16 min read

AWS Management and Governance Tools Explained

April 27, 2021


On top of the services AWS provide to help you build and deploy applications and virtual networks on AWS detailed in our recent AWS Services List post, AWS also provide a ton of tools and services to monitor the activity and performance of the applications and networks you build on AWS.

The following is a summary of the AWS management and governance tools you can use to keep track of the activity, alerts and performance of your applications and AWS network infrastructure   

Amazon Cloudwatch

CloudWatch provides you with data and actionable insights to monitor your AWS applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.


Cloudwatch natively integrates with more than 70 AWS services such as Amazon EC2, Amazon DynamoDB, Amazon S3, Amazon ECS, Amazon EKS, and AWS Lambda, and automatically publishes detailed one minute metrics and custom metrics with up to one second granularity so you can dive deep into your logs for additional context.

AWS Auto Scaling

AWS Auto Scaling actively monitors your applications and automatically adjusts capacity when required to maintain steady, predictable performance. Using AWS Auto Scaling, it’s easy to setup application scaling for multiple resources across multiple services in minutes. The service lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance between them. 


AWS Auto Scaling lets you set target utilization levels for multiple resources in a single, interface. This lets you quickly see the average utilization of all of your scalable resources without having to navigate to other consoles.

Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define. You can use the fleet management features of EC2 Auto Scaling to maintain the health and availability of your fleet. You can also use the dynamic and predictive scaling features of EC2 Auto Scaling to add or remove EC2 instances.

AWS Chatbot

AWS Chatbot is an interactive agent that allows you to monitor and interact with your AWS resources in your Slack channels and Amazon Chime chat rooms. With AWS Chatbot you can run commands to return diagnostic information, receive alerts, invoke AWS Lambda functions, and even create AWS support cases.


AWS Chatbot sends pre-selected, event-triggered alerts to your Slack channels or Amazon Chime chat rooms, keeping your team informed and aware of the operational incidents or other events that they need to know about.

AWS CloudFormation

AWS CloudFormation gives you a fast way to model a collection of related AWS and third-party resources, provision them quickly and consistently by defining infrastructure using code (IaC)

A CloudFormation template describes your desired resources and their dependencies so you can launch and configure them together as a stack. You can use a template to create, update, and delete an entire stack as a single unit, as often as you need to, instead of managing resources individually. You can provision and/or manage stacks across multiple AWS accounts and AWS Regions using Cloudformation templates..


With CloudFormation, you can apply DevOps and GitOps best practices using widely adopted processes such as starting with a git repository and deploying through a CI/CD pipeline. With CloudFormation, you can apply DevOps and GitOps best practices using widely adopted processes such as starting with a git repository and deploying through a CI/CD pipeline. You can also manage resource scaling by sharing CloudFormation templates to be used across your organization, to meet safety, compliance, and configuration standards across all your AWS accounts and regions.

AWS CloudTrail

AWS CloudTrail collects the data that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.


CloudTrail captures event history of your AWS account activity, including actions taken through multiple AWS interfaces including the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history helps with security analysis, resource change tracking, and troubleshooting. You can also use AWS CloudTrail to detect unusual activity in your AWS accounts.


The AWS Command Line Interface (CLI) is a tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

The AWS CLI v2 offers several new features including improved installers, new configuration options such as AWS Single Sign-On (SSO), and various interactive features. 


AWS Compute Optimizer

AWS Compute Optimizer recommends the most appropriate AWS resources for your workloads to reduce costs and improve app and network performance by using machine learning to analyze historical utilization metrics. Compute optimizer addresses both Over-provisioning of resources that can lead to unnecessary infrastructure cost, and under-provisioning resources can lead to poor application performance. Compute Optimizer helps you choose optimal configurations for Amazon EC2 instances, Amazon EBS volumes, and AWS Lambda functions, based on your utilization data.


By applying the knowledge drawn from Amazon’s own experience running diverse workloads in the cloud, Compute Optimizer identifies workload patterns and recommends optimal AWS resources for those workloads.

AWS Config

AWS Config is a service that allows you to assess, audit, and evaluate how your AWS services are configured. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.


