SAA-C03 Exam Glossary - 180 Terms

Search the terminology pack for AWS Certified Solutions Architect - Associate. Use these definitions with the study guide and practice questions.

Download App Study Guide Free Practice Exam

#

.csv: A comma-separated values file format mentioned as an example of transforming data between formats.
.parquet: A columnar data file format mentioned as an example of transforming data between formats.

A

ACM: AWS Certificate Manager, used for encrypting data in transit using TLS and renewing certificates.
active-active failover: A disaster recovery approach in which multiple active environments can take over if one fails.
ALB: Abbreviation for Application Load Balancer.
Amazon API Gateway: An AWS managed service used for API creation and management.
Amazon Athena: An AWS analytics service listed as an example of a data analytics and visualization service with appropriate use cases.
Amazon Aurora: An AWS relational database service compatible with MySQL and PostgreSQL engines.
Amazon CloudFront: An AWS edge networking service listed as an example of an edge networking service with appropriate use cases.
Amazon Comprehend: An AWS managed service listed as an example of AWS Managed Services use cases.
Amazon DynamoDB: An AWS managed non-relational database service.
Amazon EBS: An AWS block storage service.
Amazon EC2: An AWS service for resizable virtual servers in the cloud.
Amazon EC2 Auto Scaling: An AWS scalability service used as an example of a scalability capability with appropriate use cases.
Amazon ECS: An AWS service used for container orchestration.
Amazon EFS: An AWS managed file storage service.
Amazon EKS: An AWS service used for container orchestration.
Amazon ElastiCache: An AWS caching service listed as an example of a caching strategy and service.
Amazon EMR: An AWS compute service used for distributed data processing and listed as having appropriate use cases for high-performing compute solutions.
Amazon FSx: An AWS storage service used for managed file systems.
Amazon Kinesis: An AWS streaming data service listed as an example of a streaming data service with appropriate use cases.
Amazon Polly: An AWS managed service listed as an example of AWS Managed Services use cases.
Amazon QuickSuite: An AWS analytics and visualization service listed as an example of a data analytics and visualization service with appropriate use cases.
Amazon RDS: An AWS managed relational database service.
Amazon RDS Proxy: An AWS proxy service used as an example of proxy concepts.
Amazon Route 53: An AWS global infrastructure service listed as an example in the context of high availability and fault tolerance.
Amazon S3: An AWS object storage service.
Amazon SQS: An AWS managed service listed as an example of a service with specific use cases.
AMS: Abbreviation for AWS Managed Services.
Application Load Balancer: A load balancing service used as an example of load balancing concepts.
archival solution: A storage solution used to retain data long term at lower cost, typically with infrequent access.
auto scaling: Automatic adjustment of compute resources to match demand.
Availability Zones: Distinct locations within an AWS Region used for high availability and fault tolerance.
AWS: Amazon Web Services, the cloud platform referenced throughout the text for designing secure access, workloads, and data controls.
AWS Auto Scaling: An AWS service that automatically adjusts scalable resources; listed as an example of a scalability capability with appropriate use cases.
AWS Batch: An AWS compute service listed as having appropriate use cases for high-performing compute solutions.
AWS Budgets: An AWS cost management tool used to set cost or usage budgets and track progress against them.
AWS Certificate Manager: An AWS service used for encrypting data in transit using TLS and for renewing certificates.
AWS Cognito: An AWS security service listed as an example of a service with specific use cases for securing workloads and applications.
AWS Control Tower: An AWS service used to design a security strategy for multiple AWS accounts.
AWS Cost and Usage Report: An AWS report that provides detailed cost and usage data for analysis and billing visibility.
AWS Cost Explorer: An AWS cost management tool used to analyze and visualize AWS spending and usage patterns.
AWS DataSync: An AWS hybrid storage service used for data transfer and migration between on-premises and AWS storage services.
AWS Direct Connect: An AWS service that provides dedicated network connectivity between on-premises environments and AWS.
AWS Fargate: An AWS serverless technology and pattern used for running containers.
AWS Global Accelerator: An AWS networking service that improves global application performance by routing traffic through AWS edge locations.
AWS Glue: An AWS data transformation service listed as an example of a data transformation service with appropriate use cases.
AWS GuardDuty: An AWS security service listed as an example of a service with specific use cases for securing workloads and applications.
AWS IAM Identity Center: An AWS identity service used for federated access and identity management across AWS resources and accounts.
AWS KMS: AWS Key Management Service, used for encrypting data at rest and managing encryption keys.
AWS Lake Formation: An AWS service for building and governing data lakes, listed here as an example of a data analytics and visualization service with appropriate use cases.
AWS Lambda: An AWS serverless compute service used as an example of serverless technologies and patterns.
AWS Macie: An AWS security service listed as an example of a service with specific use cases for securing workloads and applications.
AWS Managed Services: An AWS service offering referenced as AMS, with specific use cases.
AWS Outposts: An AWS hybrid compute option that brings AWS infrastructure and services to on-premises locations.
AWS PrivateLink: An AWS network connection option listed as an example of a network connection option.
AWS Regions: Geographic areas in AWS that contain multiple Availability Zones.
AWS Secrets Manager: An AWS managed service listed as an example of a service with specific use cases.
AWS Shield: An AWS service used to secure applications, especially against distributed denial-of-service threats.
AWS Step Functions: An AWS service used for workflow orchestration.
AWS Storage Gateway: An AWS hybrid storage service that connects on-premises environments to AWS storage.
AWS STS: AWS Security Token Service, used in role-based access control and role switching.
AWS Transfer Family: An AWS managed service listed as an example of a service with specific use cases.
AWS Transit Gateway: An AWS networking service that connects multiple VPCs and on-premises networks through a central hub.
AWS VPN: An AWS network connection option listed as an example of a network connection option.
AWS WAF: AWS Web Application Firewall, used to secure applications by filtering web traffic.
AWS X-Ray: An AWS service used for workload visibility.

