Resource Type Definitions

Definitions of InsightCloudSec Normalized Terminology for Your Cloud Infrastructure

The following table provides an alphabetized list with brief definitions of the InsightCloudSec normalized terminology for all resources, services, utilities, or functions that make up your cloud infrastructure. Resource types are organized into five categories: Compute, Containers, Storage, Network, and Identity and Management.

You can read more about the details of the specific resource types on their individual pages as follows:

Resource Type Definitions

Resource TypeDescriptionCategory
Access ListUsed to protect and ingress/egress traffic to cloud resources (Security Groups/NACLs)Network
Access List Flow LogAllows users to log information about IP traffic flowing through a Network Security GroupNetwork
Access List RuleIngress/Egress traffic rules for Security Groups/NACLsNetwork
Access AnalyzerIdentifies security risks through unintended access to your resources and data by identifying resources or roles that are shared with an external entity (AWS IAM Access Analyzer)Identity & Management
Activity Log AlertMonitors a resource by checking its logs for a new event that matches defined conditions (Azure Activity Log Alert)Identity & Management
Airflow EnvironmentManaged orchestration for Apache Airflow to programmatically author, schedule, and monitor sequences of processes and tasks (AWS Managed Airflow Environment, GCP Cloud Composer)Compute
API Access KeyUsed to make programmatic calls to Cloud Provider’s API (Azure Application Credentials, AWS IAM User Access Key, GCP Service Account Key)Identity & Management
API Accounting ConfigLogs and tracks all calls made to the provider API (AWS CloudTrail, GCP Logs Storage)Identity & Management
App Run ServiceManaged services that simplify deploying containerized web applications and APIs quickly at scale with little to no experience (AWS App Runner, GCP Cloud Run)Containers
App ServerDefines the region of the physical server where your app will be hosted and the amount of storage, RAM, and CPU the physical servers will have (Azure App Service Plan)Compute
App Stream FleetManaged application streaming service that streams desktop applications to users (AWS AppStream 2.0)Compute
Application GatewayFacilitates the creation, use, and management of APIs at any scale (AWS API Gateway, Azure API Management Service)Network
Application Gateway DomainAllows the creation, use, and naming of custom domain name (AWS API Gateway Domain)Network
Application KeyGenerates API keys (AWS Gateway Key)Network
Application StageSets up a stage, a named reference to a deployment, which can be used to manage and optimize the deployment (AWS API Gateway Stage)Network
Artifact RegistryStores artifacts and build dependencies in one central location (GCP Artifact Registry)Containers
Automation AccountOrchestrate cloud-based automation tasks for you, including operating system and configuration updates, to ensure consistent management across your cloud environments (Azure Automation Account)Compute
Autoscaling GroupCollection of instances used for scaling and managementCompute
Autoscaling Launch ConfigurationConfiguration for autoscaling groups (min, max, etc.)Compute
Azure PolicyHelps businesses enforce and assess standards and compliance at scale (Azure Policy)Identity & Management
Backend ServicesConfiguration for load balancing services (GCP Load Balancer Backend Services)Network
Backup VaultContainer for organizing your backupsStorage
Batch EnvironmentAn environment containing many compute nodes that can run large-scale parallel and high-performance computing batch jobs efficiently (AWS Batch Compute Environment, Azure Batch Account)Compute
Batch PoolA group of compute nodes that is used in a batch environment to run large-scale parallel and high-performance computing batch jobs efficiently (Azure Batch Pool)Compute
Big Data InstanceBig data/data warehouse instances (AWS Redshift)Compute
Big Data Serverless NamespaceA collection of Big Data database objects and users (AWS Redshift Serverless Namespace)Compute
Big Data Serverless WorkgroupA collection of Big Data compute resources (AWS Redshift Serverless Workgroup)Compute
Big Data SnapshotPoint-in-time back up of a big data instanceStorage
Big Data WorkspaceAnalytics service that combines data integration, data warehousing, and big data analytics (Azure Synapse)Compute
Build ProjectIntegration service for compiling source code, running tests, and producing deployable software packages (AWS CodeBuild)Compute
Business Intelligence SubscriptionService that connects and combines data sources for cloud to create a single data dashboard for easier user management (AWS QuickSight)Identity & Management
Cache Database ClusterA Cache Database Cluster is an in-memory database service that provides fast performance and durability (AWS MemoryDB)Compute
Cache InstanceMemory cache instance (AWS ElastiCache, Redis, etc.)Compute