With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. 

AWS Control Tower

If your organization runs multiple AWS accounts and teams, cloud setup and governance can be complex and time consuming. AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment, called a landing zone.


AWS Control Tower creates your landing zone using AWS Organizations. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while maintaining peace of mind knowing that the new accounts conform to company-wide policies.

AWS Console Mobile App

The AWS Console Mobile Application, provided by Amazon Web Services, lets you view and manage a select set of resources to support incident response while on-the-go.

The Console Mobile Application allows you to monitor resources through a dedicated dashboard and view configuration details, metrics, and alarms for select AWS services. The Dashboard provides permitted users with an overview of the account status, with real-time data on Amazon CloudWatch, Personal Health Dashboard, and AWS Billing and Cost Management.

You can find the app download on the amazon app store, google play and the apple app store.

AWS LicenSe Manager

AWS License Manager helps you manage your software licenses from vendors such as Microsoft, SAP, Oracle, and IBM across AWS and on-premises environments. AWS License Manager lets administrators create a set of customized licensing rules that mirror the terms of vendor licensing agreements. Administrators can use these rules to help prevent licensing violations, such as using more licenses than a vendor agreement stipulates.


AWS Management Console

The AWS management console is a web-based portal to oversee all administrative aspects of your AWS account from your desktop or mobile device. You can view your usage and monthly spending by service, set up AWS IAM users and groups, configure permissions, and manage security credentials. The Console offers over 180 services you can configure, test, and launch to get hands-on experience with AWS. Using the Unified Search feature, find services, features, AWS Marketplace products, and AWS Documentation all from within the Console. Use the Console and its API, CLI, CloudFormation templates, and other toolkits to build scalable architectures in any AWS data center around the world.

AWS Managed Services

AWS managed services are available to help you migrate to and operate securely in the AWS cloud. The service is provided for enterprise customers who may not yet have the in-house skills to implement a cloud-first strategy.

Once your business objectives are defined, the AMS team will assign a designated cloud architect and service delivery manager to deliver automated infrastructure for your domain that encapsulates resource provisioning, patch and backup compliance, monitoring and alerting, security and service integration amongst other things 


The AMS service team will liase with your business and provision agreed resources that are required to deliver your business outcomes via safe, secure and highly available application infrastructure.

AWS OpsWorks

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments. OpsWorks has three offerings, AWS Opsworks for Chef AutomateAWS OpsWorks for Puppet Enterprise, and AWS OpsWorks Stacks.


AWS Organizations

AWS Organizations allows you to centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups, and simplify billing by using a single payment method for all of your accounts.

AWS Organizations is integrated with other AWS services so you can define central configurations, security mechanisms, audit requirements, and resource sharing across accounts in your organization. 

AWS Personal Health Dashboard

Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you.


AWS Service Catalog

AWS Service Catalog allows you to create and manage catalogs of IT services that are approved for use on AWS. It enables IT administrators to organise, govern and distribute application stacks within an organisation. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage deployed IT services and your applications, resources, and metadata.


AWS Systems Manager

AWS Systems Manager helps you view operational data for groups of AWS resources, so you can quickly identify any issues that might impact applications that use those resources. You can group your resources by applications, application layers, specific environments, or anything else you choose.


With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon EKS clusters, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, implement pre-approved change work flows, and audit operational changes for your groups of resources.

AWS Trusted Advisor

AWS Trusted Advisor is a web-based tool provided by Amazon that gives you real time guidance to help you provision your AWS resources following AWS best practices. Trusted Advisor checks help you to optimize your AWS infrastructure, improve security and infrastructure performance, reduce your overall costs, and monitor service limits.


Whether establishing new workloads, developing applications, or as part of ongoing improvement, you can take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions and infrastructure provisioned optimally.

Checked out Hava yet?


Diagrams display interactive cloud architecture which also displays resource metadata when resources on the diagram are selected. A separate diagram displays security groups and visualizes the open ports and traffic flow through your AWS VPCs


Interested in seeing your network in AWS infrastructure diagram form?

You can try Hava for free, learn more here:

Team Hava

Written by Team Hava

The Hava content team