Intermediate 15 terms

AWS Core Services

Essential AWS services and concepts: IAM, VPC, compute, storage, databases, and operational tooling.

  • IAM /aɪ eɪ em/

    Identity and Access Management; controls who can do what in AWS using users, roles, policies, and the principle of least privilege.

    "The Lambda function has an IAM role that grants only s3:GetObject on the specific bucket — it cannot write to S3 or access any other AWS service."
  • VPC /viː piː siː/

    Virtual Private Cloud; isolated virtual network with subnets, route tables, internet gateways, and NAT gateways that you fully control.

    "Our production VPC has public subnets for load balancers and private subnets for application servers — databases are in private subnets with no internet route."
  • security group /sɪˈkjʊərɪti ɡruːp/

    Stateful virtual firewall attached to EC2 instances and services; controls inbound and outbound traffic by protocol, port, and source/destination.

    "The database security group only allows inbound traffic on port 5432 from the application server's security group — not from the internet."
  • EC2 /iː siː tuː/

    Elastic Compute Cloud; virtual machines in AWS. Choose instance types for the right balance of CPU, memory, storage, and network throughput.

    "We use c6i.2xlarge instances for compute-intensive batch jobs and t4g.medium for low-traffic internal services to optimise cost."
  • S3 /es θriː/

    Simple Storage Service; object storage for files, backups, and static websites. Provides 11 nines of durability with virtually unlimited capacity.

    "Static assets, user-uploaded files, and deployment artefacts all live in S3 — it's the backbone of our storage layer because of its durability and low cost."
  • Lambda /ˈlæmdə/

    Serverless function execution service; runs code in response to events and scales to zero. Billed per invocation and duration in 1ms increments.

    "An S3 event triggers a Lambda function that resizes uploaded images to thumbnail and full-size variants — no servers to manage or pay for when idle."
  • RDS /ɑː diː es/

    Relational Database Service; managed PostgreSQL, MySQL, and SQL Server. AWS handles backups, patches, minor version upgrades, and Multi-AZ failover.

    "We use RDS PostgreSQL with Multi-AZ enabled — during a simulated AZ failure, RDS automatically promoted the standby and reconnected in under 60 seconds."
  • DynamoDB /daɪˈnæməʊdiː biː/

    Serverless NoSQL database with single-digit millisecond latency at any scale; data is structured with a partition key and optional sort key.

    "Session data goes in DynamoDB — it handles millions of reads per second with automatic scaling and we pay per request rather than provisioning capacity."
  • CloudFormation /klaʊd fɔːˈmeɪʃən/

    Infrastructure-as-code service for AWS; define resources in YAML or JSON templates and CloudFormation creates, updates, and deletes them as a stack.

    "Every environment — dev, staging, production — is provisioned from the same CloudFormation template with different parameter files, ensuring consistency."
  • CloudWatch /klaʊd wɒtʃ/

    AWS observability service for metrics, logs, alarms, and dashboards; can trigger auto-scaling, Lambda functions, and SNS notifications.

    "A CloudWatch alarm fires when p99 API latency exceeds 1s for 5 consecutive minutes, paging the on-call engineer via SNS."
  • Route 53 /ruːt fɪfti θriː/

    AWS DNS and traffic routing service; supports latency-based, geolocation, weighted, and failover routing policies.

    "Route 53 health checks automatically remove the primary endpoint from DNS and route to the secondary region when the primary fails its health check."
  • ALB /eɪ el biː/

    Application Load Balancer; layer-7 load balancer that routes requests by path, hostname, or HTTP header to target groups of EC2, containers, or Lambda functions.

    "The ALB routes /api/* to the backend target group and /* to the frontend target group — both use the same domain with different path prefixes."
  • ECS /iː siː es/

    Elastic Container Service; managed container orchestration that runs Docker containers on AWS Fargate (serverless) or EC2 instances.

    "We moved from self-managed Docker on EC2 to ECS Fargate — no more patching the underlying instance, and we pay only for the vCPU and memory our tasks use."
  • ARN /ɑː ɑː en/

    Amazon Resource Name; globally unique identifier for every AWS resource. Format: arn:partition:service:region:account-id:resource-type/resource-id.

    "IAM policies reference resources by ARN — using arn:aws:s3:::my-bucket/* grants access to every object in the bucket."
  • availability zone /əˌveɪləˈbɪlɪti zəʊn/

    Physically isolated data centre location within an AWS region; deploying across multiple AZs protects against single data centre failures.

    "Our ECS service runs tasks in three availability zones — losing one AZ reduces capacity by a third but the service keeps running."