← 返回 Skills 市场
ivangdavila

AWS | Amazon Web Services

作者 Iván · GitHub ↗ · v1.0.2
linuxdarwinwin32 ⚠ suspicious
2584
总下载
2
收藏
21
当前安装
3
版本数
在 OpenClaw 中安装
/install aws
功能描述
Architect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls.
使用说明 (SKILL.md)

Setup

On first use, read setup.md for integration options. The skill works immediately — setup is optional for personalization.

When to Use

User needs AWS infrastructure guidance. Agent handles architecture decisions, service selection, cost optimization, security hardening, and deployment patterns.

Architecture

Memory lives in ~/aws/. See memory-template.md for structure.

~/aws/
├── memory.md        # Account context + preferences
├── resources.md     # Active infrastructure inventory
└── costs.md         # Cost tracking + alerts

Quick Reference

Topic File
Setup process setup.md
Memory template memory-template.md
Service patterns services.md
Cost optimization costs.md
Security hardening security.md

Core Rules

1. Verify Account Context First

Before any operation, confirm:

  • Region (default: us-east-1, but ask)
  • Account type (personal/startup/enterprise)
  • Existing infrastructure (VPC, subnets, security groups)
aws sts get-caller-identity
aws ec2 describe-vpcs --query 'Vpcs[].{ID:VpcId,CIDR:CidrBlock,Default:IsDefault}'

2. Cost-First Architecture

Every recommendation includes cost impact:

Stage Recommended Stack Monthly Cost
MVP (\x3C1k users) Single EC2 + RDS ~$50
Growth (1-10k) ALB + ASG + RDS Multi-AZ ~$200
Scale (10k+) ECS/EKS + Aurora + ElastiCache ~$500+

Default to smallest viable instance. Scaling up is easy; scaling down wastes money.

3. Security by Default

Every resource includes:

  • Principle of least privilege IAM
  • Encryption at rest (KMS default key minimum)
  • VPC isolation (no public subnets for databases)
  • Security groups with explicit deny-all inbound

4. Infrastructure as Code

Generate Terraform or CloudFormation for reproducibility:

# Prefer Terraform for multi-cloud portability
terraform init && terraform plan

Never rely on console-only changes.

5. Tagging Strategy

Every resource gets tagged for cost allocation:

--tags Key=Environment,Value=prod Key=Project,Value=myapp Key=Owner,Value=team

6. Monitoring from Day 1

Deploy CloudWatch alarms with infrastructure:

  • Billing alerts (before you get surprised)
  • CPU/Memory thresholds
  • Error rate spikes

Cost Traps

NAT Gateway data processing ($0.045/GB): VPC endpoints are free for S3/DynamoDB. A busy app can burn $500/month on NAT alone.

aws ec2 create-vpc-endpoint --vpc-id vpc-xxx \
  --service-name com.amazonaws.us-east-1.s3 --route-table-ids rtb-xxx

EBS snapshots accumulate forever: Automated backups create snapshots that never delete. Set lifecycle policies.

aws ec2 describe-snapshots --owner-ids self \
  --query 'Snapshots[?StartTime\x3C=`2024-01-01`].[SnapshotId,StartTime,VolumeSize]'

CloudWatch Logs default retention is forever:

aws logs put-retention-policy --log-group-name /aws/lambda/fn --retention-in-days 14

Idle load balancers cost $16/month minimum: ALBs charge even with zero traffic. Delete unused ones.

Data transfer between AZs costs $0.01/GB each way: Chatty microservices across AZs add up fast. Co-locate when possible.

Security Traps

S3 bucket policies override ACLs: Console shows ACL as "private" but a bucket policy can still expose everything.

aws s3api get-bucket-policy --bucket my-bucket 2>/dev/null || echo "No policy"
aws s3api get-public-access-block --bucket my-bucket

Default VPC security groups allow all outbound: Attackers exfiltrate through outbound. Restrict it.

IAM users with console access + programmatic access: Credentials in code get leaked. Use roles + temporary credentials.

RDS publicly accessible defaults to Yes in console: Always verify:

aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Public:PubliclyAccessible}'

Performance Patterns

Lambda cold starts:

  • Use provisioned concurrency for latency-sensitive functions
  • Keep packages small (\x3C50MB unzipped)
  • Initialize SDK clients outside handler

RDS connection limits:

Instance Max Connections
db.t3.micro 66
db.t3.small 150
db.t3.medium 300

Use RDS Proxy for Lambda to avoid connection exhaustion.

EBS volume types:

Type Use Case IOPS
gp3 Default (consistent) 3,000 base
io2 Databases (guaranteed) Up to 64,000
st1 Big data (throughput) 500 MiB/s

Service Selection

Need Service Why
Static site S3 + CloudFront Pennies/month, global CDN
API backend Lambda + API Gateway Zero idle cost
Container app ECS Fargate No cluster management
Database RDS PostgreSQL Managed, Multi-AZ ready
Cache ElastiCache Redis Session/cache, \x3C DynamoDB latency
Queue SQS Simpler than SNS for most cases
Search OpenSearch Elasticsearch managed

CLI Essentials

# Configure credentials
aws configure --profile myproject

# Always specify profile
export AWS_PROFILE=myproject

# Check current identity
aws sts get-caller-identity

# List all regions
aws ec2 describe-regions --query 'Regions[].RegionName'

# Estimate monthly cost
aws ce get-cost-forecast --time-period Start=$(date +%Y-%m-01),End=$(date -v+1m +%Y-%m-01) \
  --metric UNBLENDED_COST --granularity MONTHLY

Security & Privacy

Credentials: This skill uses the AWS CLI, which reads credentials from ~/.aws/credentials or environment variables. The skill never stores, logs, or transmits AWS credentials.

Local storage: Preferences and context stored in ~/aws/ — no data leaves your machine.

CLI commands: All commands shown are read-only by default. Destructive operations (delete, terminate) require explicit user confirmation.

Related Skills

Install with clawhub install \x3Cslug> if user confirms:

  • infrastructure — architecture decisions
  • cloud — multi-cloud patterns
  • docker — container basics
  • backend — API design

Feedback

  • If useful: clawhub star aws
  • Stay updated: clawhub sync
安全使用建议
This skill is coherent for AWS guidance but be cautious: it runs aws CLI commands and will use whatever AWS credentials are available in your environment or ~/.aws/config. Before using it, (1) ensure the CLI is configured with a low-privilege/read-only profile for exploration; (2) review any suggested commands before running them — examples include resource-creating commands (IAM users, VPC endpoints, budgets) that can change billing or security posture; (3) be aware the skill will write files to ~/aws/ containing account/context notes; (4) on Windows you may need a different install method (brew is provided only); and (5) if you plan to let an autonomous agent run commands, limit its AWS permissions with least-privilege roles and use separate billing/ sandbox accounts to avoid accidental costs or privilege escalation.
功能分析
Type: OpenClaw Skill Name: aws Version: 1.0.2 The skill bundle provides extensive instructions and AWS CLI commands for an AI agent to manage AWS infrastructure, including architecture, cost optimization, and security hardening. While the stated purpose is legitimate AWS management, the skill instructs the agent to execute powerful commands that can create, modify, and delete critical AWS resources, IAM users (including admin users), and secrets (e.g., `aws iam create-user`, `aws rds create-db-instance`, `aws secretsmanager create-secret`, `aws configure`). These broad and powerful capabilities, even with the stated intent of requiring user confirmation for destructive operations, constitute significant high-risk behaviors. There is no evidence of intentional malicious prompt injection or data exfiltration, but the inherent power granted to the agent makes the skill suspicious.
能力评估
Purpose & Capability
The name/description (AWS guidance, cost/security/deploy) matches the declared needs: the aws CLI binary and guidance-heavy SKILL.md. Commands and files relate to AWS architecture, costs, security, and IaC — appropriate for the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to run many aws CLI commands (sts, describe-*, create-*, put-*) and to read/write a local memory directory at ~/aws. This is consistent with an assistive AWS skill, but the instructions include commands that create resources (VPC endpoints, IAM users/roles, budgets) and change account state — so the agent (or a user following the guidance) could perform impactful operations. The skill implicitly accesses AWS credentials via the CLI config or environment variables.
Install Mechanism
Install spec is a single Homebrew formula (awscli) that produces the aws binary — a reasonable, low-risk install for macOS/Linux Homebrew users. Minor inconsistency: the skill declares support for win32 but only provides a brew install; Windows install steps are not provided.
Credentials
The skill declares no required env vars, which is reasonable because it relies on the aws CLI. However, runtime instructions will use AWS credentials from the environment or ~/.aws/ config and may read/write ~/aws/memory.md. This is proportional to the purpose but means the skill can access whatever permissions the configured AWS profile has — including highly privileged operations if credentials are admin-level.
Persistence & Privilege
The skill stores memory under ~/aws/ (memory.md, resources.md, costs.md) and may persist account context locally. always:false (not force-installed). Autonomous invocation is allowed (platform default). Writing to a user-owned ~/aws directory is expected, but users should be aware that account context and resource inventory will be stored on disk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install aws
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /aws 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Complete rewrite with cost traps, security hardening, service selection
v1.0.1
Name fix: AWS uppercase
v1.0.0
Initial release
元数据
Slug aws
版本 1.0.2
许可证
累计安装 21
当前安装数 21
历史版本数 3
常见问题

AWS | Amazon Web Services 是什么?

Architect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2584 次。

如何安装 AWS | Amazon Web Services?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aws」即可一键安装,无需额外配置。

AWS | Amazon Web Services 是免费的吗?

是的,AWS | Amazon Web Services 完全免费(开源免费),可自由下载、安装和使用。

AWS | Amazon Web Services 支持哪些平台?

AWS | Amazon Web Services 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 AWS | Amazon Web Services?

由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论