AWS Management Tools Cheat Sheet

AWS Organizations

CloudFormation

• gives developers and systems administrators an easy way to create and manage a collection of related AWS resources
• Resources can be updated, deleted, and modified in an orderly, controlled and predictable fashion, in effect applying version control to the AWS infrastructure as code done for software code
• CloudFormation Template is an architectural diagram, in JSON or YAML format, and Stack is the end result of that diagram, which is actually provisioned
• template can be used to set up the resources consistently and repeatedly over and over across multiple regions and consists of
  • List of AWS resources and their configuration values
  • An optional template file format version number
  • An optional list of template parameters (input values supplied at stack creation time)
  • An optional list of output values like public IP address using the Fn::GetAtt function
  • An optional list of data tables used to lookup static configuration values for e.g., AMI names per AZ
• supports Chef & Puppet Integration to deploy and configure right down the application layer
• supports Bootstrap scripts to install packages, files, and services on the EC2 instances by simply describing them in the CF template
• automatic rollback on error feature is enabled, by default, which will cause all the AWS resources that CF created successfully for a stack up to the point where an error occurred to be deleted
• provides a WaitCondition resource to block the creation of other resources until a completion signal is received from an external source
• allows DeletionPolicy attribute to be defined for resources in the template
  • retain to preserve resources like S3 even after stack deletion
  • snapshot to backup resources like RDS after stack deletion
• DependsOn attribute to specify that the creation of a specific resource follows another
• Service role is an IAM role that allows AWS CloudFormation to make calls to resources in a stack on the user’s behalf
• Nested stacks can separate out reusable, common components and create dedicated templates to mix and match different templates but use nested stacks to create a single, unified stack
• Change Sets presents a summary or preview of the proposed changes that CloudFormation will make when a stack is updated
• Drift detection enables you to detect whether a stack’s actual configuration differs, or has drifted, from its expected configuration.
• Termination protection helps prevent a stack from being accidentally deleted.
• Stack policy can prevent stack resources from being unintentionally updated or deleted during a stack update.
• StackSets extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and Regions with a single operation.
• IaC Generator (launched Feb 2024)
  • Generates CloudFormation templates and AWS CDK apps for existing AWS resources that are not managed with CloudFormation.
  • Scans resources in an AWS account, identifies relationships, and generates templates.
  • Supports targeted resource scans for faster template generation.
  • Helps onboard existing resources to CloudFormation management.
• Hooks
  • Extension points that invoke custom logic at specific points during stack operations for validation or enforcement.
  • Can be created using AWS Lambda, CloudFormation Guard rules, or the CFN-CLI.
  • Now supports managed proactive controls from AWS Control Tower Controls Catalog (2025).
  • Hooks Invocation Summary page provides centralized historical view of Hook activity.
• Stack Refactoring (2025)
  • Enables reorganizing CloudFormation and CDK infrastructure without disrupting deployed resources.
  • Move resources between stacks, rename logical IDs, and decompose monolithic stacks.
• Drift-Aware Change Sets (Nov 2025)
  • Provides three-way comparison between new template, last-deployed template, and actual infrastructure state.
  • Prevents unexpected overwrites of drift during stack updates.
  • During execution, recreates resources deleted outside of CloudFormation.
• Pre-Deployment Validation (Nov 2025)
  • Validates templates during change set creation, catching errors before resource provisioning.
  • Checks for invalid property syntax, resource name conflicts, and S3 bucket emptiness constraints.
• StackSets Deployment Ordering (2025)
  • Supports deployment ordering for auto-deployment mode with DependsOn parameter.
  • Enables defining the sequence in which stack instances deploy across accounts and regions.
  • Includes built-in cycle detection to prevent circular dependencies.

Elastic BeanStalk

• makes it easier for developers to quickly deploy and manage applications in the AWS cloud.
• automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling and application health monitoring
• CloudFormation supports ElasticBeanstalk
• provisions resources to support
  • a web application that handles HTTP(S) requests or
  • a web application that handles background-processing (worker) tasks
• supports Out Of the Box
  • Apache Tomcat for Java applications
  • Apache HTTP Server for PHP applications
  • Apache HTTP server for Python applications
  • Nginx or Apache HTTP Server for Node.js applications
  • Passenger for Ruby applications
  • Microsoft IIS for .NET applications
  • Single and Multi Container Docker
  • Go applications
• supports custom AMI to be used
• is designed to support multiple running environments such as one for Dev, QA, Pre-Prod and Production.
• supports versioning and stores and tracks application versions over time allowing easy rollback to prior version
• can provision RDS DB instance and connectivity information is exposed to the application by environment variables, but is NOT recommended for production setup as the RDS is tied up with the Elastic Beanstalk lifecycle and if deleted, the RDS instance would be deleted as well
• Amazon Linux 2023 (AL2023) is the current recommended platform. Amazon Linux 2 (AL2) standard support ends June 30, 2026. Platform branches based on Amazon Linux AMI (AL1) are retired.
• supports AI-powered log analysis using Amazon Nova for improved reliability in troubleshooting.

OpsWorks

• is a configuration management service that helps to configure and operate applications in a cloud enterprise by using Chef
• helps deploy and monitor applications in stacks with multiple layers
• supports preconfigured layers for Applications, Databases, Load Balancers, Caching
• OpsWorks Stacks features is a set of lifecycle events – Setup, Configure, Deploy, Undeploy, and Shutdown – which automatically runs specified set of recipes at the appropriate time on each instance
• Layers depend on Chef recipes to handle tasks such as installing packages on instances, deploying apps, running scripts, and so on
• OpsWorks Stacks runs the recipes for each layer, even if the instance belongs to multiple layers
• supports Auto Healing and Auto Scaling to monitor instance health, and provision new instances

CloudWatch

• allows monitoring of AWS resources and applications in real time, collect and track pre configured or custom metrics and configure alarms to send notification or make resource changes based on defined rules
• does not aggregate data across regions
• stores the log data indefinitely, and the retention can be changed for each log group at any time
• alarm history is stored for only 14 days
• can be used an alternative to S3 to store logs with the ability to configure Alarms and generate metrics, however logs cannot be made public
• Alarms exist only in the created region and the Alarm actions must reside in the same region as well
• Application Signals (GA June 2024)
  • Provides a unified, application-centric view of applications, services, and dependencies.
  • Automatic instrumentation across Amazon ECS, EKS, Lambda, and EC2 — no custom code or dashboards needed.
  • Pre-built dashboards showing volume, availability, latency, faults, and errors.
  • Supports Service Level Objectives (SLOs) and health indicators.
  • Application map automatically discovers and visualizes application topology.
• Network Monitoring
  • Internet Monitor — provides near-continuous internet measurements (availability and performance) tailored to your workload footprint on AWS.
  • Network Flow Monitor — tracks network metrics (data transferred, retransmissions, round-trip time) between compute resources using lightweight agents.
  • Network Synthetic Monitor — visualizes packet loss and latency of hybrid network connections.

CloudTrail

• records access to API calls for the AWS account made from AWS management console, SDKs, CLI and higher level AWS service
• support many AWS services and tracks who did, from where, what & when
• is a global service — a trail can be applied to all regions or a single region. A region can include global services (like IAM, STS etc), is applicable to all the supported services within that region
• log files from different regions can be sent to the same S3 bucket
• can be integrated with SNS to notify logs availability, CloudWatch logs log group for notifications when specific API events occur
• call history enables security analysis, resource change tracking, trouble shooting and compliance auditing
• CloudTrail Lake
  • A managed data lake for capturing, storing, and analyzing AWS activity logs.
  • Supports enhanced event filtering, event enrichment, and expanded event size (2025).
  • AI-powered features for log analysis and pre-built dashboards (Nov 2024).
  • ⚠️ CloudTrail Lake is no longer open to new customers starting May 31, 2026. Existing customers can continue use. AWS recommends Amazon CloudWatch for similar capabilities going forward.