The Python DevOps Toolbelt

You've now seen the building blocks. This last lesson is a map of the Python ecosystem as it actually appears in DevOps and cloud teams — what to install, what to reach for, and what to read next.

Core: The Daily Tools

Need	Library
HTTP calls	requests (sync), httpx (sync + async)
AWS SDK	boto3 + botocore; aiobotocore for async
Azure SDK	azure-identity + azure-mgmt-* + azure-storage-*
GCP SDK	google-cloud-* per service, google-auth
YAML	pyyaml (use `safe_load`)
TOML	tomllib (3.11+ stdlib), tomli-w for writing
JSON Schema	jsonschema
CLI	argparse (stdlib), click, typer
Config / settings	pydantic-settings, dynaconf
Data validation	pydantic v2
Retries	tenacity
Templating	jinja2
Date/time	datetime (stdlib), dateutil, pendulum

Testing and Quality

Test runner	pytest + pytest-cov
Mock AWS	moto
HTTP mocking	responses, respx (httpx)
Fake filesystem	pyfakefs
Property-based	hypothesis
Linter / formatter	ruff
Type checker	mypy or pyright
Security	bandit, pip-audit, safety

Infrastructure as Code (in Python)

Pulumi — multi-cloud IaC; write infrastructure in real Python (or TS, Go, .NET)
AWS CDK — high-level Python constructs that synthesise CloudFormation
Troposphere — generate CloudFormation templates from Python
cdktf — CDK for Terraform
Ansible — agentless orchestration; modules are written in Python; playbooks in YAML
SaltStack — Python-based config management at scale

Containers and Kubernetes

kubernetes (official client) — the Kubernetes API in Python
docker — manage local Docker daemon programmatically
kopf — write Kubernetes operators in Python without Go
pyhelm — programmatically render and install Helm charts

Data and Observability

pandas — tabular data; great for one-off analytics and CSV/Parquet manipulation
polars — much faster pandas alternative
duckdb — in-process analytical SQL on Parquet/CSV; perfect for log analysis
opentelemetry — vendor-neutral traces, metrics, logs
prometheus_client — expose Prometheus metrics from a Python app
structlog — structured logging

Web Frameworks (when your tool grows a UI/API)

FastAPI — async, type-driven, auto-generated OpenAPI; the modern default
Flask — minimal, ubiquitous, sync-first
Django — full-stack with ORM, admin, auth — overkill for tiny APIs
Starlette — async toolkit underneath FastAPI

Background Work

Celery — battle-tested distributed task queue, broker-based
RQ — simpler Redis-based queue
Dramatiq — modern Celery alternative
APScheduler — in-process job scheduling (cron-like)
Temporal Python SDK — durable workflows

Workflow / Pipelines

Apache Airflow — orchestrate batch pipelines; DAGs written in Python
Dagster — modern data orchestrator with stronger typing
Prefect — Pythonic flow framework, hybrid execution
Luigi — Spotify's older but still useful pipeline tool

Distribution Choices

Form	When
Plain script + venv	Internal scripts run by humans
pipx-installable wheel	CLI tool used across many machines
Docker image	Anything running in production / Lambda containers / Cloud Run / Kubernetes
PyInstaller / Nuitka binary	Single executable for users without Python
Lambda layer / Lambda function	Event-driven cloud automation

When Python Isn't the Right Tool

Use the right language. Python is the wrong choice for:

One-line shell pipelines — bash is fine
High-throughput services with strict latency targets — Go, Rust, or Java are usually better
Single-binary CLIs distributed to end users without Python — Go ships easier
Tight loops processing GB of data — drop into numpy/polars/duckdb, or use a faster language for that hot section

You're Done

You've now got the toolkit to write Python that automates real cloud infrastructure: scripts that read config, call APIs concurrently, log structured output, retry on transient errors, are tested, packaged, and shippable. The rest is repetition — pick a small problem at work, write a Python tool for it, and refine.