Glossary of Terms

This is a glossary of terms used in our documentation.

12-Factor

The 12 Factor Pattern is a software methodology for building cloud-friendly (or cloud-native), scalable, maintainable applications that deploy easily on a Platform-as-a-Service (aka PaaS).

Amazon Certificate Manager (ACM)

Amazon Certificate Manager is a service that lets you easily provision, manage, and deploy TLS certificates for use with AWS services such as ELBs and CloudFront.

Amazon Machine Image (AMI)

An Amazon Machine Image provides the information required to launch an EC2 instance, which is a virtual server in the Amazon public cloud.

Anti-Pattern

An anti-pattern is the opposite of a best-practice.

Availability Zone (AZ)

An Availability Zone is an isolated data center within a geographic region that is interconnected with other AZs through low-latency links.

aws-vault

aws-vault is a utility for securely managing secrets with AWS Systems Manager (SSM) Parameter Store and KMS

AWS

Amazon Web Services is a public cloud offering by Amazon.com

Bastion

A bastion host is the only host permitted to be directly addressed via SSH from the internet.

Best Practices

A well-understood and often published technique or methodology that, through experience and research, has proven to reliably lead to a desired result.

BeyondCorp

BeyondCorp is an enterprise security model pioneered by Google that enables every employee to work from untrusted networks without the use of a VPN. One critical component is an Identity Aware Proxy.

Build Harness

A build-harness is like a test harness. It provides reusable methods for building and deploying software.

Business Logic

Business Logic is the code that describes real-world business rules that determine how things should work.

Chamber

'Chamber' is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.

Change Management

A formal process followed in order to make changes in a document, systematic process.

Chart Registry

A Chart Registry is responsible for storing and serving Helm chart packages (.tar.gz) to the helm tiller running in the kubernetes cluster.

Continuous Integration / Continuous Delivery (CI/CD)

CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)

CLI

cli is common abbreviation for client and usually refers to some kind of command line tool.

ClickOps

The act of performing systems administration and configuration by pointing and clicking on proprietary tools.

CloudFront

Amazon CloudFront is a content delivery network (CDN) used to improve latency for end users by hosting cacheable content on distributed global edge locations.

CloudWatch Logs

Amazon CloudWatch Logs is a central store for managing logs from AWS cloud resources and applications.

CloudWatch

Amazon CloudWatch is a monitoring service for AWS cloud resources and applications.

Container Management Platform (CMP)

Amazon CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers.

CodeDeploy

Amazon CodeDeploy is a service that automates software deployments to AWS cloud resources.

CodePipeline

Amazon CodePipeline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates.

Code Review (CR)

A process of reviewing Pull Requests to enable collaboration between team members, improves code quality/stability through creation of alternative solutions to problems, increase transparency through proof of work, increases team awareness by involvement, and improves business continuity through knowledge transfer.

Codefresh

Codefresh is CI/CD as a service, built for containers with native support for Docker, Kubernetes and Helm.

Continuous Delivery (CD)

A process in which immutable code artifacts (E.g. packages, rpms, images, etc) are shipped to permanent storage and optionally deployed to an environment such as staging or production. This process is usually associated with “Continuous Deployment” or “Automated Deployment”

Continuous Integration (CI)

A process in which code is automatically checked out from version control (e.g. git) and submitted to a battery of automated tests to ensure that the recent changes will not have adverse effects on the code base and product stability.

Create, Read, Update, Delete (CRUD)

CRUD is a frequently used acronym which means Create, Read, Update and Destroy. It refrers to the standard life-cycle events for data manipulation.

The curl-bash pattern

This is a common approach to installing various tools via a terminal prompt. You see this commonly done like so: curl example.com/install.sh | bash

Declarative Declaration

The declarative approach focuses on the desired outcome, but doesn't expose any method to influence how that outcome is achieved.

Shared Memory Filesystem (/dev/shm)

/dev/shm is an ephemeral in-memory filesystem useful for caching temporary files that should not be persisted.

The docker-bash pattern

This is a SweetOps pattern used to install tooling via a terminal prompt. The primary usage is in Geodesic, which looks like: docker run --rm cloudposse/geodesic:latest-debian init | bash -s latest-debian

Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications. Typically used for local development.

