Cloud Glossary

Defined set of rules for software components to communicate and interact, essential for integrating cloud services and microservices.

A cloud-based service that manages, secures, and scales APIs (Application Programming Interfaces) for applications and services.

The ability to automatically increase or decrease computing resources based on application demand. Helps manage cost and performance.

A physically separate data center within a cloud region, designed to offer high availability and fault tolerance.

Backups are data copies for recovery, while snapshots are point-in-time captures (e.g., EBS snapshots) used to restore systems. Both align with Recovery Point Objective (RPO) and Recovery Time Objective (RTO), which define acceptable data loss and restoration time.

Dedicated physical servers in a provider’s data center without virtualization layers, often used for high-performance or compliance workloads.

In cloud architecture, this refers to the potential scope of damage when a system or service fails. Architecting for low blast radius improves resilience.

Releasing new application versions by switching production traffic between two identical environments to minimize downtime and risk.

Tools that set spending thresholds, forecast future costs, and notify stakeholders when budgets are at risk of being exceeded.

Gradually rolling out a new version to a small subset of users or servers before full production release to detect issues early.

The practice of intentionally injecting failures into a system to test resilience and identify weaknesses.

Financial practices for allocating (chargeback) or reporting (showback) cloud costs back to teams or projects to promote accountability.

Automated practices for building, testing, and deploying software changes rapidly and reliably.

A cloud pricing model where you only pay for the resources you use. Offers cost flexibility and prevents overprovisioning.

A hybrid cloud strategy where applications run in a private cloud or data center and extend to a public cloud during demand spikes. It is ideal for handling sudden or seasonal traffic surges.

Cloud computing is the delivery of computing services such as servers, storage, databases, networking, software, and analytics over the internet. It allows organizations to access scalable resources on demand, improve operational efficiency, reduce infrastructure costs, and accelerate innovation without managing physical hardware.

The process of automatically identifying unusual spikes or drops in cloud spending using algorithms or monitoring tools. It helps teams detect misconfigurations, unauthorized usage, or unexpected workloads in real time.

Strategies to manage and reduce cloud spend while maintaining performance and availability.

A virtual server in the cloud, customizable based on CPU, memory, storage, or GPU needs. Used to run applications without managing physical hardware.

A virtual server in the cloud, customizable based on CPU, memory, storage, or GPU needs. Used to run applications without managing physical hardware.

Dedicated, high-throughput private connections between on-prem infrastructure and public cloud providers, bypassing the public internet for better performance and security.

An online store provided by cloud vendors where users can find, test, and deploy third-party applications and services.

The process of moving data, applications, or workloads from on-premises infrastructure or other clouds to cloud environments, involving detailed planning, testing, and execution.

Applications built specifically for cloud environments using microservices, containers, DevOps, and CI/CD to enable scalability, resilience, and agility.

A specific geographical location where a cloud provider has data centers. Often consists of multiple AZs.

The process of moving workloads or data from public cloud environments back to private infrastructure or on-prem, often driven by cost, latency, or compliance.

A set of tools and practices to safeguard cloud data, applications, and infrastructure, covering identity, access control, encryption, and continuous monitoring.

Storage systems designed specifically for containerized, microservices-based applications, such as object storage like Amazon S3 or Google Cloud Storage.

The latency experienced when a serverless function is invoked after a period of inactivity, requiring the cloud provider to spin up resources before execution.

Regulatory frameworks and requirements (e.g., PCI-DSS, HIPAA, GDPR) governing data privacy, security, and handling.

A flexible infrastructure design where compute, storage, and networking resources are abstracted and delivered as services via APIs. This is used in modern hybrid cloud platforms.

The processing power used to run applications, execute tasks, and manage workloads in the cloud. It includes virtual machines, containers, and bare metal servers.

A cloud security technology that protects data while it is being processed by encrypting it in memory using trusted execution environments (TEEs).

Tools (e.g., Ansible, Chef, Puppet) that automate the setup, configuration, and maintenance of servers and applications.

A lightweight, portable software unit that packages an application and its dependencies, ensuring consistent performance across different environments.

Automated management of containerized applications, including deployment, scaling, and networking, often using Kubernetes or Docker Swarm.

Distributed network of edge servers that cache and deliver web content closer to users to reduce latency and improve performance.

