A document that defines who can access a particular bucket or object. Each bucket and object in Amazon S3 has an ACL. The document defines what each type of user can do, such as write and read permissions.
A unique identifier that's associated with a secret access key; the access key ID and secret access key are used together to sign programmatic AWS requests cryptographically.
A method to increase security by changing the AWS access key ID. This method enables you to retire an old key at your discretion.
A language for writing documents (that is, policies) that specify who can access a particular AWS resource and under what conditions.
The AWS account associated with a particular AWS login ID and password.
IAM: The AWS account that centrally controls all the resources created under its umbrella and pays for all AWS activity for those resources. The AWS account has permission to do anything and everything with all the AWS account resources. This is in contrast to the user.
A web page showing your month-to-date AWS usage and costs. The account activity page is located at http://aws.amazon.com/account-activity/.
An API function. Also called operation or call. The activity the principal has permission to perform. The action is B in the statement "A has permission to do B to C where D applies." For example, Jane sends a request to Amazon SQS with Action=ReceiveMessage.
Amazon CloudWatch: The response initiated by the change in an alarm's state: for example, from OK to ALARM. The state change may be triggered by a metric reaching the alarm threshold, or by a SetAlarmState request. Each alarm can have one or more actions assigned to each state. Actions are performed once each time the alarm changes to a state that has an action assigned, such as an Amazon Simple Notification Service notification, an Auto Scaling policy execution or an Amazon EC2 instance stop/terminate action.
The process your product goes through to prepare itself for the customer's use. During activation, your product obtains the required credentials for the customer.
An encoded string that represents the relationship between a customer and a Amazon DevPay product the customer has purchased. AWS generates this value when the customer completes the purchase of the product. You use the key to obtain credentials related to the customer and product.
When you inform customers of a price change for your product, they have to take action to accept the price change. If they don't take the action to accept the price change, their access to your product is canceled when the price change takes effect.
A list showing each of the trusted signers you've specified and the IDs of the corresponding active key pairs that CloudFront is aware of. To be able to create working signed URLs, a trusted signer must appear in this list with at least one key pair ID.
Auto Scaling might suspend processes for Auto Scaling group that repeatedly fail to launch instances. Auto Scaling groups that most commonly experience administrative suspension have zero running instances, have been trying to launch instances for more than 24 hours, and have not succeeded in that time.
An item that watches a single metric over a specified time period, and triggers an Amazon SNS topic or an Auto Scaling policy if the value of the metric crosses a threshold value over a predetermined number of time periods.
One of two possible outcomes (the other is deny) when an IAM access policy is evaluated. When a user makes a request to AWS, AWS evaluates the request based on all permissions that apply to the user and then returns either allow or deny.
An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.
See Also http://aws.amazon.com/cloudfront.
A fully-managed service in the AWS cloud that makes it easy to set up, manage, and scale a search solution for your website or application.
A web service that enables you to monitor and manage various metrics, and configure alarm actions based on data from those metrics.
See Also http://aws.amazon.com/cloudwatch.
An easy-to-use online billing and account management service that makes it easy for you to sell an Amazon EC2 AMI or an application built on Amazon S3.
See Also http://aws.amazon.com/devpay.
A service that provides block level storage volumes for use with EC2 instances.
See Also http://aws.amazon.com/ebs.
Instances launched from this type of AMI use an Amazon EBS volume as their root device. Compare this with instances launched from instance store-backed AMIs, which use the instance store as the root device.
A web service that enables you to launch and manage Linux/UNIX and Windows server instances in Amazon's data centers.
See Also http://aws.amazon.com/ec2.
A web service that makes it easy to process large amounts of data efficiently. Amazon EMR uses Hadoop processing combined with several AWS products to do such tasks as web indexing, data mining, log file analysis, machine learning, scientific simulation, and data warehousing.
See Also http://aws.amazon.com/elasticmapreduce.
An encrypted machine image stored in Amazon Elastic Block Store or Amazon Simple Storage Service. AMIs are like a template of a computer's root drive. They contain the operating system and can also include software and layers of your application, such as database servers, middleware, web servers, and so on.
Provides an on-demand, scalable, human workforce to complete jobs that humans can do better than computers.
See Also http://aws.amazon.com/mturk.
A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.
See Also http://aws.amazon.com/rds.
A standardized way to refer to an AWS resource. For example: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob.
A web service you can use to create a new DNS service or to migrate your existing DNS service to the cloud.
See Also http://aws.amazon.com/route53.
An easy-to-use, cost-effective email solution for applications.
See Also http://aws.amazon.com/ses.
A web service that enables applications, end-users, and devices to instantly send and receive notifications from the cloud.
See Also http://aws.amazon.com/sns.
Reliable and scalable hosted queues for storing messages as they travel between computers.
See Also http://aws.amazon.com/sqs.
Storage for the internet. You can use it to store and retrieve any amount of data at any time, from anywhere on the web.
See Also http://aws.amazon.com/s3.
A highly-available, scalable, and flexible non-relational data store that enables you to store and query data items using web service requests.
See Also http://aws.amazon.com/simpledb.
A web service that enables you to create a virtual network for your AWS resources.
See Also http://aws.amazon.com/vpc.
An infrastructure web services platform in the cloud for companies of all sizes.
See Also http://aws.amazon.com.
See Amazon Machine Image.
A logical collection of AWS Elastic Beanstalk components, including environments, versions, and environment configurations. An application is conceptually similar to a folder.
Language-specific Amazon CloudSearch text analysis options that are applied to a text field to control stemming and configure stopwords and synonyms.
The location where your customers manage the Amazon DevPay products they've purchased. This is the URL http://www.amazon.com/dp-applications.
A specific, labeled iteration of an application that represents a functionally consistent set of deployable application code. A version points to an Amazon S3 object (a JAVA WAR file) that contains the application code.
If a Worker's response satisfies your Human Intelligence Task, you approve the assignment. When you approve an assignment Mechanical Turk transfers the HIT reward from your Mechanical Turk account to the Worker's Amazon Payments account.
See Amazon Resource Name.
When a worker finds a Human Intelligence Task (HIT) to complete, the worker accepts the HIT. Mechanical Turk creates an assignment to track the work to completion and store the answer the worker submits. The assignment belongs exclusively to the worker who accepted it and guarantees that the worker can submit results and be eligible for a reward—up until the HIT or assignment expires.
Similar to a column on a spreadsheet, an attribute represents a data category. In Amazon SimpleDB, an attribute has a name (such as color), which has a value (such as blue) when applied to a data item.
The process of proving your identity to a system.
