

visibility timeout The period of time that a message is invisible to the rest of your application after
an application component gets it from the queue. During the visibility timeout,
the component that received the message usually processes it, and then deletes
it from the queue. This prevents multiple components from processing the same
message.

VM Import/Export VM Import/Export is a service for importing virtual machine (VM) images from
your existing virtualization environment to Amazon EC2 and then exporting them
back.
See Also https://aws.amazon.com/ec2/vm-import.

volume A fixed amount of storage on an instance (p. 29). You can share volume data
between more than one container (p. 12) and persist the data on the container
instance (p. 13) when the containers are no longer running.

Amazon VPC Amazon Virtual Private Cloud is a web service for provisioning a logically isolated
section of the AWS Cloud virtual network that you define. You control your
virtual networking environment by selecting your own IP address range, creating
subnets (p. 58) and configuring route tables (p. 50) and network gateways.
See Also https://aws.amazon.com/vpc.

VPC endpoint A feature that you can use to create a private connection between your Amazon
VPC (p. 64) and another AWS service without requiring access over the
internet, through a NAT (p. 39) instance, a VPN connection (p. 64), or Direct
Connect (p. 17).

VPG See virtual private gateway (VGW).

AWS VPN AWS Virtual Private Network provides functionality that establishes encrypted
connections between your network or device, and AWS. AWS VPN is comprised of
two services: AWS Client VPN (p. 9) and AWS Site-to-Site VPN (p. 55).
See Also https://aws.amazon.com/vpn.

AWS VPN CloudHub AWS VPN CloudHub is a feature that enables secure communication between
branch offices using a simple hub-and-spoke model, with or without a VPN.

VPN connection Amazon Web Services (AWS) (p. 3): The IPsec connection that's between a
Amazon VPC (p. 64) and some other network, such as a corporate data center,
home network, or colocation facility.

W
Numbers and symbols (p. 1) | A (p. 1) | B (p. 6) | C (p. 7) | D (p. 14) | E (p. 19) | F (p. 24) |
G (p. 25) | H (p. 26) | I (p. 27) | J (p. 31) | K (p. 32) | L (p. 33) | M (p. 35) | N (p. 38) | O (p. 40)
| P (p. 42) | Q (p. 45) | R (p. 46) | S (p. 50) | T (p. 59) | U (p. 62) | V (p. 63) | W (p. 64) | X, Y,
Z (p. 65)

AWS WAF AWS WAF is a web application firewall service that controls access to content by
allowing or blocking web requests based on criteria that you specify. For example,
you can filter access based on the header values or the IP addresses that the

64
 AWS Glossary Reference

requests originate from. AWS WAF helps protect web applications from common
web exploits that could affect application availability, compromise security, or
consume excessive resources.
See Also https://aws.amazon.com/waf/.

Amazon WAM Amazon WorkSpaces Application Manager (Amazon WAM) is a web service for
deploying and managing applications for WorkSpaces. Amazon WAM accelerates
software deployment, upgrades, patching, and retirement by packaging Windows
desktop applications into virtualized application containers.
See Also https://aws.amazon.com/workspaces/applicationmanager.

AWS Wavelength AWS Wavelength is a service by AWS that embeds AWS compute and storage
services within 5G networks to provide mobile edge computing infrastructure.
Use AWS Wavelength to develop, deploy, and scale ultra-low-latency applications
to mobile devices and end users.
See Also https://aws.amazon.com/wavelength.

web access control list (web AWS WAF (p. 64): A set of rules that defines the conditions that AWS WAF
ACL) searches for in web requests to an AWS resource (p. 48), such as a Amazon
CloudFront (p. 10) distribution. A web access control list (web ACL) specifies if
to allow, block, or count the requests.

Web Services Description See WSDL.

Language

WorkDocs Amazon WorkDocs is a managed, secure enterprise document storage and sharing
service with administrative controls and feedback capabilities.
See Also https://aws.amazon.com/workdocs/.

Amazon WorkLink Amazon WorkLink is a cloud-based service that provides secure access to internal
websites and web apps from mobile devices.
See Also https://aws.amazon.com/worklink/.

WorkMail Amazon WorkMail is a managed, secure business email and calendar service with
support for existing desktop and mobile email clients.
See Also https://aws.amazon.com/workmail/.

WorkSpaces Amazon WorkSpaces is a managed, secure desktop computing service for

provisioning cloud-based desktops and providing users access to documents,
applications, and resources (p. 48) from supported devices.
See Also https://aws.amazon.com/workspaces/.

WSDL Web Services Description Language. A language that's used to describe the
actions that a web service can perform, along with the syntax of action requests
and responses.
See Also REST, SOAP.

X, Y, Z
X.509 certificate A digital document that uses the X.509 public key infrastructure (PKI) standard
to verify that a public key belongs to the entity that's described in the
certificate (p. 8).

X-Ray AWS X-Ray is a web service that collects data about requests that your application
serves. X-Ray provides tools that you can use to view, filter, and gain insights into
that data to identify issues and opportunities for optimization.
See Also https://aws.amazon.com/xray/.

65
 AWS Glossary Reference

yobibyte (YiB) A contraction of yotta binary byte. A yobibyte (YiB) is 2^80 or

1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or
1,000,000,000,000,000,000,000,000 bytes.

zebibyte (ZiB) A contraction of zetta binary byte. A zebibyte (ZiB) is 2^70 or

1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or
1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB) (p. 66).

zone awareness OpenSearch Service (p. 41): A configuration that distributes nodes in a cluster
across two Availability Zones (p. 6) in the same Region. Zone awareness helps
to prevent data loss and minimizes downtime if a node and data center fails. If
you enable zone awareness, you must have an even number of data instances
in the instance count, and you also must use the Amazon OpenSearch Service
Configuration API to replicate your data for your OpenSearch cluster.

66