Cache SnapshotPoint-in-time backup of Redis cluster (AWS ElastiCache Snapshot, Alibaba Cloud Redis Snapshot)Storage
Cassandra TableManaged, efficient, and reliable Apache Cassandra-based database services (AWS Keyspaces)Storage
Cloud Access PointA feature to simplify managing data access at scale for applications using shared data sets (AWS S3 Access Point)Identity & Management
Cloud AccountSecure, world-wide storage and retrieval of any amount of data at any timeIdentity & Management
Cloud Advisor CheckA recommendation guide that analyzes your configuration and usage (AWS Trusted Advisor)Identity & Management
Cloud AlarmNotification on events from a Content Delivery Network (AWS Cloudwatch Events)Identity & Management
Cloud AppApplication to manage application objects (definition of the application) that allows services to understand how to issue tokens to the application based on settings. (Azure App Registration)Identity & Management
Cloud CredentialsA set of credentials (or API key) used to access applications or services within your environment.Identity & Management
Cloud DatasetTop-level containers for organizing and controlling access to tables and views (GCP BigQuery Dataset)Storage
Cloud Domain GroupA virtual group of all accounts created in an organization's master account (GCP Domain Groups)Identity & Management
Cloud Domain UserCloud Identity User able to manage across your entire domain (GCP Only)Identity & Management
Cloud Event BusA serverless event bus that facilitates connecting applications together using data from your own (SaaS or other) applications or services (AWS EventBridge)Identity & Management
Cloud Event RuleA Cloud Event Rule matches incoming Cloud Alarms ("events") and routes them to targets for processing (AWS CloudWatch Rule)Identity & Management
Cloud Global Access PointA global endpoint for routing storage container request traffic between regions (AWS S3 Multi-Region Access Point)Storage
Cloud GroupA cloud provider group within an organization serviceIdentity & Management
Cloud LimitLimits placed on amount of services available for cloud provider accountsIdentity & Management
Cloud Log DestinationA physical resource that enables you to subscribe to a stream of log events (AWS CloudWatch Logs Destination)Identity & Management
Cloud OutpostManaged service for hybrid cloudIdentity & Management
Cloud PolicyA policy that will gave specific permissions to Cloud Users, Groups or Roles (AWS IAM)Identity & Management
Cloud RegionWhere cloud resources are locatedIdentity & Management
Cloud Resource GroupUsed for related resources (e.g., Azure Resource Group)Identity & Management
Cloud RoleA cloud provider role within an organization serviceIdentity & Management
Cloud Service CostCost associated with cloud provider servicesIdentity & Management
Cloud UserA cloud user account used to access the provider console/API (AWS IAM)Identity & Management
ClustersRuns the Kubernetes management infrastructure (AWS EKS, GCP GKE, Azure Kubernetes Service, Alibaba Kubernetes Clusters)Containers
Code RepositoryA secure, managed source code service that hosts private Git repositories (AWS CodeCommit)Identity & Management
Cold StorageDeep archive storage (AWS Glacier)Storage
ConfigConfig provides details into the resources in your account, including information on configuration, relationships between resources, and how those both configuration and relationships change over time (AWS Config)Identity & Management
Container ImageAssists in storing, managing, and deploying Docker container images (AWS Container Image (ECR), Azure Container Image, GCP Container Image)Containers
Container InstancesAssists in running Kubernetes without standing up or maintaining own Kubernetes control plane (AWS Container Instance (EKS), MS Azure Container Instance)Containers
Container Node GroupAuto scaling groups containing compute instances that are managed by the parent cluster (AWS EKS Node Group)Containers
Container RegistryDocker container registry assisting developers in storing, managing, and deploying Docker container images (AWS Container Registry (ECR), Azure Container Registry)Containers
Container ServiceA container service is a scalable and fast container management service that makes it simple to manage all the containers within a cluster (ECS Service)Containers
ContainersManages container services (AWS Container (ECS))Containers
Content Delivery NetworkA service that securely delivers data (AWS CloudFront, Azure CDN Profile, GCP Cloud CDN)Network
Data Analytics WorkspaceInteractive query service for data analytics (AWS Athena)Storage
Data FactoryManaged, serverless data integration (Azure Data Factory GCP Data Fusion)Storage
Data Lake StorageEnterprise-wide hyper-scale repository for big data analytic workloads (Azure Data Lake Storage Gen1)Storage
Data StreamThe transfer of data at a steady high-speed rate (AWS Kinesis)Storage
Data Sync TaskTasks associated with online data transfer (AWS DataSync Task)Storage
DatabaseRelational database service (GCP Cloud SQL, Azure SQL Database/Dedicated SQL Pool)Compute
Database ClusterOne or more DB instances and a cluster volume that manages the data for those instances (AWS RDS Aurora Cluster, Neptune, Document DB)Compute
Database InstanceDatabase instance (RDS, CloudDatabase, etc.)Compute
Database Migration EndpointDatabase Migration Services use this information to connect to a data store and migrate data from a source endpoint to a target endpoint (AWS DMS Endpoint)Network
Database Migration InstanceMigrates on-premises database to the cloud (AWS Database Migration Service (DMS))Storage
Database ProxySimplifies connection management by handling network traffic between client applications and the database (AWS RDS Database Proxy)Storage
Database SnapshotPoint-in-time backup of a database instanceStorage
Databricks WorkspaceCollaborative analytics platform based on Apache Spark (Azure Databricks Workspace)Storage
Dataflow JobUnified stream and batch data processing job (GCP Dataflow Job)Compute
DDoS ProtectionDistributed Denial of Service (DDoS) protection service that safeguards applications running in the cloud (AWS Shield, Azure DDoS Protection)Network
Delivery StreamLoad streaming data into data stores and analytics tools (AWS Firehose)Storage
Deployments/TasksWorks with container tasks (AWS Container Task (ECS))Containers
Diagnostic SettingsConfiguration profile that enables sending platform metrics and logs to various destinations (Azure Diagnostic Settings)Identity & Management
Direct ConnectEstablishes dedicated network from your premises to the cloud (AWS Direct Connect, GCP Cloud Interconnect, Azure Express Route Circuit)Network
Directory ServiceCollection of services for managing users and devices on a network (e.g., Azure AD)Identity & Management
Distributed TableNoSQL database table (AWS DynamoDB)Compute
Distributed Table ClusterIn-memory cache for Distributed Tables (DynamoDB DAX)Compute
DLP JobAn individual data loss prevention (DLP) scan (GCP DLP Inspection Job)Compute
DNS DomainFor managing domain names in a Domain Name System (DNS) (AWS Route53 Domain, GCP Cloud Domains)Identity & Management
DNS ZoneUsed to store DNS records for name public/private name resolution (AWS Route53)Network
Elastic ClusterA database cluster that allows you to scale your workload's throughput (AWS Elastic Cluster)Storage
Elasticsearch InstanceA restful search and analytics engine (AWS Elasticsearch)Compute
Elasticsearch Serverless CollectionA serverless for OpenSearch Service for running large-scale search and analytics workloads without managing clusters (Amazon OpenSearch Serverless)Compute
Email Service DomainA cloud-based email sending service (AWS SES)Compute
Encryption KeyA master key used to encrypt cloud volumes, databases and more (AWS KMS)Identity & Management
Encryption Key VaultSecure key management (GCP Cloud KMS Keyring, Azure Key Vault)Identity & Management
ETL Data CatalogAn index to the location, schema, and runtime metrics of your data; supports extract, transform, and load (ETL) service (AWS Glue Data Catalog)Storage
ETL DatabaseExtract, transform, load (ETL) databases are used to organize metadata for holistic ETL services (AWS Glue Database)Storage
ETL Security ConfigurationA set of security properties that can be used by your extract, transform, and load (ETL) service (AWS Glue Security Configuration)Storage
Event Grid TopicActs as a receiving endpoint for a collection of related events (Azure Event Grid Topic)Compute
Event SubscriptionAllow notifications when events within an event category occur (AWS RDS Event Subscription)Compute
Federated GroupAzure Groups that have federated access to AWS SSO via Azure AD (Federated Azure AD Group). See Resources for detailsIdentity & Management
Federated UserAzure Users that have federated access to AWS SSO via Azure AD (Federated Azure AD User). See Resources for detailsIdentity & Management
File ShareA cloud storage service that provides on-premises access to cloud storage (AWS NFS/SMB File Gateway Share)Storage
Forwarding RulesManage frontend configuration of a load balancer (GCP Load Balancer Forwarding Rules, Azure Load Balancing Rules)Network
Global Load BalancerA global, scalable entry-point that uses a global edge network to create web applications (e.g., Azure Front Door, AWS Global Accelerator)Network
GraphQL APIGraphQL manages services that improve performance, support real-time updates, and make connecting to secure datasources easy. An example of this type of resource is AWS AppSync API.Storage
HSM ClusterA hardware security module (HSM) cluster providers users with an easy way to generate and manage encryption keys within a cloud service provider (CSP) environment (e.g., AWS CloudHSM).Compute
HypervisorA hypervisor/dedicated host responsible for housing compute instancesCompute
Identity ProviderCreates, maintains, and manages identity information, providing authentication (SAML, AD)Identity & Management