A web service designed to launch or terminate instances automatically based on user-defined policies, schedules, and health checks.
See Also http://aws.amazon.com/autoscaling.
A distinct location within a region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.
See Amazon Web Services.
A service for writing or changing templates that create and delete related AWS resources together as a unit.
See Also http://aws.amazon.com/cloudformation.
A billing option that lets you get a single bill for multiple AWS accounts.
See Also http://aws.amazon.com/elasticbeanstalk.
A service for transferring large amounts of data between AWS and portable storage devices.
See Also http://aws.amazon.com/importexport.
A web service that enables Amazon Web Services customers to manage users and user permissions within AWS.
See Also http://aws.amazon.com/iam.
A graphical interface to manage compute, storage, and other cloud resources.
See Also http://aws.amazon.com/console.
An optional AWS account security feature. Once you enable AWS MFA, you must provide a six-digit, single-use code in addition to your sign-in credentials whenever you access secure AWS web site pages or the AWS Management Console. You get this single-use code from an authentication device that you keep in your physical possession.
See Also http://aws.amazon.com/mfa/.
Enables secure communication between branch offices using a simple hub-and-spoke model, with or without a VPC.
Monitoring of AWS-provided metrics derived at a 5-minute frequency.
See document batch.
Border Gateway Protocol Autonomous System Number. A unique identifier for a network, for use in BGP routing. Amazon EC2 supports all 2-byte ASN numbers in the range of 1 - 65334, with the exception of 7224, which is reserved.
A data set. Amazon EMR breaks large amounts of data into subsets. Each subset is called a data block. Amazon EMR assigns an ID to each block and uses a hash table to keep track of block processing.
A storage device that supports reading and (optionally) writing data in fixed-size blocks, sectors, or clusters.
A mapping structure for every AMI and instance that specifies the block devices attached to the instance.
A user-specified default or custom action that runs a script or an application on all nodes of a job flow before Hadoop starts.
See BGP ASN.
A failed email delivery attempt.
The condition in which a user-set threshold (upper or lower boundary) is passed. If the duration of the breach is significant, as set by a breach duration parameter, it can possibly start a scaling activity.
A container for objects stored in Amazon S3. Every object is contained
in a bucket. For example, if the object named
is stored in the
johnsmith bucket, then authorized users can
access the object with the URL
Just as Amazon is the only owner of the domain name Amazon.com, only one person or organization can own a bucket in Amazon S3.
A commonly used term for creating an Amazon Machine Image. It specifically refers to creating instance store-backed AMIs.
A logical cache distributed over multiple cache nodes. A cache cluster can be set up with a specific number of cache nodes.
Customer-supplied identifier for the cache cluster that must be unique for that customer in an AWS region.
The version of the Memcached service that is running on the cache node.
A fixed-size chunk of secure, network-attached RAM. Each cache node runs an instance of the Memcached service, and has its own DNS name and port. Multiple types of cache nodes are supported, each with varying amounts of associated memory.
EC2 instance type used to run the cache node.
A container for cache engine parameter values that can be applied to one or more cache clusters.
A group maintained by ElastiCache that combines ingress authorizations to cache nodes for hosts belonging to Amazon EC2 security groups specified through the console or the API or command line tools.
A standard access control policy that you can apply to a bucket or object. Options include: private, public-read, public-read-write, and authenticated-read.
The process of converting data into a standard format that a service such as Amazon S3 can recognize.
Each Auto Scaling group is defined with a minimum and maximum compute size. The amount of available compute size at any time is the current capacity. A scaling activity increases or decreases the capacity—within the defined minimum and maximum values.
Cascading is an open-source Java library that provides a query API, a query planner, and a job scheduler for creating and running Hadoop MapReduce applications. Applications developed with Cascading are compiled and packaged into standard Hadoop-compatible JAR files similar to other native Hadoop applications.
A credential that some AWS products use to authenticate AWS accounts and users. Also known as an X.509 certificate. The certificate is paired with a private key.
Features or services whose use incurs fees. Although some AWS products are free, others include charges. For example, in an AWS CloudFormation stack, AWS resources that have been created incur charges. The amount charged depends on the usage load. Use the Amazon Web Services Simple Monthly Calculator at http://calculator.s3.amazonaws.com/calc5.html to estimate your cost prior to creating instances, stacks, or other resources.
Classless Inter-Domain Routing. An Internet protocol address allocation and route aggregation methodology.
See AWS VPN CloudHub.
A type of instance that provides a great amount of CPU power coupled with increased networking performance, making it well suited for High Performance Compute (HPC) applications and other demanding network-bound applications.
A logical cluster compute instance grouping to provide lower latency and high-bandwidth connectivity between the instances.
Canonical Name Record. A type of resource record in the Domain Name System (DNS) that specifies that the domain name is an alias of another, canonical domain name. More simply, it is an entry in a DNS table that lets you alias one fully qualified domain name to another.
A search request that specifies multiple search criteria using the Amazon CloudSearch structured search syntax.
Any restriction or detail about a permission. The condition is D in the statement "A has permission to do B to C where D applies."
The Amazon CloudSearch API that you use to create, configure, and manage search domains.
A series of key–value pairs that define parameters for various AWS products so that AWS Elastic Beanstalk can provision them for an environment.
The email Amazon Payments sends to your customers to notify them that a price change you scheduled has taken effect.
The method a service uses to achieve high availability. For example, it could involve replicating data across multiple servers in a data center.
See Also eventual consistency.
When data is written or updated successfully, all copies of the data are updated in all AWS regions. However, it takes time for the data to propagate to all storage locations. A consistent read returns a result that reflects any writes that received a successful response before the read request—regardless of the region. By contrast, an eventually consistent read returns data from only one region and might not show the most recent write information.
See Also eventual consistency.
An EC2 instance that runs Hadoop map and reduce tasks and stores data using the Hadoop Distributed File System (HDFS). Core nodes are managed by the master node, which assigns Hadoop tasks to nodes and monitors their status. The EC2 instances you assign as core nodes are capacity that must be allotted for the entire job flow run. Because core nodes store data, you can't remove them from a job flow. However, you can add more core nodes to a running job flow.
Core nodes run both the DataNodes and TaskTracker Hadoop daemons.
A collection of data that you want to search.
Also called access credentials or security credentials. In authentication and authorization, a system uses credentials to identify who is making a call and whether to allow the requested access. In AWS, these credentials are typically the access key ID and the secret access key.
A router or software application on your side of a VPN tunnel that is managed by Amazon VPC. The internal interfaces of the customer gateway are attached to one or more devices in your home network. The external interface is attached to the VPG across the VPN tunnel.
