Train GRC Glossary

  1. Access Keys

    A set of credentials used to gain access to an AWS account and make calls against AWS APIs.

  2. Amazon GuardDuty

    Amazon GuardDuty is an threat detection tool in AWS that is pre-configured to detect a number of potential AWS-specific threats to your workloads.

  3. Amazon Inspector

    Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

  4. Amazon S3

    Amazon Simple Storage Service is a service that allows any individual or company to store data with arbitrary sizes and data structures.

  5. API (Application Programming Interface)

    a software intermediary that allows two applications to interact, commonly by making web requests.

  6. AWS Account

    the smallest complete unit of AWS services that exist. You can’t use AWS without using an account.

  7. AWS CLI (Command-Line Interface)

    a tool to allow users to interact with various AWS services and resource capabilities via API using text commands.

  8. AWS CloudShell

    a browser-based shell that allows you to use AWS resources with pre-authentication from your console credentials.

  9. AWS CloudTrail

    a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

  10. AWS EC2

    Amazon Elastic Compute Cloud (Amazon EC2) is a web service that allows developers to provision virtual networks and servers in the cloud.

  11. AWS IAM

    AWS Identity and Access Management allows you to specify who can access specific AWS services and resources, and under which conditions.

  12. AWS Organizations

    allows an organization to manage a large # of accounts using centralized controls and management capabilities.

  13. AWS Resources

    the “atomic” unit for AWS. An individual resource may represent an IAM “User” or EC2 “Instance” (Virtual Server).

  14. AWS Services

    the aggregation of common resources. AWS IAM and AWS EC2 are examples of services that aggregate IAM principals and EC2 Virtual Servers.

  15. AWS SSO

    AWS Single Sign-On (AWS SSO) is a centralized administration tool where you can control and customize access for (primarily) human identities.

  16. Human Identities

    Anyone internally or externally that has access to your AWS environments and applications.

  17. IAM Principal

    a user, role or group in AWS IAM that has access to AWS resources.

  18. IAM Role

    an IAM identity that can be set with specific permissions and can be used by anyone that is allowed "assume", or gain access to, it.

  19. IAM User

    name and credentials used in AWS to represent a specific person or application that interacts in an AWS environment. It can only be used by that person or application.

  20. IaaS (Infrastructure as a Service)

    a cloud computing service provider manages servers and storage, networking firewalls/security, and the data center for you. You control the hosted applications, development tools, database management, business analytics, and operating systems. Compared to PaaS (Platform as a Service) and SaaS (Software as a Service), this offers the most access to the end user.

  21. IdP

    IAM Identity Providers (IdP) allow you to manage identities of external users of AWS, using SSO instead of creating new IAM users.

  22. IoT (The Internet of Things)

    physical things that are connected through a network to the internet.

  23. Machine Identities

    Any internal or external tools that make requests on your behalf to AWS services, if the tool is provided its own unique identity.

  24. MFA (Multi-factor authentication)

    an authentication feature for account login that requires you to use an additional trusted device or token to validate your identity.

  25. PaaS (Platform as a Service)

    a cloud computing service provider manages servers and storage, networking firewalls/security, data center buildings, development tools, database management, business analytics, and operating systems for you. You control the hosted applications. This offers you more access than SaaS (Software as a Service), but less than IaaS (Infrastructure as a Service).

  26. OU (Organizational Unit)

    allows you to group accounts together to administer as a single unit.

  27. SaaS (Software as a Service)

    a cloud computing service provider controls everything for you - including servers and storage, networking firewalls/security, data center buildings, development tools, database management, business analytics, operating systems, and hosted applications. Compared to IaaS (Infrastructure as a Service) and PaaS (Platform as a Service), this offers you the least access.

  28. Service Control Policies (SCPs)

    are a type of organization policy that you can use to manage the maximum allowed permissions for IAM principals in AWS.

  29. S3 Buckets

    containers that are used to store your data in Amazon S3. You must create one of these before you upload anything to S3. When you upload data to s3, you are uploading that data to a specific “bucket”.

  30. Trusted Access

    gives you the ability to allow an AWS trusted service to perform tasks within your organization. This allows centralized security management of AWS accounts.

  31. Workload

    the target of what you are auditing, which might consist of a subset of resources in a single AWS account or be a collection of multiple resources spanning multiple AWS accounts. A small business might have only a few workloads while a large enterprise might have thousands.

Train GRC Academy