amazon-web-services
Core AWS services for application developers. Covers S3 (storage, presigned URLs, lifecycle), Lambda (functions, layers, cold starts), IAM (roles, policies, least privilege), DynamoDB (single-table design, GSI/LSI, streams), SQS/SNS (queues, topics, fan-out), CloudFront (CDN, caching), RDS/Aurora (Postgres/MySQL, connection pooling), ECR/ECS/Fargate (containers), Route 53 (DNS), Secrets Manager, and CDK v2 (TypeScript IaC, constructs, stacks, testing). Use when building AWS infrastructure, writing CDK stacks, configuring IAM policies, designing DynamoDB tables, setting up Lambda functions, creating S3 presigned URLs, deploying containers on ECS/Fargate, or configuring CloudFront distributions.
Resources
1Install
npx skillscat add oakoss/agent-skills/amazon-web-services Install via the SkillsCat registry.
Amazon Web Services
Overview
Amazon Web Services (AWS) provides cloud computing services for building scalable applications. The AWS SDK for JavaScript v3 uses modular packages (@aws-sdk/client-*) with first-class TypeScript support. AWS CDK v2 defines infrastructure as code using TypeScript constructs that synthesize to CloudFormation templates.
When to use: Building cloud-native applications, serverless architectures, container deployments, managed databases, CDN distribution, event-driven systems, or infrastructure as code.
When NOT to use: Simple static sites (consider Vercel/Netlify), local-only development tools, projects with no cloud deployment requirement.
Quick Reference
| Service / Pattern | API / Construct | Key Points |
|---|---|---|
| S3 upload | PutObjectCommand |
Modular import from @aws-sdk/client-s3 |
| S3 presigned URL | getSignedUrl() |
From @aws-sdk/s3-request-presigner, max 7 days |
| Lambda function | new lambda.Function() |
CDK L2 construct, set memorySize and timeout |
| Lambda layers | new lambda.LayerVersion() |
Share code/deps across functions |
| IAM policy | new iam.PolicyStatement() |
Always use least privilege, avoid * resources |
| DynamoDB table | new dynamodb.Table() |
Single-table design, PAY_PER_REQUEST for variable loads |
| DynamoDB GSI | table.addGlobalSecondaryIndex() |
Separate throughput, eventual consistency |
| SQS queue | new sqs.Queue() |
DLQ for failed messages, long polling with WaitTimeSeconds |
| SNS topic | new sns.Topic() |
Fan-out to SQS, Lambda, HTTP endpoints |
| CloudFront | new cloudfront.Distribution() |
OAC for S3 origins, cache policies |
| RDS/Aurora | new rds.DatabaseCluster() |
Use RDS Proxy for connection pooling |
| ECS Fargate | new ecs_patterns.ApplicationLoadBalancedFargateService() |
Higher-level pattern construct |
| Route 53 | new route53.ARecord() |
Alias records for AWS resources |
| Secrets Manager | secretsmanager.Secret.fromSecretNameV2() |
Automatic rotation, never hardcode secrets |
| CDK stack | new cdk.Stack(app, 'Id') |
One stack per deployment unit |
| CDK testing | Template.fromStack(stack) |
Fine-grained assertions and snapshot tests |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
Using AWS SDK v2 (aws-sdk) |
Use modular v3 (@aws-sdk/client-*) for smaller bundles |
IAM Action: "*" or Resource: "*" |
Scope to specific actions and resource ARNs |
| No DLQ on SQS queues | Always attach a dead-letter queue for failed messages |
| DynamoDB scan for queries | Design access patterns first, use Query with GSI/LSI |
| Hardcoding secrets in code or env vars | Use Secrets Manager or SSM Parameter Store |
Lambda bundling node_modules without tree-shaking |
Use NodejsFunction with esbuild bundling |
Missing RemovalPolicy on stateful resources |
Set RemovalPolicy.RETAIN for production databases and buckets |
| Creating one Lambda per CRUD operation | Group related operations, use event routing |
| No connection pooling for RDS | Use RDS Proxy or limit max_connections per Lambda |
| CloudFront without cache policy | Define explicit CachePolicy to control TTL and headers |
| CDK testing only with snapshots | Combine fine-grained assertions with snapshot tests |
| Presigned URL without content-type | Include ContentType in PutObjectCommand for uploads |
Delegation
- Infrastructure patterns: Use
Exploreagent for AWS architecture discovery - Security review: Use
Taskagent for IAM policy auditing - Cost optimization: Use
Taskagent for resource right-sizing
If the
dockerskill is available, delegate container build patterns and Dockerfile optimization to it.
If thegithub-actionsskill is available, delegate CI/CD pipeline patterns for AWS deployments to it.
If thetypescript-patternsskill is available, delegate TypeScript strict mode and type patterns used in CDK code to it.
If theapplication-securityskill is available, delegate AWS security best practices and threat modeling to it.
References
- S3 storage, presigned URLs, and lifecycle policies
- Lambda functions, layers, cold starts, and event sources
- IAM roles, policies, and least-privilege patterns
- DynamoDB single-table design, GSI/LSI, and streams
- SQS queues, SNS topics, and fan-out messaging
- ECS/Fargate container deployment and ECR
- CloudFront CDN, Route 53 DNS, and networking
- CDK v2 infrastructure as code, constructs, stacks, and testing
Install
npx skillscat add oakoss/agent-skills/amazon-web-services Install via the SkillsCat registry.