The database software and version running on the DB instance.
The name of a database hosted in a DB instance. A DB instance can host multiple databases, but databases hosted by the same DB instance must each have a unique name within that instance.
Size of the database compute platform used to run the instance.
An isolated database environment running in the cloud. A DB instance can contain multiple user-created databases.
User-supplied identifier for the DB instance. The identifier must be unique for that user in an AWS region.
A container for database engine parameter values that apply to one or more DB instances.
A method that controls access to the DB instance. By default, network access is turned off to DB instances. After ingress is configured for a security group, the same rules apply to all DB instances associated with that group.
A user-initiated point backup of a DB instance.
An instance that is physically isolated at the host hardware level and launched within a VPC.
An option you purchase to guarantee that sufficient capacity will be available to launch Dedicated Instances into a VPC.
An object with a key and version ID, but without content. Amazon S3 inserts delete markers automatically into versioned buckets when an object is deleted.
The likelihood that an email message will arrive at its intended destination.
The result of a policy statement that includes deny as the effect, so that a specific action or actions are expressly forbidden for a user, group, or role. Explicit deny take precedence over explicit allow.
Monitoring of AWS-provided metrics derived at a 1-minute frequency.
A property added to parameters, resources, resource properties, mappings, and outputs, to help you to document AWS CloudFormation template elements.
The location (Amazon DevPay Activity) where you manage the Amazon DevPay products you've created.
A name/value pair (for example, InstanceType=m1.small, or EngineName=mysql), that contains additional information to identify a metric.
A place where AWS users can post technical questions and feedback to help accelerate their development efforts and to engage with the AWS community. The discussion forums are located at http://aws.amazon.com/forums/.
A Hadoop feature that allow you to transfer files from a distributed file system to the local file system. It can distribute data and text files as well as more complex types such as archives and JARs.
A link between an origin server (such as an Amazon S3 bucket) and a domain name, which CloudFront automatically assigns. Through this link, CloudFront identifies the object you have stored in your origin server.
DomainKeys Identified Mail. A standard that email senders use to sign their messages. ISPs use those signatures to verify that messages are legitimate. For more information, see http://www.dkim.org.
Represents an item that can be returned as a search result in Amazon CloudSearch. Each document has a collection of fields that contain the data that can be searched or returned. The value of a field can be either a string or a number. Each document must have a unique ID and at least one field.
A collection of add and delete document operations for Amazon CloudSearch. You use the document service API to submit batches to update the data in your search domain.
The Amazon CloudSearch API that you use to submit document batches to update the data in a search domain.
The URL that you connect to when sending document updates to an Amazon CloudSearch domain. Each search domain has a unique document service endpoint that remains the same for the life of the domain.
All Amazon SimpleDB information is stored in domains. Domains are like tables that contain similar data. You can execute queries against a domain, but cannot execute joins between domains.
See Also search domain.
A distributed naming system that associates network information with human-readable domain names on the Internet.
An HTML-coded button to provide an easy and secure way for US-based, IRS-certified 501(c)3 nonprofit organizations to solicit donations.
An AWS standard for compute CPU and memory. This measure enables you to evaluate the CPU capacity of different EC2 instance types.
In Amazon EC2, this is simply an instance. Other AWS services use the term EC2 instance to distinguish these instances from other types of instances they support.
A site that CloudFront uses to cache copies of your content for faster delivery to users at any location.
A fixed (static) IP address that you have allocated in Amazon EC2 or Amazon VPC and then attached to an instance. Elastic IP addresses are associated with your account, not a specific instance. They are elastic because you can easily allocate, attach, detach, and free them as your needs change. Unlike traditional static IP addresses, Elastic IP addresses allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses to another instance.
A web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.
An additional network interface that can be attached to an instance. ENIs include a primary private IP address, one or more secondary private IP addresses, an elastic IP address (optional), a MAC address, membership in specified security groups, a description, and a source/destination check flag. You can create an ENI, attach it to an instance, detach it from an instance, and attach it to another instance.
A URL that identifies a host and port as the entry point for a web service. Every web service request contains an endpoint. Most AWS products provide regional endpoints to enable faster connectivity. For more information, see Regions and Endpoints in the Amazon Web Services General Reference
ElastiCache: The DNS name of a cache node.
Amazon RDS: The DNS name of a DB instance.
AWS CloudFormation: The DNS name or IP address of the server that receives an HTTP request.
ElastiCache: The port number used by a cache node.
Amazon RDS: The port number used by a DB instance.
A specific running instance of an application. The application has a CNAME and includes an application version and a customizable configuration (which is inherited from the default container type).
A collection of parameters and settings that define how an environment and its associated resources behave.
See instance store.
The date from which time is measured. For most Unix environments, the epoch is January 1, 1970.
The method through which AWS products achieve high availability, which involves replicating data across multiple servers in Amazon's data centers. When data is written or updated and "Success" is returned, all copies of the data are updated. However, it takes time for the data to propagate to all storage locations. The data will eventually be consistent, but an immediate read might not show the change. Consistency is usually reached within seconds, but a high system load might increase this time.
See consistent read.
An eviction occurs when CloudFront deletes an object from an edge location before its expiration time. If an object in an edge location isn't frequently requested, CloudFront might evict the object (remove the object before its expiration date) to make room for objects that are more popular.
An Amazon Machine Image launch permission granted to a specific AWS account.
A strategy that incrementally increases the wait between retry attempts in order to reduce the load on the system and increase the likelihood that repeated requests will succeed. For example, client applications might wait up to 400 milliseconds before attempting the first retry, up to 1600 milliseconds before the second, up to 6400 milliseconds (6.4 seconds) before the third, and so on.
A numeric expression that you can use to control how search hits are sorted.
You can construct Amazon CloudSearch expressions using numeric fields, other rank expressions,
a document's default relevance _score, and standard numeric operators and
functions. When you use the
sort option to specify an expression
in a search request, the expression is evaluated for each search hit and the
hits are listed according to their expression values.
An Amazon CloudSearch index field that represents a category that you want to use to refine and filter search results.
An Amazon CloudSearch index field option that enables facet information to be calculated for the field.
See feedback loop.
Allows individuals to sign in to different networks or services, using the same group or personal credentials to access data across all networks. With identity federation in AWS, external identities (federated users) are granted secure access to resources in an AWS account without having to create IAM users. These external identities can come from a corporate identity store (such as LDAP or Windows Active Directory) or from a third party (such as Login with Amazon, Facebook, or Google). AWS federation also supports SAML 2.0.
The relative importance of a text field in a search index. Field weights control how much matches in particular text fields affect a document's relevance _score.
A criterion you specify to limit the results when you list or describe your Amazon EC2 resources.
A way to filter search results without affecting how the results are scored and sorted. Specified with the Amazon CloudSearch
See discussion forums.
See intrinsic function.
A simple search query that uses approximate string matching (fuzzy matching) to correct for typographical errors and misspellings.
A persistent email delivery failure such as "mailbox does not exist."
A hardware-based IPsec VPN connection over the Internet.
Hadoop Distributed File System. The HDFS file system stores large files across multiple machines. It achieves reliability by replicating the data across multiple hosts, and hence does not require RAID storage on hosts.
A system call to check on the health status of each instance in an Auto Scaling group.
Email that recipients find valuable and want to receive. Value means different things to different recipients and can come in the form of offers, order confirmations, receipts, newsletters, etc.
Excerpts returned with Amazon CloudSearch results that show where the search terms appear within the text of the matching documents.
An Amazon CloudSearch index field option that enables matches within the field to be highlighted.
A document that matches the criteria specified in a search request. Also referred to as a search result.
An open source, data warehouse and analytic package that runs on top of Hadoop. Hive scripts use an SQL-like language called Hive QL (query language) that abstracts the MapReduce programming model and supports typical data warehouse interactions.
Hash-based Message Authentication Code. A specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. You can use it to verify both the data integrity and the authenticity of a message at the same time. AWS calculates the HMAC using a standard, cryptographic hash algorithm, such as SHA-256.
A collection of resource record sets that Amazon Route 53 hosts. Like a traditional DNS zone file, a hosted zone represents a collection of records that are managed together under a single domain name.
A task that a Requester submits to Mechanical Turk for workers to perform. A HIT represents a single, self-contained task, for example, "Identify the car color in the photo." HITs contain all of the information a worker needs to answer a question, including the kinds of answers you would consider valid.
Hardware Virtual Machine virtualization. Allows the guest VM to run as though it is on a native hardware platform, except that it still uses paravirtual (PV) network and storage drivers for improved performance.
See Also PV virtualization.
See Amazon Machine Image.
A machine that uploads or downloads your data to, or from, Amazon S3.
A report that contains details about how AWS Import/Export processed your data.
See search index.
A name-value pair that is included in an Amazon CloudSearch domain's index. An index field can contain text or numeric data, dates, or a location.
Configuration settings that define an Amazon CloudSearch domain's index fields, how document data is mapped to those index fields, and how the index fields can be used.
A copy of an Amazon Machine Image running as a virtual server in the AWS cloud.
A general instance type grouping using either storage or CPU capacity.
A Hadoop cluster contains one master instance group that contains one master node, a core instance group containing one or more core node and an optional task node instance group, which can contain any number of task nodes.
Disk storage that is physically attached to the host computer for an EC2 instance, and therefore has the same lifespan as the instance. When the instance terminates, you lose any data in the instance store.
Instances launched from this type of AMI use an instance store volume as the root device. Compare this with instances launched from Amazon EBS-backed AMIs, which use an Amazon EBS volume as the root device.
A specification that defines the memory, CPU, storage capacity, and hourly cost for an instance. Some instance types are designed for standard applications, whereas others are designed for CPU-intensive, memory-intensive applications, and so on.
Connects a network to the Internet. You can route traffic for IP addresses outside your VPC to the Internet gateway.
A company that provides subscribers with access to the Internet. Many ISPs are also mailbox providers. Mailbox providers are sometimes referred to as ISPs, even if they only provide mailbox services.
A special action in a template that assigns values to properties not
available until runtime. These functions follow the format
Fn::Attribute, such as
Fn::GetAtt. Arguments for intrinsic functions can
be parameters, pseudo parameters, or the output of other intrinsic
All EC2 instances are assigned two IP addresses at launch, which are directly mapped to each other through network address translation (NAT): a private IP address (following RFC 1918) and a public IP address. Instances launched in a VPC are assigned only a private IP address. Instances launched in your default VPC are assigned both a private IP address and a public IP address.
The issuer is the person who writes a policy to grant permissions to a resource. The issuer (by definition) is always the resource owner. AWS does not permit Amazon SQS users to create policies for resources they don't own. If John is the resource owner, AWS authenticates John's identity when he submits the policy he's written to grant permissions for that resource.
Similar to rows on a spreadsheet, items represent individual objects that contain one or more value-attribute pairs.
An identifier for an item. The identifier must be unique within the domain.
A job flow specifies the complete processing of the data. It's comprised of one or more steps, which specify all of the functions to be performed on the data.
A five-character, alphanumeric string that uniquely identifies a storage
device in your shipment. AWS issues the job ID in response to a
JOB email command.
The AWS Import/Export process generates a log file. The log file name always ends with the phrase import-log- followed by your Job ID. There is a remote chance that you already have an object with this name. To avoid a key collision, you can add an optional prefix to the log file.
See Also key prefix.
The location where email messages that various filters determine to be of lesser value are collected so that they do not arrive in the recipient's inbox, but are still accessible to the recipient. This is also referred to as a spam or bulk folder.
A credential that identifies an AWS account or user to AWS (such as the AWS secret access key).
Amazon S3, Amazon EMR: The unique identifier for an
object in a bucket. Every object in a bucket has exactly one key. Because a
bucket and key together uniquely identify each object, you can think of Amazon S3
as a basic data map between the bucket + key, and the
object itself. You can uniquely address every object in Amazon S3 through the
combination of the web service endpoint, bucket name, and key, for example:
doc is the name of the bucket, and
2006-03-01/AmazonS3.wsdl is the key.
AWS Import/Export: The name of an object in Amazon S3. It is a sequence of Unicode
characters whose UTF-8 encoding cannot exceed 1024 bytes. If a key, for example,
logPrefix + import-log-JOBID, is longer than 1024 bytes, AWS Elastic Beanstalk
IAM: In the context of writing a policy: A specific characteristic that is the basis for restricting access (such as the current time, or the IP address of the requester).
A set of security credentials you use to prove your identity electronically. A key pair consists of a private key and a public key.
A logical grouping of the objects in a bucket. The prefix value is similar to a directory name that enables you to store similar data under the same directory in a bucket.
A set of descriptive parameters used to create new EC2 instances in an Auto Scaling activity.
A template that an Auto Scaling group uses to launch new EC2 instances. The launch configuration contains information such as the Amazon Machine Image ID, the instance type, key pairs, security groups, and block device mappings, among other configuration settings.
An Amazon Machine Image (AMI) attribute that allows users to launch an AMI.
The lifecycle state of the EC2 instance contained in an AutoScalingGroup. EC2 instances progress through several states over their lifespan; these include Pending, InService, Terminating and Terminated.
A load balancer is a combination of a DNS name and a set of ports, which together provide a destination for all requests intended for your application. A load balancer can distribute traffic to multiple application instances across every Availability Zone within a region. Load balancers can span multiple Availability Zones within an Amazon EC2 region, but they cannot span multiple regions.
A case-sensitive unique string within an AWS CloudFormation template that identifies a resource, mapping, parameter,
In an AWS CloudFormation template, each parameter, resource, property, mapping, and output must be declared with a
unique logical name. You use the logical name when dereferencing these items using the
The amount of machine capacity used to complete a particular request (for example SELECT, GET, PUT, and so on), normalized to the hourly capacity of a standard processor. Machine utilization is measured in machine hour increments.
Software that transports email messages from one computer to another by using a client-server architecture.
An organization that provides email mailbox hosting services. Mailbox providers are sometimes referred to as Internet Service Providers, even if they only provide mailbox services.
A set of email addresses that you can use to test an Amazon SES-based email sending application without sending messages to actual recipients. Each email address represents a specific scenario (such as a bounce or complaint) and generates a typical response that is specific to the scenario.
The default route table that any new VPC subnet uses for routing. You can associate a subnet with a different route table of your choice. You can also change which route table is the main route table.
When sending a create job request for an import or export operation you describe your job in a text file called a manifest. The manifest file is a YAML-formatted file that specifies how to transfer data between your storage device and the AWS cloud.
An executable that splits the raw data into key/value pairs. The reducer uses the output of the mapper, called the intermediate results, as its input.
A way to add conditional parameter values to an AWS CloudFormation template.
You specify mappings in
the template's optional Mappings section and retrieve the desired value using
A process running on an Amazon Machine Image that keeps track of the work its core and task nodes complete.
The maximum price you will pay to launch one or more Spot Instances. If your maximum price exceeds the current Spot Price and your restrictions are met, Amazon EC2 launches instances on your behalf.
The maximum number of emails that you can send per second using Amazon SES.
Amazon SES: A unique identifier that is assigned to every email message that is sent.
Amazon SQS: The identifier returned when you send a message to a queue.
Amazon S3, Amazon EMR: A set of name/value pairs that describe the object. These include default metadata such as the date last modified and standard HTTP metadata such as Content-Type. Users can also specify custom metadata at the time they store an object.
Amazon EC2: Data about an EC2 instance that the instance can retrieve to determine things about itself, such as, the instance type, the IP address, and so on.
An element of time-series data defined by a unique combination of exactly one namespace, exactly one metric name, and between zero and ten dimensions. Metrics and the statistics derived from them are the basis of Amazon CloudWatch.
The primary identifier of a metric, used in combination with a namespace and optional dimensions.
A type of EC2 instance that is more economical to use if you have occasional bursts of high CPU activity.
An attribute with more than one value.
A feature that allows you to upload a single object as a set of parts.
An Internet standard that extends the email protocol to include non-ASCII text and non-text elements like attachments.
A Cascading application that provides a simple command-line interface for managing large datasets.
An abstract container that provides context for the items (names, or technical terms, or words) it holds, and allows disambiguation of homonym items residing in different namespaces.
Network address translation.
An instance that is configured to perform NAT in a VPC. A NAT instance enables private instances in the VPC to initiate Internet-bound traffic without being directly reachable from the Internet.
An optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. You can associate multiple subnets with a single network ACL, but a subnet can be associated with only one network ACL at a time.
After an Amazon Machine Image is launched, the resulting running system is referred to as a node. All instances based on the same AMI are identical at start-up. Any information about the node is lost when the node terminates or fails.
A property of AWS CloudFormation parameters that will prevent the otherwise default reporting of names
and values of a template parameter.
NoEcho property causes the parameter value
to be masked with asterisks in the report by the
The email Amazon Payments sends to your customers to notify them of an upcoming price change you've scheduled.
A null object is one whose version ID is null. Amazon S3 adds a null object to a bucket when versioning for that bucket is suspended. It is possible to have only one null object for each key in a bucket.
Amazon S3: The fundamental entity type stored in Amazon S3. Objects consist of object data and metadata. The data portion is opaque to Amazon S3.
CloudFront: Any entity that can be served either over HTTP or a version of RTMP.
An Amazon EC2 pricing option that charges you for compute capacity by the hour with no long-term commitment.
An API function. Also called an action.
Also called OAI. A virtual identity you use when giving your distribution permission to fetch a private object from your origin server (Amazon S3 bucket).
The Amazon S3 bucket or custom origin containing the definitive original version of the content you deliver through CloudFront.
Some APIs that return a potentially large list of records can return a subset by using a value to set the maximum number of returned records. They then provide a marker, which identifies the last record returned so that in a subsequent call, the user can get the next sequence of records.
An Amazon Machine Image (AMI) that you sell to other Amazon EC2 users using Amazon DevPay.
See PV virtualization.
In a multipart upload request, each part is a contiguous portion of the object's data.
A passive authorization happens when you inform customers at least 14 days in advance of a price change for your product, and they don't take any action; the price change is accepted automatically.
Port address translation.
See sampling period.
A statement within a policy that allows or denies access to a particular resource. You can state any permission like this: "A has permission to do B to C." For example, Jane (A) has permission to read messages (B) from John's Amazon SQS queue (C). Whenever Jane sends a request to Amazon SQS to use John's queue, the service checks to see if she has permission and if the request satisfies the conditions John set forth in the permission.
Also called PID. An encoded string that represents the relationship between a customer and the owner of Amazon DevPay products. After a customer purchases one of your products, you can use the PID to confirm the status of the customer's subscription to the product.
A long-term data storage solution. Options within AWS are: Amazon S3, Amazon EBS, and Amazon SimpleDB.
A unique label AWS CloudFormation assigns to each resource when creating a stack. Some AWS CloudFormation commands accept the physical name
as a value with the
An open-source Apache library that runs on top of Hadoop. The library takes SQL-like commands written in a language called Pig Latin and converts those commands into MapReduce job flows.
A document defining permissions that apply to a user, group, or role; the permissions in turn determine what users can do in AWS. A policy typically allows access to specific actions, and can optionally grant that the actions are allowed for specific resources, like EC2 instances, S3 buckets, and so on. Policies can also explicitly deny access.
Auto Scaling: An object that stores the information needed to launch or terminate instances for an Auto Scaling group. Executing the policy causes instances to be launched or terminated. You can configure an alarm to invoke an Auto Scaling policy.
A URL that uses query string authentication.
See job prefix.
A one-on-one, fast-response support channel that AWS customers can subscribe to for support for AWS infrastructure services.
See Also https://aws.amazon.com/premiumsupport/.
The user, service, or account that receives permissions that are defined in a policy. The principal is A in the statement "A has permission to do B to C."
All EC2 instances are assigned two IP addresses at launch, which are directly mapped to each other through Network Address Translation (NAT): a private address (following RFC 1918) and a public address. Exception: Instances launched in Amazon VPC are assigned only a private IP address.
A VPC subnet whose instances cannot be reached from the Internet.
The product code is an eight-character string that identifies your registered product to AWS.
See product token.
The product token is a long encoded string that identifies the product to AWS. You might also see the product token referred to as the product identification token.
See resource property.
A JSON-compliant markup standard for declaring properties, mappings, and output values in an AWS CloudFormation template.
A storage option designed to deliver fast, predictable, and consistent I/O performance. When you specify an IOPS rate while creating a DB instance, Amazon RDS provisions that IOPS rate for the lifetime of the DB instance.
A predefined setting, such as
AWS:StackName that can be used in AWS CloudFormation templates without having to declare them. You can use pseudo parameters anywhere you can use a regular parameter.
An Amazon Machine Image that all AWS accounts have permission to launch.
A large set of public data that can be seamlessly integrated into AWS cloud-based applications. Amazon stores public data sets at no charge to the community and, like all AWS services, users pay only for the compute and storage they use for their own applications. These data sets currently include data from the Human Genome Project, the U.S. Census, Wikipedia, and other sources.
See Also http://aws.amazon.com/publicdatasets.
All EC2 instances are assigned two IP addresses at launch, which are directly mapped to each other through Network Address Translation (NAT): a private address (following RFC 1918) and a public address. Exception: Instances launched in Amazon VPC are assigned only a private IP address.
A subnet whose instances can be reached from the Internet.
The URL your customers use to purchase your product. When you advertise your product, you provide the purchase URL as the sign-up link for customers to use.
Paravirtual virtualization. Allows guest VMs to run on host systems that do not have special support extensions for full hardware and CPU virtualization. Because PV guests run a modified operating system that does not use hardware emulation, they cannot provide hardware-related features such as enhanced networking or GPU support.
See Also HVM virtualization.
A property associated with a worker that represents that worker's skill, ability, or reputation. A Requester can use Qualifications to control which workers can perform HITs. Each worker can have multiple Qualifications.
A Human Intelligence Task can have Qualification requirements that a worker's Qualifications (q.v.) must meet before the worker can accept that HIT.
A form, similar to a HIT, containing a set of questions that the worker must complete successfully to receive a particular Qualification.
A type of HTTP-based request interface that generally uses only the GET or POST HTTP method and a query string with parameters.
An AWS feature that lets you place the authentication information in the HTTP request query string instead of in the Authorization header. For example: with Amazon DevPay, query string authentication enables your product to give anyone easy, URL-based access to objects in the customer's bucket.
A sequence of messages or jobs held in temporary storage awaiting transmission or processing.
A URL that uniquely identifies a queue.
Amazon RDS: The maximum number of DB instances and available storage you can use.
ElastiCache: The maximum number of the following items:
The number of cache clusters for each AWS account
The number of cache nodes per cache cluster
The total number of cache nodes per AWS account across all cache clusters created by that AWS account
A range GET specifies a byte range of data to get for a download. If an object is large, you can break up a download into smaller units by sending multiple range GET requests that each specify a different byte range to GET.
A type of sendmail request that allows you to specify the email headers and MIME types.
An active copy of another DB instance. Any updates to the data on the source DB instance are replicated to the read replica DB instance using the built-in replication feature of MySQL 5.1.
An identifier you get when you receive a message from the queue. This identifier is required to delete a message from the queue or when changing a message's visibility timeout.
The entity that consists of the network systems, software, and policies that manage email delivery for a recipient.
Amazon SES: The person or entity receiving an email message. For example, a person named in the "To" field of a message.
The page on your own website that you want customers to see at the end of the purchase process for your product. You provide the URL when you register the product with Amazon DevPay.
An executable in the MapReduce process that uses the intermediate results from the mapper and processes them into the final output.
A means of inserting a property from one AWS resource into another. For example, you could insert an Amazon EC2 security group property into an Amazon RDS resource.
A named set of AWS resources in the same geographical area. A region comprises at least two Availability Zones.
The email address to which an email reply is sent. This is different from the return path.
1. An Amazon SES metric, based on factors that might include bounces, complaints, and other metrics, regarding whether or not a customer is sending high-quality emails.
The person (or application) that sends a request to AWS to perform a specific action. When AWS receives a request, it first evaluates the requester's permissions to determine whether the requester is allowed to perform the request action (if applicable, for the requested resource).
See Also Requester.
An Amazon S3 feature that allows a bucket owner to specify that anyone who requests access to objects in a particular bucket must pay the data transfer and request costs.
A collection of EC2 instances started as part of the same launch request. Not to be confused with a Reserved Instance.
A pricing option that lets you make a low, one-time payment for each instance to reserve and receive a significant discount on the hourly usage charge for that instance.
Matches sellers who have reserved capacity that they no longer need with buyers who are looking to purchase additional capacity. Reserved Instances that you purchase from third-party sellers will have less than a full standard term remaining and can be sold at different upfront prices. The usage or reoccurring fees will remain the same as the fees set when the Reserved Instances were originally purchased. Full standard terms for Reserved Instances available from AWS run for one year or three years.
An entity that users can work with in AWS, such as an EC2 instance, a DynamoDB table, an IAM user, an AWS OpsWorks stack, and so on.
Tools, code, and documents that AWS provides to support users.
A required element of an AWS CloudFormation stack. Each stack contains at least one resource, such as an Auto Scaling LaunchConfiguration. All resources in a stack must be created successfully for the stack to be created.
A value required when including an AWS resource in an AWS CloudFormation stack. Each resource may have one or more properties
associated with it. For example, an
AWS::EC2::Instance resource may
UserData property. In an AWS CloudFormation template,
resources must declare a properties section,
even if the resource has no properties.
Also called resource record set. Standard DNS terminology.
A type of HTTP-based request interface that generally uses only the GET or POST HTTP method and a query string with parameters. Sometimes known as Query. In some implementations of a REST interface, other HTTP verbs besides GET and POST are used.
