Skill

aws-cli-beast

Provides advanced AWS CLI patterns for EC2, Lambda, S3, DynamoDB, RDS, VPC, IAM, CloudWatch management. Generates bulk scripts, automates workflows, validates security configs, executes JMESPath queries.

AWS

Bash

DynamoDB

devops

cli-tools

From developer-kit-aws

Install

Run in your terminal

npx claudepluginhub giuseppe-trisciuoglio/developer-kit --plugin developer-kit-aws

Tool Access

This skill is limited to using the following tools:

ReadWriteBash

Supporting Assets

View in Repository

references/automation-patterns.md

references/compute-mastery.md

references/data-ops-beast.md

references/networking-security-hardened.md

scripts/aws-blast.sh

scripts/jmespath-templates.json

Skill Content

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

138.6k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

cost-optimization

1 file

Optimizes cloud costs on AWS, Azure, GCP via rightsizing, tagging strategies, reserved instances, spot usage, and spending analysis. Use for expense reduction and governance.

cloud-infrastructure

33.0k

Stats

Parent Repo Stars174

Parent Repo Forks17

Last CommitMar 24, 2026

Actions

View Source View Plugin View on GitHub View README

AWS CLI Beast Mode

Overview

Advanced AWS CLI patterns for speed, precision, and security-first automation. Covers JMESPath queries, bulk operations, waiters, cross-account access, and destructive operation safety.

When to Use

Bulk operations across thousands of AWS resources
Advanced JMESPath filtering and output transformation
Automated scripts for AWS routines
Multi-profile and multi-region management
Security auditing and compliance checks
CLI-driven infrastructure-as-code workflows

Instructions

Step 1: Categorize the Request

Category	Services	Commands
Compute	EC2, Lambda	describe-instances, invoke, publish-version
Storage	S3	sync, cp, mb, rb, presign
Database	DynamoDB, RDS	query, scan, batch-write-item
Networking	VPC, Route53	describe-vpcs, describe-security-groups
Security	IAM	simulate-principal-policy, get-policy-version
Observability	CloudWatch	get-metric-statistics, filter-log-events

Step 2: Apply Beast Mode Principles

Dry-run first: Always validate with --dryrun or --dry-run
Query server-side: Use --query with JMESPath to filter before transfer
Batch intelligently: Paginate with --max-results and parallelize with xargs
Wait properly: Use built-in waiters or exponential backoff polling
Switch contexts: Use --profile and --region for multi-account operations

Step 3: Validate Destructive Operations

MANDATORY for any destructive operation:

# S3 sync with delete - MUST dry-run first
aws s3 sync s3://source/ s3://dest/ --delete --dryrun
# Review output, then remove --dryrun only if satisfied

# Bulk EC2 stop - validate targets first
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
  --query 'Reservations[].Instances[?State.Name==`running`].InstanceId' \
  --output text
# Confirm list, then pipe to stop command

# IAM policy attachment - simulate first
aws iam simulate-principal-policy \
  --policy-source-arn arn:aws:iam::123456789012:user/myuser \
  --action-names s3:DeleteObject \
  --resource-arns arn:aws:s3:::my-bucket/*

Step 4: Reference Detailed Guides

compute-mastery.md - EC2, Lambda, Spot Fleets, ASG
data-ops-beast.md - S3 multipart, DynamoDB batch, RDS snapshots
networking-security-hardened.md - VPC Flow Logs, IAM policies, security groups
automation-patterns.md - Shell aliases, JMESPath templates, CI/CD integration

Examples

Example 1: Bulk EC2 Stop

"Stop all development instances"

# 1. Dry-run: identify targets
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
           "Name=instance-state-name,Values=running" \
  --query 'Reservations[].Instances[].InstanceId' \
  --output text

# 2. Confirm IDs, then execute
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
           "Name=instance-state-name,Values=running" \
  --query 'Reservations[].Instances[].InstanceId' \
  --output text | xargs aws ec2 stop-instances --instance-ids

Example 2: S3 Migration with Encryption

"Migrate data between buckets with SSE"

# 1. Dry-run migration
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
  --sse AES256 \
  --storage-class GLACIER \
  --exclude "*.tmp" \
  --dryrun

# 2. Enable versioning on destination
aws s3api put-bucket-versioning \
  --bucket dest-bucket \
  --versioning-configuration Status=Enabled

# 3. Execute after review
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
  --sse AES256 \
  --storage-class GLACIER \
  --exclude "*.tmp"

Example 3: IAM Security Audit

"Find overprivileged IAM users"

aws iam list-users --query 'Users[].UserName' --output text | \
while read user; do
  echo "Checking $user..."
  aws iam simulate-principal-policy \
    --policy-source-arn "arn:aws:iam::123456789012:user/$user" \
    --action-names DeleteItem,DeleteTable,DeleteFunction \
    --resource-arns "*" \
    --query 'EvaluationResults[?EvalDecision==`allowed`]'
done

Example 4: Multi-Region Lambda Deployment

"Deploy Lambda to all regions"

for region in us-east-1 us-west-2 eu-west-1; do
  echo "Deploying to $region..."
  aws lambda update-function-code \
    --function-name my-function \
    --zip-file fileb://function.zip \
    --region $region \
    --publish
  aws lambda wait function-active \
    --function-name my-function \
    --region $region
done

Example 5: JMESPath Advanced Filtering

"Get running instances with specific tags as table"

aws ec2 describe-instances \
  --query 'Reservations[].Instances[?State.Name==`running`].[InstanceId,Tags[?Key==`Name`].Value[0]|[0],PrivateIpAddress]' \
  --output table

Best Practices

Use --output json for programmatic processing
Filter with JMESPath server-side before transfer
Implement retry logic with exponential backoff
Use waiters instead of manual polling loops
Tag all resources for cost allocation and automation
Separate dev/staging/prod with AWS profiles
Enable CloudTrail for audit compliance
Validate IAM policies with simulate-principal-policy before attachment
Use --dry-run on every state-modifying operation
Enable MFA for security-sensitive operations

Constraints and Warnings

Rate Limiting

AWS API throttling applies; use --max-throttle and exponential backoff
Check aws service-quotas for current limits

Pagination

Default page size is variable; use --max-results for consistency
Use --no-paginate with jq for full dataset processing

Destructive Operations

S3 sync --delete: Irreversibly removes files not in source
EC2 terminate-instances: Cannot be undone; validate instance IDs first
IAM detach/policy: May break existing access; simulate before applying
RDS delete-db-instance: Snapshots do not protect all scenarios; verify retention

Security

Never commit AWS credentials; use aws configure or environment variables
Rotate access keys regularly with aws iam create-access-key
Use least-privilege: simulate before granting permissions