B

backup and restore: A disaster recovery strategy in which data is backed up and later restored after a failure.
backups: Copies of data implemented for recovery and protection.
batch uploads: A storage strategy that uploads data in groups rather than as individual uploads.
block storage: A storage type characterized by storing data in block-based form.

C

caching: A strategy for storing data so it can be reused efficiently, referenced here as a design consideration.
caching strategies: Methods for storing frequently used data in a faster-access layer to reduce latency and cost.
capacity units: A database capacity measurement used for planning and provisioning database resources.
CDN: Abbreviation for content delivery network.
CDNs: Content delivery networks used to cache and deliver content from edge locations.
certificates: Security certificates that can be renewed as part of data-in-transit protection.
cold tiering: A storage tiering approach that places infrequently accessed object data into a lower-cost tier.
columnar format: A database storage format that stores data by column rather than by row, often used for analytical workloads.
compliance requirements: Mandatory conditions that AWS technologies must meet for regulatory or organizational compliance.
containers: A deployment packaging and runtime approach that the text says may be migrated into and orchestrated.
content delivery network: An edge accelerator used to deliver content closer to users.
content delivery networks: Distributed networks that deliver content from locations closer to users to improve performance and reduce transfer costs.
cost allocation tags: AWS cost management tags used to attribute and organize costs by resource, team, or project for billing analysis.
cross-account access: Access to AWS resources across multiple AWS accounts.

D

data access: The ability to retrieve or use data, governed by access and governance controls.
data classification: The process of categorizing data according to sensitivity or handling requirements.
data governance: Controls and oversight for how data is managed, accessed, and protected.
data migration: The movement of data from one storage service or location to another.
data recovery: The process of restoring data after loss or failure.
data retention: The policy or practice of keeping data for a required period of time.
data retention policies: Rules that define how long data must be kept and when it can be deleted or archived.
database connections: The active links used by applications to communicate with a database.
database replication: The copying of database data to one or more additional locations or instances for availability or read scaling.
DDoS: Distributed denial-of-service, an external threat vector mentioned as a security concern.
directory service: An identity directory that can be federated with IAM roles.
disaster recovery: Strategies for restoring or maintaining systems after a disruptive event, including backup and restore, pilot light, warm standby, and active-active failover.
distributed design patterns: Design patterns used for systems whose components are spread across multiple nodes or services.
DNS: The Domain Name System, which translates domain names into IP addresses.
DR: Abbreviation for disaster recovery.
durability: A storage characteristic describing how well data survives failures.

E

EC2 hibernation: An Amazon EC2 feature that pauses an instance and preserves its memory state for later resume.
edge caching: Caching content at edge locations closer to users to reduce latency and network transfer costs.
edge processing: A distributed compute strategy that processes data closer to where it is generated or consumed.
encryption: The process of protecting data by converting it into a form that requires a key to read.
encryption keys: Keys used to encrypt data, for which access policies must be implemented and rotation performed.
event-driven architectures: Architectures in which components react to events rather than relying on direct, tightly coupled interactions.

F

failover: The process of switching to a standby or redundant system when the primary system fails.
federate: To connect a directory service with IAM roles for access management.
file storage: A storage type characterized by storing data in file-based form.

G

Gateway Load Balancer: An AWS load balancer used to distribute traffic to virtual appliances.

H

HDD: Hard disk drive volume types used as a block storage option.
hibernation: A scaling-related state in which an instance is paused and later resumed, preserving its memory state.
horizontal scaling: Scaling by adding more instances or nodes to handle increased load.

I

IAM: AWS Identity and Access Management, the service used to manage users, groups, roles, policies, and authorization for access to AWS resources.
IAM users: AWS identities used to authenticate and access AWS resources under an authorization model.
immutable infrastructure: An infrastructure approach in which deployed components are not modified in place after deployment.
internet: The public network used as one of the connectivity options mentioned for AWS networking.

K

key management: The administration of encryption keys, including access policies, rotation, and lifecycle handling.

L

Layer 4: The transport layer in the OSI model.
Layer 7: The application layer in the OSI model.
lifecycle: The managed stages of data handling covered by policies for access, retention, and protection.

M

MFA: Multi-factor authentication, a security control used for AWS users including IAM users and root users.
microservices: An architectural style in which applications are designed as small, independently deployable services; the text highlights stateless workloads as a design principle compared with stateful workloads.
multi-account billing: An AWS cost management feature that consolidates billing across multiple AWS accounts.
multi-tier architectures: Architectures organized into multiple layers or tiers.
MySQL: A relational database engine mentioned as a choice for selecting an appropriate database engine.

N

NAT gateway: An AWS network service that enables instances in private subnets to access the internet while preventing inbound internet connections.
NAT gateways: Network address translation gateways used as VPC security components.
NAT instance: An EC2 instance configured to provide network address translation for private subnet traffic.
network ACLs: Network access control lists used as VPC security components to control network traffic.
Network Load Balancer: An AWS load balancer that operates at Layer 4 and is used for high-performance network traffic distribution.

O

object storage: A storage type characterized by storing data as objects.

P

pilot light: A disaster recovery strategy in which a minimal core environment is kept running and expanded during recovery.
policies: Permission documents used in AWS to define what actions are allowed or denied for users, groups, roles, or resources.
PostgreSQL: A relational database engine mentioned as a choice for selecting an appropriate database engine.
principle of least privilege: A security best practice that grants only the minimum permissions necessary to perform a task.
private subnets: Subnets used in network segmentation strategies that are not publicly accessible.
Provisioned IOPS: A database capacity-planning metric or configuration related to provisioned input/output operations per second.
proxies: Intermediate services that sit between clients and databases to manage or optimize connections.
public subnets: Subnets used in network segmentation strategies that are publicly accessible.
publish/subscribe: A messaging pattern in which publishers send messages to topics and subscribers receive messages of interest.

R

read replicas: Replicas used primarily to serve read traffic.
replication: The copying of data or resources to additional locations or systems for resilience.
replications: Copies of data maintained in another location or system as part of data protection and recovery.
Requester Pays: An S3 access option in which the requester, rather than the bucket owner, pays the data transfer and request costs for accessing the object storage.
Reserved Instances: An AWS purchasing option that provides discounted pricing in exchange for a commitment to use capacity over a term.
resource policies: Policies attached to AWS resources that determine who can access those resources.
REST API: An API style mentioned as an example of API creation and management.
role-based access control: An authorization strategy that grants access based on roles, including use of AWS STS, role switching, and cross-account access.
roles: IAM entities that can be assumed to grant permissions for access, including cross-account access and role switching.
root users: The top-level AWS account identities that should be secured using AWS security best practices.
route tables: Basic networking constructs used to direct network traffic.
RPO: Recovery point objective; the maximum acceptable amount of data loss measured in time.
RTO: Recovery time objective; the maximum acceptable time to restore service after a disruption.

S

S3 object lifecycles: Lifecycle rules that manage how Amazon S3 objects transition between storage classes or expire over time.
Savings Plans: An AWS purchasing option that offers discounted pricing in exchange for a commitment to a consistent amount of usage.
SCPs: Service control policies used to govern permissions across multiple AWS accounts.
security groups: VPC security components used to control traffic to resources.
serverless computing: A compute model where AWS manages server provisioning and scaling, and customers focus on code and events.
service control policies: Policies used with AWS Control Tower to govern permissions across multiple AWS accounts.
service quotas: Limits on the amount of a service that can be used.
shared responsibility model: The AWS security model that divides security responsibilities between AWS and the customer.
snapshot frequency: How often database snapshots are taken for backup and retention purposes.
Spot Instances: An AWS purchasing option for spare EC2 capacity at lower cost, with the tradeoff that capacity can be interrupted.
SQL injection: An external threat vector in which malicious SQL is used to attack an application.
SSD: Solid state drive volume types used as a block storage option.
stateful workloads: Workloads that retain state information between requests.
stateless workloads: Workloads that do not retain session or state information between requests.
storage auto scaling: Automatic adjustment of storage capacity when workload demand requires it.
storage tier: A cost or access class within a storage system, such as a lower-cost tier for infrequently accessed data.

T

throttling: The intentional limiting of request rate or throughput when usage exceeds allowed limits.
time series format: A database data format optimized for storing and querying time-ordered measurements.
TLS: Transport Layer Security, used with AWS Certificate Manager to encrypt data in transit.

V

vertical scaling: Scaling by increasing the resources of a single instance or node.
VPC: Virtual Private Cloud, the AWS networking construct used to design secure architectures with components such as security groups, route tables, network ACLs, and NAT gateways.
VPC endpoints: Private connections that allow access to AWS services without traversing the public internet.
VPC peering: A networking connection between two VPCs that allows private routing between them.
VPN: A private encrypted network connection used for secure communication over public networks.

W

warm standby: A disaster recovery strategy in which a scaled-down but ready environment is maintained for faster recovery.

About These Definitions

These definitions are loaded from the shared release pack. Use them with the study guide and practice questions to connect vocabulary to exam scenarios.

Download App Read the full study guide Take the free practice exam