AWS + N2WS Glossary

Confused by the alphabet soup or acronyms floating about? This A-Z AWS glossary explains the terms you need to know.

AWS Glossary Terms

Access Key

Or Security Access Key

(Example wJalrXUtnFEMI/K7MDENG/bPxRfiCY) Access key is the AWS equivalent of a username, the security access key is the equivalent of a password. Think of the pairing as a user account in AWS. CPM is just another application which needs to run under a specific user account to define what CPM is allowed to do.


The AWS account ID is a 12-digit number, such as 123456789012, that you use to construct Amazon Resource Names (ARNs). When you refer to resources, such as an IAM user or an Amazon Glacier vault, the account ID distinguishes your resources from resources in other AWS accounts.


In order to get Application Consistent snapshots also known as Application Consistent backups on Windows devices you need to install the CPM Thin Agent. When comes the time to take a snapshots CPM will alert the agent which will then freeze the application (mainly databases) for a fraction of a second and include any pending transaction not yet committed to the Volume (drive) in order to get a 100% backup.


Amazon Machine Image (AMI)

An encrypted machine image stored in Amazon Elastic Block Store (Amazon EBS) or Amazon Simple Storage Service (Amazon S3.) AMIs are like a template of a computer’s root drive. They contain the operating system and can also include software and layers of your application, such as database servers, middleware, web servers, and so on.


AWS Snapshots [taken using CPM] are “Crash-consistent.” This means that when you back up an EC2 instance at a certain time, and later want to restore this instance from backup, it will start the same as a machine that had its power cord pulled out (i.e. booting after a power outage). The file system and any other applications (i.e. a database) using EBS volumes were not prepared or even aware that a backup was taking place, so they may have been in the middle of an operation or transaction and these will be lost. In order remediate to this problem you need Application Consistency backups (freeze operations, get transactions to include in the backup session from the RAM).


Amazon Resource Name (ARN) - Usually pronounced “arn”

A standardized way to refer to an AWS resource. For example: arn:aws:iam::123456789012:user/ division_abc/subdivision_xyz/Bob Items, objects in AWS have an ARN to which they can be referred. In context with CPM, we need ARNs to define which Amazon SNS to use for notifications and alerts.


A fully managed MySQL-compatible relational database engine that combines the speed and availability of commercial databases with the simplicity and cost-effectiveness of open source databases Aurora is VERY fast. About 10 times as fast as Microsoft SQL. Amazon is trying to get more acceptance for the product, due to the fact that it is more expensive. However, Aurora is fully compatible with existing tools. Side note: PostgreSQL is usually pronounced “Postgres” (you simply drop the QL).

Automatic Retention

Automatically deletes old snapshots based on policy.


In CPM, backups are Policy and Schedule driven. Once you have setup your Schedule and Policies backup session will start automatically for your EC2 instances, EBS volumes, RDS and Redshift.

Backup Monitor

Here you will see all your backup sessions organize by chronological order. You can filter by AWS account, Backup Policies, Backup Status. For each backup you can see the start and end times, policy, status and DR status. All operations regarding a backup are present in this tab.


Block-level storage is a concept in cloud-hosted data persistence where cloud services emulate the behavior of a traditional block device, such as a physical hard drive. It is a form of Network Attached Storage (NAS). Storage in such is organized as blocks.


Amazon Command Line Interface (AWS CLI)

A unified downloadable and configurable tool for managing AWS services. Control multiple AWS services from the command line and automate them through scripts.


Amazon CloudWatch is an Amazon web service that enables you to monitor and manage various metrics, and configure alarm actions based on data from those metrics. CloudWatch feeds the stream of events into Lambda functions and Amazon SNS. CPM doesn’t require CloudWatch. We communicate with Amazon SNS directly.


A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, run-time, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure. CPM doesn’t require CloudWatch. We communicate with Amazon SNS directly.


Disaster Recovery

CPM’s DR (disaster recovery) solution allows you to recover your data and servers in case of a disaster. A “disaster” doesn’t necessarily mean a horrible man-made or natural disaster, although you’ll want to be prepared for that as well. DR will also help you recover your data in case of an outage or malfunction, or for any other reason. With CPM you can decide that every so often backup session you want to create a DR backup in another AWS Region (Cross Region DR) or in another AWS Account (Cross Account DR).


Amazon DynamoDB is a very fast and scalable NoSQL database service, employed by over 100,000 AWS users —notably including Samsung, Toyota, and Airbnb. "DynamoDB can handle more than 10 trillion requests per day and support peaks of more than 20 million requests per second."

EBS Volumes

Amazon Elastic Block Store (AmazonEBS)

Amazon EBS provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Find info on AWS EBS pricing here.


Elastic Compute Cloud

A web services that enables you to launch and manage Linux/UNIX and Windows server instances in Amazon’s data centers.


Elastic File System

EFS provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. Amazon EFS is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.


Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information so that only authorized parties can view it. This includes files and storage devices, as well as data transferred over wireless networks and the Internet. CPM doesn’t require CloudWatch. We communicate with Amazon SNS directly.

File-Level Restore

File-level recovery allows you to recover a single image file or database file rather than an entire volume or instance. File-level recovery can also be beneficial if you only want to validate that the volume you are interested in recovering actually contains the files you need to restore. Another good use case for file-level recovery is when you need to access the file level of your environment in order to recover a specific database or log file and use it to quickly recover a running database.


Backups belonging to a policy eventually get deleted. Every policy has its number of generations, and the retention management process automatically deletes older backups. If you wish to keep a backup indefinitely and make sure it is not deleted, move it to the freezer. For example you can once you've setup a server and its applications, you could take a first backup session and freeze it, in this way whenever needed your recover the original server the way it was before being used like for testing purpose.