Docker Image

A docker image is a self-contained, layered archive containing an application and all of its OS dependancies and is the artifact of running a docker build. The image is what gets stored in a docker registry.

Docker Registry

A Docker registry is a place to store and distribute Docker images.

Dockerfile

A Dockerfile is a lightweight DSL that contains all the commands a user could call on the command line to assemble an image in order to run an application.

Don't Repeat Yourself (DRY)

DRY is an acronym for "Don't Repeat Yourself", which refers to the aim of reducing repetition of software code through copy-and-paste.

End-to-end (e2e)

The term end-to-end encompasses an entire workflow from start to finish.

ElasticBeanstalk (EB)

Amazon Elastic Beanstalk is an orchestration service offered from AWS for deploying infrastructure which orchestrates various services, including EC2, S3, ELB, SNS, CloudWatch, auto-scaling, auto-healing, and Elastic Load Balancers.

Elastic Container Registry (ECR)

Amazon ECR is a fully managed Docker container registry to store, manage, and deploy Docker container images on AWS.

ECS Agent

The ECS Agent is a component of Amazon Elastic Container Service (ECS) and is responsible for managing containers on behalf of Amazon ECS.

ECS Service

An ECS Service is a specified number (the "desired count") of instances of an ECS Task simultaneously running in an Amazon ECS cluster.

ECS Task

An ECS Task is a JSON document that describes one or more containers, that form an application. It can be thought of as a blueprint for an application.

ECS

Environment Variable

An Environment Variable is an an interface provided by nearly every OS to pass configuration information to a process.

Executable Documentation

Executable Documentation is documentation that is so actionable you can just execute it directly or run it manually if you so choose.

FUSE

FUSE stands for Filesystem in Userspace and is an interface that allows developers to implement custom filesystems without requiring complex kernel modules.

Geodesic Module

A geodesic module is a docker image that extends the geodesic base image and implements functions specific to that stage or account.

Geodesic Shell

A geodesic shell is an invocation of a geodesic module. Said differently, it's when you run a geodesic docker image and enter into the bash shell.

Geodesic

Geodesic is an interactive command-line shell which bundles all essential open source cloud orchestration tools needed administer clusters from the command line. The only dependency is that docker is installed. The tools provided include kops, terraform, eb cli, aws cli, etc

Git Workflow

A form of Change Control that uses Git as the system of record.

Goofys

Goofys is a utility that implements S3-backed filesystems using FUSE.

HashiCorp Language (HCL)

HCL is HashiCorp's configuration language used in multiple products, but most notably in terraform.

Helm Chart

A 'Helm Chart' is a package that defines all the kubernetes resources necessary for deploying an application to kubernetes.

Helm Tiller

The helm tiller is the server-side component (API) for helm that manages all CRUD operations.

Helm

Helm is one of the predominant package managers for kubernetes which is used for installing applications on the cluster.

Identity Access Management (IAM)

Amazon's IAM is a service that helps you securely control access to AWS resources.

Idenity Aware Proxy

An Identity-Aware Proxy enables an organization to control access to cloud applications (e.g. SaaS).

Imperative Declaration

The imperative approach focuses on how precisely the infrastructure should be defined.

Infrastructure as Code (IaC)

Infrastructure as Code (IaC) is the process of managing/provisioning Infrastructure as a Service (IaaS) using machine-readable definition files (usually DSLs), rather than rely on humans doing physical/manual hardware configuration.

Infrastructure

Infrastructure is everything that supports running your software

Ingress Controller

An Ingress Controller is a native resource type in Kubernetes that functions like a Layer 7 Load Balancer (e.g. HTTP Load Balancer) to route requests to various backend services based on incoming hostname (e.g. Host header) and request path (e.g. /foo).

init-terraform

The init-terraform script is a helper for configuring and then initializing terraform remote state in combination with the terraform-aws-tfstate-backend module.

