AWS Glossary
AWS terms explained by engineers who bill clients for getting them wrong
Dense definitions, practical tips, and gotchas for 45 AWS services and concepts — written for architects, FinOps, and DevOps teams who need answers fast.
Last hub review: June 2026 · Reviewed by AWS-certified architects
Compute
EC2, Lambda, EKS, and the serverless vs container trade-offs that show up on every architecture review.
Amazon EC2
Amazon Elastic Compute Cloud — scalable virtual server infrastructure for running applications in the AWS cloud.
Read term →Amazon EKS
Amazon Elastic Kubernetes Service — fully managed Kubernetes control plane for running containerized applications at scale on AWS.
Read term →Amazon EKS Auto Mode
EKS Auto Mode is the fully managed Kubernetes experience on AWS — AWS provisions and scales nodes, applies patches, and handles core add-ons so teams focus on workloads, not cluster ops.
Read term →AWS Lambda
Serverless compute service that runs code in response to events without provisioning or managing servers.
Read term →Storage
S3 storage classes, Express One Zone, Tables, and Vectors — where object storage meets analytics and AI.
Amazon S3
Amazon Simple Storage Service — scalable object storage for any amount of data, used for backups, data lakes, static websites, and application assets.
Read term →Amazon S3 Express One Zone
S3 Express One Zone is a high-performance single-AZ S3 storage class delivering single-digit millisecond first-byte latency for AI/ML training, analytics, and HPC workloads.
Read term →Amazon S3 Tables
S3 Tables are managed Apache Iceberg tables on S3 — purpose-built table buckets with auto-compaction, snapshot management, and up to 3× better query performance than self-managed Iceberg on standard S3.
Read term →Amazon S3 Vectors
S3 Vectors is the AWS native vector store — purpose-built vector storage on S3 with up to 90% lower cost than dedicated vector databases for RAG workloads.
Read term →Databases & Caching
RDS, Aurora, DynamoDB, Redshift, and the managed cache layer choices that affect latency and bill.
Amazon Aurora
AWS-built cloud-native relational database compatible with MySQL and PostgreSQL, delivering up to 5x MySQL and 3x PostgreSQL performance at lower cost.
Read term →Amazon Aurora DSQL
Aurora DSQL is the serverless distributed SQL database from AWS — Postgres-compatible, multi-region active-active, with strong consistency and unlimited horizontal scale.
Read term →Amazon DynamoDB
Fully managed serverless NoSQL database delivering single-digit millisecond performance at any scale.
Read term →Amazon ElastiCache Serverless
ElastiCache Serverless removes capacity planning for in-memory caching — automatic scaling, per-second pricing, and zero downtime sizing changes for Redis/Valkey and Memcached.
Read term →Amazon MemoryDB for Valkey
MemoryDB for Valkey is an in-memory database compatible with the open-source Valkey engine (Redis 7.x fork) — durable, multi-AZ, with up to 65% lower cost vs MemoryDB for Redis OSS.
Read term →Amazon RDS
Amazon Relational Database Service — fully managed relational database supporting MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Amazon Aurora.
Read term →Amazon Redshift
Fully managed cloud data warehouse for running fast SQL analytics on petabyte-scale datasets.
Read term →Networking
VPC fundamentals and how to connect environments without turning NAT Gateway into your second-largest line item.
Amazon VPC
Amazon Virtual Private Cloud — logically isolated network within AWS where you control IP addressing, subnets, routing, and access controls.
Read term →VPC Peering vs Transit Gateway
Comparison of AWS networking solutions for connecting multiple VPCs and on-premises networks.
Read term →Security & Identity
IAM, encryption, audit trails, and the guardrails that keep multi-account AWS estates compliant.
Amazon Verified Permissions
Amazon Verified Permissions is a managed fine-grained authorization service using Cedar policies — for applications that need to express "who can do what to which resource" outside of AWS IAM.
Read term →AWS CloudTrail
AWS audit logging service that records every API call and account activity across your AWS infrastructure for security, compliance, and operational investigation.
Read term →AWS Config Rules
Automated compliance checking service that evaluates AWS resource configuration against desired standards.
Read term →AWS IAM
AWS Identity and Access Management — controls who can authenticate and what actions they are authorized to perform in your AWS account.
Read term →AWS KMS
AWS Key Management Service — centralized key management for encrypting data across AWS services and applications.
Read term →AWS Organizations Service Control Policies
Organization-wide IAM policies that define permission boundaries for AWS accounts and organizational units.
Read term →AWS Shared Responsibility Model
Framework defining what security and compliance tasks AWS manages versus what customers must manage.
Read term →Generative AI
Bedrock, Nova, RAG pipelines, and AgentCore — the vocabulary behind production GenAI on AWS.
Amazon Bedrock
Fully managed service providing access to foundation models from Amazon, Anthropic, Meta, Mistral, and others — for building generative AI applications.
Read term →Amazon Bedrock AgentCore
Bedrock AgentCore is the AWS managed agent runtime — providing memory, tool execution, observability, and identity for autonomous AI agents built on any framework.
Read term →Amazon Nova
Amazon Nova is the family of foundation models built by AWS — Micro, Lite, Pro, Premier, Canvas, and Reel — available exclusively on Amazon Bedrock with industry-leading price/performance.
Read term →Amazon Q
Amazon Q is the AWS family of generative AI assistants — Q Business, Q Developer, Q in QuickSight, and Q in Connect — designed for enterprise workloads with permission-aware data access.
Read term →Amazon Q Developer
Amazon Q Developer is the AWS AI coding assistant for IDEs, terminals, and the AWS console — providing chat, multi-file agents, code transformation, and security scanning.
Read term →RAG Pipeline
Retrieval-Augmented Generation: combining document retrieval with AI models to answer questions based on specific data.
Read term →Platform & Operations
Landing zones, Control Tower, observability, and workflow orchestration for teams running AWS at scale.
Amazon CloudWatch
AWS monitoring and observability service for collecting metrics, logs, traces, and setting alarms across AWS infrastructure and applications.
Read term →Amazon CloudWatch Application Signals
Application Signals is an APM service inside CloudWatch — application-level latency, error, and availability monitoring with SLOs, dependency mapping, and OpenTelemetry integration.
Read term →AWS Amplify Gen 2
Amplify Gen 2 is the TypeScript-first, code-first rewrite of AWS Amplify — defining auth, data, storage, and functions in code with sandbox per-developer environments.
Read term →AWS Control Tower
Managed service that automates AWS landing zone setup, multi-account governance, and compliance monitoring with preventive, detective, and proactive controls.
Read term →AWS Landing Zone
Multi-account AWS environment blueprint providing baseline security, compliance, and operational foundation.
Read term →AWS Resource Explorer
AWS Resource Explorer is a cross-region, cross-service search service for AWS resources — a managed alternative to AWS Config queries and tag-based custom catalogs.
Read term →AWS Step Functions
Serverless workflow orchestration service for coordinating distributed applications and multi-step processes using visual state machines.
Read term →Compliance
HIPAA, SOC 2, PCI — what AWS covers, what you own, and which services carry a BAA.
HIPAA-Eligible AWS Services
AWS services certified to handle Protected Health Information (PHI) under HIPAA regulations.
Read term →PCI DSS Cardholder Data Environment
Defined network scope in PCI DSS compliance that directly handles credit card payment data.
Read term →SOC 2 Type II Compliance
Independent audit certifying security controls for service organizations over an extended period.
Read term →Architecture
Multi-tenancy patterns and the Well-Architected Framework pillars that structure every review.
AWS Well-Architected Framework
AWS architectural best practices framework covering six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
Read term →Multi-Tenant Architecture
Software design pattern where multiple customers (tenants) share the same application infrastructure.
Read term →Cost & FinOps
Savings Plans, Reserved Instances, and the FinOps practices that turn CUR data into action.
AWS Savings Plans
Flexible pricing commitment that reduces AWS compute and database costs by up to 72% compared to on-demand pricing.
Read term →FinOps
Cloud Financial Operations: the discipline of managing cloud costs through shared responsibility, visibility, and accountability.
Read term →Reserved Instances vs Savings Plans
Comparison of AWS Reserved Instances and Savings Plans pricing models for cost optimization.
Read term →Can't find the term you need?
Our AWS-certified architects explain architecture, compliance, and cost trade-offs in language your board and engineering team both understand.