5 exercises — IaaS, PaaS, IAM, VPC, IaC, CDN and the cloud vocabulary every engineer needs to know.
Acronyms covered in this set
IaaS / PaaS / SaaS — the three cloud service models
IAM — Identity and Access Management
VPC / AZ — Virtual Private Cloud / Availability Zone
IaC — Infrastructure as Code (Terraform, CloudFormation)
CDN — Content Delivery Network
0 / 5 completed
1 / 5
A cloud architect says: "We're moving from IaaS to PaaS for our application layer — it reduces our operational overhead significantly." What is the difference between IaaS and PaaS?
IaaS = Infrastructure as a Service. You rent virtual machines, storage, and networking. You manage the OS, middleware, and runtime. Examples: AWS EC2, Google Compute Engine, Azure VMs. You have maximum control but maximum responsibility. PaaS = Platform as a Service. The cloud provider manages the infrastructure and runtime. You deploy your application code. Examples: AWS Elastic Beanstalk, Google App Engine, Heroku, Azure App Service. SaaS = Software as a Service. The provider manages everything — you just use the software. Examples: Gmail, Salesforce, Jira, GitHub. The spectrum: IaaS (most control, most work) → PaaS (middle ground) → SaaS (least control, zero operations). Say all three: "I-A-A-S", "P-A-A-S", "S-A-A-S" (letter by letter). In conversation: "We're PaaS-first — we only drop to IaaS when we have a specific need."
2 / 5
A DevOps engineer describes access control: "We use IAM roles and policies to control what each service can access — no hardcoded credentials, ever." What does IAM stand for in cloud contexts?
IAM = Identity and Access Management. In cloud platforms (AWS, GCP, Azure), IAM defines who (identities: users, service accounts, applications) can do what (permissions: read, write, delete) on which resources (S3 buckets, databases, APIs). Key IAM concepts: Principal: the entity making a request (user, role, service account). Policy: a document stating what actions are allowed/denied. Role: a set of permissions that can be assumed by a service or user. Least privilege: only grant the minimum permissions needed. In AWS: "The Lambda function needs an IAM role with S3 read-only access." In GCP: "Assign the Storage Object Viewer role to the service account." In security: misconfigured IAM is one of the top cloud security vulnerabilities. Say it: "I-A-M" (letter by letter). Never say it as a word.
3 / 5
An architect discusses infrastructure setup: "We deploy into three AZs within a single VPC — that gives us both redundancy and network isolation." What do AZ and VPC stand for?
AZ = Availability Zone. A physically separate data centre (or cluster of data centres) within a cloud region. AZs are connected by low-latency private networking but are isolated from each other's failures. Deploying across multiple AZs provides fault tolerance: if one data centre loses power, your app keeps running in the others. VPC = Virtual Private Cloud. A logically isolated section of the cloud where you launch resources. Think of it as your own private network within the cloud. Key VPC components: Subnets (public vs. private), Internet Gateway (lets traffic in/out), NAT Gateway (lets private subnet resources access the internet without being exposed), Security Groups (stateful firewall rules). Say: "A-Z" (letter by letter), "V-P-C" (letter by letter). In context: "all production workloads in p-r-i-v-a-t-e subnets inside the VPC."
4 / 5
A platform engineer proposes: "We should manage our AWS infrastructure using IaC — right now everything is click-ops and no one knows the current state." What is IaC and why does it matter?
IaC = Infrastructure as Code. Managing and provisioning infrastructure (servers, networks, databases, IAM roles) through machine-readable configuration files rather than manual clicks in a cloud console. Benefits: Version control — your infrastructure lives in Git, reviewed like code. Reproducibility — spin up identical environments (dev, staging, prod) reliably. Auditability — every change has a commit message and author. Automation — infrastructure changes go through the same CI/CD pipeline as code. Popular IaC tools: Terraform (cloud-agnostic), AWS CloudFormation (AWS-specific), Pulumi (IaC with real programming languages), Ansible (configuration management). "Click-ops" is the anti-pattern: manually clicking through the cloud console, leaving no record and no repeatability. Say it: "I-A-C" (letter by letter). High-value term in DevOps interviews.
5 / 5
During an architecture review, a team discusses: "Our CDN handles 94% of requests for static assets — origin traffic is minimal." What does CDN stand for and what problem does it solve?
CDN = Content Delivery Network. A globally distributed network of servers (called "edge nodes" or "PoPs" — Points of Presence) that cache and serve static content (images, CSS, JS, videos) from a location geographically close to the user. Problem it solves: without a CDN, every user request goes to your origin server regardless of location — a user in Tokyo hitting a server in Virginia gets high latency. With a CDN: the file is cached at a Tokyo edge node and served locally. Benefits: lower latency, reduced origin server load, protection against traffic spikes and DDoS. The CDN also adds HTTPS termination, HTTP/2, and compression. Popular CDNs: Cloudflare, AWS CloudFront, Fastly, Akamai. "Cache invalidation" — forcing CDN to serve fresh content after a deploy — is a common DevOps challenge. Say it: "C-D-N" (letter by letter). In conversation: "Purge the CDN cache after deploying."