String Interpolation

String Interpolation is the process of evaluating a string containing one or more placeholders (e.g. $FOOBAR or {{...}}) and replacing the placeholders with their corresponding values.

jq

'jq' is a Go-based command line tool for JSON that supports standard CRUD operations.

Kanban

Kanban is a popular framework used to implement agile software development that leverages cards and boards to visually communicate the status of a project.

Key Management Service (KMS)

A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys

Kubernetes Ops (kops)

Kops ships with geodesic and is the easiest way to get a production grade Kubernetes cluster up and running on AWS.

Key Performance Indicator (KPI)

A Key Performance Indicator is a metric (e.g. number of requests per second) that indicates if some key business objective is being satisfied.

kubectl

'kubectl' is a command line tool (cli) for running commands against Kubernetes clusters

Kubernetes

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.

Lambda

AWS serverless (functions as a service) offering.

Layer 7

The “Application Layer” (e.g. HTTP)

Multi-Factor Authentication (MFA)

Multifactor authentication is a security "Best Practice" of requiring more than one method to verify access credentials during authentication

Monorepo

Monorepo refers to a strategy of storing all code for possibly unrelated applications within the same source code repository.

On-call Engineer (OCE)

The on-call engineer is the person currently assigned to take-point if any serious issues arise. They are typically the ones on “pager duty” who get a phone call in the middle of the night if/when things break.

OSI Model

OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.

Platform-as-a-Service (PaaS)

PagerDuty

An incident management platform that provides reliable incident notifications via email, push, SMS, and phone, as well as automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.

Parameter Store

The Amazon Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.

Pingdom

Pingdom is a service that tracks the availability (e.g. uptime & downtime) as well as the performance of websites.

Polyrepo

Polyrepo describes an approach of using multiple, independent source code repositories that are independently versioned and controlled.

Relational Database Service (RDS)

Amazon Relational Database Service is a service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks such as backups, restores, and automatic failover.

Release Engineering

A sub-discipline of software engineering concerned with the compilation, assembly, and delivery of source code into finished products or other software components that are subsequently shipped to production

Terraform Root Module

Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory. Root modules are the terraform configuration that we actually apply and have terraform state.

S3 Bucket

An S3 bucket is a logical unit of storage in S3 that stores collections of objects.

S3

Amazon S3 is an object storage service with a simple web service interface and API capable of storing and retrieving any amount of data from anywhere on the web. It is designed to deliver 99.999999999% durability, and scale past trillions of objects worldwide.

s3fs

S3FS refers both to an application, script and the concept of mounting a remote S3 bucket as a local filesystem.

Software-as-a-Service (SaaS)

Sandbox Environment

A sandbox environment is a place where developers can play around with new technologies without risk of impacting staging or production environments.

Software Development Lifecycle (SDLC)

The SDLC describes the process for planning, developing, testing, and deploying an application.

Semantic Version

Semantic versioning (e.g. 1.0.3) is the most widely adopted scheme for assigning unique version numbers to software releases.

Sidekick Containers

A container that performs other duties that are related to our main application but shouldn't be directly built into that application.

Service Level Agreement

A contract or agreement offered by a service provider that defines the expected level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

Slack

Slack is a cloud-based service for team collaboration (chat, voice, video, screensharing, etc).

Subject Matter Expertise (SME)

A subject-matter expert (SME) is a person who is an authority (domain expert) in a particular area or topic, which is referred to as the domain such as DevOps, Kubernetes, Terraform, etc.

Simple Notification Service (SNS)

Amazon Simple Notification Service is a fast, flexible, fully managed push notification service that lets you send individual messages or to fan-out messages to large numbers of recipients.

Amazon Systems Manager (SSM)

Amazon's Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources such as configurations with Parameter Store. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.

Single Sign-on (SSO)

Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.

Stage

One of the phases in the SDLC whereby software is deployed to an environment. Common stages are “Production”, “Staging”, “QA” or “Development”

Synthetic Monitoring

Synthetic monitoring is a style of monitoring that attempts to closely emulate the behavior of an end-user.

Technical Debt

Technical debt represents all the things that need to be redone later due to poor choices or necessary tradeoffs made today.

HashiCorp Terraform

HashiCorp Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers such as AWS as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter.