← Back to Skills Marketplace
ivangdavila

AWS | Amazon Web Services

by Iván · GitHub ↗ · v1.0.2
linuxdarwinwin32 ⚠ suspicious
2584
Downloads
2
Stars
21
Active Installs
3
Versions
Install in OpenClaw
/install aws
Description
Architect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls.
README (SKILL.md)

Setup

On first use, read setup.md for integration options. The skill works immediately — setup is optional for personalization.

When to Use

User needs AWS infrastructure guidance. Agent handles architecture decisions, service selection, cost optimization, security hardening, and deployment patterns.

Architecture

Memory lives in ~/aws/. See memory-template.md for structure.

~/aws/
├── memory.md        # Account context + preferences
├── resources.md     # Active infrastructure inventory
└── costs.md         # Cost tracking + alerts

Quick Reference

Topic File
Setup process setup.md
Memory template memory-template.md
Service patterns services.md
Cost optimization costs.md
Security hardening security.md

Core Rules

1. Verify Account Context First

Before any operation, confirm:

  • Region (default: us-east-1, but ask)
  • Account type (personal/startup/enterprise)
  • Existing infrastructure (VPC, subnets, security groups)
aws sts get-caller-identity
aws ec2 describe-vpcs --query 'Vpcs[].{ID:VpcId,CIDR:CidrBlock,Default:IsDefault}'

2. Cost-First Architecture

Every recommendation includes cost impact:

Stage Recommended Stack Monthly Cost
MVP (\x3C1k users) Single EC2 + RDS ~$50
Growth (1-10k) ALB + ASG + RDS Multi-AZ ~$200
Scale (10k+) ECS/EKS + Aurora + ElastiCache ~$500+

Default to smallest viable instance. Scaling up is easy; scaling down wastes money.

3. Security by Default

Every resource includes:

  • Principle of least privilege IAM
  • Encryption at rest (KMS default key minimum)
  • VPC isolation (no public subnets for databases)
  • Security groups with explicit deny-all inbound

4. Infrastructure as Code

Generate Terraform or CloudFormation for reproducibility:

# Prefer Terraform for multi-cloud portability
terraform init && terraform plan

Never rely on console-only changes.

5. Tagging Strategy

Every resource gets tagged for cost allocation:

--tags Key=Environment,Value=prod Key=Project,Value=myapp Key=Owner,Value=team

6. Monitoring from Day 1

Deploy CloudWatch alarms with infrastructure:

  • Billing alerts (before you get surprised)
  • CPU/Memory thresholds
  • Error rate spikes

Cost Traps

NAT Gateway data processing ($0.045/GB): VPC endpoints are free for S3/DynamoDB. A busy app can burn $500/month on NAT alone.

aws ec2 create-vpc-endpoint --vpc-id vpc-xxx \
  --service-name com.amazonaws.us-east-1.s3 --route-table-ids rtb-xxx

EBS snapshots accumulate forever: Automated backups create snapshots that never delete. Set lifecycle policies.

aws ec2 describe-snapshots --owner-ids self \
  --query 'Snapshots[?StartTime\x3C=`2024-01-01`].[SnapshotId,StartTime,VolumeSize]'

CloudWatch Logs default retention is forever:

aws logs put-retention-policy --log-group-name /aws/lambda/fn --retention-in-days 14

Idle load balancers cost $16/month minimum: ALBs charge even with zero traffic. Delete unused ones.

Data transfer between AZs costs $0.01/GB each way: Chatty microservices across AZs add up fast. Co-locate when possible.

Security Traps

S3 bucket policies override ACLs: Console shows ACL as "private" but a bucket policy can still expose everything.

aws s3api get-bucket-policy --bucket my-bucket 2>/dev/null || echo "No policy"
aws s3api get-public-access-block --bucket my-bucket

Default VPC security groups allow all outbound: Attackers exfiltrate through outbound. Restrict it.

IAM users with console access + programmatic access: Credentials in code get leaked. Use roles + temporary credentials.

RDS publicly accessible defaults to Yes in console: Always verify:

aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Public:PubliclyAccessible}'

Performance Patterns

Lambda cold starts:

  • Use provisioned concurrency for latency-sensitive functions
  • Keep packages small (\x3C50MB unzipped)
  • Initialize SDK clients outside handler

RDS connection limits:

Instance Max Connections
db.t3.micro 66
db.t3.small 150
db.t3.medium 300

Use RDS Proxy for Lambda to avoid connection exhaustion.

