Glossary

IT & Cloud glossary

233 key terms and acronyms from across IT & Cloud certifications, in plain English. Definitions are simplified for learning; the official exam outlines are authoritative.

Access tier: Hot, Cool or Archive storage for cost vs access speed.
Access token: A credential issued after authentication that an app presents to access a protected API or resource.
ACL: Access Control List - filters traffic by rules.
Administrative distance: Trustworthiness ranking of a route source.
API Gateway: A managed front door for creating and securing APIs.
API Management: A service to publish, secure, throttle and monitor APIs behind a single gateway.
App Engine: A managed platform-as-a-service for deploying applications without managing servers.
App Service: Managed hosting for web apps and APIs.
Application Insights: An Azure Monitor feature that collects telemetry to monitor app performance and diagnose problems.
Application Migration Service: Lift-and-shift migration of servers to AWS.
Aurora: AWS's managed MySQL- and PostgreSQL-compatible database.
Auto Scaling: Automatically adjusts capacity to demand.
Availability zone: A physically separate location within an Azure region, used to design for high availability against datacentre failure.
Availability Zone (AZ): One or more isolated data centres within a Region.
AWS Organizations: Central management of multiple AWS accounts.
Azure Backup: A service for backing up and restoring Azure (and on-premises) data and workloads.
Azure Cache for Redis: An in-memory cache used to speed up applications by storing frequently accessed data.
Azure Container Instances: A service for running a single container quickly without orchestration; useful for simple or short-lived workloads.
Azure Functions: A serverless, event-driven compute service that runs small pieces of code (triggered by HTTP, timers, queues and more) without managing servers.
Azure Migrate: A service for assessing and migrating on-premises servers, databases and apps to Azure.
Azure Monitor: Metrics, logs and alerts for resources.
Azure Policy: A governance service that enforces rules on resources, such as allowed regions or required tags, to keep deployments compliant.
Azure Site Recovery: A disaster-recovery service that replicates workloads to another region and orchestrates failover.
Azure SQL Database: A managed relational database service for cloud-native applications.
Backend: The configuration that determines where state is stored and, sometimes, where operations run.
BigQuery: A serverless, highly scalable data warehouse for analytics using SQL.
Bigtable: A wide-column NoSQL database for large-scale analytical and operational workloads.
Binding: A declarative connection between a Function and a service, used to pass data in or out without writing connection code.
Blob storage: Azure object storage for unstructured data such as files, images and backups, organised into containers.
Built-in function: A function provided by Terraform (for strings, numbers, collections and more) used within configuration.
Canary deployment: Releasing to a small share of traffic first.
CDN: A Content Delivery Network that caches content at edge locations to reduce latency for users.
CIDR: Slash notation for a subnet mask (e.g., /24).
Cloud CDN: A content delivery network that caches content near users to reduce latency.
Cloud computing: On-demand IT resources delivered over the internet, pay-as-you-go.
Cloud Functions: An event-driven, serverless compute service for running small pieces of code in response to triggers.
Cloud Interconnect: A service providing dedicated, private connectivity between on-premises networks and Google Cloud.
Cloud KMS: Key Management Service for creating and managing cryptographic keys.
Cloud Load Balancing: A managed service that distributes traffic across instances, globally or regionally.
Cloud Logging: A service for storing, searching and analysing log data across Google Cloud.
Cloud Monitoring: A service for collecting metrics and building dashboards and alerts to observe systems.
Cloud Run: A serverless service for running containers that scales automatically, including to zero.
Cloud SQL: A managed relational database service supporting MySQL, PostgreSQL and SQL Server.
Cloud Storage: Object storage for unstructured data, organised into buckets with different storage classes.
CloudFormation: Infrastructure as code using declarative templates.
CloudFront: Content delivery network (CDN).
CloudTrail: Records account API activity for audit and governance.
CloudWatch: Monitoring: metrics, logs, dashboards and alarms.
CloudWatch Alarm: Triggers an action when a metric crosses a threshold.
Cognito: User sign-up, sign-in and identity for applications.
Compute Engine: Google Cloud's virtual machine service (infrastructure as a service) for running workloads on VMs.
Conditional access: A policy feature in Microsoft Entra that grants or blocks access based on signals such as user, device, location and risk.
Config: Tracks resource configuration and compliance.
ConfigMap: Non-secret configuration injected into pods.
Consistency level: A Cosmos DB setting that trades off data freshness against latency and availability, from strong to eventual.
Container Apps: A serverless container service for running microservices and containerised apps without managing the underlying cluster.
Control plane: The components that manage the cluster (API server, scheduler, controller manager, etcd).
Control Tower: Sets up and governs a secure multi-account environment.
CoreDNS: The cluster's DNS for service discovery.
Cosmos DB: A globally distributed, multi-model NoSQL database with tunable consistency.
CronJob: Runs a Job on a schedule.
Cross-account role: An IAM role assumed from another account for access.
Data source: A block that reads existing information from a provider without creating anything.
Default gateway: The router a device uses to reach other networks.
Dependency: A relationship between resources; Terraform infers order from references, or you set it explicitly with depends_on.
Deployment: Manages a replicated set of pods and rolling updates.
Deployment slot: A live staging environment in App Service that lets you deploy and test, then swap into production with no downtime.
DHCP: Automatically assigns IP addresses.
Direct Connect: A dedicated private network link from on-premises to AWS.
Disaster recovery: The plan and tooling to restore service in another location after a major outage.
Disaster recovery (DR): Strategies (backup/restore, pilot light, warm standby, multi-site) to recover from failure.
DMS: Database Migration Service for moving databases.
DNS: Resolves names to IP addresses.
DynamoDB: Managed NoSQL key-value database.
EBS: Elastic Block Store - block storage for EC2.
EBS vs instance store: Persistent block storage versus ephemeral local disk.
EC2: Elastic Compute Cloud - virtual servers.
ECS / EKS / Fargate: Container orchestration (ECS/EKS) and serverless containers (Fargate).
EFS: Elastic File System - shared file storage.
Elastic IP: A static, reassignable public IPv4 address.
Elastic Load Balancing (ELB): Distributes traffic across targets.
ElastiCache: Managed in-memory cache (Redis or Memcached).
Elasticity: Scaling up and down automatically.
ELB: Elastic Load Balancing - distributes traffic across targets.
etcd: The key-value store holding all cluster state; backed up and restored in the exam.
EtherChannel: Bundled links acting as one for bandwidth/redundancy.
Event Grid: A service for routing discrete events (such as a file uploaded) to handlers in an event-driven architecture.
Event Hubs: A high-throughput service for ingesting large streams of telemetry or event data.
EventBridge: Event bus for routing events and automated responses.
ExpressRoute: A private, dedicated connection to Azure.
Firestore: A flexible, scalable document (NoSQL) database for application data.
Google Kubernetes Engine (GKE): A managed Kubernetes service for running containerised workloads with orchestration.
HCL: HashiCorp Configuration Language: the declarative language used to write Terraform configurations.
HCP Terraform: HashiCorp's managed service (formerly Terraform Cloud) for remote runs, shared state and collaboration.
High availability: Designing a system to keep running despite component failures, typically with redundancy across zones or regions.
Hub-and-spoke: A network topology with a central hub VNet for shared services and peered spoke VNets for workloads.
Hybrid cloud: A mix of public and private.
Hybrid identity: An identity model that connects on-premises Active Directory with Microsoft Entra so users have one identity across both.
IaaS: Infrastructure as a Service - you manage OS and apps.
IAM: Identity and Access Management - users, roles and policies.
IAM role: Temporary credentials assumed by services or users.
Infrastructure as code (IaC): Defining and managing infrastructure through configuration files so it is versioned, repeatable and reviewable.
Ingress: Routes external HTTP/S traffic to services.
Input variable: A parameter that lets you pass values into a configuration or module.
Internet Gateway: Connects a VPC to the public internet.
Job: Runs a pod to completion for a batch task.
Key Vault: An Azure service for securely storing and accessing secrets, keys and certificates.
Kinesis: Real-time streaming-data ingestion and processing.
KMS: Key Management Service - manages encryption keys.
kubeadm: Tool to bootstrap and manage a cluster.
kubectl: The command-line tool to build and deploy on the cluster.