Also known as Query or HTTP Query. This is a type of HTTP request that generally uses only the GET or POST HTTP method and a query string with parameters. Compare this with REST, which is a type of HTTP request that uses any HTTP method (GET, DELETE, POST, etc.), a resource, HTTP headers, and possibly a query string with parameters.
An Amazon CloudSearch index field option that enables the field's values to be returned in the search results.
The email address to which bounced emails are returned. The return path is specified in the header of the original email. This is different from the reply path.
A return to a previous state that follows the failure to create an object, such as AWS CloudFormation
stack. All resources associated with the failure
are deleted during the rollback. For AWS CloudFormation, you can override this behavior using the
--disable-rollback option on the command line.
Contains the image used to boot the instance. If you launched the instance from an AMI backed by instance store, this is an instance store volume created from a template stored in Amazon S3. If you launched the instance from an AMI backed by Amazon EBS, this is an Amazon EBS volume created from an Amazon EBS snapshot.
A set of routing rules that controls the traffic leaving any subnet that is associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.
A defined duration of time, such as one minute, over which CloudWatch computes a statistic.
A testing location where you can test the functionality of your application without affecting production, incurring charges, or purchasing products.
Amazon SES: An Amazon SES environment that is designed for developers to test and evaluate the service. In the sandbox, you have full access to the Amazon SES API, but you can only send messages to verified email addresses and the mailbox simulator. To get out of the sandbox, you need to apply for production access. Accounts in the sandbox also have lower sending limits than production accounts.
A process that changes the size, configuration, or makeup of an Auto Scaling group by launching or terminating instances. For more information, see Auto Scaling Concepts in the Auto Scaling Developer Guide.
The Amazon CloudSearch API that you use to submit search requests to a search domain.
Encapsulates your searchable data and the search instances that handle your search requests. You typically set up a separate Amazon CloudSearch domain for each different collection of data that you want to search.
An Amazon CloudSearch domain's indexing options, analysis schemes, expressions, suggesters, access policies, and scaling and availability options.
An Amazon CloudSearch index field option that enables the field data to be searched.
The URL that you connect to when sending search requests to a search domain. Each Amazon CloudSearch domain has a unique search endpoint that remains the same for the life of the domain.
A representation of your searchable data that facilitates fast and accurate data retrieval.
A compute resource that indexes your data and processes search requests. An Amazon CloudSearch domain has one or more search instances, each with a finite amount of RAM and CPU resources. As your data volume grows, more search instances or larger search instances are deployed to contain your indexed data. When necessary, your index is automatically partitioned across multiple search instances. As your request volume or complexity increases, each search partition is automatically replicated to provide additional processing capacity.
A request that is sent to an Amazon CloudSearch domain's search endpoint to retrieve documents from the index that match particular search criteria.
A document that matches a search request. Also referred to as a search hit.
A key that is used in conjunction with the access key ID to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and prevents the request from being altered. You can generate secret access keys for your AWS account, individual IAM users, and temporary sessions.
A named set of allowed inbound network connections for an instance. (Security groups in Amazon VPC also include support for outbound connections.) Each security group consists of a list of protocols, ports, and IP address ranges. A security group can apply to multiple instances, and multiple groups can regulate a single instance.
The person or entity sending an email message.
A Microsoft-controlled version of SPF. An email authentication and anti-spoofing system. For more information about Sender ID, go to http://wikipedia.org/wiki/Sender_ID.
The maximum number of emails that you can send using Amazon SES in a 24-hour period.
A web page showing up-to-the-minute information about AWS service availability. The dashboard is located at http://status.aws.amazon.com.
Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS has deprecated in favor of SHA256.
An Amazon Machine Image that a developer builds and makes available for others to use.
A predefined bootstrap action that launches a script that executes a series of commands in parallel before terminating the job flow.
Refers to a digital signature, which is a mathematical way to confirm the authenticity of a digital message. AWS uses signatures to authenticate the requests you send to our web services. For more information, to http://aws.amazon.com/security.
A file you copy to the root directory of your storage device. The file contains a job ID, manifest file, and a signature.
See Also Multi-AZ deployment.
An attribute with one value.
A search for a phrase that specifies how close the terms must be to one another to be considered a match.
Simple Mail Transfer Protocol. The standard that is used to exchange email messages between internet hosts for the purpose of routing and delivery.
Amazon Elastic Block Store creates snapshots or backups of your volumes and stores them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability.
A temporary email delivery failure such as "mailbox full."
A software appliance-based VPN connection over the Internet.
An Amazon CloudSearch index field option that enables a field to be used to sort the search results.
A security measure to verify that an EC2 instance is the origin of all traffic that it sends and the ultimate destination of all traffic that it receives, that is, that the instance is not relaying traffic. Source/destination checking is enabled by default. For instances that function as gateways, such as VPC NAT instances, source/destination checking must be disabled.
Unsolicited bulk email.
An email address that is set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. This is also called a honeypot.
Sender Policy Framework. A standard for authenticating email.
See Also http://www.openspf.org.
A type of EC2 instance that you can bid on to take advantage of unused Amazon EC2 capacity.
The price for a Spot Instance at any given time. If your maximum price exceeds the current price and your restrictions are met, Amazon EC2 launches instances on your behalf.
AWS CloudFormation: A collection of AWS resources you create and delete as a single unit.
AWS OpsWorks: A set of instances you manage collectively, typically because they have a common purpose such as serving PHP applications. A stack serves as a container and handles tasks that apply to the group of instances as a whole, such as managing applications and cookbooks.
A place at an AWS facility where we transfer your AWS Import/Export data on to, or off of, your storage device.
One of five functions of the values submitted for a given sampling period. These functions are "Maximum", "Minimum," "Sum," "Average," and "SampleCount."
The common root or substring shared by a set of related words.
The process of mapping related words to a common stem. This enables matching on variants of a word. For example, a search for "horse" could return matches for horses, horseback, and horsing, as well as horse. Amazon CloudSearch supports both dictionary based and algorithmic stemming.
A single function applied to the data in a job flow. The sum of all steps comprises a job flow.
The type of work done in a step. There are a limited number of step types, such as moving data from Amazon S3 to Amazon EC2 or from Amazon EC2 to Amazon S3.
A feature of the load balancer that binds a user's session to a specific application instance so that all requests coming from the user during the session are sent to the same application instance. By contrast, a load balancer defaults to route each request independently to the application instance with the smallest load.
The process of filtering stop words from an index or search request.
A word that is not indexed and is automatically filtered out of search requests because it is either insignificant or so common that including it would result in too many matches to be useful. Stop words are language-specific.
