---

Cloud Computing
On-demand delivery of compute, storage, and networking over the internet with pay-as-you-go pricing.

Public Cloud
Cloud services delivered over the public internet and shared across multiple customers (tenants).

Private Cloud
Cloud infrastructure operated solely for one organization, on-premises or hosted, offering greater control and isolation.

Hybrid Cloud
A mix of on-premises/private cloud and public cloud resources connected to work as one environment.

Multicloud
Using services from two or more cloud providers to reduce lock-in, optimize cost, or improve resilience.

IaaS (Infrastructure as a Service)
Cloud model providing virtualized compute, storage, and networking that you configure and manage.

PaaS (Platform as a Service)
Managed platforms that handle runtime, middleware, and scaling so you focus on application code.

SaaS (Software as a Service)
Complete applications delivered via the web; the provider manages everything from infrastructure to updates.

FaaS / Serverless
Event-driven functions that run on demand without managing servers; you pay only for execution time.

Container
A lightweight, portable package that includes an application and its dependencies, sharing the host OS kernel.

Docker
A popular container platform and tooling for building, shipping, and running containers.

Kubernetes
An orchestration system that automates deployment, scaling, and management of containerized applications.

Microservices
An architectural style where applications are built as a suite of small, independently deployable services.

Virtual Machine (VM)
Software-based emulation of a computer that runs an OS and apps on virtualized hardware.

Hypervisor
Software that creates and runs virtual machines by abstracting physical hardware resources.

Bare Metal
Physical servers dedicated to a single tenant, offering maximum performance and hardware control.

VPC (Virtual Private Cloud)
A logically isolated network in the cloud where you define subnets, routing, and security controls.

Subnet
A segmented range of IP addresses within a VPC used to organize and secure resources.

Security Group
Stateful virtual firewall rules that control inbound and outbound traffic for instances.

Network ACL
Stateless, subnet-level rules that allow or deny traffic entering and leaving subnets.

Load Balancer
A service that distributes traffic across multiple targets to improve performance and availability.

Auto Scaling
Automatically adjusts the number of running resources based on demand or health signals.

High Availability (HA)
Design approach to minimize downtime using redundancy, failover, and resilient architectures.

Fault Tolerance
The ability of a system to continue operating properly even when components fail.

Disaster Recovery (DR)
Processes and tooling to restore services and data after a major outage or catastrophe.

RTO (Recovery Time Objective)
The maximum acceptable time to restore a service after an incident.

RPO (Recovery Point Objective)
The maximum acceptable amount of data loss measured in time before an incident.

Backup
A copy of data kept for restoration; often scheduled and stored off-site or cross-region.

Snapshot
A point-in-time image of a volume, disk, or resource used for backup or cloning.

Object Storage
Scalable storage that manages data as objects with metadata and IDs, ideal for unstructured data.

Block Storage
High-performance storage that presents raw volumes to be mounted by servers or VMs.

File Storage
Shared file systems accessible over network protocols like NFS or SMB.

CDN (Content Delivery Network)
A distributed network of edge servers that caches and serves content closer to users to reduce latency.

Edge Computing
Processing data near its source (at the network edge) to reduce latency and bandwidth usage.

DNS (Domain Name System)
The system that translates human-readable domain names to IP addresses.

Anycast
A routing method where the same IP is advertised from multiple locations; traffic goes to the nearest site.

Reverse Proxy
A server that sits in front of backend services to handle TLS, caching, routing, and protection.

WAF (Web Application Firewall)
Protects web apps by filtering and monitoring HTTP(S) traffic to block common attacks.

DDoS Protection
Services and techniques that absorb or mitigate distributed denial-of-service attacks.

TLS/SSL
Protocols that encrypt data in transit to secure communications between clients and servers.

Certificate Authority (CA)
An entity that issues digital certificates to verify identities on the internet.

PKI (Public Key Infrastructure)
The framework for managing keys and certificates to enable secure, trusted communications.

IAM (Identity & Access Management)
Policies, processes, and tools to authenticate users and authorize their access to resources.

SSO (Single Sign-On)
A method allowing users to access multiple apps with one set of login credentials.

OAuth 2.0
An authorization framework that lets apps obtain limited access to user resources without sharing passwords.

OpenID Connect (OIDC)
An identity layer on top of OAuth 2.0 that provides user authentication and profile data.

RBAC (Role-Based Access Control)
Access decisions based on user roles and assigned permissions.

Zero Trust
A security model that assumes no implicit trust; verify explicitly and limit access by least privilege.

API Gateway
A service that fronts APIs, handling routing, authentication, rate limiting, and observability.

