Capabilities overview

A Cloud Foundations capability is a building block for establishing a cloud environment in a specific area. Capabilities are written using familiar language used across IT, and are designed to integrate into your IT environment. 

Each capability includes:
  • A definition: Explains what the capability is, and how it would help you solve issues at a high level.
  • A set of scenarios that map to your needs: These scenarios would expand what is going to be described and implemented throughout the capability.
  • Actionable, opinionated and prescriptive implementation guidance: This includes which responsible stakeholders need to be present when planning and making decisions across your environments.
  • Automation code (when available) or sample runbooks to implement the capability that can help you establish and operate your environment.

Identify stakeholders

To enable cross team collaboration and help drive the conversation, you need to identify the relevant stakeholders for your organization.

The following groups are meant to help identify the stakeholders responsible, accountable, or that need to be informed, so when decisions need to be made, they are all present when the decisions happen. This reduces the time it takes to identify who is responsible or accountable for the decisions when you involve them from the beginning. They will also be accountable to establish the defined capabilities within their environment.

Central IT

Responsible for central IT functions within your organization. Typically, they provide standards IT services, data center operations and other infrastructure functions.


Responsible for managing the cloud spend and budget. These stakeholders manage licenses, saving plans, and set budgets. They usually work to implement FinOps practices and drive the adoption of cost aware applications.


Responsible for networking connectivity and are typically responsible for deploying firewalls. Are able to establish VPNs and modify firewall rules, and other networking related topics.


Responsible for the day-to-day tasks perform of the environment. They maintain centralize repositories, run operational runbooks to ensure the environment is ready, and are in usually in charge of deploying changes to the shared infrastructure, pipelines, and shared repositories where templates are stored.


Security for AWS is job zero. The security stakeholders usually are responsible for Incorporating security best practices into your environment and workload development is very important to protect your data, customers data, and IP.

Software Development

Responsible for the development and deployment of your workloads on your cloud environment. They are consumers of shared services. Stakeholders within this area create reusable products and templates for the different workloads and environments.

Get started with the Cloud Foundations capabilities

When planning your cloud journey, you can use capabilities to create a customized path that details what your environment needs in order to host production workloads. This will help you scale when your cloud presence grows, and due to the iterative nature of the capabilities, you won’t need to start from the beginning.

The following capability list can help you visualize what a sample environment on the cloud should cover in order to deploy, operate, and govern your workloads on the cloud confidently and securely following the vision and approach proposed by Cloud Foundations.

Use the Cloud Foundations framework

For examples on how to solve your cloud foundations requirements, visit our Cloud Foundations page on Github. The GitHub repository contains a collection of templates, examples, and scripts that support our customers in developing their own foundational environment, such as a tag policy that sets up rules for tag values that customers should use.  

Was this page helpful?