IngressExposes HTTP and HTTPS routes from outside a Kubernetes cluster to services within the cluster (Kubernetes Ingress)Containers
InstanceCompute instance (EC2, CloudServers, etc.)Compute
Internet GatewayA logical connection between a network and the internetNetwork
Launch TemplateContains configuration information for an instance so that it can be launched in a consistently reproducible way (Launch Template)Compute
LightsailProvides compute, storage, and networking capacity and capabilities for websites and web applications in the cloud (AWS Lightsail)Compute
Load BalancerUsed in multi-tier apps to distribute load across a variety of compute instancesNetwork
Logic AppIntegration platform as a service that promotes scale and portability while offering critical workflow automation from a workspace of any size (Azure Logic App)Compute
Log Analytics WorkspaceContainer used for storing and analyzing log data and configuration (Azure Log Analytics Workspace)Identity & Management
Log GroupGroup of Event logs within a Log Stream (e.g., AWS CloudWatch Log Groups)Identity & Management
Lookout ProjectLookout Projects (e.g., Amazon Lookout) comprise three facets: Metrics, Equipment, and Vision. Lookout Metrics finds root causes for anomalies in data. Lookout Equipment monitors physical equipment for abnormal behavior and potential failures. Lookout Vision finds visual defects in industrial products, like missing components, physical damage, irregularities, and defects.Identity & Management
Machine Learning InstancePrepare and processes data, trains and deploys machine learning models.Compute
Machine Learning Training ModelA computation task that trains a machine learning model (AWS SageMaker Training Job)Compute
MapReduce ClusterA programming model for processing and generating large data sets (Hadoop)Compute
Message Broker InstanceManaged message broker service (AWS MQ)Compute
Message QueueMessage queuing services (AWS SQS)Compute
NamespaceA virtual cluster backed by a physical cluster; typically, there are several distinct namespaces on a single physical cluster (Kubernetes Namespace)Containers
NAT GatewayEnables instances in a private network to forward traffic to the InternetNetwork
NetworkLogically isolated virtual environment within a Cloud Provider (AWS VPC)Network
Network Address GroupProvides visibility into defined network address prefixes (AWS Managed Prefix List, Azure IP Group)Network
Network EndpointEnables private connection of your VPC to cloud servicesNetwork
Network Endpoint ServiceEnables you to privately connect your VPC to supported provider services (AWS VPC Endpoint Services, Azure Private Link Service)Network
Network FirewallA managed, cloud-based network-security service that protects network resources (Azure Firewall)Network
Network Firewall RuleFirewall rules including:NAT rules, network rules, and applications rules.
(Azure Firewall Rule)
Network
Network Firewall Rule ListFirewall rule collections processed according to the rule type in priority order.
(Azure Firewall Rule Collection)
Network
Network Flow LogStores configuration and delivery info regarding traffic flows in a cloud networkNetwork
Network InterfaceVirtual interfaces that can allow communication between networks/subnetsNetwork
Network PeerInterconnects two private networksNetwork
Notification SubscriptionSubscription-based notifications (AWS SNS, GCP Pub/Sub)Compute
Notification TopicTopic to use when delivering notificationsCompute
Pod Security Policies(Kubernetes Pod Security Policy)Containers
PodsKubernetes PodContainers
Private ImagePrivate/shared image which can be used to create a compute instanceCompute
Private SubnetPrivate logical subdivision of a networkNetwork
Public IPElastic/Floating IP addresses which allow communication over the InternetNetwork
Query Log ConfigEnables DNS query resolution across entire hybrid cloud (AWS Route53Resolver Configuration)Network
RecommendationMachine-generated product and resource usage optimizations (GCP Project Recommendations)Compute
Recommendation FindingImportant patterns and details about your resource usage (GCP Project Insights)Compute
Recycle Bin RuleAssists in preventing accidental deletion of snapshots using custom retention rules and recovery (AWS Recycle Bin Rule)Storage
Reserved InstanceGuaranteed, available virtual private servers (AWS RIs, Azure Pre-Paid Instances)Compute
RouteUsed to determine where network traffic from your subnet or gateway is directed (AWS Route, Azure Route)Network
Route TableUsed to store routesNetwork
Search ClusterA cluster of Elasticsearch InstancesCompute
Search IndexA highly accurate intelligent search service for unstructured data using natural language.Compute
SecretConfidential or secure data (AWS Secret)Identity & Management
Secure File TransferAllows secure transfer of files using SFTP protocol (AWS SFTP Server)Storage
Security PostureAssists in assessing and strengthening your security across multi-cloud and hybrid environments (Azure Advisor Recommendations)Identity & Management
Serverless ApplicationFramework for building serverless applications (AWS Serverless Application)Compute
Serverless FunctionA compute service that runs code in respose to eventsCompute
Serverless LayerA package of libraries and dependencies that can be used with Serverless Functions (AWS Lambda Layer)Compute
Service Control PolicyA type of policy to manage your application (AWS Service Control Policy)Identity & Management
Service DetectorThreat detection service (AWS GuardDuty Detector, Microsoft Defender for Cloud)Identity & Management
Service Fabric ClusterA cluster that orchestrates highly available and durable micro services at scale (Azure Service Fabric Cluster)Containers
Services(Kubernetes Service)Containers
Shared File SystemScalable volumes that can be shared between multiple instances (eg: AWS EFS)Storage
Shared GalleryShared Image Gallery (Azure) to build structure around imagesCompute
Shared Gallery ImageImage definitions for logical version groupingCompute
Shared Gallery Image VersionImage versioning, as used in environmentsCompute
SinkA Stackdriver Sink controls how logs are routed throughout your environment (GCP Stackdriver Sink, AWS CloudWatch Observability Sink Link)Identity & Management
Site-to-Site VPNEnable access to your remote network from your VPC (AWS Site-to-Site VPN (VPC), GCP VPN Tunnel)Network
SnapshotPoint-in-time backups of volumesStorage
SpannerA globally-distributed, and synchronously-replicated database (GCP Spanner, AWS Aurora Global Database)Storage
SSH Key PairPublic and Private keys associated with a cloud provider within an organization serviceIdentity & Management
SSL CertificateA certificate bound to a load balancer to facilitate secure client/server communicationIdentity & Management
SSL Certificate AuthorityIssues digital certificates to help identify websites, people, and devices (AWS Certificate Manager, GCP Certificate Authority Service)Identity & Management
SSM DocumentA script or document written in JSON or YAML that provides instructions to the Systems Manager for how to interact with your managed instances (Systems Manager (SSM) Document)Compute
Stack TemplateInfrastructure as code (CloudFormation Templates)Compute
Step FunctionA serverless orchestration service that lets you combine functions and other services to build applications. (AWS Step Function State Machine)Compute
Storage AccountContains all Azure storage data objects (Azure Storage Account)Storage
Storage ContainerObject storage (S3, Cloud Storage, Blob Storage, etc.)Storage
Storage GatewaySecurely connect on-premises software applications with cloud-based storage (AWS Storage Gateway)Storage
Stored ParametersSecure storage for configuration data as parameter values (AWS Systems Manager Parameter Store Parameter)Storage
Stream InstanceStreaming data service (AWS MSK Instance)Compute
Target ProxiesLoad balancing component that routes incoming requests to a URL map, terminates connection to the user (GCP Load Balancer Target Proxies)Network
Task DefinitionsTask Definitions are required to run Docker containers within container management services in the cloud (AWS ECS Task Definition)Container
Template SpecA resource type that simplifies both storing and sharing a template (Azure Template Specs)Compute
Threat FindingsThreat detection service (AWS GuardDuty/Macie)Identity & Management
Timeseries DatabaseTimeseries databases store and analyze trillions of events daily for internet of things (IoT) and operational applications (Amazon Timestream)Storage
Traffic ManagerA Traffic Manager is a DNS-based network traffic load balancer, distributing network traffic evenly across your environment (Azure Traffic Manager)Network
Traffic Mirror TargetAn elastic network interface or a network load balancer (AWS VPC Traffic Mirror Targets)Network
Transcoding PipelineA queue that manages media transcoding jobs (AWS Elastic Transcoder Pipeline)Compute
Transcription JobA job that provides speech-to-text transcriptions for a wide variety of use cases, e.g., AWS Transcription JobCompute
Transit GatewayService enabling connection of VPCs and on-premises networks to a single gateway (AWS Transit Gateway)Network
URL MapA set of rules for routing incoming HTTP(S) requests to specific services (GCP URL Map)Network
User PoolAllows your users to sign in to your web or mobile app (AWS Cognito User Pool)Identity & Management
Video StreamService to stream live video from devices to the cloud (AWS Kinesis Video Stream)Storage
Virtual Private GatewayPrivate virtual interface for one or more connections.Network
VolumeNetwork attached storage (EBS, Virtual Disks, etc.)Storage
Web AppService providing app hosting (AWS Elastic Beanstalk Environment, Azure App Service)Compute
Web App GroupService for deploying and scaling web applications and services (AWS Elastic Beanstalk Application)Compute
Web Application FirewallWeb application security (AWS Application Firewall (WAF), WAFv2)Network
WorkspaceVirtual desktops (AWS Workspaces)Compute