REST API
An architectural style for building APIs using stateless operations over HTTP with resources and verbs.

GraphQL
A query language and runtime for APIs that lets clients request exactly the data they need.

Message Queue
A system for asynchronous communication where producers enqueue messages and consumers process them.

Event Streaming
Continuous, durable streams of events (e.g., Kafka) enabling real-time data pipelines and analytics.

Pub/Sub
Messaging pattern where publishers send messages to topics and subscribers receive them from those topics.

Cache
A fast data store that keeps frequently accessed data in memory to reduce latency and load.

Redis
An in-memory data structure store used for caching, queues, sessions, and real-time features.

Observability
An approach to understand system state using logs, metrics, and traces to diagnose issues.

Logging
Recording application and system events for debugging, audit, and compliance.

Metrics
Numerical time-series measurements (e.g., CPU, latency, errors) used to monitor system health.

Distributed Tracing
Tracking requests as they flow through services to pinpoint bottlenecks and failures.

APM (Application Performance Monitoring)
Tools that track performance, errors, and user experience of applications.

SLI / SLO / SLA
Indicators, objectives, and agreements defining and measuring service reliability targets and commitments.

CI/CD (Continuous Integration/Delivery)
Automation that builds, tests, and deploys code changes rapidly and reliably.

GitOps
A workflow where Git is the single source of truth and deployments are driven by pull requests.

Infrastructure as Code (IaC)
Managing and provisioning infrastructure through machine-readable configuration files.

Terraform
An IaC tool that provisions resources across multiple cloud providers using declarative configs.

Ansible
An automation tool for configuration management, provisioning, and application deployment.

CloudFormation
AWS’s native IaC service for modeling and provisioning AWS resources.

Helm
A package manager for Kubernetes that simplifies deploying and updating complex apps.

Secret Management
Secure storage, rotation, and access control for credentials, API keys, and certificates.

KMS (Key Management Service)
Managed cryptographic key storage and operations for encrypting data and controlling access.

Encryption at Rest
Protecting stored data by encrypting it on disk or in databases.

Encryption in Transit
Protecting data moving over networks using protocols like TLS.

Data Lake
A centralized repository for storing raw, large-scale data in its native format for analytics.

Data Warehouse
A structured repository optimized for querying and reporting on curated, processed data.

ETL / ELT
Data integration patterns: Extract-Transform-Load vs. Extract-Load-Transform in the target system.

FinOps (Cloud Cost Management)
Practices that align engineering and finance to optimize cloud spend and value.

Egress Fees
Charges incurred when data leaves a provider’s network or region.

Reserved / Committed Use
Discounted pricing in exchange for committing to use specific resources over a term.

Spot / Preemptible Instances
Deeply discounted compute capacity that can be reclaimed by the provider with short notice.

Pay-as-you-go
Billing model where you pay only for the resources you actually consume.

Governance
Policies and controls that guide how cloud resources are created, secured, and operated.

Compliance (e.g., GDPR)
Adhering to legal, regulatory, and industry standards for data protection and privacy.

Data Residency
Requirements or preferences for storing and processing data within specific geographic locations.

SLA Uptime (e.g., 99.9%)
A provider’s contractual availability target for a service over a given period.

Blue-Green Deployment
Releasing a new version alongside the old and switching traffic once validated to minimize downtime.

Canary Release
Gradually rolling out changes to a small subset of users to reduce risk.

Rolling Update
Updating instances in batches to keep the service available during deployment.

Health Check
Automated probes that verify whether an instance or service is functioning correctly.

Service Mesh
An infrastructure layer that handles service-to-service communication, security, and observability.

Sidecar Pattern
Deploying helper containers alongside app containers to add capabilities like proxies or log shippers.

WebSockets
A protocol enabling full-duplex, real-time communication between client and server.

HTTP/2
A newer HTTP version with multiplexing and header compression for faster loading.

HTTP/3 (QUIC)
A transport using QUIC/UDP to reduce latency and improve reliability on lossy networks.

Brotli / Gzip Compression
Algorithms that compress web assets to reduce bandwidth and improve load times.

CORS (Cross-Origin Resource Sharing)
Browser mechanism controlling whether web pages can request resources from different origins.

CSP (Content Security Policy)
A security header that restricts sources for scripts, styles, and other resources to mitigate XSS.

Rate Limiting
Restricting the number of requests a client can make in a time window to protect services.

Throttling
Deliberately slowing or limiting request processing when usage exceeds defined thresholds.

Idempotency
Property of operations that can be repeated without changing the result, crucial for reliable APIs.