Skip to content





Component Description
TEMPLATE Define resources and properties (JSON)
  • Manage collection of resources
  • Parameters to handle variables
  • Change Set: modify existing stack's template
  • No deletion policy → resource deleted by default
  • If resource can't be deleted → stack not deleted
  • Access Control
    • You can assign a service role, if you can iam:PassRole
      • Anyone who can operate on that stack can leverage that role's permissions
      • Even if they can't run it, they could modify it then someone else runs it
    • Otherwise the user/role that is using the stack needs to have permission to perform all the operations
  • Access Control
    • Custom administration role, with identity policies that constrain iam:PassRole for that role to control who can use it
    • Custom execution role, with limits on what resources it has action to, and a trust policy for specific administration role(s) in the admin account

Elastic Beanstalk

  • Developers can upload their application code, and the service automatically handles
    • Resource provisioning
    • Load balancing
    • Autoscaling
    • Monitoring
  • Does retain full control over AWS resources
    • EC2 instance type
    • DB & storage options
    • Enable login access to EC2
    • Enable HTTPS on the load balancer
    • App server settings
    • Autoscaling settings


Component Description
APPLICATION Logical collection of Beanstalk components (~folders): envs, versions, configs
APP VERSION Specific, labeled iteration of deployable code, which points to an S3 bucket containing deployable code
  • App version that is deployable onto AWS resources
  • Each environment runs only a single app version at a time
ENVIRONMENT CONFIGURATION Collection of parameters


Languages Java, PHP, Ruby, NodeJS, Python, Go
Web Containers Tomcat, Passenger, Puma, Docker

Service Catalog

Create and manage catalogs of IT services that are approved for use on AWS

  • Portfolio: collection of catalogs
  • Catalogs: collection of products
  • Product: CloudFormation template
  • Portfolios can be shared across accounts
  • Access
    • Admin access control is via IAM
    • User access control is initially via IAM (ServiceCatalogEndUserAccess needed to use Service Catalog)
    • It doesn't support resource-level permissions nor resource-based policies
    • Portfolio access is managed within Service Catalog by associating IAM users/groups/roles with a Portfolio
  • Launch role: a role that is used to run the templates, instead of the user having the necessary permissions


General Info
  • Artifact management service for software development
  • Securely store and share the software packages used in their development, build, and deployment processes
  • Supported: Maven and Gradle (for Java), npm and yarn (for Javascript), and pip and twine (for Python)