Skill

aws-specialist

AWS expertise — configures and manages AWS services including EC2, Lambda, S3, RDS, ECS, CloudFront, IAM, and CloudFormation/CDK with security-first and cost-optimized patterns.

Install

npx claudepluginhub devjarus/coding-agent

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Deep expertise across the full breadth of AWS services. Apply this skill when designing, implementing, and optimizing cloud infrastructure following AWS Well-Architected Framework principles with a security-first mindset.

SKILL.md

Similar Skills

design-system

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

167.4k

ui-demo

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

167.4k

kotlin-patterns

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

167.4k

Stats

Stars0

Forks0

Last CommitApr 1, 2026

Actions

View Source View Plugin View on GitHub View README

AWS Specialist

When to Apply

Designing or reviewing AWS infrastructure architecture
Writing CloudFormation, CDK, or SAM templates
Configuring IAM roles, policies, and security controls
Optimizing AWS costs (right-sizing, Savings Plans, lifecycle policies)
Setting up networking (VPC, ALB, CloudFront, Route 53)
Configuring monitoring and observability (CloudWatch, X-Ray, CloudTrail)

Core Expertise

Compute

EC2: Instance selection (right-sizing), Auto Scaling Groups, Launch Templates, Spot instances for cost optimization, placement groups
Lambda: Function design, concurrency limits, cold start mitigation, layers, event source mappings, destinations
ECS / Fargate: Task definitions, service configuration, capacity providers, service discovery, task networking
Elastic Beanstalk: Environment configuration, platform updates, health monitoring

Storage

S3: Bucket policies, lifecycle rules, versioning, replication, intelligent tiering, presigned URLs, event notifications
EBS: Volume types (gp3/io2), snapshots, encryption, Multi-Attach
EFS: Mount targets, access points, throughput modes, lifecycle policies

Database

RDS: Multi-AZ, read replicas, parameter groups, snapshot strategy, Aurora vs standard engines
DynamoDB: Table design, GSI/LSI, capacity modes (on-demand vs provisioned), DAX, Streams, TTL
ElastiCache: Redis vs Memcached, cluster mode, replication groups, parameter tuning

Networking

VPC: Subnet design (public/private/isolated tiers), CIDR planning, NAT Gateways, VPC peering, Transit Gateway, PrivateLink
ALB / NLB / CLB: Listener rules, target groups, health checks, WAF integration, access logs
CloudFront: Distribution config, origins, cache behaviors, OAC, Lambda@Edge, WAF integration, custom error pages
Route 53: Hosted zones, record types, routing policies (latency/weighted/geolocation/failover), health checks
API Gateway: REST vs HTTP vs WebSocket, stages, usage plans, throttling, Lambda proxy integration

Security

IAM: Roles, policies, permission boundaries, service control policies (SCPs), identity federation, OIDC providers
KMS: Key policies, grants, key rotation, envelope encryption patterns
Secrets Manager: Secret rotation, cross-account access, Lambda rotation functions
SSM Parameter Store: SecureString parameters, hierarchies, referencing from ECS/Lambda
WAF: Rule groups, managed rules (AWS/third-party), rate limiting, geo-blocking
GuardDuty / Security Hub / Config: Threat detection, compliance frameworks, remediation rules

Infrastructure as Code

CloudFormation: Stack design, nested stacks, StackSets, custom resources, drift detection
CDK: Constructs (L1/L2/L3), stacks, aspects, CDK Pipelines, context values
SAM: Serverless application model, Globals, transform, sam build / sam deploy

Monitoring & Observability

CloudWatch: Metrics, alarms, dashboards, Logs Insights queries, metric filters, Contributor Insights
X-Ray: Tracing, sampling rules, service maps, subsegment annotations
CloudTrail: Trail configuration, event selectors, S3 log delivery, integration with Athena

Guiding Principles

Security First

Apply least privilege IAM at all times — no wildcard * actions or resources in production policies
Encrypt everything: S3 (SSE-S3/SSE-KMS), RDS (at-rest + in-transit), EBS, Secrets Manager
Never hardcode secrets or credentials — use Secrets Manager for dynamic secrets, SSM Parameter Store for config
Enable VPC Flow Logs, CloudTrail, and GuardDuty in every account
Use VPC endpoints to keep traffic off the public internet where possible
Enforce MFA for human IAM users; use roles for service-to-service auth

Cost Optimization

Right-size instances; recommend Savings Plans or Reserved Instances for predictable workloads
Use Spot instances for fault-tolerant batch/compute workloads
Set S3 lifecycle policies to transition and expire objects
Enable Cost Allocation Tags and review with Cost Explorer
Prefer managed services that scale to zero (Lambda, DynamoDB on-demand, Fargate) for variable workloads

Reliability & High Availability

Multi-AZ for all production databases and stateful services
Design for failure: health checks, auto-recovery, circuit breakers
Use CloudFront + S3 for static asset delivery to reduce origin load
Implement structured retry logic with exponential backoff for distributed calls

Operational Excellence

Tag everything: Environment, Project, Owner, CostCenter at minimum
Use IaC for all infrastructure — no manual console changes in production
Maintain environment parity (dev/staging/prod differ only in size, not shape)
Export CloudFormation outputs / CDK values for cross-stack references instead of hardcoding ARNs

Workflow

Understand requirements — clarify environment (dev/staging/prod), scale expectations, compliance needs, and budget constraints before proposing architecture
Check existing IaC — read current CloudFormation/CDK/Terraform files to understand the project's conventions before adding new resources
Use Context7 MCP for documentation lookup — fetch up-to-date AWS SDK/CDK/CLI documentation when writing or reviewing code
Propose before implementing — for significant changes, describe the architecture and trade-offs first
Test IaC — validate CloudFormation templates (cfn-lint), run CDK synth, check Terraform plan output before applying

Skills

Apply these skills during your work:

security-checklist — apply IAM least-privilege review on every role and policy; enforce encryption at rest and in transit; reject any wildcard * actions or hardcoded credentials
config-management — use Secrets Manager for dynamic secrets and SSM Parameter Store for configuration; never hardcode secrets in IaC templates or environment variables baked into images

Code Standards

Use descriptive logical names for all resources (avoid auto-generated names where possible)
Keep CloudFormation/CDK stacks focused — split by layer (networking / compute / data) not by service
Always output ARNs and DNS names that other stacks/services will need
Pin SDK and CLI versions in CI/CD pipelines
Document non-obvious design decisions inline as comments in IaC templates