A blog-friendly guide with real examples from AWS, Azure, and Google Cloud (plus quick notes on other providers).

If you’re new to cloud, the hardest part isn’t spinning up a server—it’s decoding the language: region vs zone, VPC vs subnet, IAM vs role, object storage vs block storage, and why “egress” can quietly wreck your bill.

This guide explains the most common terms in plain English and shows what each looks like across today’s major providers—AWS, Microsoft Azure, and Google Cloud (GCP). I’ll also sprinkle in cross-cloud notes when names differ.

---

The cheat sheet: how cloud terms usually group together

When you see a new term, it typically belongs to one of these buckets:

1. Location: Region, Zone/AZ, Edge

2. Compute: VM, Container, Kubernetes, Serverless

3. Storage: Object, Block, File, Snapshot

4. Networking: VPC/VNet, Subnet, IPs, Load Balancer, DNS

5. Security: IAM, Roles, Policies, MFA, Encryption

6. Reliability: High availability, DR, RTO/RPO, SLA

7. Operations: Logs, Metrics, Traces, Monitoring

8. Cost: Pay-as-you-go, Egress, Reserved/Committed use, TCO

Keep that model in mind—everything starts to feel less random.

---

1) Location terms: where your stuff runs

Region

A geographic area (like “US East”, “West Europe”, “Mumbai”) where cloud data centers are located.

• AWS: us-east-1, eu-west-1

• Azure: East US, West Europe

• GCP: us-central1, europe-west1

Why it matters: latency, legal/compliance requirements, and resilience.

Availability Zone (AZ) / Zone

A separate data-center location within a region. Designed so a single zone failure doesn’t take down everything—if you architect for it.

• AWS: Availability Zones (e.g., us-east-1a, us-east-1b)

• Azure: Availability Zones (Zone 1/2/3 within a region)

• GCP: Zones (e.g., us-central1-a, us-central1-b)

Edge / CDN

Infrastructure closer to users for faster delivery and protection (often caching static content).

• AWS: CloudFront

• Azure: Azure Front Door / Azure CDN

• GCP: Cloud CDN

---

2) Compute terms: what runs your code

Virtual Machine (VM) / Instance

A “virtual server” you rent: you choose CPU/RAM, OS, disk, etc.

• AWS: EC2 instance

• Azure: Virtual Machines

• GCP: Compute Engine VM

Image

A template for a VM’s disk/OS (like Ubuntu, Windows, etc.).

• AWS: AMI (Amazon Machine Image)

• Azure: VM image (Marketplace images, custom images)

• GCP: Images (public or custom)

Autoscaling

Automatically adds/removes compute based on load (CPU, requests, queue depth).

• AWS: Auto Scaling Groups

• Azure: VM Scale Sets

• GCP: Managed Instance Groups (autoscaling)

Container

A packaged app + dependencies, designed to run consistently across environments.

• You’ll typically build containers with Docker and run them on Kubernetes or container platforms.

Kubernetes

Orchestrates containers: scheduling, scaling, rolling updates, service discovery.

• AWS: EKS

• Azure: AKS

• GCP: GKE

Serverless

You deploy code; the platform handles provisioning and scaling. “Serverless” = no server management, not “no servers.”

• AWS: Lambda

• Azure: Azure Functions

• GCP: Cloud Functions (and/or Cloud Run for containers)

Cloud Run-style serverless containers (worth knowing)

Run a container without managing servers; often the easiest “modern” way to deploy web APIs.

• AWS: App Runner (conceptually similar)

• Azure: Container Apps

• GCP: Cloud Run

---

3) Storage terms: where your data lives

Object Storage

Store files as objects in buckets/containers. Great for images, backups, logs, data lakes.

• AWS: S3 (buckets)

• Azure: Blob Storage (containers)

• GCP: Cloud Storage (buckets)

Block Storage

Disk volumes attached to VMs. Good for databases, low-latency disk workloads.

• AWS: EBS

• Azure: Managed Disks

• GCP: Persistent Disk

File Storage

Shared file systems mounted by multiple machines (NFS/SMB style). Useful for legacy apps.

• AWS: EFS (NFS) / FSx (various)

• Azure: Azure Files

• GCP: Filestore

Snapshot

A point-in-time copy of a disk/volume (often incremental).

• AWS: EBS snapshots

• Azure: Disk snapshots

• GCP: Persistent Disk snapshots

---

4) Networking terms: how things connect

VPC / VNet

Your private network in the cloud.

• AWS: VPC

• Azure: Virtual Network (VNet)

• GCP: VPC Network

Subnet

A smaller IP range inside your VPC/VNet. Often mapped to a zone and used to separate tiers.

• Common pattern: public subnet (internet-facing) and private subnet (internal services)

Security Group / Firewall rules / NSG

Controls what traffic is allowed.

• AWS: Security Groups (stateful) + NACLs

• Azure: Network Security Groups (NSGs)

• GCP: VPC Firewall Rules

Load Balancer

Distributes traffic across multiple backends for HA and scaling.

• AWS: Elastic Load Balancing (ALB/NLB)

• Azure: Azure Load Balancer / Application Gateway

• GCP: Cloud Load Balancing

DNS

Maps names to endpoints (e.g., api.example.com).

• AWS: Route 53

• Azure: Azure DNS

• GCP: Cloud DNS

NAT Gateway

Lets private resources access the internet outbound without exposing them inbound.

• AWS: NAT Gateway

• Azure: NAT Gateway

• GCP: Cloud NAT

---

5) Security terms: who can do what

IAM (Identity and Access Management)

The system for permissions. This is core to cloud security.

• AWS: IAM (users, roles, policies)

• Azure: Microsoft Entra ID + Azure RBAC (roles/assignments)

• GCP: IAM (members, roles, permissions)

Role

A set of permissions that can be assigned to a user/service/workload.

• AWS: IAM Role (often assumed by services)

• Azure: RBAC Role (assigned at scope: subscription/resource group/resource)

• GCP: IAM Role (predefined or custom)

Policy

The document/rules that define permissions.

• AWS: JSON policy documents

• Azure: Role definitions + assignments (RBAC)

• GCP: IAM policy bindings

Least Privilege

Give only the minimum permissions needed. This is the #1 habit that prevents incidents from becoming disasters.

Encryption (At rest / In transit)

• At rest: stored data encrypted

• In transit: encrypted communication (TLS/HTTPS)

Also useful:

KMS (Key Management Service)

Manage encryption keys used by services.

• AWS: KMS

• Azure: Key Vault (keys)

• GCP: Cloud KMS

Secrets Manager / Vault

Store passwords/API keys safely.

• AWS: Secrets Manager (or SSM Parameter Store)

• Azure: Key Vault (secrets)

• GCP: Secret Manager

---

6) Reliability terms: staying up when things break

High Availability (HA)

Design for failures by distributing across multiple instances and zones.

• Typical approach: multi-zone + load balancer + health checks

Disaster Recovery (DR)

Planning for bigger failures (region outage, data corruption, ransomware). Common DR tiers:

• Backup & restore (cheapest, slowest recovery)

• Warm standby (some infrastructure running)

• Active-active (most resilient, most complex/costly)

RTO / RPO

• RTO: how fast you need to recover

• RPO: how much data loss you can tolerate

These force you to be honest about what “reliable” really means.

---

7) Operations terms: knowing what’s happening

Logs

Event records (errors, warnings, audit trails).

• AWS: CloudWatch Logs

• Azure: Log Analytics / Azure Monitor Logs

• GCP: Cloud Logging

Metrics

Numbers over time: CPU, latency, request counts.

• AWS: CloudWatch Metrics

• Azure: Azure Monitor Metrics

• GCP: Cloud Monitoring

Traces

Follow one request across services (microservices debugging superpower).

• AWS: X-Ray

• Azure: Application Insights (with Azure Monitor)

• GCP: Cloud Trace

Observability

The combined practice of logs + metrics + traces + dashboards + alerting.

---

8) Cost terms: why your bill changes

Pay-as-you-go

You pay based on usage: compute hours/seconds, storage GB, requests, data transfer.

Egress

Outbound data transfer (often charged). Beginners forget this when moving lots of data out of the cloud or across regions.

Reserved / Savings plans / Committed use

Discounts for committing to a certain spend or usage level.

• AWS: Reserved Instances / Savings Plans

• Azure: Reserved VM Instances / Savings Plans (varies by service)

• GCP: Committed Use Discounts

TCO (Total Cost of Ownership)

Cloud bill + engineering time + operational overhead + downtime risk. “Cheaper” services can be expensive if they create a lot of operational work.

---

Mini-glossary (alphabetical) with provider examples

API Gateway — Managed front door for APIs (auth, routing, rate limits).

• AWS: API Gateway | Azure: API Management | GCP: API Gateway / Apigee

Autoscaling — Adjust capacity automatically.

• AWS: Auto Scaling Groups | Azure: VM Scale Sets | GCP: Managed Instance Groups

Availability Zone / Zone — Separate data center location within a region.

• AWS: AZ | Azure: Availability Zones | GCP: Zone

Bucket / Container — Top-level object storage namespace.

• AWS: S3 bucket | Azure: Blob container | GCP: Storage bucket

CDN — Cache content near users.

• AWS: CloudFront | Azure: Front Door/CDN | GCP: Cloud CDN

Container Registry — Store container images.

• AWS: ECR | Azure: ACR | GCP: Artifact Registry

DDoS Protection — Reduce impact of denial-of-service attacks.

• AWS: Shield | Azure: DDoS Protection | GCP: Cloud Armor (with load balancing)

DNS — Domain name resolution.

• AWS: Route 53 | Azure: Azure DNS | GCP: Cloud DNS

Egress — Data leaving a network/provider/region (often billed).

• Present in all providers’ billing models

Firewall Rules / NSG / Security Group — Network traffic control.

• AWS: Security Groups | Azure: NSG | GCP: Firewall Rules

Function (FaaS) — Event-driven serverless compute.

• AWS: Lambda | Azure: Functions | GCP: Cloud Functions

IAM — Identities + permissions.

• AWS: IAM | Azure: Entra ID + RBAC | GCP: IAM

Instance / VM — Virtual server.

• AWS: EC2 | Azure: Virtual Machines | GCP: Compute Engine

KMS — Key management for encryption.

• AWS: KMS | Azure: Key Vault | GCP: Cloud KMS

Kubernetes — Container orchestration.

• AWS: EKS | Azure: AKS | GCP: GKE

Load Balancer — Distributes incoming traffic.

• AWS: ALB/NLB | Azure: App Gateway/Load Balancer | GCP: Cloud Load Balancing

Logging — Captured events.

• AWS: CloudWatch Logs | Azure: Log Analytics | GCP: Cloud Logging

Metrics — Time-series measurements.

• AWS: CloudWatch Metrics | Azure: Monitor Metrics | GCP: Cloud Monitoring

NAT Gateway — Outbound internet for private resources.

• AWS: NAT Gateway | Azure: NAT Gateway | GCP: Cloud NAT

Object Storage — File/object storage at scale.

• AWS: S3 | Azure: Blob | GCP: Cloud Storage

Policy — Permissions definition.

• AWS: IAM policy JSON | Azure: RBAC role definitions/assignments | GCP: IAM policy bindings

Region — Geographic area containing zones.

• AWS/Azure/GCP: all use regions

Role — A bundle of permissions.

• AWS: IAM Role | Azure: RBAC Role | GCP: IAM Role

Secret Manager — Store sensitive values.

• AWS: Secrets Manager | Azure: Key Vault | GCP: Secret Manager

Serverless Containers — Run containers without managing servers.

• AWS: App Runner | Azure: Container Apps | GCP: Cloud Run

Snapshot — Point-in-time disk copy.

• AWS: EBS snapshot | Azure: Disk snapshot | GCP: Persistent Disk snapshot

Subnet — IP range within a virtual network.

• AWS: Subnet | Azure: Subnet | GCP: Subnet

Tracing — Follow requests across services.

• AWS: X-Ray | Azure: App Insights | GCP: Cloud Trace

VPC / VNet — Private cloud network.

• AWS: VPC | Azure: VNet | GCP: VPC Network

---

A beginner-friendly “first project” mapping (so terms stick)

If you want this terminology to click, build something tiny and map each component:

Example: “Hello Cloud” API

• Deploy an HTTP service (serverless container or function)

• Put it behind a domain name (DNS)

• Store one file in object storage

• Add logging + a basic alert

• Lock it down with least-privilege IAM

As you do, you’ll naturally touch: region, IAM, networking, compute, storage, observability, and cost.