EBS volume types:

Type Use Case IOPS
gp3 Default (consistent) 3,000 base
io2 Databases (guaranteed) Up to 64,000
st1 Big data (throughput) 500 MiB/s

Service Selection

Need Service Why
Static site S3 + CloudFront Pennies/month, global CDN
API backend Lambda + API Gateway Zero idle cost
Container app ECS Fargate No cluster management
Database RDS PostgreSQL Managed, Multi-AZ ready
Cache ElastiCache Redis Session/cache, \x3C DynamoDB latency
Queue SQS Simpler than SNS for most cases
Search OpenSearch Elasticsearch managed

CLI Essentials

# Configure credentials
aws configure --profile myproject

# Always specify profile
export AWS_PROFILE=myproject

# Check current identity
aws sts get-caller-identity

# List all regions
aws ec2 describe-regions --query 'Regions[].RegionName'

# Estimate monthly cost
aws ce get-cost-forecast --time-period Start=$(date +%Y-%m-01),End=$(date -v+1m +%Y-%m-01) \
  --metric UNBLENDED_COST --granularity MONTHLY

Security & Privacy

Credentials: This skill uses the AWS CLI, which reads credentials from ~/.aws/credentials or environment variables. The skill never stores, logs, or transmits AWS credentials.

Local storage: Preferences and context stored in ~/aws/ — no data leaves your machine.

CLI commands: All commands shown are read-only by default. Destructive operations (delete, terminate) require explicit user confirmation.

Related Skills

Install with clawhub install \x3Cslug> if user confirms:

  • infrastructure — architecture decisions
  • cloud — multi-cloud patterns
  • docker — container basics
  • backend — API design

Feedback

  • If useful: clawhub star aws
  • Stay updated: clawhub sync
Usage Guidance
This skill is coherent for AWS guidance but be cautious: it runs aws CLI commands and will use whatever AWS credentials are available in your environment or ~/.aws/config. Before using it, (1) ensure the CLI is configured with a low-privilege/read-only profile for exploration; (2) review any suggested commands before running them — examples include resource-creating commands (IAM users, VPC endpoints, budgets) that can change billing or security posture; (3) be aware the skill will write files to ~/aws/ containing account/context notes; (4) on Windows you may need a different install method (brew is provided only); and (5) if you plan to let an autonomous agent run commands, limit its AWS permissions with least-privilege roles and use separate billing/ sandbox accounts to avoid accidental costs or privilege escalation.
Capability Analysis
Type: OpenClaw Skill Name: aws Version: 1.0.2 The skill bundle provides extensive instructions and AWS CLI commands for an AI agent to manage AWS infrastructure, including architecture, cost optimization, and security hardening. While the stated purpose is legitimate AWS management, the skill instructs the agent to execute powerful commands that can create, modify, and delete critical AWS resources, IAM users (including admin users), and secrets (e.g., `aws iam create-user`, `aws rds create-db-instance`, `aws secretsmanager create-secret`, `aws configure`). These broad and powerful capabilities, even with the stated intent of requiring user confirmation for destructive operations, constitute significant high-risk behaviors. There is no evidence of intentional malicious prompt injection or data exfiltration, but the inherent power granted to the agent makes the skill suspicious.
Capability Assessment
Purpose & Capability
The name/description (AWS guidance, cost/security/deploy) matches the declared needs: the aws CLI binary and guidance-heavy SKILL.md. Commands and files relate to AWS architecture, costs, security, and IaC — appropriate for the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to run many aws CLI commands (sts, describe-*, create-*, put-*) and to read/write a local memory directory at ~/aws. This is consistent with an assistive AWS skill, but the instructions include commands that create resources (VPC endpoints, IAM users/roles, budgets) and change account state — so the agent (or a user following the guidance) could perform impactful operations. The skill implicitly accesses AWS credentials via the CLI config or environment variables.
Install Mechanism
Install spec is a single Homebrew formula (awscli) that produces the aws binary — a reasonable, low-risk install for macOS/Linux Homebrew users. Minor inconsistency: the skill declares support for win32 but only provides a brew install; Windows install steps are not provided.
Credentials
The skill declares no required env vars, which is reasonable because it relies on the aws CLI. However, runtime instructions will use AWS credentials from the environment or ~/.aws/ config and may read/write ~/aws/memory.md. This is proportional to the purpose but means the skill can access whatever permissions the configured AWS profile has — including highly privileged operations if credentials are admin-level.
Persistence & Privilege
The skill stores memory under ~/aws/ (memory.md, resources.md, costs.md) and may persist account context locally. always:false (not force-installed). Autonomous invocation is allowed (platform default). Writing to a user-owned ~/aws directory is expected, but users should be aware that account context and resource inventory will be stored on disk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install aws
  3. After installation, invoke the skill by name or use /aws
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Complete rewrite with cost traps, security hardening, service selection
v1.0.1
Name fix: AWS uppercase
v1.0.0
Initial release
Metadata
Slug aws
Version 1.0.2
License
All-time Installs 21
Active Installs 21
Total Versions 3
Frequently Asked Questions

What is AWS | Amazon Web Services?

Architect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls. It is an AI Agent Skill for Claude Code / OpenClaw, with 2584 downloads so far.

How do I install AWS | Amazon Web Services?

Run "/install aws" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AWS | Amazon Web Services free?

Yes, AWS | Amazon Web Services is completely free (open-source). You can download, install and use it at no cost.

Which platforms does AWS | Amazon Web Services support?

AWS | Amazon Web Services is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created AWS | Amazon Web Services?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments