Modern software development demands fast, secure, and automated delivery of applications and infrastructure. To meet these needs, engineering teams increasingly rely on a broad ecosystem of DevOps tools that streamline everything from code integration and deployment to monitoring, compliance, and infrastructure management.
This guide provides an overview of key AWS tools used across the DevOps lifecycle, with a focus on AWS-native services and widely adopted third-party platforms.
While the emphasis is on tools relevant to AWS environments, many support hybrid or multi-cloud workflows and integrate with open-source and enterprise ecosystems.
AWS DevOps tools fall into several functional categories that align with the phases of the DevOps lifecycle. These categories support automation, collaboration, monitoring, and infrastructure management across cloud environments.
- CI/CD and deployment automation – These tools manage code integration, build pipelines, automated testing, and application deployment. They streamline delivery workflows and ensure consistent, repeatable release processes across environments.
- Infrastructure as code (IaC) – This group enables the provisioning and configuration of infrastructure through code templates and version-controlled scripts. IaC tools ensure that environments are reproducible, scalable, and aligned with application requirements.
- Configuration management – These tools maintain and enforce system configurations across fleets of instances. They support state management, drift detection, and automated remediation of infrastructure or application configuration.
- Monitoring and logging – Tools in this category provide observability by collecting metrics, logs, and traces. They help identify performance issues, track system health, and trigger alerts or automated responses to anomalies.
- Security and compliance – This set focuses on access control, vulnerability scanning, policy enforcement, and auditing. They help secure the DevOps pipeline and ensure regulatory compliance.
- Collaboration and project management – These tools support agile workflows, issue tracking, and communication across teams. They help integrate business, development, and operations functions within DevOps processes.
AWS offers several services tailored to DevOps workflows, along with strong integration support for third-party options. These tools are often combined based on team preferences and required control, with AWS-native tools offering tighter IAM and VPC integration out of the box.
The best AWS tools, including native and third-party options, include:
- AWS CodePipeline
- AWS CodeBuild
- AWS CodeDeploy
- AWS CodeCatalyst
- AWS EventBridge
- AWS Cloud Development Kit (CDK)
- AWS Device Farm
- AWS Elastic Beanstalk
- Amazon ECS
- Amazon EKS
- Amazon CloudWatch
- AWS CloudTrail
- AWS CloudFormation
- AWS Lambda
- AWS Fargate
- Amazon Q Developer
- Spacelift
- GitLab CI/CD
- Kubernetes
- Terraform
- OpenTofu
- Jenkins
- DataDog
- New Relic
- Prometheus + Grafana
- Checkov (by Bridgecrew)
- Aqua Security
- HashiCorp Vault
Let’s start with the native tools.
AWS CodePipeline is a managed service that automates the stages of software release, from source to production. It connects various tools into a single workflow and ensures code changes are built, tested, and deployed every time an update is made. The visual pipeline interface simplifies setup and monitoring, while native integration with AWS and third-party tools enables flexible orchestration.
It is especially useful for teams adopting continuous delivery practices or managing deployments across multiple environments, where consistency and automation reduce risk and effort.
Key features of AWS CodePipeline
- Connects build, test, and deployment tools into a structured workflow
- Native integration with AWS CodeBuild, CodeDeploy, GitHub, Jenkins, and more
- Supports parallel actions, manual approvals, and custom extensions
- Fully managed, scalable, and event-driven
Use cases: Continuous delivery, automated deployment workflows, multi-environment pipelines, infrastructure automation
Website: https://aws.amazon.com/codepipeline
AWS CodeBuild is a serverless build service that compiles source code, runs tests, and produces deployment-ready artifacts. It eliminates the need to manage or provision servers and scales on demand to handle concurrent builds. Developers define build processes using a YAML buildspec file, which can be used in either prebuilt or custom environments.
Designed for speed and flexibility, it integrates with other AWS services and supports most common programming languages. Logs and metrics are available in CloudWatch for visibility and debugging.
Key features of AWS CodeBuild
- Fully managed and automatically scalable build execution
- Prebuilt and custom Docker image support
- Secure environment isolation per build run
- Native integration with AWS CodePipeline and CloudWatch
Use cases: Source code compilation, test automation, artifact packaging, build step in CI/CD pipelines
Website: https://aws.amazon.com/codebuild
AWS CodeDeploy automates code deployments to Amazon EC2, AWS Lambda, Amazon ECS, and on-premises servers. It provides deployment strategies like blue/green and rolling updates to reduce downtime and risk. Built-in lifecycle hooks let teams run custom scripts before, during, and after deployment phases.
It operates as a standalone service or as part of a CI/CD pipeline, giving flexibility to support traditional, containerized, or serverless applications.
Key features of AWS CodeDeploy
- Blue/green, in-place, and rolling deployment options
- Lifecycle hooks for pre/post-deployment logic
- Works across EC2, Lambda, ECS, and hybrid environments
- Automatic rollback support and deployment status tracking
Use cases: Safe code rollout, serverless updates, hybrid infrastructure support, deployment orchestration
Website: https://aws.amazon.com/codedeploy
AWS CodeCatalyst is a unified cloud development platform that combines source control, CI/CD, issue tracking, and Dev Environments. It is designed to support modern application development on AWS by reducing the need to manually stitch together tools and infrastructure.
It enables faster team onboarding and project setup through blueprints, while offering secure development environments and built-in automation. Unlike more modular AWS tools, CodeCatalyst focuses on simplicity and cohesion across the software lifecycle.
Key features of AWS CodeCatalyst
- Blueprint-based project templates for rapid setup, now supporting best-practice CI/CD automation and multi-environment orchestration
- Secure Dev Environments hosted on EC2 and Amazon Lightsail, including ARM-based instances
- Integrated Git repositories, with support for GitHub and Bitbucket in addition to native AWS repos
Use cases: cloud-native development, all-in-one DevOps workspace, CI/CD automation, team collaboration
Website: https://aws.amazon.com/codecatalyst
AWS EventBridge is a serverless event bus that enables applications and services to communicate through events. It allows decoupling of application components by routing real-time data from AWS services, integrated SaaS providers, or custom applications to targets such as Lambda, Step Functions, or EC2.
EventBridge is commonly used in AWS-native architectures to build event-driven workflows, automate operations, and connect services across multiple AWS accounts and regions. It supports schema discovery, filtering, and transformation of events before delivery.
Key features of AWS EventBridge
- Serverless event bus with native AWS and SaaS integrations
- Event routing with filtering, transformation, and retry logic
- Supports cross-account and cross-region event delivery
- Integrated with over 100 AWS services
Use cases: Event-driven automation, decoupled service communication, SaaS-to-AWS integration, real-time AWS workflows
Website: https://aws.amazon.com/eventbridge
See example: Terraform with AWS EventBridge [Step-by-Step Guide]
AWS CDK is an infrastructure as code (IaC) framework that allows developers to define cloud infrastructure using familiar programming languages like TypeScript, Python, Java, and C#. It synthesizes these definitions into AWS CloudFormation templates, making it easier to create, manage, and reuse complex infrastructure setups as part of software projects.
Unlike traditional template-based IaC, CDK promotes higher abstraction through reusable constructs, which represent logical groupings of AWS resources. This makes infrastructure code more modular and testable, especially in teams managing multiple stacks or environments.
Key features of AWS CDK
- Infrastructure definition in TypeScript, Python, Java, or C#
- Converts code into AWS CloudFormation templates
- Reusable components via high-level constructs
- Supports unit testing and CI/CD integration
Use cases: Infrastructure as code, reusable cloud patterns, testable infrastructure, multi-environment provisioning
Website: https://aws.amazon.com/cdk
AWS Device Farm is a managed testing service for mobile and web apps across a selection of real devices in the cloud. It enables developers to identify bugs, compatibility issues, and performance bottlenecks across different device types, OS versions, and screen sizes without needing to maintain physical labs.
Tests can be run manually or through automated frameworks like Appium, Espresso, and XCTest. The service provides detailed reports, including logs, video recordings, and device-level metrics to support debugging and validation.
Key features of AWS Device Farm
- Real-device testing for Android and iOS apps
- Supports automated and manual testing workflows
- Integrates with popular testing frameworks
- Includes detailed reporting with logs and video playback
Use cases: Mobile QA automation, compatibility testing, UI regression testing, device-level debugging
Website: https://aws.amazon.com/device-farm
AWS Elastic Beanstalk is a platform-as-a-service (PaaS) offering that simplifies the deployment and scaling of web applications. Developers upload code, and Beanstalk automatically handles resource provisioning, load balancing, scaling, and monitoring. It supports a range of platforms including Java, .NET, PHP, Node.js, Python, and Docker.
Elastic Beanstalk is especially useful when speed and ease of use are key, but teams still want access to the underlying resources for fine-tuning or debugging. It provides a middle ground between full automation and infrastructure control.
However, Elastic Beanstalk offers limited flexibility compared to tools like CDK or Terraform and is best suited for simpler applications or teams that prioritize ease of use over granular control.
Key features of AWS Elastic Beanstalk
- Automatic provisioning and scaling of application environments
- Supports multiple programming languages and Docker containers
- Built-in monitoring and health checks
Use cases: Web app deployment, managed hosting, rapid prototyping, scalable backend services
Amazon Elastic Container Service (ECS) is a container orchestration platform that runs Docker containers on AWS infrastructure. It offers tight integration with the AWS ecosystem, including IAM, CloudWatch, and ELB, making it a natural fit for teams already using AWS.
ECS supports both EC2 (self-managed servers) and AWS Fargate (serverless compute) as launch types. It enables users to run and scale containerized applications efficiently while managing deployment strategies, networking, and scaling rules through simple configuration.
Key features of Amazon ECS
- Orchestrates containers using EC2 or Fargate
- Deep AWS integration for security, logging, and networking
- Built-in service discovery and autoscaling
- Simple task and service definitions via JSON
Use cases: Containerized microservices, batch processing, CI/CD deployment targets, serverless container workloads
Website: https://aws.amazon.com/ecs
Amazon EKS (Elastic Kubernetes Service) is a managed Kubernetes offering that simplifies running Kubernetes clusters in the AWS cloud. EKS handles the control plane, including upgrades, availability, and security patches, while users retain full access to Kubernetes APIs and tooling.
It provides native support for integrations with AWS services like IAM, CloudWatch, and Load Balancers, enabling more secure and observable workloads. EKS is ideal for teams standardizing on Kubernetes but looking to offload operational overhead.
Key features of Amazon EKS
- Fully managed, highly available Kubernetes control plane
- Works with upstream Kubernetes tooling and APIs
- Supports EC2 and Fargate worker nodes
- Integrates with IAM, ALB, and CloudWatch
Use cases: Kubernetes orchestration, hybrid and multi-cloud workloads, containerized app deployment, microservices management
Website: https://aws.amazon.com/eks
Amazon CloudWatch is a monitoring and observability service that collects metrics, logs, and events from AWS resources, applications, and services. It enables real-time insights into infrastructure performance and application behavior, and supports alarms, dashboards, and automated responses to operational events.
With native integration across AWS, CloudWatch acts as a central point for tracking usage patterns, detecting anomalies, and triggering autoscaling or incident remediation workflows.
Key features of Amazon CloudWatch
- Real-time metrics and custom dashboards
- Centralized log collection and analysis
- Alarms with automatic triggering of actions (e.g., SNS, Auto Scaling)
- Integrated with AWS services and third-party agents
Use cases: Infrastructure monitoring, log aggregation, alerting and anomaly detection, automated remediation
Website: https://aws.amazon.com/cloudwatch
Read more: Top 19 AWS Monitoring Tools & 8 Best Practices for 2025
AWS CloudTrail provides governance, compliance, and auditing capabilities by recording account activity across AWS services. It logs API calls, console sign-ins, and other actions into a searchable event history that can be analyzed in near real-time or archived for long-term audit trails.
It is essential for organizations needing detailed security auditing or operational visibility, and can be combined with services like CloudWatch and AWS Config for automated response or compliance checks.
Key features of AWS CloudTrail
- Records all AWS API calls and events
- Stores logs in Amazon S3 with optional encryption
- Integrates with CloudWatch Logs and Insights for querying
- Supports organization-wide trails across multiple accounts
Use cases: Security auditing, user activity tracking, regulatory compliance, forensic investigations
Website: https://aws.amazon.com/cloudtrail
AWS CloudFormation is an IaC service that enables the modeling and provisioning of AWS resources using JSON or YAML templates. It manages resource dependencies automatically and applies changes safely through change sets and rollback mechanisms.
CloudFormation is often used to standardize infrastructure deployment across environments, enforce configuration consistency, and enable repeatable deployments with minimal manual intervention.
Key features of AWS CloudFormation
- Declarative templates for defining AWS infrastructure
- Dependency management and ordered provisioning
- Stack updates with drift detection and rollback
- Supports nested stacks and custom macros
Use cases: Repeatable infrastructure deployments, environment templating, compliance enforcement, multi-region provisioning
Website: https://aws.amazon.com/cloudformation
Read more: What is AWS CloudFormation? Key Concepts & Tutorial
AWS Lambda is a serverless compute service that runs code in response to events without provisioning or managing servers. It supports a wide range of event sources, including API Gateway, S3, DynamoDB, and custom applications, and scales automatically based on workload.
Lambda is well-suited for lightweight, event-driven workloads and microservices, and integrates seamlessly with other AWS services. Developers can deploy functions in multiple languages and manage them via the AWS CLI, SDKs, or infrastructure as code tools.
Key features of AWS Lambda
- Event-driven execution with automatic scaling
- Supports multiple runtimes (Node.js, Python, Java, etc.)
- Integrated with API Gateway, S3, DynamoDB, and more
- Fine-grained access control using IAM
Use cases: Serverless APIs, real-time file processing, scheduled tasks, backend automation
Website: https://aws.amazon.com/lambda
AWS Fargate is a serverless compute engine for containers that works with both Amazon ECS and Amazon EKS. It removes the need to provision or manage EC2 instances by automatically handling the scaling, patching, and security of the infrastructure running container workloads. Developers simply define task or pod specifications, and Fargate handles the rest.
Fargate is ideal for running microservices, APIs, and background tasks on AWS without managing underlying servers. It integrates with IAM, CloudWatch, ALB, and EFS, making it easy to run secure and observable container-based applications.
Key features of AWS Fargate
- Serverless compute for ECS and EKS containers
- No infrastructure management required
- Scales automatically based on demand
- Integrated with AWS networking, logging, and security services
Use cases: Containerized application deployment, microservices without EC2, serverless Kubernetes workloads, on-demand container execution
Website: https://aws.amazon.com/fargate
Read more: What is Amazon (AWS) EventBridge & How Does It Work?
Amazon Q Developer is a generative AI assistant designed to help developers build and troubleshoot applications on AWS. Integrated into tools like the AWS Console, IDEs, and CLI, it can answer technical questions, generate code snippets, explain AWS services, and help debug infrastructure or application issues.
It is context-aware, meaning it can reference project-specific details, resources, or configurations to provide tailored guidance. This makes it especially useful for accelerating development and reducing the time spent navigating AWS documentation or resolving errors.
Key features of Amazon Q Developer
- Supports code generation, documentation lookup, debugging, and integrates with CodeWhisperer for real-time assistance
- Integrates with AWS Console, IDEs (VS Code, JetBrains), and CLI
- Context-aware suggestions based on the current project and environment
- Supports code generation, documentation lookup, and debugging
- Includes CLI-based workflows and contextual previews of AWS documentation within IDEs
Use cases: AWS development assistance, code troubleshooting, AI-powered infrastructure guidance, productivity boost for DevOps teams
Website: https://aws.amazon.com/q/developer
Now, let’s review the third-party solutions.
Spacelift is an infrastructure automation platform designed to orchestrate IaC tools like Terraform, OpenTofu, and CloudFormation, making it well-suited for teams managing AWS environments. It integrates directly with AWS accounts and supports GitOps workflows, allowing infrastructure updates to be versioned, reviewed, and deployed automatically.
Its policy-as-code support (via OPA) and built-in drift detection help enforce security and compliance across AWS stacks. Spacelift also allows advanced orchestration across multiple workflows, which is useful for managing complex AWS multi-account setups.
Spacelift is available on AWS marketplace.
Key features of Spacelift
- Native support for Terraform, OpenTofu, Pulumi, Ansible, Kubernetes, and CloudFormation
- GitOps-driven workflows with plan and apply separation
- Policy-as-code using Open Policy Agent (OPA)
- Drift detection, stack dependencies, and team-based permissions
Use cases: AWS infrastructure automation, policy enforcement in IaC, GitOps for multi-account AWS setups, continuous provisioning
Website: https://spacelift.io
Learn more: What is Spacelift? Key Features, Benefits & Use Cases
GitLab CI/CD offers a flexible, scriptable platform for automating builds, tests, and deployments, and integrates smoothly with AWS services. It can deploy applications to Amazon EC2, ECS, or Lambda, and works well with Terraform or CloudFormation for provisioning AWS infrastructure. GitLab Runners can be hosted on AWS, and artifacts can be stored in S3 for pipeline traceability.
This makes it a practical option for teams using GitLab as their central DevOps platform while relying on AWS for compute, storage, or infrastructure delivery.
Key features of GitLab CI/CD
- Declarative pipeline configuration in
.gitlab-ci.yml - Deploy to AWS through the runners, using different tools or IaC script
- Works with all the AWS services that can be automated, such as S3, EC2, ECS, Lambda, and EKS
- Built-in support for Docker, testing, and vulnerability scans
Use cases: AWS workload deployment, Git-centric CI/CD pipelines, infrastructure provisioning via Terraform or CloudFormation, artifact storage in S3
Website: https://about.gitlab.com/
Read more: How to Implement GitLab CI/CD Pipeline with Terraform
Kubernetes provides container orchestration for deploying and managing distributed applications, and is often used on AWS through Amazon EKS. Kubernetes abstracts infrastructure and handles scheduling, scaling, and failover for containers, making it a powerful platform for teams managing complex, microservice-based workloads.
On AWS, Kubernetes integrates with services like IAM, ALB, CloudWatch, and EBS, allowing secure and scalable operation with native AWS components. It also pairs well with tools like Helm, Fluent Bit, and AWS Load Balancer Controller.
Key features of Kubernetes
- Declarative orchestration for containers and services
- Native AWS integrations via EKS (IAM, EBS, ELB, CloudWatch)
- Horizontal scaling, rolling deployments, and self-healing
- Extensible architecture with CRDs and operators
Use cases: Container orchestration on AWS, EKS-based microservice platforms, hybrid deployments, resilient infrastructure automation
Website: https://kubernetes.io
See example: How to Run Kubernetes on AWS
Terraform by HashiCorp is one of the most widely used tools for provisioning AWS infrastructure as code. Its declarative syntax (HCL) and extensive AWS provider allow users to define resources like VPCs, EC2 instances, IAM roles, and S3 buckets in reusable, version-controlled code. Terraform integrates easily with CI/CD pipelines and remote backends like Amazon S3 and DynamoDB for storing state and locking.
Its modular approach makes it ideal for managing large-scale AWS deployments across environments and accounts.
Key features of Terraform
- AWS provider supports full AWS resource coverage
- State management with S3 backend and DynamoDB locking (in newer versions, S3 native locking is also available)
- Declarative HCL configuration with reusable modules
- Community and enterprise modules for AWS architectures
Use cases: AWS resource provisioning, infrastructure versioning, multi-account management, CI/CD integration for IaC
Website: https://www.hashicorp.com/en/products/terraform
Read more: Deploying AWS Resources with Terraform – Tutorial
OpenTofu is a community-driven, open-source alternative to Terraform designed to support infrastructure as code (IaC) workflows with long-term openness and transparency. Maintained under the Linux Foundation, OpenTofu ensures a stable, enterprise-ready platform free from commercial licensing constraints.
It supports the HashiCorp Configuration Language (HCL) and provides full compatibility with the Terraform AWS provider ecosystem, allowing seamless migration and integration for existing infrastructures. OpenTofu is actively developed by a growing community and vendors committed to keeping IaC tooling open, auditable, and collaborative.
Key features of OpenTofu
- Full compatibility with Terraform syntax and providers
- Open-source and MPL-licensed under Linux Foundation stewardship
- Supports remote state backends (S3, Azure Blob Storage, etc.) and workspaces
- Enterprise-grade stability with community governance and transparency
Use cases: Open-source AWS infrastructure provisioning, license-flexible Terraform alternative, GitOps for AWS IaC, enterprise IaC adoption
Website: https://opentofu.org
Jenkins is a flexible, open-source automation server widely used to implement CI/CD pipelines, including those targeting AWS. With plugins like AWS CLI, AWS CodeDeploy, and Amazon EC2 integration, Jenkins can deploy applications to EC2, ECS, or Lambda and manage infrastructure with tools like Terraform or CloudFormation.
While it requires manual setup, Jenkins is often chosen for its control and extensibility, making it a practical choice for teams building custom pipelines around AWS services.
Key features of Jenkins
- Plugin ecosystem for AWS (e.g., EC2, CodeDeploy, S3, CloudFormation)
- Declarative pipelines with Groovy or Blue Ocean UI
- Self-hosted with customizable build agents on AWS
- Supports Docker, Kubernetes, and IaC toolchains
Use cases: CI/CD to AWS targets, hybrid cloud deployments, Terraform automation, custom infrastructure workflows
Website: https://www.jenkins.io
Datadog offers observability and monitoring across AWS infrastructure and applications, with native integrations for services like EC2, Lambda, RDS, and CloudWatch. It provides unified dashboards for logs, metrics, and traces, helping teams detect issues and optimize performance across distributed AWS workloads.
It’s widely used in AWS-centric environments for correlating infrastructure behavior with application health and automating alerting based on real-time conditions.
Key features of Datadog
- 70+ AWS service integrations including EC2, S3, Lambda, RDS
- Centralized dashboards with logs, metrics, and traces
- Cloud-native alerting, anomaly detection, and SLO tracking
- Infrastructure, APM, and security monitoring in one platform
Use cases: Full-stack AWS monitoring, serverless observability, cost and usage analysis, proactive alerting
Website: https://www.datadoghq.com
Read more: Datadog vs. Splunk: Observability Tools Comparison
New Relic provides real-time observability across applications and AWS infrastructure, combining APM, metrics, logs, and traces in a single platform. It integrates directly with AWS services like CloudWatch, Lambda, ECS, and API Gateway, and helps developers and SREs monitor system health and performance.
Its opinionated dashboards and curated experiences are well-suited for teams looking to monitor AWS workloads without extensive setup or tuning.
Key features of New Relic
- AWS integration via CloudWatch for EC2, Lambda, RDS, and more
- Unified telemetry across applications and cloud infrastructure
- Distributed tracing and real user monitoring (RUM)
- Query language (NRQL) for custom insights and dashboards
Use cases: APM for AWS-hosted applications, cloud usage optimization, SRE observability, end-to-end monitoring
Website: https://newrelic.com
Prometheus and Grafana form a popular open-source observability stack often used in Kubernetes and AWS environments. Prometheus collects and stores metrics, including those from EC2, EKS, and custom exporters, while Grafana visualizes this data through dashboards and alerts.
In AWS, the stack is commonly deployed in EKS clusters, integrates with CloudWatch through exporters, and is favored by teams that want full control over observability tooling.
Key features of Prometheus + Grafana
- Custom metrics collection and alerting with Prometheus
- Dashboarding and visualization with Grafana
- Integration with AWS services via exporters (e.g., CloudWatch, EC2)
- Kubernetes-native setup with Helm charts and service discovery
- Commonly deployed via Amazon Managed Service for Prometheus (AMP) and Managed Grafana, reducing operational overhead for AWS users
Use cases: monitoring EKS clusters, custom AWS metrics dashboards, open-source observability stack, infrastructure health tracking
Website: https://prometheus.io, https://grafana.com
Checkov is a static analysis tool for infrastructure as code, built to identify misconfigurations in AWS resources before deployment. It supports Terraform, CloudFormation, and Kubernetes manifests, scanning for security issues, compliance violations, and best practice gaps using a built-in policy engine.
In AWS environments, Checkov is commonly used in CI/CD pipelines to enforce guardrails around resource provisioning and to flag insecure defaults in configurations targeting services like S3, IAM, or EC2.
Key features of Checkov
- Scans IaC templates for AWS security and compliance issues
- Supports Terraform, CloudFormation, and Kubernetes
- Custom and built-in policies using Python or YAML
- CLI and CI integration with output in multiple formats
Use cases: AWS IaC security validation, pre-deployment misconfiguration checks, compliance scanning in CI pipelines, policy-as-code enforcement
Website: https://www.checkov.io
Aqua Security provides tools for securing containerized and cloud-native workloads, with Trivy being its widely used open-source vulnerability scanner. Trivy scans container images, file systems, and infrastructure as code (including Terraform and CloudFormation) for security issues. In AWS environments, it’s often used to scan Lambda packages, ECR images, and IaC configurations before deployment.
Aqua’s enterprise platform extends this with runtime protection, image assurance policies, and integration across AWS services and Kubernetes clusters.
Key features of Aqua Security / Trivy
- Scans AWS-related artifacts (ECR images, Lambda packages, IaC templates)
- Detects vulnerabilities, misconfigurations, secrets, and license issues
- Integrates with AWS CI/CD pipelines and registries
- Aqua Platform adds runtime protection and policy enforcement for AWS workloads
Use cases: ECR image scanning, IaC security for Terraform/CloudFormation, CI/CD hardening in AWS, Kubernetes runtime security
Website: https://www.aquasec.com
HashiCorp Vault provides secure storage and dynamic management of secrets, tokens, and credentials used across applications and infrastructure. In AWS, Vault is often used to manage access to services like S3, RDS, and EC2 through IAM integration or by generating short-lived credentials.
It supports AWS-native authentication, integrates with Kubernetes (e.g., on EKS), and helps enforce best practices in secret handling across multi-environment or multi-account AWS setups.
Key features of HashiCorp Vault
- Secure storage and dynamic generation of secrets for AWS services
- AWS IAM authentication and short-lived credential management
- Fine-grained access control and audit logging
- Supports EKS, Lambda, EC2, and external secret injection
Use cases: Secrets management in AWS, IAM-based authentication, secure access to S3/RDS/EC2, multi-account AWS secret orchestration
This list outlines 28 key DevOps and infrastructure tools, primarily focused on AWS-native services and widely adopted open-source or third-party platforms.
Together, these tools help teams build, ship, and manage software more efficiently. From automating infrastructure to securing code and monitoring performance, they support fast, reliable delivery at scale. Blending AWS services with open-source and third-party options gives teams the flexibility to shape workflows that fit their needs.
Solve your infrastructure challenges
Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.
