AAD
See additional authenticated data.
access identifiers
See credentials.
ACL
See access control list (ACL).
active trusted signers
See active trusted key groups.
additional authenticated data
Information that's checked for integrity but not encrypted, such as headers or other contextual metadata.
AppSpec file
See application specification file.
asymmetric encryption
Encryption that uses both a public key and a private key.
asynchronous bounce
A type of bounce that occurs when a receiver initially accepts an email message for delivery and then subsequently fails to deliver it.
atomic counter
DynamoDB: A method of incrementing or decrementing the value of an existing attribute without interfering with other write requests.
AUC
Area Under a Curve. An industry-standard metric to evaluate the quality of a binary classification machine learning model. AUC measures the ability of the model to predict a higher score for positive examples, those that are “correct,” than for negative examples, those that are “incorrect.” The AUC metric returns a decimal value from 0 to 1. AUC values near 1 indicate an ML model that's highly accurate.
authenticated encryption
Encryption that provides confidentiality, data integrity, and authenticity assurances of the encrypted data.
authentication
The process of proving your identity to a system.
Auto Scaling group
A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.
Availability Zone
A distinct location within a Region that's insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same Region.
block device
A storage device that supports reading and (optionally) writing data in fixed-size blocks, sectors, or clusters.
block device mapping
A mapping structure for every AMI and instance that specifies the block devices attached to the instance.
blue/green deployment
CodeDeploy: A deployment method where the instances in a deployment group (the original environment) are replaced by a different set of instances (the replacement environment).
bootstrap action
A user-specified default or custom action that runs a script or an application on all nodes of a job flow before Hadoop starts.
Border Gateway Protocol Autonomous System Number
See BGP ASN.
bounce
A failed email delivery attempt.
cache cluster
A logical cache distributed over multiple cache nodes. A cache cluster can be set up with a specific number of cache nodes.
cache engine version
The version of the Memcached service that's running on the cache node.
cache node
A fixed-size chunk of secure, network-attached RAM. Each cache node runs an instance of the Memcached service, and has its own DNS name and port. Multiple types of cache nodes are supported, each with varying amounts of associated memory.
cache node type
An EC2 instance type used to run the cache node.
cache parameter group
A container for cache engine parameter values that can be applied to one or more cache clusters.
canned access policy
A standard access control policy that you can apply to a bucket or object. Options include: private, public-read, public-read-write, and authenticated-read.
capacity
The amount of available compute size at a given time. Each Auto Scaling group is defined with a minimum and maximum compute size. A scaling activity increases or decreases the capacity within the defined minimum and maximum values.
Cartesian product processor
A processor that calculates a Cartesian product. Also known as a Cartesian data processor.
Cartesian product
A mathematical operation that returns a product from multiple sets.
CDN
See content delivery network (CDN).
CIDR block
Classless Inter-Domain Routing. An internet protocol address allocation and route aggregation methodology.
See also Classless Inter-Domain Routing in Wikipedia.
ciphertext
Information that has been encrypted, as opposed to plaintext, which is information that has not.
ClassicLink
A feature for linking an EC2-Classic instance to a VPC, allowing your EC2-Classic instance to communicate with VPC instances using private IP addresses.
See also link to VPC.
See also unlink from VPC.
classification
In machine learning, a type of problem that seeks to place (classify) a data sample into a single category or “class.” Often, classification problems are modeled to choose one category (class) out of two. These are binary classification problems. Problems with more than two available categories (classes) are called "multiclass classification" problems.
See also binary classification model.
See also multiclass classification model.
cloud service provider (CSP)
A company that provides subscribers with access to internet-hosted computing, storage, and software services.
cluster compute instance
A type of instance that provides a great amount of CPU power coupled with increased networking performance, making it well suited for High Performance Compute (HPC) applications and other demanding network-bound applications.
cluster placement group
A logical cluster compute instance grouping to provide lower latency and high-bandwidth connectivity between the instances.
CMK
See customer master key (CMK).
CNAME
Canonical Name Record. A type of resource record in the Domain Name System (DNS) that specifies that the domain name is an alias of another, canonical domain name. Specifically, it's an entry in a DNS table that you can use to alias one fully qualified domain name to another.
conditional parameter
See mapping.
consistency model
The method a service uses to achieve high availability. For example, it could involve replicating data across multiple servers in a data center.
See also eventual consistency.
container
A Linux container that was created from a Docker image as part of a task.
container definition
Specifies which Docker image to use for a container, how much CPU and memory the container is allocated, and more options. The container definition is included as part of a task definition.
container registry
Stores, manages, and deploys Docker images.
core node
An EC2 instance that runs Hadoop map and reduce tasks and stores data using the Hadoop Distributed File System (HDFS). Core nodes are managed by the master node, which assigns Hadoop tasks to nodes and monitors their status. The EC2 instances you assign as core nodes are capacity that must be allotted for the entire job flow run. Because core nodes store data, you can't remove them from a job flow. However, you can add more core nodes to a running job flow.
Core nodes run both the DataNodes and TaskTracker Hadoop daemons.
dashboard
See service health dashboard.
database engine
The database software and version running on the DB instance.
database name
The name of a database hosted in a DB instance. A DB instance can host multiple databases, but databases hosted by the same DB instance must each have a unique name within that instance.
DB compute class
The size of the database compute platform used to run the instance.
DB instance
An isolated database environment running in the cloud. A DB instance can contain multiple user-created databases.
DB parameter group
A container for database engine parameter values that apply to one or more DB instances.
DB security group
A method that controls access to the DB instance. By default, network access is turned off to DB instances. After inbound traffic is configured for a security group, the same rules apply to all DB instances associated with that group.
DB snapshot
A user-initiated point backup of a DB instance.
Dedicated Host
A physical server with EC2 instance capacity fully dedicated to a user.
Dedicated Instance
An instance that's physically isolated at the host hardware level and launched within a VPC.
Dedicated Reserved Instance
An option that you purchase to guarantee that sufficient capacity will be available to launch Dedicated Instances into a VPC.
deliverability
The likelihood that an email message will arrive at its intended destination.
deny
The result of a policy statement that includes deny as the effect, so that a specific action or actions are expressly forbidden for a user, group, or role. Explicit deny take precedence over explicit allow.
dimension
A name–value pair (for example, InstanceType=m1.small, or EngineName=mysql), that contains additional information to identify a metric.
DKIM
DomainKeys Identified Mail. A standard that email senders use to sign their messages. ISPs use those signatures to verify that messages are legitimate. For more information, see https://tools.ietf.org/html/rfc6376.
DNS
See Domain Name System.
Docker image
A layered file system template that's the basis of a Docker container. Docker images can comprise specific operating systems or applications.
Domain Name System
A service that routes internet traffic to websites by translating friendly domain names (for example, www.example.com) into the numeric IP addresses, such as 192.0.2.1 that computers use to connect to each other.
Donation button
An HTML-coded button to provide an easy and secure way for US-based, IRS-certified 501(c)3 nonprofit organizations to solicit donations.
elastic network interface
An additional network interface that can be attached to an instance. Elastic network interfaces include a primary private IP address, one or more secondary private IP addresses, an Elastic IP Address (optional), a MAC address, membership in specified security groups, a description, and a source/destination check flag. You can create an elastic network interface, attach it to an instance, detach it from an instance, and attach it to another instance.
encrypt
To use a mathematical algorithm to make data unintelligible to unauthorized users. Encryption also gives authorized users a method (such as a key or password) to convert the altered data back to its original state.
envelope encryption
The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.
environment configuration
A collection of parameters and settings that define how an environment and its associated resources behave.
ephemeral store
See instance store.
epoch
The date from which time is measured. For most Unix environments, the epoch is January 1, 1970.
ETL
See extract, transform, and load (ETL).
eventually consistent read
A read process that returns data from only one Region and might not show the most recent write information. However, if you repeat your read request after a short time, the response should eventually return the latest data.
See also data consistency.
See also eventual consistency.
See also strongly consistent read.
eviction
The deletion by CloudFront of an object from an edge location before its expiration time. If an object in an edge location isn't frequently requested, CloudFront might evict the object (remove the object before its expiration date) to make room for objects that are more popular.
exbibyte (EiB)
A contraction of exa binary byte, an exbibyte is 2^60 or 1,152,921,504,606,846,976 bytes. An exabyte (EB) is 10^18 or 1,000,000,000,000,000,000 bytes. 1,024 EiB is a zebibyte (ZiB).
expiration
For CloudFront caching, the time when CloudFront stops responding to user requests with an object. If you don't use headers or CloudFront distribution settings to specify how long you want objects to stay in an edge location, the objects expire after 24 hours. The next time a user requests an object that has expired, CloudFront forwards the request to the origin.
exponential backoff
A strategy that incrementally increases the wait between retry attempts in order to reduce the load on the system and increase the likelihood that repeated requests will succeed. For example, client applications might wait up to 400 milliseconds before attempting the first retry, up to 1600 milliseconds before the second, and up to 6400 milliseconds (6.4 seconds) before the third.
FBL
See feedback loop (FBL).
federated user
See federated identity management (FIM).
federation
See federated identity management (FIM).
feedback loop (FBL)
The mechanism by which a mailbox provider (for example, an internet service provider (ISP)) forwards a recipient's complaint back to the sender.
field weight
The relative importance of a text field in a search index. Field weights control how much matches in particular text fields affect a document's relevance score.
FIM
See federated identity management (FIM).
format version
See template format version.
forums
See discussion forums.
function
See intrinsic function.
fuzzy search
A simple search query that uses approximate string matching (fuzzy matching) to correct for typographical errors and misspellings.
geospatial search
A search query that uses locations specified as a latitude and longitude to determine matches and sort the results.
gibibyte (GiB)
A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes. A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte (TiB).
GitHub
A web-based repository that uses Git for version control.
global secondary index
An index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered global because queries on the index can span all of the data in a table, across all partitions.
See also local secondary index.
grant token
A type of identifier that allows the permissions in a grant to take effect immediately.
ground truth
The observations used in the machine learning (ML) model training process that include the correct value for the target attribute. To train an ML model to predict house sales prices, the input observations would typically include prices of previous house sales in the area. The sale prices of these houses constitute the ground truth.
group
A collection of IAM users. You can use IAM groups to simplify specifying and managing permissions for multiple users.
Hadoop
Software that enables distributed processing for big data by using clusters and simple programming models. For more information, see http://hadoop.apache.org.
hard bounce
A persistent email delivery failure such as "mailbox does not exist."
hardware VPN
A hardware-based IPsec VPN connection over the internet.
high-quality email
Email that recipients find valuable and want to receive. Value means different things to different recipients and can come in such forms as offers, order confirmations, receipts, or newsletters.
hit
A document that matches the criteria specified in a search request. Also referred to as a search result.
HVM virtualization
Hardware Virtual Machine virtualization. Allows the guest VM to run as though it's on a native hardware platform, except that it still uses paravirtual (PV) network and storage drivers for improved performance.
See also PV virtualization.
IAM policy simulator
See policy simulator.
identity provider (IdP)
An IAM entity that holds metadata about external identity providers.
IdP
See identity provider (IdP) .
in-place deployment
CodeDeploy: A deployment method where the application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated. You can choose to use a load balancer so each instance is deregistered during its deployment and then restored to service after the deployment is complete.
inline policy
An IAM policy that's embedded in a single IAM user, group, or role.
instance family
A general instance type grouping using either storage or CPU capacity.
instance group
A Hadoop cluster contains one master instance group that contains one master node, a core instance group containing one or more core node and an optional task node instance group, which can contain any number of task nodes.
instance profile
A container that passes IAM role information to an EC2 instance at launch.
instance store
Disk storage that's physically attached to the host computer for an EC2 instance, and therefore has the same lifespan as the instance. When the instance is terminated, you lose any data in the instance store.
instance type
A specification that defines the memory, CPU, storage capacity, and usage cost for an instance. Some instance types are designed for standard applications, whereas others are designed for CPU-intensive, memory-intensive applications, and so on.
internet gateway
Connects a network to the internet. You can route traffic for IP addresses outside your VPC to the internet gateway.
internet service provider (ISP)
A company that provides subscribers with access to the internet. Many ISPs are also mailbox providers. Mailbox providers are sometimes referred to as ISPs, even if they only provide mailbox services.
