Glossary L

AWS Lambda security covers the configuration and runtime controls needed to secure serverless functions, including IAM execution role permissions, VPC placement, environment variable encryption, layer security, and function URL authentication. Lambda's ephemeral execution model eliminates many traditional host security concerns but introduces risks including overly permissive IAM roles, insecure dependencies bundled in deployment packages, and injection via event payloads. Resource-based policies control which services and accounts can invoke Lambda functions.

A cloud landing zone is a pre-configured, secure multi-account cloud environment that serves as the foundation for an organization's cloud adoption. It implements organizational structure (management/security/logging accounts), network topology (hub-spoke VPCs), centralized logging, security baseline policies (SCPs, guardrails), and identity federation. Landing zones established by AWS Control Tower, Azure Landing Zones, or Google Cloud Foundation enable consistent security from day one of cloud adoption.

Latency is the time delay between initiating a network request and receiving the first byte of response, typically measured in milliseconds. In cloud architectures, latency is affected by geographic distance, network hops, serialization overhead, and service processing time. P99 latency (the 99th percentile) is the relevant metric for user-facing services, as average latency masks tail latency problems.

Lateral movement describes techniques attackers use to progressively move through a network after gaining initial access, seeking higher-value targets or elevated privileges. Common methods include pass-the-hash, Kerberoasting, and exploiting trust relationships between systems. Micro-segmentation, ZTA, and NDR solutions are primary controls for detecting and containing lateral movement.

Docker layer caching reuses previously built image layers when the instructions and inputs that produced them haven't changed. Effective Dockerfile ordering (copying dependency manifests before source code) maximizes cache hits and dramatically speeds up builds. CI platforms support remote layer caching via registries or dedicated cache backends to share caches across build agents.

Lead time for changes measures the time from committing code to that code running successfully in production. It is one of the four DORA metrics and reflects the end-to-end efficiency of the software delivery process. Elite DevOps teams achieve lead times under one hour through trunk-based development, automated testing, and progressive delivery.

The principle of least privilege dictates that users, processes, and systems should be granted only the minimum permissions necessary to perform their functions. Applying least privilege limits the blast radius when credentials are compromised or a component is exploited. It applies across all layers: OS user accounts, database permissions, API scopes, IAM roles, and network access controls.

A lifecycle policy automatically transitions objects between storage classes or deletes them based on age or other criteria. For example, moving objects to Glacier after 90 days and deleting them after 365 days reduces storage costs dramatically for archival data. S3, GCS, and Azure Blob all support lifecycle policies that eliminate manual data management at scale.

Linkerd is a lightweight, ultra-low-overhead service mesh for Kubernetes focused on simplicity and operational ease. Unlike Istio, Linkerd uses purpose-built micro-proxies instead of Envoy, resulting in lower resource consumption and simpler configuration. Linkerd is a CNCF graduated project and provides mTLS, traffic splitting, retries, and comprehensive observability with minimal operational burden.

A linter statically analyzes source code to detect stylistic inconsistencies, anti-patterns, and potential bugs without running the program. ESLint (JavaScript/TypeScript), Ruff (Python), and RuboCop (Ruby) are widely used linters. Linters enforce team coding standards automatically, reduce code review noise about style, and catch common bugs like unused variables and incorrect async patterns.

An LLM is a neural network trained on massive text datasets to understand and generate human language. LLMs power chatbots, code assistants, and content generation tools by predicting the most likely next tokens in a sequence. Scale in parameters and training data are the key drivers of emergent capabilities including reasoning, instruction following, and tool use.

A load balancer distributes incoming network traffic across multiple backend instances to prevent any single instance from becoming a bottleneck. Application load balancers operate at Layer 7 (HTTP), enabling routing based on URL paths, headers, and host names. Network load balancers operate at Layer 4 (TCP/UDP) for ultra-low latency. Load balancers also provide health checking and TLS termination.

Cloud log aggregation centralizes logs from cloud services (CloudTrail, VPC Flow Logs, container logs, application logs) into a central security lake or SIEM for correlation, analysis, and long-term retention. Security-focused log aggregation uses dedicated logging accounts with restricted access, S3 Object Lock for tamper-evident storage, and real-time streaming to SIEM platforms for threat detection. Comprehensive logging is a prerequisite for effective incident response and compliance auditing.

Logs are discrete records of events emitted by applications and infrastructure, providing detailed context for debugging and auditing. Structured logging (JSON or key-value format) makes logs machine-parseable and searchable without regex. The ELK stack (Elasticsearch, Logstash, Kibana) and Grafana Loki are common log aggregation platforms. Logs, metrics, and traces form the three pillars of observability.

LoRA is a parameter-efficient fine-tuning method that injects trainable low-rank decomposition matrices into a frozen pre-trained model's weight matrices. Instead of updating all weights, only the small rank-decomposition matrices (typically 0.1–1% of parameters) are trained. LoRA enables high-quality fine-tuning on a single GPU with minimal memory overhead and has become the dominant PEFT technique.

LSM trees are a write-optimized data structure used by databases like Cassandra, RocksDB, and LevelDB. Writes are batched in memory (memtable) and flushed to immutable sorted files (SSTables) on disk; reads merge data across levels. LSM trees provide high write throughput at the cost of read amplification and periodic compaction overhead. They are well-suited for time-series and high-ingest workloads.

LSP defines a standard JSON-RPC protocol between code editors and language-specific servers that provide IDE features like autocomplete, go-to-definition, find references, and diagnostics. A single language server (e.g., TypeScript Language Server) can serve any LSP-compatible editor (VS Code, Neovim, Helix), eliminating the need for editor-specific plugins. LSP democratized IDE-quality tooling for all editors.