Reference · Case AI Interview
Glossary
Terms adhered to across all lessons. Grows one lesson at a time — currently through Lesson 0002.
Internet plumbing
- DNS (Domain Name System)
- The internet's phone book: translates domain names (
caseai.com) into IP addresses computers route by. Route 53 = AWS's DNS service.
- DNS record
- One entry in that phone book. A record: name → IP address. CNAME: name → another name (e.g. → a CloudFront distribution).
- CDN (Content Delivery Network)
- A fleet of cache servers in hundreds of cities serving your static content from near the user. Cloudflare is one; CloudFront is AWS's.
- Edge server
- The CDN cache server closest to a given user — the "edge" of the network. Cache hit = served locally; miss = fetched once from the origin.
- Origin (server)
- The real source behind a CDN — your S3 bucket or ALB/app. Edges shield it from most traffic.
AWS — networking & identity
- Region
- A geographic cluster of AWS datacenters (e.g.
ap-east-1 = Hong Kong). You choose one; data and services live there.
- Availability Zone (AZ)
- One of 3+ physically isolated datacenters inside a region. Deploying across AZs ("multi-AZ") survives a datacenter failure.
- VPC (Virtual Private Cloud)
- Your own private network inside AWS. Everything server-side (containers, databases, load balancers) lives inside one.
- Subnet (public / private)
- A slice of the VPC. Public subnets are internet-reachable (ALB, NAT); private subnets are not — app services and databases go there.
- Security group
- A stateful, per-resource firewall: rules like "allow the ALB to reach the app on port 443, the app to reach the DB on 5432, nothing else."
- NAT Gateway
- Lets private-subnet workloads make outbound internet calls (e.g. to the Anthropic API) while staying unreachable inbound.
- IAM (Identity and Access Management)
- AWS's permission system for humans and workloads. Governs every API call to every service.
- IAM policy
- A JSON document listing allowed/denied actions on specific resources ("s3:GetObject on bucket X").
- IAM role
- An identity that a workload (an ECS task, a Lambda) assumes to receive short-lived credentials. The mechanism behind "no hardcoded keys."
- Least privilege
- Grant only the specific permissions a task needs, nothing more. The first phrase to say in any IAM answer.
AWS — compute, data, messaging
- ALB (Application Load Balancer)
- The HTTP(S) front door of the VPC: TLS termination, health checks, routing traffic across containers in multiple AZs.
- ECS (Elastic Container Service)
- AWS's container orchestrator (the simpler alternative to Kubernetes/EKS). Runs "services" made of "tasks" (containers).
- Fargate
- Serverless capacity for ECS — you declare CPU/memory per task and never manage servers. For long-running services.
- API Gateway
- Managed HTTP front door for Lambda-based backends: routing, auth, throttling — the "ALB of the fully-serverless stack."
- Lambda
- Event-driven functions: scale-to-zero, per-invocation billing, cold starts, 15-minute maximum runtime.
- Cold start
- Latency on a Lambda's first invocation after idleness, while AWS provisions the sandbox.
- RDS / Aurora
- Managed relational databases (PostgreSQL/MySQL). Aurora is AWS's cloud-native flavour: faster failover, storage that auto-grows, read replicas.
- DynamoDB
- Serverless key-value/document database, single-digit-millisecond reads at any scale. The KV analogue that's a real primary database.
- S3 (Simple Storage Service)
- Object storage — the AWS twin of R2 (R2 copies S3's API). Where Case AI's legal documents would live.
- CloudFront
- AWS's CDN — an explicit distribution you place in front of an origin (unlike Cloudflare, where the CDN is implicit).
- Route 53
- AWS's DNS service.
- SQS (Simple Queue Service)
- Message queue that decouples producers from consumers; retries, visibility timeouts, dead-letter queues.
- Dead-letter queue (DLQ)
- A holding queue for messages that keep failing processing — inspect and replay instead of losing work. Strong reliability talking point.
- SNS (Simple Notification Service)
- Pub-sub fan-out: one event, many subscribers (queues, Lambdas, emails).
- Secrets Manager
- Managed store for credentials (DB passwords, API keys) with rotation; apps fetch secrets at runtime via IAM instead of baking them in.
- CloudWatch
- AWS's built-in logs, metrics, and alarms — the default observability answer.
- Well-Architected Framework
- AWS's design doctrine: six pillars — operational excellence, security, reliability, performance efficiency, cost optimization, sustainability.
AI terms met so far
- RAG (Retrieval-Augmented Generation)
- Fetch relevant document chunks first, then have the LLM answer from them — the architecture behind Case AI's document features. Detailed in Lesson 0003.
- Embedding
- A vector representing a text's meaning; similar texts get nearby vectors, which is what makes semantic retrieval searchable.
- pgvector
- Postgres extension adding vector types + similarity search, so embeddings live next to relational case data in Aurora/RDS.