IP address
A numerical address (for example, 192.0.2.44) that networked devices use to communicate with one another using the Internet Protocol (IP). All EC2 instances are assigned two IP addresses at launch, which are directly mapped to each other through network address translation (NAT): a private IP address (following RFC 1918) and a public IP address. Instances launched in a VPC are assigned only a private IP address. Instances launched in your default VPC are assigned both a private IP address and a public IP address.
ISP
See internet service provider (ISP).
JSON
JavaScript Object Notation. A lightweight data interchange format. For information about JSON, see http://www.json.org/.
junk folder
The location where email messages that various filters determine to be of lesser value are collected so that they don't arrive in the recipient's inbox but are still accessible to the recipient. This is also referred to as a spam or bulk folder.
key pair
A set of security credentials that you use to prove your identity electronically. A key pair consists of a private key and a public key.
key prefix
A logical grouping of the objects in a bucket. The prefix value is similar to a directory name that you can use to store similar data under the same directory in a bucket.
kibibyte (KiB)
A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB) is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB).
labeled data
In machine learning, data for which you already know the target or “correct” answer.
lifecycle
The lifecycle state of the EC2 instance contained in an Auto Scaling group. EC2 instances progress through several states over their lifespan; these include Pending, InService, Terminating and Terminated.
lifecycle action
An action that can be paused by Auto Scaling, such as launching or terminating an EC2 instance.
lifecycle hook
A feature for pausing Auto Scaling after it launches or terminates an EC2 instance so that you can perform a custom action while the instance isn't in service.
link to VPC
The process of linking (or attaching) an EC2-Classic instance to a ClassicLink-enabled VPC.
See also ClassicLink.
See also unlink from VPC.
local secondary index
An index that has the same partition key as the table, but a different sort key. A local secondary index is local in the sense that every partition of a local secondary index is scoped to a table partition that has the same partition key value.
See also local secondary index.
Mail Transfer Agent (MTA)
Software that transports email messages from one computer to another by using a client-server architecture.
mailbox provider
An organization that provides email mailbox hosting services. Mailbox providers are sometimes referred to as internet service provider (ISP)s, even if they only provide mailbox services.
main route table
The default route table that any new VPC subnet uses for routing. You can associate a subnet with a different route table of your choice. You can also change which route table is the main route table.
marker
See pagination token.
mebibyte (MiB)
A contraction of mega binary byte, a mebibyte is 2^20 or 1,048,576 bytes. A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte (GiB).
member resources
See resource.
metric name
The primary identifier of a metric, used in combination with a namespace and optional dimensions.
MFA
See multi-factor authentication (MFA).
micro instance
A type of EC2 instance that's more economical to use if you have occasional bursts of high CPU activity.
MIME
See Multipurpose Internet Mail Extensions (MIME).
MTA
See Mail Transfer Agent (MTA).
Multi-AZ deployment
A primary DB instance that has a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to the standby replica.
multiclass classification model
A machine learning model that predicts values that belong to a limited, pre-defined set of permissible values. For example, "Is this product a book, movie, or clothing?"
multi-valued attribute
An attribute with more than one value.
multipart upload
A feature that you can use to upload a single object as a set of parts.
Multipurpose Internet Mail Extensions (MIME)
An internet standard that extends the email protocol to include non-ASCII text and nontext elements, such as attachments.
Multitool
A cascading application that provides a simple command-line interface for managing large datasets.
namespace
An abstract container that provides context for the items (names, or technical terms, or words) it holds, and allows disambiguation of homonym items residing in different namespaces.
NAT
Network address translation. A strategy of mapping one or more IP addresses to another while data packets are in transit across a traffic routing device. This is commonly used to restrict internet communication to private instances while allowing outgoing traffic.
See also Network Address Translation and Protocol Translation.
See also NAT gateway.
See also NAT instance.
NAT instance
A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound internet traffic.
See also NAT gateway.
network ACL
An optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. You can associate multiple subnets with a single network ACL, but a subnet can be associated with only one network ACL at a time.
Network Address Translation and Protocol Translation
(NAT-PT) An internet protocol standard defined in RFC 2766.
See also NAT instance.
See also NAT gateway.
n-gram processor
A processor that performs n-gram transformations.
See also n-gram transformation.
NICE Desktop Cloud Visualization
A remote visualization technology for securely connecting users to graphic-intensive 3D applications hosted on a remote, high-performance server.
operation
An API function. Also called an action.
original environment
The instances in a deployment group at the start of an CodeDeploy blue/green deployment.