Manages orchestration, policies, and configurations in a cloud or container environment.

Example: In Kubernetes, the API server is part of the control plane

A service that helps set up and govern multi-account AWS environments using pre-configured blueprints for security, identity, and compliance.

Automated assessment and continuous monitoring of cloud configurations to ensure alignment with security best practices and compliance standards.

Security tools that protect workloads across virtual machines, containers, and serverless functions.

A cloud service where virtual desktops are hosted by a third party and accessed remotely by users on any device. Enables secure, flexible desktop access without local infrastructure.

Refers to data that leaves a cloud provider’s infrastructure, often a key factor in pricing and compliance, especially in multi-cloud or hybrid scenarios.

Handles the actual processing and movement of data within a system based on instructions from the control plane.

Example: In Kubernetes, the kubelet and container runtime are part of the data plane.

Legal or policy requirement that dictates where data must be stored or processed. This is critical in industries like finance and healthcare, and in regions like the EU or India.

Concept that data is subject to the laws and governance structures within the nation it is collected or stored, impacting cloud deployment decisions.

A cloud service that provides access to a managed database without the need to set up or maintain the underlying infrastructure. Users can store, query, and manage data while the provider handles scalability, backups, and security.

Culture and set of practices combining software development and IT operations to shorten development cycles and ensure reliable releases.

A data center architecture where compute, storage, and networking resources are decoupled and managed independently. Common in hyperscaler and cloud-native setups.

Cloud-based systems and processes designed to recover data and systems in the event of failure, natural disaster, or cyberattack.

A managed service that orchestrates and replicates workloads to enable rapid recovery after a disruptive event.

Distributed computing paradigm where data processing is performed close to the data source or user to reduce latency and bandwidth use.

Lightweight, resource-constrained versions of Kubernetes (e.g., K3s, MicroK8s) designed to manage container workloads on edge devices and remote locations.

The ability of cloud resources to scale up or down dynamically based on real-time demand.

Process of encoding data to prevent unauthorized access at rest or in transit, using algorithms and keys.

The allowable margin of errors or downtime within an SLO period that guides release velocity.

A design paradigm where events trigger and communicate between decoupled services or components.

A serverless compute service where individual functions are executed in response to events without requiring server management.

A cross-functional discipline that brings together engineering, finance, and business teams to optimize cloud spending and improve cost accountability in cloud operations.

An operational framework that uses Git repositories as the single source of truth to automate and manage infrastructure and application deployments.

A virtualization technique allowing direct GPU access by VMs or containers, often used in ML/DL workloads on private cloud or edge deployments.

A cloud model that combines public and private cloud environments, allowing data and applications to move between them for greater flexibility, scalability, and workload optimization.

Cloud model providing virtualized computing resources like servers, storage, and networking, billed on a usage basis, letting users manage OS and applications.

Declarative tools and practices (e.g., Terraform, CloudFormation, ARM Templates) for provisioning and managing infrastructure.

A framework of policies and technologies for ensuring that the right individuals access the right resources in cloud environments.

A method of enabling users from external identity systems (e.g., corporate AD, Google Workspace) to access cloud resources using SSO without separate credentials.

Deploying new runtime environments for each release rather than modifying existing ones, ensuring consistency and easier rollback.

A paradigm where cloud resources (e.g., VMs, containers) are never updated after deployment instead, they are replaced, ensuring consistency and reducing drift.

The state when cloud infrastructure diverges from the defined Infrastructure-as-Code (IaC) configuration due to manual changes or system failures.

A managed service for creating, storing, rotating, and controlling access to cryptographic keys.

An open-source container orchestration platform used to automate deployment, scaling, and operations of application containers.

Custom controllers for automating complex application-specific tasks in Kubernetes, such as backups, upgrades, or scaling of stateful apps like databases.

The time delay between a request and its response. In cloud, lower latency means faster performance, especially for real-time applications.

A tool or service that distributes incoming traffic across multiple servers to ensure no single server is overwhelmed.

Distributes incoming network or application traffic across multiple servers or resources to enhance responsiveness and availability.

Cloud offerings where the provider handles infrastructure operations, maintenance, updates, and scaling (e.g., managed databases, managed Kubernetes).

A service that stores and forwards messages between producers and consumers, ensuring reliable delivery (e.g., Kafka, SQS).

An architectural approach where applications are broken into small, independent services that communicate over APIs. Each service focuses on a single function and can be developed, deployed, and scaled independently.

Tracking the performance, availability, and behavior of cloud services to identify and troubleshoot issues.

The use of cloud services from multiple providers, public or private, to enhance flexibility, reduce dependency on a single vendor, and optimize cost or performance.

It allows organizations to choose the best services from each provider based on specific needs.

A cloud architecture where multiple customers share the same physical infrastructure while remaining logically isolated. This approach is essential for SaaS platforms and ensures efficient resource utilization.

A stateless subnet-level firewall that controls inbound and outbound traffic in a VPC.

AWS’s custom-built hypervisor and hardware security module that offloads virtualization tasks from the host. It boosts performance and isolates workloads for enhanced security.

A performance issue in multi-tenant environments where one tenant’s workload negatively impacts the performance of others due to shared resource usage.

An open-source observability framework for instrumenting, generating, and exporting telemetry data (logs, metrics, traces).

A cloud service model that offers a complete development and deployment environment.

It allows developers to build, test, and manage applications without managing servers, storage, or networking.

A direct network connection between two cloud networks allowing private routing of traffic without traversing the public internet.

A network node close to end users used to deliver low-latency services (e.g., CDN edge sites).

Discounted virtual machines offered by cloud providers that can be terminated with short notice. Ideal for stateless or batch workloads.

A cloud infrastructure dedicated to a single organization, offering enhanced control, security, and customization. It can be hosted either on-premises or by an external provider.

A messaging pattern in which publishers send messages to topics and subscribers receive them asynchronously.

A cloud computing model where infrastructure and services are owned and managed by a third-party provider and delivered to multiple customers over the internet. Resources are shared, but each customer’s data and workloads remain isolated.

Cloud pricing option where capacity is reserved in advance for a discounted rate compared to on-demand pricing, typically for 1-3 years.

Incrementally updating application instances in batches to achieve zero-downtime deployments.

A cloud-based software delivery model where applications are accessed over the internet, usually through a web browser.

Tools and services for securely storing, rotating, and accessing credentials, API keys, and certificates.

A stateful virtual firewall attached to instances that controls inbound and outbound traffic at the instance level.

A cloud model where developers build and run applications without managing the underlying servers. The provider handles infrastructure scaling automatically.

A method to coordinate multiple serverless functions and services into a defined workflow using visual or code-based logic. It helps manage execution flow, retries, error handling, and task sequencing without provisioning infrastructure.

An infrastructure layer (e.g., Istio, Linkerd) that handles service-to-service communication, traffic management, and security in a microservices environment.

A formal agreement between a cloud provider and customer that defines uptime guarantees, support response times, and penalties for service failures.

A specific metric (e.g., latency, error rate) used to measure service performance.

A target value or range for an SLI that defines acceptable service performance over a time period.

An engineering approach that applies software development practices to infrastructure and operations to improve reliability and scalability.

A service that stores data on remote servers accessed over the internet. It includes Block Storage (ideal for databases), Object Storage (for media, backups), and File Storage (for shared files and directories), each optimized for specific performance and access needs.

A standardized approach to applying metadata tags to cloud resources for organization, cost tracking, and governance.

The collection of logs, metrics, and traces that provide operational visibility into system behavior.

Recording the flow of requests across services to diagnose performance issues and errors, often sampling requests to manage overhead.

A hub-and-spoke network service that connects multiple VPCs and on-premises networks through a central gateway.

The percentage of time a cloud service is operational and available. Providers usually guarantee uptime in their SLAs (e.g., 99.9%).

A situation where it becomes difficult to switch providers due to proprietary technologies, high migration costs, or data dependencies.

A situation where it becomes difficult to switch providers due to proprietary technologies, high migration costs, or data dependencies.

A software-based emulation of a physical computer that runs its own OS and apps. Multiple VMs can share one physical server, offering isolation and flexibility.

Isolated virtual network in a public cloud, allowing customers to define their own IP address ranges, subnets, route tables, and security settings.

A service that filters and monitors HTTP traffic to protect web applications from common attacks (e.g., SQL injection, XSS).

A modern security model used by cloud-native systems that assumes no implicit trust inside or outside the network; every access request must be continuously verified.