L14. Management and Developer Tools: CloudFormation, CDK, and Systems Manager
Video generating
Check back soon for the video lesson on Management and Developer Tools: CloudFormation, CDK, and Systems Manager
AWS management and developer tools automate infrastructure and operations. The Cloud Practitioner exam tests CloudFormation, AWS CDK, Systems Manager, CloudWatch, and the AWS Console.
AWS CloudFormation
CloudFormation is AWS's native infrastructure as code (IaC) service. You define AWS resources in JSON or YAML templates and CloudFormation provisions them. Key concepts:
- Template: JSON or YAML file describing the desired infrastructure
- Stack: a set of AWS resources created from a CloudFormation template; managed as a single unit
- StackSets: deploy CloudFormation stacks across multiple accounts and Regions simultaneously
AWS Cloud Development Kit (CDK)
AWS CDK lets you define cloud infrastructure using familiar programming languages (Python, TypeScript, Java, C#) instead of JSON/YAML. CDK code compiles to CloudFormation templates.
AWS Systems Manager
Systems Manager provides operational management capabilities for AWS and on-premises resources. Key capabilities:
- Parameter Store: stores configuration data and secrets (hierarchical key-value store)
- Session Manager: browser-based shell access to EC2 instances without opening port 22 (more secure than SSH)
- Patch Manager: automates OS and application patching across EC2 instances
- Run Command: remotely execute commands on multiple EC2 instances simultaneously
Amazon CloudWatch
CloudWatch is the AWS observability service for metrics, logs, and alarms. Components:
- Metrics: numerical time-series data from AWS services (CPU, network, custom metrics)
- Logs: collect, monitor, and analyze log data from EC2, Lambda, and other services
- Alarms: trigger notifications or auto-scaling when metrics cross thresholds
- Dashboards: custom visualization of metrics
- Events/EventBridge: event-driven automation (trigger Lambda when EC2 state changes)
AWS Trusted Advisor
Trusted Advisor provides real-time guidance across five categories: Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits. Free checks (all accounts): 7 security checks, basic performance and service limits. Full checks: require Business or Enterprise Support plan.
AWS Management Console
Web-based UI for managing all AWS services. The AWS CLI and AWS SDKs provide programmatic access.
| Tool | Best For |
|---|---|
| CloudFormation | IaC with JSON/YAML templates |
| CDK | IaC with programming languages |
| Systems Manager | Operational management and patching |
| CloudWatch | Monitoring, logging, and alarms |
| Trusted Advisor | Recommendations across 5 pillars |
- ✓CloudFormation provisions AWS infrastructure from JSON/YAML templates as repeatable, version-controlled stacks
- ✓AWS CDK lets you write IaC in Python, TypeScript, etc., and compiles down to CloudFormation templates
- ✓Systems Manager Session Manager enables browser-based EC2 access without opening port 22 or using SSH keys
- ✓CloudWatch collects metrics, logs, and triggers alarms; EventBridge enables event-driven automation
- ✓Trusted Advisor provides recommendations across Cost, Performance, Security, Fault Tolerance, and Service Limits
1. A security team wants to access EC2 instances without opening port 22 or using SSH keys. Which AWS service enables this?
2. A developer wants to define AWS infrastructure using Python code rather than JSON or YAML. Which tool should they use?
Recommended: Pluralsight
Complement these lessons with Pluralsight: structured CLF-C02 learning paths, AWS hands-on labs, and realistic practice questions for exam day.