A secure, durable, and low-cost storage service for data archiving and long-term backup. You can reliably store large or small amounts of data for significantly less than on-premises solutions. Amazon Glacier is optimized for infrequently accessed data, where a retrieval time of several hours is suitable.


AWS Identity and Access Management (IAM)

A web service that enabled AWS customers to manage users and users permissions within AWS.


A copy of an AMI running as a virtual service in the AWS cloud.


AWS Key Management Service (AWS KMS)

An Amazon managed service that simplifies the creation and control of encryption keys that are used to encrypt data. CPM will utilize the keys created by AWS KMS to keep data in an encrypted state across regions and accounts. At no point in time is the user data in an unencrypted state.

Managed Users

Managed users are the ones you want to look after. They are users who can log in and manage their backup environment like independent users, BUT the root/admin user can do it for them. The root user can perform all operations for managed users: add, remove and edit accounts, manage backup policies, view backups & perform recovery. Furthermore, the root user can receive alerts and notifications on behalf of managed users, although manage users can also define notifications and get them directly.

Persistent Data

Persistent Data denotes information that is infrequently accessed and not likely to be modified. The opposite of this is dynamic data (also known as transactional data) where information is asynchronously changed as further updates to the information become available.


IAM: A document defining permissions that apply to a user, group, or role; the permissions in turn determine what users can do in AWS. A policy typically allows access to specific actions and can optionally grant that the actions are allowed for specific resources like EC2 instances, Amazon S3 Buckets, and so on. Policies can also explicitly deny access.

Policy (CPM)

CPM: Policies are the main objects defining backups. With a policy you define what to backup ( EC2 instances, EBS volumes, RDS/Redshift), how to back it up, the backup sessions retention period, and by associating schedules, when to perform backup. Once you have create a backup Policy you can associate a Schedule and add the resources you want backup (i.e. an EC2 Instance).

Private Key

A private key is a tiny bit of code that is paired with a public key to set off algorithms for text encryption and decryption. It is created as part of public key cryptography during asymmetric-key encryption and used to decrypt and transform a message to a readable format. ... A private key is also known as a secret key.


To pause or alter a devise or application to achieve a consistent state, usually in preparation for a backup or other maintenance.


Amazon Relational Database Service (Amazon RDS)

A service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.


CPM offers several options for data recovery. Since all backup is based on AWS’s snapshot technology, CPM can offer rapid recovery of instances, volumes, and RDS databases. When you click on “Recover” for a backup taken at a certain date and time, you are directed to the recovery panel screen. This screen will include the instances that were backed up with links to recover them, and links to recover independent volumes and databases.

Recovery Monitor

This tab will contain records for all recovery operations. Each recovery record will contain a time stamp of the recovery operation, the backup is wads recovered from and additional information. Recovery records are automatically deleted as the backups are.


A fully managed, petabyte-scale data warehouse service in the cloud. With Amazon Redshift you can analyze your data using your existing business intelligence tools.


Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. Amazon RDS provides you the ability to place resources, such as instances, and data in multiple locations. Resources aren't replicated across AWS Regions unless you do so specifically.


This tab will contain records for all recovery operations. Each recovery record will contain a time stamp of the recovery operation, the backup is wads recovered from and additional information. Recovery records are automatically deleted as the backups are.


Recovery Point Objective

RPO refers to the amount of data at risk. It's determined by the amount of time between data protection events and reflects the amount of data that potentially could be lost during a disaster recovery. The metric is an indication of the amount of data at risk of being lost.


Recovery Time Objective

RTO is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.


Amazon Simple Storage Service (Amazon S3)

Storage for the Internet. You can use it to store and retrieve any amount of data at any time, from anywhere on the web.


Simple Storage Service Infrequent Access

Lower-cost Amazon S3 storage class for data that is accessed less frequently. Amazon S3 Standard - Infrequent.


Schedules are the objects defining when to perform backup. Schedules are defined separately from policies. A schedule can be associated with several policies. Multiple schedules can be associated with the same policy.


When it comes to Linux instances you don't even have to install and agent, the same is achieve by using Pre/Post backup script which your enable in the backup Policy (Policy "more option" section).

Secret Key

Saved in the database in an encrypted format – not accessible from outside the application – an extra safety measure.


Amazon Elastic Block Store (Amazon EBS): A backup of your volumes that is stored in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability.

Snapshot Vaulting

Allows protecting the target account against wrongful snapshot deletion and allows recovering EC2 instances and EBS volumes across accounts.


Amazon Simple Notification Service

SNS is a notification service provided as part of Amazon Web Services. It provides a low-cost infrastructure for the mass delivery of messages. These messages can be configured to be delivered via email, SMS or even HTML (fed into 3rd party tools) The system is usually referred to as a pub/sub system. You “publish” messages and your “subscribers” will receive it.


Secure Socket Shell

SSH is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of utilities that implement the protocol.

SSL Certificate

Secure Sockets Layer

SSL Certificates are small data files that digitally bind a cryptographic key to an organization's details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.


To automate backup management for a resource (i.e. an EC2 instance), you can add a tag to that resource named “cpm backup” (lower case). CPM will identify this tag and parse its content. In this tag (tag value) you will be able to specify whether to remove this resource from all backup policies, whether to add it to a policy or list of policies, and whether to create a new policy, based on an existing one (template), and then add the resource to it. So basically you tag resources to be backup without having to go into the CPM UI.


A fixed amount of storage on an instance. You can share volume data between containers and persist the data on the container instance when the containers are no longer running.

VPC Settings

Amazon Virtual Private Cloud (Amazon VPC)

Amazon VPC enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.


Volume Shadow Copy Service

Operates at the block level of the file system and enables virtual server backup in Microsoft environments.