Esc
↑↓ navigate   Enter open   Esc close
Intermediate Vocabulary 11 min read

AWS Vocabulary for Developers: 40 Core Terms Explained

Learn essential AWS vocabulary — IAM, VPC, EC2, S3, Lambda, RDS, DynamoDB, CloudFormation, CloudWatch, and 30+ more terms explained for developers working with AWS.

By the Coders Lingo Editorial Team

#vocabulary#aws#cloud#devops#infrastructure

Amazon Web Services is the dominant cloud platform, and its vocabulary permeates almost every development conversation at companies that use it. Even if you are not an infrastructure engineer, you need to understand the core terms to participate in architecture discussions, read runbooks, and interpret cost reports. This guide covers 40 essential AWS terms.

Identity and Access

IAM (Identity and Access Management)

IAM controls who (users, roles, services) can do what (actions) on which AWS resources. IAM roles are assumed by services (e.g., a Lambda function reading from S3). Policies define permissions in JSON.

“The Lambda function can’t write to S3 — check its IAM role and make sure the policy allows s3:PutObject."
"Never use root credentials. Create an IAM user or role with the minimum permissions needed.”

ARN (Amazon Resource Name)

An ARN is a unique identifier for any AWS resource. Format: arn:aws:service:region:account-id:resource.

“Paste the ARN of the S3 bucket into the IAM policy to scope permissions to that specific bucket.”

Networking

VPC (Virtual Private Cloud)

A VPC is your own isolated network within AWS. All your resources (EC2, RDS, Lambda, etc.) live inside a VPC.

“Deploy the database in a private subnet — it should not be accessible from the internet.”

Subnet

A subnet is a range of IP addresses within your VPC. Public subnets have a route to the internet gateway; private subnets do not.

“The application servers are in public subnets; the databases are in private subnets.”

Security Group

A security group acts as a virtual firewall for EC2 instances and other resources. It controls inbound and outbound traffic using rules based on port, protocol, and source/destination.

“Open port 443 in the security group so the ALB can receive HTTPS traffic."
"The RDS instance is unreachable — check that the security group allows inbound traffic from the application’s security group.”

NACL (Network Access Control List)

A NACL is a stateless firewall at the subnet level. Unlike security groups, NACLs are stateless — you need to explicitly allow both inbound and outbound traffic.

“The security group looks fine, but a NACL rule might be blocking the traffic. Check the subnet’s NACL.”

Route 53

Route 53 is AWS’s DNS service. It manages domain registration, DNS routing (simple, weighted, latency-based, failover), and health checks.

“Point the domain to the new load balancer by updating the Route 53 A record."
"Set up a Route 53 health check so traffic fails over to the secondary region automatically.”

ALB / NLB

  • ALB (Application Load Balancer) operates at Layer 7 (HTTP/HTTPS). It can route based on path, host header, and query parameters.
  • NLB (Network Load Balancer) operates at Layer 4 (TCP/UDP). It is extremely fast and handles millions of requests per second.

“Use an ALB to route /api traffic to the API service and / to the frontend."
"The WebSocket service needs an NLB — the ALB doesn’t handle long-lived TCP connections as well.”

Compute

EC2 (Elastic Compute Cloud)

EC2 provides virtual servers (instances) in the cloud. You choose the instance type (CPU, memory, network), operating system, and storage.

“The application runs on a fleet of t3.medium EC2 instances behind a load balancer.”

Lambda

Lambda is AWS’s serverless compute service. You deploy a function and AWS runs it in response to triggers (HTTP requests, S3 events, SQS messages, etc.) without you managing any servers.

“We replaced the cron job with a Lambda function triggered by EventBridge — no servers to maintain."
"Lambda has a 15-minute maximum execution time — it’s not suitable for long-running jobs.”

ECS (Elastic Container Service)

ECS is AWS’s container orchestration service. It runs Docker containers on either EC2 instances (EC2 launch type) or serverless infrastructure (Fargate launch type).

“We deploy our services as ECS tasks on Fargate — no EC2 instances to manage.”

EKS (Elastic Kubernetes Service)

EKS is AWS’s managed Kubernetes service. It runs the Kubernetes control plane for you; you manage the worker nodes (or use Fargate).

“We migrated from ECS to EKS because the team already knows Kubernetes and we wanted to use Helm charts.”

Storage and Databases

S3 (Simple Storage Service)

S3 is object storage — files, images, backups, static assets, logs. Objects are stored in buckets and accessed via a URL. S3 is highly durable (11 nines) and cheap.

“Upload the build artefacts to S3 after the CI build."
"Never make an S3 bucket public unless you explicitly need to — check the bucket policy.”

RDS / Aurora

RDS (Relational Database Service) is a managed relational database — Postgres, MySQL, MariaDB, Oracle, SQL Server. Aurora is AWS’s own high-performance engine compatible with MySQL and Postgres, with automatic scaling and multi-AZ replication.

“We use Aurora Postgres — it handles automatic failover and we don’t need to manage backups manually.”

DynamoDB

DynamoDB is AWS’s managed NoSQL database. It provides single-digit millisecond latency at any scale. Data is partitioned by a primary key, and you pay for the read/write throughput you provision (or use on-demand mode).

“Session data goes to DynamoDB — we need the low latency and don’t need complex queries."
"Make sure your DynamoDB access pattern uses the partition key efficiently — full table scans are expensive.”

Infrastructure as Code and Operations

CloudFormation / CDK

CloudFormation defines AWS infrastructure as YAML or JSON templates. CDK (Cloud Development Kit) lets you define infrastructure in a real programming language (TypeScript, Python, etc.) which compiles to CloudFormation.

“We use CDK to define our infrastructure — it’s much easier to manage than raw CloudFormation YAML."
"The stack failed to deploy — check the CloudFormation events in the console.”

CloudWatch

CloudWatch is AWS’s monitoring and observability service. It collects metrics, stores logs, and triggers alarms. Almost every AWS service sends metrics to CloudWatch automatically.

“Set up a CloudWatch alarm to notify us if the error rate exceeds 1% for 5 consecutive minutes."
"Check CloudWatch Logs for the Lambda execution logs.”

SNS / SQS

  • SNS (Simple Notification Service) is a pub/sub messaging service. Publishers send messages to a topic; subscribers (Lambda, SQS, email, etc.) receive them.
  • SQS (Simple Queue Service) is a managed message queue. Producers send messages; consumers poll and process them.

“We use SQS to decouple the order service from the fulfilment service — the queue buffers requests when the consumer is slow."
"SNS fans out the event to multiple SQS queues so different services can process it independently.”

API Gateway

API Gateway is a fully managed service for creating and managing HTTP, REST, and WebSocket APIs. It integrates directly with Lambda, giving you a serverless API without any servers.

“The HTTP API is built with API Gateway in front of Lambda functions — no servers, no scaling concerns.”

Cost and Regions

Regions and Availability Zones (AZs)

AWS is divided into regions (geographic areas like eu-west-1 for Ireland). Each region contains multiple Availability Zones — physically separate data centres. Deploying across AZs provides high availability.

“Deploy across at least two AZs so the application stays up if one data centre has an outage."
"We’re in eu-west-1 — make sure any new resources are created in the same region to avoid cross-region data transfer costs.”

Cost Explorer

Cost Explorer is AWS’s tool for visualising and analysing your AWS spending over time. You can break down costs by service, region, tag, and more.

“Use Cost Explorer to see which service is driving the cost increase this month.”

Savings Plans

Savings Plans are a pricing model where you commit to a consistent level of compute usage (in $/hour) for 1 or 3 years in exchange for significant discounts compared to on-demand pricing.

“We’re buying a Compute Savings Plan for 12 months — it’ll cut our EC2 and Lambda costs by about 30%.”

How to Use This in Conversation

In architecture review:

“Should this Lambda write directly to RDS, or should we use SQS in between to decouple them and handle backpressure?”

In incident response:

“Check the CloudWatch metrics for the ALB — look at 5XXCount and TargetResponseTime to narrow down where the issue is.”

In security review:

“The EC2 instance has an IAM role that can access every S3 bucket in the account. Scope it down to just the buckets it needs.”

In planning:

“Let’s use S3 + CloudFront for the static assets instead of serving them from EC2 — it’s faster, cheaper, and scales automatically.”

AWS vocabulary is a career skill. Even a basic understanding of these terms will help you participate in infrastructure decisions, read deployment runbooks, and communicate clearly with your DevOps and SRE colleagues.