Amazon EMR: A utility that comes with Hadoop that enables you to develop MapReduce executables in languages other than Java.
CloudFront: The ability to use a media file in real time—as it is transmitted in a steady stream from a server.
A special kind of distribution that serves streamed media files using a Real Time Messaging Protocol (RTMP) connection.
Before you calculate an HMAC signature, you first assemble the required components in a canonical order. The pre-encrypted string is the string-to-sign.
Search criteria specified using the Amazon CloudSearch structured query language. You use the structured query language to construct compound queries that use advanced search options and combine multiple search criteria using Boolean operators.
A segment of the IP address range of a VPC that EC2 instances can be attached to. You can create subnets to group instances according to security and operational needs.
An HTML-coded button that enables an easy way to charge customers a recurring fee.
Specifies an Amazon CloudSearch index field you want to use to get autocomplete suggestions and options that can enable fuzzy matches and control how suggestions are sorted.
Documents that contain a match for the partial search string in the field designated by the suggester. Amazon CloudSearch suggestions include the document IDs and field values for each matching document. To be a match, the string must match the contents of the field starting from the beginning of the field.
A word that is the same or nearly the same as an indexed word
and that should produce the same results when specified in a search
request. For example, a search for "Rocky Four" or "Rocky 4" should
return the fourth Rocky movie. This can be done
by designating that
4 are synonyms
IV. Synonyms are language-specific.
The set of Qualifications that represent a worker's history and reputation. The Mechanical Turk system assigns these Qualifications to each worker, and continuously updates the values as they use the system.
Metadata (consisting of up to 10 key/value pairs) that you can define and assign to Amazon EC2 resources.
Also called labeling. A way to format return path email addresses so that you can specify a different return path for each recipient of a message. Tagging enables you to support VERP. For example, if Andrew manages a mailing list, he can use the return paths email@example.com and firstname.lastname@example.org so that he can determine which email bounced.
An EC2 instance that runs Hadoop map and reduce tasks, but does not store data. Task nodes are managed by the master node, which assigns Hadoop tasks to nodes and monitors their status. While a job flow is running you can increase and decrease the number of task nodes. Because they don't store data and can be added and removed from a job flow, you can use task nodes to manage the EC2 instance capacity your job flow uses, increasing capacity to handle peak loads and decreasing it later.
Task nodes only run a TaskTracker Hadoop daemon.
A contraction of tera binary byte, a tebibyte is 2^40 bytes or 1,099,511,627,776 bytes. A terabyte is 10^12 or 1,000,000,000,000 bytes.
The version of an AWS CloudFormation template design that
determines the available features. If you omit the
AWSTemplateFormatVersion section from your
template, AWS CloudFormation assumes the most recent format version.
The process of confirming the use of JSON code in an AWS CloudFormation
template. You can validate any AWS CloudFormation template using the
The means by which Amazon SES rejects your attempts to send email because you have exceeded your sending limits.
Data provided as part of a metric. The time value is assumed to be when the value occurred. A metric is the fundamental concept for CloudWatch and represents a time-ordered set of data points. You publish metric data points into CloudWatch and later retrieve statistics about those data points as a time-series ordered data set.
A date/time string in ISO 8601 format.
The process of splitting a stream of text into separate tokens on detectable boundaries such as whitespace and hyphens.
A communication channel to send messages and subscribe to notifications. It provides an access point for publishers and subscribers to communicate with each other.
A cryptographic protocol that provides security for communication over the Internet. Its predecessor is Secure Sockets Layer (SSL).
AWS accounts that the CloudFront distribution owner has given permission to create signed URLs for a distribution's content.
Selecting the number and type of AMIs to run a Hadoop job flow most efficiently.
A route for transmission of private network traffic that uses the Internet to connect nodes in the private network. The tunnel uses encryption and secure protocols such as PPTP to prevent the traffic from being intercepted as it passes through public routing nodes.
The number of potential occurrences is not limited by a set number. This value
is often used when defining a data type that is a list (for example,
maxOccurs="unbounded"), in Web Services Description Language.
Standard measurement for the values submitted to CloudWatch as metric data. Units include Seconds, Percent, Bytes, Bits, Count, Bytes/Second, Bits/Second, Count/Second, and None.
An AWS report giving details of your usage of a particular AWS service. You can generate and download usage reports from http://aws.amazon.com/usage-reports/.
A person or application under an account that needs to make API calls to AWS products. Each user has a unique name within the AWS account, and a set of security credentials not shared with other users. These credentials are separate from the AWS account's security credentials. Each user is associated with one and only one AWS account.
A customer credential returned to your product during product activation. The user token is a long, encoded string that AWS uses to identify the customer. Your product provides the customer's user token in each request for Amazon S3 the product makes on behalf of the customer. Every user token generated for a particular customer differs from the others because the creation time is one of the items making up the token value.
See template validation.
Instances of attributes for an item, such as cells in a spreadsheet. An attribute might have multiple values.
The amount you charge each customer on top of the cost of the AWS services they used.
The process of confirming that you own an email address or a domain so that you can send emails from or to it.
Variable Envelope Return Path. A way in which email sending applications can match bounced emails with the undeliverable address that caused the bounce by using a different return path for each recipient. VERP is typically used for mailing lists. With VERP, the recipient's email address is embedded in the address of the return path, which is where bounced emails are returned. This makes it possible to automate the processing of bounced emails without having to open the bounce messages, which may vary in content.
Every object in Amazon S3 has a key and a version ID. Objects with the same key, but different version IDs can be stored in the same bucket. Versioning is enabled at the bucket layer using PUT Bucket versioning.
Allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.
The period of time that a message is invisible to the rest of your application after an application component gets it from the queue. During the visibility timeout, the component that received the message usually processes it, and then deletes it from the queue. This prevents multiple components from processing the same message.
Virtual private cloud. An elastic network populated by infrastructure, platform, and application services that share common security and interconnection.
Virtual private gateway. The Amazon side of a VPN connection that maintains connectivity. The internal interfaces of the virtual private gateway connect to your VPC via the VPN attachment and the external interfaces connect to the VPN connection, which leads to the customer gateway.
See AWS VPN CloudHub.
Although VPN connection is a general term, we specifically mean the IPsec connection between a VPC and some other network, such as a corporate data center, home network, or co-location facility.
A language used to describe the actions that a web service can perform, along with the syntax of action requests and responses. Your SOAP or other toolkit interprets a WSDL file to provide your application access to the actions provided by the web service. For most toolkits, your application calls a service action using routines and classes provided or generated by the toolkit.