AWS SAP-C02 Glossary: Well-Architected, Migration, and Trade-Offs Terms
March 30, 2026
AWS SAP-C02 glossary of Well-Architected, migration, and trade-off terms, traps, and decision cues.
Use this glossary when advanced AWS architecture terms start to blur together. Keep it beside the cheat sheet and resources rather than treating it as a substitute for real scenario practice.
| Term |
Short meaning |
| Landing zone |
Standardized multi-account AWS foundation for governance, identity, networking, logging, and baseline controls |
| SCP |
AWS Organizations policy that restricts the maximum permissions available in an account or OU |
| Delegated administrator |
Account allowed to manage a supported AWS service on behalf of an organization |
| Transit Gateway |
AWS hub service for transitive connectivity between many VPCs and on-premises networks |
| Cloud WAN |
AWS global network management service for centrally managed core networking policies |
| PrivateLink |
Private service access path that avoids public internet exposure |
| Inspection VPC |
Centralized VPC used for traffic inspection, egress control, or shared security tooling |
| Route 53 Resolver |
DNS service component used for inbound, outbound, and hybrid resolution paths |
| Pilot light |
Minimal warm DR pattern with only critical core components always running |
| Warm standby |
Reduced-capacity DR environment that can scale up during failover |
| Blue/green migration |
Cutover strategy using separate old and new environments for lower-risk transition |
| Blast radius |
Scope of systems, accounts, or workloads affected by a failure or change |
Commonly confused pairs
| Pair |
Keep this distinction clear |
| SCP vs IAM policy |
organization-wide restriction versus principal-level permission grant |
| Transit Gateway vs VPC peering |
scalable transitive hub versus direct point-to-point connection |
| PrivateLink vs VPC endpoint gateway |
private service exposure versus route-based access for services like S3 or DynamoDB |
| backup vs replication |
restore copy versus continuity mechanism for lower outage time |
| pilot light vs warm standby |
minimal always-on recovery core versus partially scaled live environment |
If the confusion is really about…
| Topic family |
Best page to revisit |
| architecture patterns and high-confusion pairs |
Cheat Sheet |
| current AWS facts and primary docs |
Resources |
| pacing and review order |
Study Plan |
| overall exam framing |
Guide root |
Revised on Sunday, May 10, 2026