HomeHomeDevOps & Cloud

☁️ DevOps & Cloud

Cloud platforms, containerization, CI/CD, and infrastructure

167 cheat sheets in this category

AKS Backup Patterns (Batch 8)

Backup etcd state and persistent volumes via Velero or Azure Backup.

akt, backup

Alert Flood Mitigation

Silence noisy alerts, throttle them, and adjust routing.

alerting, mitigation

Alert Flood Mitigation (Batch 8)

Use silences, grouping, and rate limiting to tame flood.

alerting, mitigation

Ansible Playbooks

Define playbooks with hosts, tasks, handlers, and roles

ansible, playbooks, roles, tasks

Ansible | CheatSheets Hub

IT automation and configuration management. Use ansible-vault to secure sensitive variables

ansible, automation, configuration management, devops

Argo CD Sync Waves

Use sync waves to control deployment order and gates during GitOps syncs.

argocd, sync, gitops

ArgoCD | CheatSheets Hub

GitOps continuous delivery for Kubernetes. ArgoCD continuously monitors Git for changes

argocd, gitops, kubernetes, cd

Automation Ops Checklist

Document automation workflows, approval steps, and fallbacks.

automation, ops, checklist

AWS Cost Operations

Monitor budgets, schedule reports, and optimize spend

aws, cost operations, budgets, cloud

AWS Cost Optimization

Analyze spend, rightsizing opportunities, and savings plans monthly.

aws, cost, optimization, budgets

AWS EKS Bottlerocket

Use Bottlerocket AMIs for immutable node pools with tuned kubelets.

aws, eks, bottlerocket

AWS EKS Encryption 1

Encrypt secrets and etcd

aws-eks-encryption-1.html, cheatsheet

AWS EKS Encryption 11

Encrypt secrets and etcd

aws-eks-encryption-11.html, cheatsheet

AWS EKS Encryption 21

Encrypt secrets and etcd

aws-eks-encryption-21.html, cheatsheet

AWS EKS Encryption 31

Encrypt secrets and etcd

aws-eks-encryption-31.html, cheatsheet

AWS EKS Encryption 41

Encrypt secrets and etcd

aws-eks-encryption-41.html, cheatsheet

AWS GuardDuty Response

Classify GuardDuty findings, correlate context, and trigger remediation.

aws, guardduty, security, detection, response

AWS IAM Access Advisor

Use Access Advisor data to remove stale IAM actions from roles.

aws, iam, access advisor

AWS IAM Policies

Design IAM policies and test with the simulator

aws, iam, policies

AWS Lambda Health Probes

Send regular synthetic requests to Lambda entry points to detect slowdowns.

aws lambda, health, monitoring

AWS Lambda Powertools

Leverage Powertools decorators for structured logs, telemetry, and idempotency.

aws, lambda, powertools

AWS Monitoring

CloudWatch alarms, X-Ray tracing, and dashboards

aws, monitoring, cloudwatch, x-ray, observability

AWS Resilience Patterns

Design resilient AWS workloads with retries, multi-AZ + fallback

aws, resilience, retries, multi az

AWS S3 Policy Review (Batch 8)

Check public access block settings and fine-tune bucket policies.

aws, s3, policy

AWS Security Hub Audit

Quick diagnostics for AWS Security Hub, IAM, CloudTrail, and GuardDuty

aws, security hub, audit, iam, guardduty

AWS Services | CheatSheets Hub

Amazon Web Services essentials. Navigate AWS cloud services efficiently

aws, amazon, cloud computing

AWS SNS+SQS Anti-Patterns

Avoid infinite retries, missing DLQs, and unbounded queue growth.

aws, sns, sqs

Azure Container Instances

Run container workloads without Kubernetes by relying on ACI.

azure container instances, aci

Azure Cost Alerts (Batch 8)

Send budget alerts when spend approaches limits.

azure, cost, alerts

Azure DevOps Pipeline Cheats

Design multi-stage pipelines with reusable templates and approvals.

azure devops, pipelines, ci/cd

Azure Function Proxies

Add proxies for path rewrites, auth, and caching in front of Functions.

azure functions, proxies

Azure Functions

HTTP/timer/cosmos triggers plus durable functions

azure functions, serverless, durable, azure

Azure Logging

Collect diagnostics + logs in Azure

azure, logging, monitor

Azure Monitor Log Analytics (Batch 8)

Run Kusto queries and alerts within Log Analytics.

azure, monitor, logs

Azure Monitor-Based Alerts

Build metric alerts with dynamic thresholds and action groups.

azure, monitor, alerts

Azure Policy Baselines

Define policy sets that cover identity, network, storage, and cost guardrails.

azure, policy, compliance, baseline

Azure Private Endpoints

Expose Azure services via private endpoints tied to VNets.

azure, private endpoints, networking

Azure Spot VM Operations

Use Azure Spot VMs while handling eviction notices and fallback hosts.

azure, spot, vm

Azure Workload Identity 10

Managed identity best practices

azure-workload-identity-10.html, cheatsheet

Azure Workload Identity 20

Managed identity best practices

azure-workload-identity-20.html, cheatsheet

Azure Workload Identity 30

Managed identity best practices

azure-workload-identity-30.html, cheatsheet

Azure Workload Identity 40

Managed identity best practices

azure-workload-identity-40.html, cheatsheet

Azure Workload Identity 50

Managed identity best practices

azure-workload-identity-50.html, cheatsheet

Bash Scripting

Shell scripting essentials

bash, shell, scripting, linux

Blue/Green CI/CD (Batch 8)

Use stacks for green/blue deployments and swap load balancers once ready.

ci/cd, blue-green

Chaos Engineering Controls

Introduce controlled faults to prove resilience while minimizing blast radius.

chaos engineering, resilience, fault injection

CI/CD Best Practices

Continuous Integration and Deployment

cicd, devops, automation, jenkins, github actions

CI/CD Branch Gating

Require passing builds, approvals, and gating policies before merges.

ci, gating, approvals

CI/CD Canary Workflows

Orchestrate canary deployments using traffic splits and health gates.

ci/cd, canary

CI/CD Canary Workflows (Batch 8)

Deploy small percentages of traffic to new builds using feature flags and health gates.

ci/cd, canary

CI/CD Security

Gate pipelines with scans, secrets hygiene, and approvals

ci/cd, security, pipeline, secrets, scanning

CI/CD Signing & Notarization

Sign releases and optionally notarize containers/binaries.

signing, notarization, cosign

CircleCI | CheatSheets Hub

Cloud-based CI/CD platform. Use CircleCI orbs to simplify configuration

circleci, ci/cd, continuous integration, automation

Cloud Basics

AWS, GCP, and Azure fundamentals

cloud, aws, azure, gcp, cloud computing

Cloudflare Workers

Deploy edge functions, persist data, and configure routes

cloudflare, workers, edge, kv, durable objects

Consul Service Mesh

Use Consul intentions, ACLs, and proxies to secure service-to-service traffic.

consul, service mesh, intentions, acl

Data Version Control

Use DVC/git-lfs to version data plus experiments

data versioning, dvc, git lfs, reproducibility

Datadog | CheatSheets Hub

Monitoring and observability platform. Datadog provides unified view across infrastructure and apps

datadog, monitoring, apm, observability

DigitalOcean

DigitalOcean droplets, spaces, app platform, and management

digitalocean, droplets, cloud, hosting, spaces

Docker

Container management and Docker commands

docker, containers, devops, kubernetes

Docker BuildKit Optimizations

Use BuildKit features like cache imports, secret mounts, and parallel build stages to shrink build time

docker, buildkit, cache, secrets, multi-stage

Docker Compose Health

Add health probes to compose services and restart policies.

docker compose, healthcheck

Docker Compose Secrets (Batch 8)

Reference secrets objects rather than inline env vars.

docker compose, secrets

Docker Healthcheck Definitions

Define `HEALTHCHECK` commands and intervals for each service.

docker, healthcheck

Docker Image Layer Caching

Structure Dockerfiles so stable layers are reused across builds.

docker, cache, images

Docker Nexus Proxy

Proxy Docker Hub via Nexus to cache layers and limit outbound costs.

docker, nexus, registry

Docker Non-Root Best Practices

Switch to non-root users and drop capabilities during image build.

docker, non-root

Docker Practices

Slim images, multistage builds, and secure runtime habits

docker, images, multistage, security, buildkit

Dockerfile Security (Batch 8)

Use multi-stage builds, drop root, and scan images.

dockerfile, security

EKS Fargate Spot

Run bursty or fault-tolerant pods on Fargate Spot to reduce spend.

eks, fargate, spot

EKS IAM Roles for Service Accounts (Batch 8)

Bind IAM roles to service accounts using IRSA.

eks, iam roles, irsa

GCP DNS Peering (Batch 8)

Peering Cloud DNS zones into VPCs for custom domain resolution.

gcp, dns, peering

GCP IAM Conditions

Limit access by enforcing conditions on service accounts or users.

gcp, iam, conditions, security

GCP Private Service Connect

Expose services privately via Private Service Connect endpoints.

gcp, private service connect, vpc

GCP Secret Manager Lifecycle

Version secrets, rotate them automatically, and track IAM bindings.

gcp, secret manager, rotation

GCP Service Mesh Primer

Configure Anthos Service Mesh traffic policies and telemetry.

gcp, service mesh, istio, observability

Git

Git version control cheat sheet with essential commands for branching, merging, committing, and collaboration.

git, version control, commands, github, gitlab, cheat sheet

Git Branching Strategies

Choose models (GitHub flow, GitLab flow, trunk-based) and keep merges predictable

git, branching, trunk-based, release flow, collaboration

Git CLI Tips

Speed up CLI workflows with aliases, rerere, and stash

git, cli, rerere, alias, stash

Git Commit Message Standards

Use conventional prefixes, scopes, and tidy bodies for automation.

git, commit, standard

Git LFS Workflows

Keep large binaries in Git LFS and track quota usage.

git-lfs, assets

Git Secret Lint

Scan staged files with `git-secrets` or `detect-secrets` before commits.

git, secrets, lint

Git Workflows (Trunk, Feature, Shape)

Compare trunk-based, feature, and shape-up workflows.

git, workflows, branching

GitHub Actions Advanced

Advanced GitHub Actions - workflows, matrix builds, and reusable actions

github actions, ci/cd, workflows, automation, devops

GitHub Actions Matrix Builds

Define matrices to test across environments efficiently.

github actions, matrix, ci

GitHub Actions Security

Secure your GitHub Actions pipelines with scans, secrets, and policies

github actions, security, ci, secrets

GitHub Actions | CheatSheets Hub

CI/CD automation for GitHub. Use actions/cache to speed up workflow runs

github actions, ci/cd, automation, github

GitHub Codespaces Setup

Define devcontainer settings, dotfiles, and port forwarding for Codespaces

github, codespaces, devcontainer, setup, dotfiles

GitHub Copilot

GitHub Copilot shortcuts, prompts, tips and best practices for AI-assisted coding

github copilot, ai coding, code completion, vscode, productivity

GitLab CI/CD

Define YAML jobs, caching, and rules

gitlab, ci, pipeline, jobs

GitOps

GitOps principles and tools - ArgoCD and FluxCD

gitops, argocd, fluxcd, kubernetes, devops, continuous deployment

GitOps Observability

Monitor GitOps controllers for drift, errors, and delivery latency

gitops, flux, argo, observability, kubernetes

GitOps Workflows

Declarative delivery, automation, and drift detection

gitops, argo, flux, automation, deployments

GKE Resource Quota Monitoring

Monitor `ResourceQuota` usage per namespace so teams avoid hot nodes.

gke, resource quotas, kubernetes

Google Cloud Platform | CheatSheets Hub

GCP services overview. Use BigQuery for large-scale data analytics

gcp, google cloud, cloud computing

Grafana Dashboard Shorthand

Quickly assemble dashboards with templates, panel links, and alert rules.

grafana, dashboards, panels

Grafana Panel Library

Share JSON panels as a library and version them in code.

grafana, panels

Grafana Snapshot Share

Generate snapshots to share dashboards without login credentials.

grafana, snapshot

Grafana Template Variables

Use template variables for environment, region, and service filters.

grafana, template, variables

Grafana | CheatSheets Hub

Data visualization and monitoring. Use template variables to create reusable dashboards

grafana, dashboard, visualization, monitoring

GuardDuty Threat Hunter (Batch 8)

Correlate findings with AWS config and CloudTrail for quick hunting.

aws, guardduty, hunt

HashiCorp Consul | CheatSheets Hub

Service mesh and discovery. Consul provides both service discovery and mesh

consul, service mesh, service discovery, hashicorp

HashiCorp Vault | CheatSheets Hub

Secrets and encryption management. Use dynamic secrets instead of static credentials

vault, secrets, hashicorp, security

Helm Chart Structure

Organize templates, values, and hooks for reusable Helm packages

helm, chart, templating, values

Helm Chart Templating

Structure values, templates, and helpers for maintainable charts.

helm, templates, kubernetes

Helm Linting

Run `helm lint` and schema checks to catch template issues.

helm, lint

Helm | CheatSheets Hub

Kubernetes package manager. Use helm template to preview manifests before install

helm, kubernetes, k8s, package manager

Istio Ingress Gateway

Expose services through Istio Gateways with TLS policies and routing rules.

istio, ingress, gateway

Istio | CheatSheets Hub

Service mesh platform. Istio adds observability, security, and control to microservices

istio, service mesh, kubernetes, microservices

Jenkins | CheatSheets Hub

Open-source automation server. Use declarative pipelines for simpler syntax

jenkins, ci/cd, automation, build

Kubernetes

K8s commands and concepts

kubernetes, k8s, containers, orchestration, devops

Kubernetes Cost Optimization

Node pools, schedule tuning, and spot workloads

kubernetes, cost, optimization, kubecost, cluster

Kubernetes GitOps Checklist

Capture repo layout, bootstrap repo credentials, and validate sync targets.

kubernetes, gitops, argocd, flux

Kubernetes Liveness Patterns (Batch 8)

Use probe endpoints to restart stuck containers.

kubernetes, liveness

Kubernetes Network Policies

Define ingress and egress rules to limit pod communication.

kubernetes, network policy, security

Kubernetes Operator Patterns

Structure Kubernetes operators with clear CRDs, leader election, and retries.

kubernetes, operator, reconcilers

Kubernetes Operators

Design CRDs, controllers, and reconciliation loops for reliable automation

kubernetes, operators, crd, controller, automation

Kubernetes Pod Troubleshooting

Triaging pod restarts, CrashLoops, and silent failures.

kubernetes, pods, debugging, logs

Kubernetes RuntimeClass

Define RuntimeClass to select alternate container runtimes (gvisor, kata).

kubernetes, runtimeclass

Kubernetes Security

Network policies, RBAC, and supply-chain protections

kubernetes, security, rbac, network policies, scanning

Kubernetes StorageClasses

Tune provisioners, reclaim policies, and binding modes per workload.

kubernetes, storageclass

Kubernetes Telemetry

Collect metrics, traces, and logs centrally

kubernetes, telemetry, prometheus, tracing, logs

Lambda Async Invocation Tips

Handle async events with DLQs and idempotent functions.

aws lambda, async

Lambda@Edge

Associate functions with CloudFront events and monitor latency

lambda edge, cloudfront, serverless

Linux Audit Rules

Use auditctl to watch sensitive files and commands.

linux, auditd

Linux Commands

Essential Linux terminal commands

linux, unix, terminal, bash, commands

Linux iptables Tables (Batch 8)

Understand filter, nat, and raw tables frames.

linux, iptables

Linux OOM Score Tuning

Lower OOM scores for critical daemons so the killer prefers others.

linux, oom, score

Linux Security Hardening

Harden Linux nodes with updates, SSH config, and auditd

linux, security, ssh, firewall

Linux Systemd Timers

Use timers instead of cron for predictable unit execution.

systemd, timers

Microsoft Azure | CheatSheets Hub

Azure cloud services essentials. Use Azure Cost Management to monitor spending

azure, microsoft, cloud computing

Monitoring Drilldowns

Connect high-level panels to deeper dashboards or APIs for troubleshooting.

monitoring, drilldown

Multi-Cloud IAM Mapping

Document equivalent roles, service accounts, and policies for each cloud.

iam, aws, azure, gcp, security

Nginx

Nginx web server configuration

nginx, web server, reverse proxy, load balancer

Observability as Code

Store observability configs under version control

observability, dashboards, alerts, terraform

Observability Dogfooding

Teams should consume their own metrics, traces, and dashboards before release.

observability, dogfooding

OpenTelemetry Instrumentation

Capture consistent telemetry for services and propagate context across boundaries.

opentelemetry, traces, metrics, logs

Prometheus Alert Rates

Document alert noise sources and mute via rate limiting or silences.

prometheus, alerting

Prometheus Alerting Best Practices

Add runbooks, use routes, and silence noise to prevent fatigue.

prometheus, alerting, am

Prometheus Blackbox Prober

Probe HTTP, TCP, and ICMP endpoints from your observability stack.

prometheus, blackbox

Prometheus Query Best Practices

Avoid costly queries while keeping dashboards accurate.

prometheus, promql, monitoring

Prometheus | CheatSheets Hub

Open-source monitoring and alerting. Use Grafana for visualizing Prometheus metrics

prometheus, monitoring, metrics, observability

Pulumi | CheatSheets Hub

Infrastructure as Code with programming languages. Pulumi uses real programming languages, not DSLs

pulumi, iac, infrastructure, cloud

Serverless Cost Controls

Prevent runaway bills via concurrency, schedules, and budgets.

serverless, cost, throttling, aws lambda

SRE Incident Response Playbook

Runbooks for status pages, incident channels, and after action reviews.

incident response, sre, communication

SRE On-call

Define rotations, alert behavior, and runbook links

sre, on-call, alerts, handbook

Systemd Services

Craft service + timer units, enable/disable, and inspect logs

systemd, service, timer, journalctl

Terraform Cloud

Remote workspaces, policy sets, and secure runs in Terraform Cloud

terraform, remote state, cloud, workspace, policy

Terraform Drift Detection

Catch resource drift before it surprises production.

terraform, drift, infrastructure as code

Terraform Module Registry (Batch 8)

Host modules on Terraform Registry or private registries with versioning.

terraform, modules, registry

Terraform Modules

Module structure, inputs/outputs, and versioning

terraform, modules, reuse, registry

Terraform Provider Security 18

Limit provider privileges

terraform-provider-security-18.html, cheatsheet

Terraform Provider Security 28

Limit provider privileges

terraform-provider-security-28.html, cheatsheet

Terraform Provider Security 38

Limit provider privileges

terraform-provider-security-38.html, cheatsheet

Terraform Provider Security 48

Limit provider privileges

terraform-provider-security-48.html, cheatsheet

Terraform Provider Security 8

Limit provider privileges

terraform-provider-security-8.html, cheatsheet

Terraform Secure Backends

Configure remote backends with encryption and locking.

terraform, backend, security

Terraform Security Scanner

Run scanners, enforce policies, and catch drift

terraform, security, policies, sentinel

Terraform Testing

Run fmt/validate/plan, policy tests, and module unit tests

terraform, testing, sentinel, validate

Terraform Workspace Strategy

Use named workspaces for staging, prod, and experiments.

terraform, workspace

Terraform | CheatSheets Hub

Infrastructure as Code tool. Use terraform workspaces to manage multiple environments

terraform, iac, infrastructure, devops, hashicorp

Travel Digital Nomad Kit

Pack chargers, backups, and routines for nomadic productivity.

travel, digital nomad

Vault Dynamic Secrets

Issue temporary credentials for databases, cloud APIs, or SSH.

vault, secrets, dynamic, rotation

Vault Dynamic SSH

Issue short-lived SSH certs via Vault's SSH secrets engine.

vault, ssh

Vault KV Versioning

Use KV v2 to store versioned secrets and recover past values.

vault, kv, version

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

vault, secrets, approle, dynamic, lease

Vault Secrets Rotation

Rotate secrets and revoke leases via Vault cron jobs.

vault, rotation