Operations Capabilities

Operations are at the heart of every organization. Operating in the cloud allows IT teams to focus on business outcomes, optimizing IT processes while accelerating software development and innovation. The capabilities within this area enable you to build, deploy, and operate, workloads with ease in the cloud with developer experience and tools capabilities.

  • The Developer Experience & Tools capability helps developers store code, build workflows, and promote workloads from test to production environments.

  • AWS provides tools and features that enable you to see what’s happening in your AWS environment. The Logging & Monitoring capability helps you gather and aggregate security and operational data about system and application activities, including near-real-time analysis of data to identify anomalies, indicators of compromise, performance issues, and configuration changes.


    • CF15 – S1: Identify and document specific logging requirements
    • CF15 – S2: Centralize and aggregate your logs and trace data
    • CF15 – S3: Set up alarms and metrics to monitor your environment
    • CF15 – S4: Log lifecycle management and maintenance
    • CF15 – S5: Dashboards and visualizations
    • CF15 – S6: Log customer specific requirements
  • Teams need to deploy sets of changes to update, fix, and/or enhance the operation and security properties of infrastructure and workloads. The Patching capability helps teams address security vulnerabilities, bug fixes, and other related work. The scope of patching includes operating systems, applications, and any relevant software systems.

  • The Rollout/Rollback capability helps you define a strategy to roll out application or configuration changes to the environment, or roll back these changes in case of failure. Application and configuration changes can include updated permissions, new policies, new or updated network configuration, new version of the application, or updated software development kits. These configuration changes can also include modifications to the orchestration framework that deploy these changes.


    • CF13 – S1: Establish and maintain infrastructure design principles
    • CF13 – S2: Establish and maintain deployment strategies
    • CF13 – S3: Establish and maintain monitoring of deployments
  • The Sort/Search for Metadata capability helps you search and filter based on metadata applied to tagged resources (such as accounts, or resources within these accounts), in your environment.


    • CF17 - S1: Ensure appropriate metadata is being applied to resources
    • CF17 - S2: Establish method to identify resources based on metadata
    • CF17 - S3: Identify missing or incorrect metadata on resources
    • CF17 - S4: Establish views/reports to view logical groupings of resources based on metadata