Lambda: Serverless functions that run code on demand.
Landing Zone: A pre-configured, secure multi-account baseline.
Liveness probe: A check that restarts a container if it is unhealthy.
Log Analytics: Queries and analyses collected log data.
LRS / ZRS / GRS: Storage redundancy: local, zone, or geo.
Managed Identity: An identity managed by Azure that lets a resource authenticate to other services without storing credentials in code.
Management group: A container above subscriptions used to apply governance, policy and access across many subscriptions at once.
Microsoft Entra: Azure's identity and access service (formerly Azure Active Directory) for authenticating users and applications.
Microsoft Entra ID: Azure's identity service (formerly Azure AD).
Module: A reusable, parameterised group of resources that can be called with inputs and expose outputs.
Multi-AZ: Deploying across Availability Zones for high availability.
Multi-container pod: A pod running helper containers (e.g., sidecar) alongside the main one.
Multi-Region: Designing across AWS Regions for resilience or latency.
NACL: Network ACL - a stateless subnet-level firewall.
Namespace: A virtual cluster used to scope resources.
NAT: Network Address Translation, private to public.
NAT Gateway: Lets private-subnet resources reach the internet outbound only.
NetworkPolicy: Rules controlling traffic between pods.
Node: A worker machine that runs pods.
NSG: Network Security Group - stateful firewall rules.
On-Demand / Reserved / Spot: EC2 pricing: pay-as-you-go, committed discount, or cheap-but-interruptible.
OSPF: A link-state dynamic routing protocol.
Output value: A value a configuration or module exposes after apply, such as an IP address.
PaaS: Platform as a Service - the platform is managed for you.
Partition key: The property Cosmos DB uses to distribute data across partitions; choosing it well is key to performance and scale.
PAT: Port Address Translation - many private IPs to one public.
Patch management: Keeping systems updated, often via Systems Manager.
Peering: Connecting two VNets privately.
PersistentVolume (PV): Cluster storage provisioned for use by pods.
PersistentVolumeClaim (PVC): A pod's request for storage.
Pod: The smallest deployable unit; one or more containers sharing a network and storage.
Port security: Restricts which devices can use a switch port.
Private cloud: Cloud resources used by a single organisation.
Private endpoint: A network interface that connects privately to an Azure service over the Microsoft backbone, avoiding the public internet.
Project: The basic Google Cloud organising unit that groups resources, billing and permissions.
Provider: A plugin that lets Terraform manage a platform's resources, such as AWS, Azure or Google Cloud.
Public cloud: Resources owned and run by a cloud provider.
Public registry: The Terraform Registry, a source of official and community modules and providers.
Queue Storage: A simple, durable message queue for decoupling parts of an application.
RBAC: Role-Based Access Control: granting permissions by assigning roles to users, groups or identities at a defined scope.
RDS: Relational Database Service - managed SQL databases.
Read replica: A read-only copy of a database that scales read traffic.
Readiness probe: A check that controls whether a pod receives traffic.
Region: A geographic area containing multiple Availability Zones.
Region pair: Two linked Azure regions used together for resilience and disaster recovery.
Remote state: State stored in a shared backend so a team can collaborate safely.
ReplicaSet: Keeps a stable number of pod replicas running.
Resource: A block describing a piece of infrastructure Terraform creates and manages, such as a virtual machine.
Resource group: A logical container for related resources.
Resource hierarchy: The organisation, folders, projects and resources structure used to organise and govern Google Cloud.
Resource lock: Prevents accidental change or deletion.
Resource requests/limits: The CPU/memory a container requests and is capped at.
REST API: A web interface used in network automation.
Right-sizing: Matching instance size to actual need to cut cost.
Rolling update: Replacing pods gradually to avoid downtime.
Route 53: Managed DNS and routing.
Routing table: The list a router uses to choose paths.
RPO: Recovery Point Objective: the maximum acceptable data loss, expressed as the age of the last recoverable data.
RTO: Recovery Time Objective: the maximum acceptable time to restore a system after an outage.
RTO / RPO: Recovery time and recovery point objectives.
S3: Simple Storage Service - scalable object storage.
S3 storage classes: Tiers such as Standard, Infrequent Access and Glacier for cost vs access.
SaaS: Software as a Service - fully managed software you just use.
SAS: Shared Access Signature granting limited storage access.
SAS token: A Shared Access Signature: a time-limited, scoped token granting access to a storage resource without sharing the account key.
Scalability: Adding capacity to meet demand.
Scale Set: A group of identical, auto-scaling VMs.
Secret: Sensitive data injected into pods.
Security group: A stateful virtual firewall for instances.
SecurityContext: Security settings (user, privileges) for a pod or container.
Serverless: Running code/services without managing servers (Lambda, Fargate).
Service: A stable network endpoint for a set of pods.
Service account: A special identity used by applications and VMs (rather than people) to authenticate to Google Cloud services.
Service Bus: An enterprise messaging service with queues and topics for reliably decoupling components.
Service Control Policy (SCP): Org-wide guardrails limiting what accounts can do.
ServiceAccount: An identity for processes running in a pod.
Shared responsibility: The split of security duties between provider and customer.
Site-to-Site VPN: An encrypted tunnel from an on-premises network to a VPC.
SLA: Service Level Agreement - the provider's uptime commitment.
Snapshot: A point-in-time backup of a volume or database.
SNS: Simple Notification Service - publish/subscribe messaging.
Solutions Architect Expert: The expert-level Azure credential earned by passing AZ-305, certifying you can design Azure solutions.
Spanner: A globally distributed, strongly consistent relational database that scales horizontally.
SQL Managed Instance: A managed SQL service offering near-full SQL Server compatibility for lift-and-shift migrations.
SQS: Simple Queue Service - decoupling via message queues.
SQS vs SNS: A pull-based queue (point-to-point) versus push-based pub/sub (fan-out).
State: Terraform's record of the real-world resources it manages, used to map configuration to reality.
State file: The file (often terraform.tfstate) that stores the current state.
State locking: A mechanism that prevents concurrent operations from corrupting the state.
Static route: A manually configured route.
Storage account: The container for blobs, files, queues and tables.
Storage class: A Cloud Storage setting (standard, nearline, coldline, archive) trading storage cost against access frequency.
StorageClass: Defines how storage is dynamically provisioned.
STP: Spanning Tree Protocol - prevents switching loops.
STS: Security Token Service - issues temporary credentials.
Subnet: A logical division of an IP network.
Subnet mask: Defines which part of an IP is network vs host.
Subscription: A billing and management boundary in Azure that groups resources and applies limits and policies.
Switch vs router: Forwards within a LAN vs between networks.
Systems Manager: Operate and automate resources at scale.
Tag: A label used to organise and track resources and cost.
Taint / Toleration: Mechanisms controlling which pods schedule onto which nodes.
TCO: Total Cost of Ownership - full cost of running workloads.
Tenant: A dedicated instance of Entra ID for an organisation.
Terraform: An open-source IaC tool that provisions infrastructure across many providers using a declarative configuration and a plan/apply workflow.
terraform apply: The command that makes the changes described by the configuration and plan.
terraform destroy: The command that removes the infrastructure Terraform manages.
terraform import: A command that brings existing, unmanaged infrastructure under Terraform's management in state.
terraform init: The command that initialises a working directory and downloads the required providers.
terraform plan: The command that previews the changes Terraform will make to reach the desired state, without applying them.
The 7 Rs: Migration strategies: rehost, replatform, repurchase, refactor, retire, retain, relocate.
Transit Gateway: A hub connecting many VPCs and on-premises networks.
Trigger: The event that starts an Azure Function, such as an HTTP request, a timer, or a new message on a queue.
Trunk: A link carrying multiple VLANs (802.1Q tagging).
Trusted Advisor: Recommendations for cost, security and performance.
Virtual Machine: A cloud-hosted server you fully control.
VLAN: A logical segment of a switched network.
VNet: Virtual Network - your private network in Azure.
Volume: Storage attached to a pod.
VPC: Virtual Private Cloud - your isolated private network in AWS.
Well-Architected Framework: AWS design pillars: security, reliability, performance, cost, operations, sustainability.
Workspace: A way to maintain multiple distinct states from the same configuration, for example per environment.