OSB transformation
Orthogonal sparse bigram transformation. In machine learning, a transformation that aids in text string analysis and that's an alternative to the n-gram transformation. OSB transformations are generated by sliding the window of size n words over the text, and outputting every pair of words that includes the first word in the window.
See also n-gram transformation.
OU
See organizational unit.
pagination
The process of responding to an API request by returning a large list of records in small separate parts. Pagination can occur in the following situations:
The client sets the maximum number of returned records to a value below the total number of records.
The service has a default maximum number of returned records that's lower than the total number of records.
When an API response is paginated, the service sends a subset of the large list of records and a pagination token that indicates that more records are available. The client includes this pagination token in a subsequent API request, and the service responds with the next subset of records. This continues until the service responds with a subset of records and no pagination token, indicating that all records have been sent.
pagination token
A marker that indicates that an API response contains a subset of a larger list of records. The client can return this marker in a subsequent API request to retrieve the next subset of records until the service responds with a subset of records and no pagination token, indicating that all records have been sent.
See also pagination.
paravirtual virtualization
See PV virtualization.
part
A contiguous portion of the object's data in a multipart upload request.
partition key
A simple primary key, composed of one attribute (also known as a hash attribute).
See also partition key.
See also sort key.
PAT
Port address translation.
pebibyte (PiB)
A contraction of peta binary byte, a pebibyte is 2^50 or 1,125,899,906,842,624 bytes. A petabyte (PB) is 10^15 or 1,000,000,000,000,000 bytes. 1,024 PiB is an exbibyte (EiB).
period
See sampling period.
plaintext
Information that has not been encrypted, as opposed to ciphertext.
presigned URL
A web address that uses query string authentication.
principal
The user, service, or account that receives permissions that are defined in a policy. The principal is A in the statement "A has permission to do B to C."
private subnet
A VPC subnet whose instances can't be reached from the internet.
properties
See resource property.
public subnet
A subnet whose instances can be reached from the internet.
PV virtualization
Paravirtual virtualization. Allows guest VMs to run on host systems that don't have special support extensions for full hardware and CPU virtualization. Because PV guests run a modified operating system that doesn't use hardware emulation, they can't provide hardware-related features, such as enhanced networking or GPU support.
See also HVM virtualization.
Query
A type of web service that generally uses only the GET or POST HTTP method and a query string with parameters in the URL.
See also REST.
queue
A sequence of messages or jobs that are held in temporary storage awaiting transmission or processing.
queue URL
A web address that uniquely identifies a queue.
range GET
A request that specifies a byte range of data to get for a download. If an object is large, you can break up a download into smaller units by sending multiple range GET requests that each specify a different byte range to GET.
raw email
A type of sendmail request with which you can specify the email headers and MIME types.
receiver
The entity that consists of the network systems, software, and policies that manage email delivery for a recipient.
Redis
A fast, open-source, in-memory key-value data structure store. Redis comes with a set of versatile in-memory data structures with which you can easily create a variety of custom applications.
regression model
A type of machine learning model that predicts a numeric value, such as the exact purchase price of a house.
regularization
A machine learning (ML) parameter that you can tune to obtain higher-quality ML models. Regularization helps prevent ML models from memorizing training data examples instead of learning how to generalize the patterns it sees (called overfitting). When training data is overfitted, the ML model performs well on the training data, but doesn't perform well on the evaluation data or on new data.
replacement environment
The instances in a deployment group after the CodeDeploy blue/green deployment.
reply path
The email address that an email reply is sent to. This is different from the return path.
representational state transfer
See REST.
reservation
A collection of EC2 instances started as part of the same launch request. Not to be confused with a Reserved Instance.
Reserved Instance
A pricing option for EC2 instances that discounts the on-demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.
resource record
Also called resource record set. The fundamental information elements in the Domain Name System (DNS).
See also Domain Name System in Wikipedia.
REST
Representational state transfer. A simple stateless architecture that generally runs over HTTPS/TLS. REST emphasizes that resources have unique and hierarchical identifiers (URIs), are represented by common media types (such as HTML, XML, or JSON), and that operations on the resources are either predefined or discoverable within the media type. In practice, this generally results in a limited number of operations.
See also Query.
See also WSDL.
See also SOAP.
RESTful web service
Also known as RESTful API. A web service that follows REST architectural constraints. The API operations must use HTTP methods explicitly; expose hierarchical URIs; and transfer either XML, JSON, or both.
return path
The email address that bounced email is returned to. The return path is specified in the header of the original email. This is different from the reply path.
route table
A set of routing rules that controls the traffic leaving any subnet that's associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.
scale in
To remove EC2 instances from an Auto Scaling group.
scale out
To add EC2 instances to an Auto Scaling group.
scaling policy
A description of how Auto Scaling should automatically scale an Auto Scaling group in response to changing demand.
See also scale in.
See also scale out.
scaling activity
A process that changes the size, configuration, or makeup of an Auto Scaling group by launching or terminating instances.
scheduler
The method used for placing tasks on container instances.
SCP
See service control policy.
sender
The person or entity sending an email message.
Sender ID
A Microsoft-controlled version of SPF. An email authentication and anti-spoofing system. For more information about Sender ID, see Sender ID in Wikipedia.
service endpoint
See endpoint.
Simple Mail Transfer Protocol
See SMTP.
Simple Object Access Protocol
See SOAP.
SIMS recipe
See item-to-item similarities (SIMS) recipe.
Single-AZ DB instance
A standard (non-Multi-AZ) DB instance that's deployed in one Availability Zone, without a standby replica in another Availability Zone.
See also Multi-AZ deployment.
sloppy phrase search
A search for a phrase that specifies how close the terms must be to one another to be considered a match.
SMTP
Simple Mail Transfer Protocol. The standard that's used to exchange email messages between internet hosts for the purpose of routing and delivery.
SOAP
Simple Object Access Protocol. An XML-based protocol that you can use to exchange information over a particular protocol (for example, HTTP or SMTP) between applications.
See also REST.
See also WSDL.
soft bounce
A temporary email delivery failure such as one resulting from a full mailbox.
software VPN
A software appliance-based VPN connection over the internet.
sort key
An attribute used to sort the order of partition keys in a composite primary key (also known as a range attribute).
See also partition key.
See also primary key.
source/destination checking
A security measure to verify that an EC2 instance is the origin of all traffic that it sends and the ultimate destination of all traffic that it receives; that is, that the instance isn't relaying traffic. Source/destination checking is turned on by default. For instances that function as gateways, such as VPC NAT instances, source/destination checking must be disabled.
spam
Unsolicited bulk email.
spamtrap
An email address that's set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. This is also called a honeypot.
SPF
Sender Policy Framework. A standard for authenticating email.
SSE
See server-side encryption (SSE).
SSL
Secure Sockets Layer
See also Transport Layer Security (TLS).
statistic
One of five functions of the values submitted for a given sampling period. These functions are Maximum, Minimum, Sum, Average, and SampleCount.
stem
The common root or substring shared by a set of related words.
sticky session
A feature of the Elastic Load Balancing load balancer that binds a user's session to a specific application instance so that all requests coming from the user during the session are sent to the same application instance. By contrast, a load balancer defaults to route each request independently to the application instance with the smallest load.
stopping
The process of filtering stop words from an index or search request.
stopword
A word that isn't indexed and is automatically filtered out of search requests because it's either insignificant or so common that including it would result in too many matches to be useful. Stopwords are language specific.
streaming distribution
A special kind of distribution that serves streamed media files using a Real Time Messaging Protocol (RTMP) connection.
string-to-sign
Before you calculate an HMAC signature, you first assemble the required components in a canonical order. The preencrypted string is the string-to-sign.
strongly consistent read
A read process that returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful—regardless of the Region.
See also data consistency.
See also eventual consistency.
See also eventually consistent read.
subnet
A segment of the IP address range of a VPC that an EC2 instance can be attached to. You can create subnets to group instances according to security and operational needs.
Subscription button
An HTML-coded button that provides an easy way to charge customers a recurring fee.
symmetric encryption
Encryption that uses a private key only.
