Our AWS AMIs are hardened by default. We perform several security-oriented tweaks via sysctl and pre-install Fail2Ban, RKHunter and Auditd / ACCT with aggresive rules in order to ensure high levels of security.
We apply several system wide tweaks related to I/O management and the Network stack in order to achieve optimal performance in every moment.
Do you need centralized monitoring and alerts based on resources usage? Logging aggregation? We're happy to offer you everything you'd need to run a full-stack application without missing a single thing.
We don't do /opt vendoring. Everything on our AWS AMIs has been installed using the package manager, thus resulting in a system that you can choose to threat as a pet (instead of as cattle) and keep up to date easily.
Keep in mind that even if we haven't covered a particular framework, you can use an AWS AMI targeted for a different framework, but with similar software stack.
Example: we don't have a Symfony AWS AMI, but we do have a Laravel AWS AMI, which can be used instead.