There are many terms in AWS that use confusing names for simple things.
Even working with AWS for over a year, I really miss out on some terms. That's why I wrote this article. Typing whatever I remember. I am studying these for my AWS exam, which I will take in a few weeks!
So here are the terms:
Terms
- Access control list (ACL): A firewall/security layer on the subnet level
- Auto scaling: Automates the process of adding or removing EC2 instances based on traffic demand for your application
- Buckets: Root-level “folders”
- CloudFront: Content delivery network (CDN) that allows you to store your content at “edge locations” located all around the world, allowing customers to access your content more quickly
- CloudTrail: Allows you to monitor all actions taken by IAM users
- CloudWatch: Service that allows you to monitor various elements of your AWS account
- Consolidated billing: Allows you to view, manage, and pay bills for multiple AWS accounts in one user interface
- DNS server: A database of website domains and their corresponding IP addresses
- DynamoDB: NoSQL database service that does not provide other NoSQL software options
- Elastic Compute Cloud (EC2): A virtual computer, very similar to a desktop/laptop computer
- Elastic Load Balancing (ELB): Evenly distributes traffic between EC2 instances that are associated with it
- ElastiCache: Data caching service used to help improve the speed/performance of web applications running on AWS
- Elasticity: The ability of a system to increase and decrease in size
- Fault tolerance: Property that enables a system to continue operating properly in the event of the failure of one or more components
- Firewall: A type of software that either allows or blocks certain kinds of internet traffic to pass through it
- Folder: Any “subfolder” created in a bucket
- High availability: Refers to systems that are durable and likely to operate continuously without failure for a long time
- IAM users: Individuals who have been granted access to an AWS account
- Identity and Access Management (IAM): Service where AWS user accounts and their access to various AWS services are managed
- Lambda: Serverless computing that will replace EC2 instances, for the most part
- Object availability: Percent over a one-year time period that a file stored in S3 will be accessible
- Object durability: Percent over a one-year time period that a file stored in S3 will not be lost
- Object lifecycle: Set rules to automatically transfer objects between storage classes at defined time intervals
- Object sharing: Ability to make any object publicly available via a URL link
- Object versioning: Automatically keep multiple versions of an object (when enabled)
- Organizations: Allow you or your company access to manage billing and access to multiple AWS accounts in one user interface
- Principle of least privilege: Giving a user only the rights/access to the AWS services and resources they need to do their job and nothing more
- Publishers: Human/alarm/event that gives SNS the message that needs to be sent
- Relational Database Service (RDS): SQL database service that provides a wide range of SQL database options to select from
- RedShift: Data warehouse database service designed to handle petabytes of data for analysis
- Roles: How different AWS services are granted permission to communicate and share data
- Route 53: Where you configure and manage web domains for websites or applications you host on AWS
- Scalability: The ability of a system to easily increase in size and capacity in a cost-effective way
- Security group (SG): Firewall/security layer on the server/instance level
- Shared responsibility model: Defines what you and AWS are responsible for when it comes to security and compliance
- Simple Notification Service (SNS): AWS service that allows you to automate the sending of email or text messaging notifications based on events that happen in your AWS account
- Simple Storage Service (S3): Online bulk storage service you can access from almost any device
- Storage class: Represents “classification” assigned to each object in S3 (standard, RRS, S3-IA, Glacier)
- Subnet: A subsection of a network and generally includes all the computers in a specific location
- Subscriptions: Endpoints to which a topic sends messages
- Topics: How you label and group different endpoints to which you send messages
- Trusted Advisor: Service that “advises” and helps you optimize aspects of your AWS account
- User credentials: IAM user’s username and password for logging in to AWS
- Virtual Private Cloud (VPC): A private subsection of AWS you control and in which you can place AWS resources
Do tell me what I've missed! It will help both me and the community. :-)
Top comments (6)
ACLs have several contexts (e.g., you can set them on entire S3 buckets or individual objects within a bucket)
That's one use-case. Another very common one is for availability or automated, scheduled re-deployments. In the former case, if you experience a node-fault, the faulted node is rebuilt (even if there's only one node under management). In the latter case, you can use scheduled scale-down/scale-up actions (useful when you have Internet-facing resources that you'd like to ensure won't be home to advanced, persistent threats.
You'd probably want to drop the "evenly". Depending on what distribution-policy you set on an ELB and the nature of the distributed workloads, the resultant distribution can be far from even.
Don't technically exist. Buckets don't really have hierarchical storage like you have on traditional filesystems. The thing that's presented to you in the S3 web UI as though it were a folder is simply a groupable "key".
Should be defined less in terms of "systems" than "services": a given service can be made highly-available (frequently with things like clustering or scaling-groups paired ELBs) even though the underlying systems (EC2s, containers, etc.) may be quite ephemeral or perishable.
Like ACLs, roles have more than a single context. Basically, you use roles (and associated IAM policies) to grant permissions to other AWS-hosted/managed resources. Roles can be assigned to Instances, users, managed-service components, etc.
Basically just a managed-DNS solution with hooks to other AWS services (e.g., availability-monitoring). As a DNS solution, it can be used to host:IP mapping for more than just web-servers ...and, can include supporting things like email sender-validation, directory referrals, etc..
Again, probably better framing in terms of "services" rather than systems. While you may be able to scale individual systems it's not super common to do so. The usual goal is to size a service's backing components to match demand.
SGs operate at the cloud/network layer. Servers/instances that implement firewalling capabilities do so through things like Windows' Advanced Firewall or Linux's firewalld.
You'd be better off stopping immediately after the word "network". Groupings of "all computers in a specific location" are "availability zones" (and groupings of availability zones are "regions"). Within a given region, you'd assign a contiguous block of IPs, then subdivide that block across however many zones you want to include in the VPC. Even measured in terms of availability zones, it's very common that your network design locates networked assets across multiple subnets.
At any rate, all that subnets really are - whether in cloud or legacy hosting-environments - are logical segmentations of larger network address-blocks.
Thank you sir!
Your notes has been really insightful!
Made me reach out for the book I'm reading and the course by linuxacademy, some of points are valid but aren't presented in the book or the online course.
Again thank you a lot!
It made my day!
Regards,
Alok
Coming up on four years of providing cloud-enablement services for a few different organizations. Have also had to pass the architecture and DevOps AWS exams twice, now (fortunately, AWS shifted to a three-year renewal-schedule, recently). That "enablement" has been split between writing tools and documentation for those organizations as well as walk-throughs and after action reports. :p
PS: I'm editing the article based on your notes. 😁
Great list!
I wrote something similar at the end of last year with links to the Devs who write about AWS here on Dev.to:
AWS Series: Concepts from A to Z
Helen Anderson ・ Dec 10 '18 ・ 11 min read
Wow!
Just read your article! It's really comprehensive. It will sure help for my preparations for the exam!
Also there are lot of names that I missed!
Thanks for share!
love,
Alok