See also asymmetric encryption.
synchronous bounce
A type of bounce that occurs while the email servers of the sender and receiver are actively communicating.
synonym
A word that's the same or nearly the same as an indexed word and that should produce the same results when specified in a search request. For example, a search for "Rocky Four" or "Rocky 4" should return the fourth Rocky movie. This can be done by designating that four and 4 are synonyms for IV. Synonyms are language specific.
table
A collection of data. Similar to other database systems, DynamoDB stores data in tables.
task
An instantiation of a task definition that's running on a container instance.
task definition
The blueprint for your task. Specifies the name of the task, revisions, container definitions, and volume information.
task node
An EC2 instance that runs Hadoop map and reduce tasks, but doesn't store data. Task nodes are managed by the master node, which assigns Hadoop tasks to nodes and monitors their status. While a job flow is running you can increase and decrease the number of task nodes. Because they don't store data and can be added and removed from a job flow, you can use task nodes to manage the EC2 instance capacity your job flow uses, increasing capacity to handle peak loads and decreasing it later.
Task nodes only run a TaskTracker Hadoop daemon.
tebibyte (TiB)
A contraction of tera binary byte, a tebibyte is 2^40 or 1,099,511,627,776 bytes. A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a pebibyte (PiB).
timestamp
A date/time string in ISO 8601 format.
TLS
See Transport Layer Security (TLS).
tokenization
The process of splitting a stream of text into separate tokens on detectable boundaries such as white space and hyphens.
topic
A communication channel to send messages and subscribe to notifications. It provides an access point for publishers and subscribers to communicate with each other.
Transport Layer Security (TLS)
A cryptographic protocol that provides security for communication over the internet. Its predecessor is Secure Sockets Layer (SSL).
trust policy
An IAM policy that's an inherent part of an IAM role. The trust policy specifies which principals are allowed to use the role.
trusted signers
See trusted key groups.
tuning
Selecting the number and type of AMIs to run a Hadoop job flow most efficiently.
tunnel
A route for transmission of private network traffic that uses the internet to connect nodes in the private network. The tunnel uses encryption and secure protocols such as PPTP to prevent the traffic from being intercepted as it passes through public routing nodes.
unbounded
The number of potential occurrences isn't limited by a set number. This value is often used when defining a data type that's a list (for example, maxOccurs="unbounded"), in WSDL.
unlink from VPC
The process of unlinking (or detaching) an EC2-Classic instance from a ClassicLink-enabled VPC.
See also ClassicLink.
See also link to VPC.
validation
See template validation.
value
Instances of attributes for an item, such as cells in a spreadsheet. An attribute might have multiple values.
Variable Envelope Return Path
See VERP.
verification
The process of confirming that you own an email address or a domain so that you can send email from or to it.
VERP
Variable Envelope Return Path. A way that email-sending applications can match bounced email with the undeliverable address that caused the bounce by using a different return path for each recipient. VERP is typically used for mailing lists. With VERP, the recipient's email address is embedded in the address of the return path, which is where bounced email is returned. This makes it possible to automate the processing of bounced email without having to open the bounce messages, which might vary in content.
VGW
See virtual private gateway (VGW).
virtualization
Allows multiple guest virtual machines (VM) to run on a host operating system. Guest VMs can run on one or more levels above the host hardware, depending on the type of virtualization.
See also PV virtualization.
See also HVM virtualization.
virtual private cloud
See VPC.
visibility timeout
The period of time that a message is invisible to the rest of your application after an application component gets it from the queue. During the visibility timeout, the component that received the message usually processes it, and then deletes it from the queue. This prevents multiple components from processing the same message.
volume
A fixed amount of storage on an instance. You can share volume data between more than one container and persist the data on the container instance when the containers are no longer running.
VPC
Virtual private cloud. An elastic network populated by infrastructure, platform, and application services that share common security and interconnection.
VPG
See virtual private gateway (VGW).
Web Services Description Language
See WSDL.
WSDL
Web Services Description Language. A language used to describe the actions that a web service can perform, along with the syntax of action requests and responses.
See also REST.
See also SOAP.
X.509 certificate
A digital document that uses the X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the entity described in the certificate.
yobibyte (YiB)
A contraction of yotta binary byte, a yobibyte is 2^80 or 1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or 1,000,000,000,000,000,000,000,000 bytes.
zebibyte (ZiB)
A contraction of zetta binary byte, a zebibyte is 2^70 or 1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or 1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB).