功能描述

Design AWS architectures for startups using serverless patterns and IaC templates. Use when asked to design serverless architecture, create CloudFormation te...

使用说明 (SKILL.md)

AWS Solution Architect

Name: Aws Solution Architect
Author: alirezarezvani

Design scalable, cost-effective AWS architectures for startups with infrastructure-as-code templates.

Workflow

Step 1: Gather Requirements

Collect application specifications:

- Application type (web app, mobile backend, data pipeline, SaaS)
- Expected users and requests per second
- Budget constraints (monthly spend limit)
- Team size and AWS experience level
- Compliance requirements (GDPR, HIPAA, SOC 2)
- Availability requirements (SLA, RPO/RTO)

Step 2: Design Architecture

Run the architecture designer to get pattern recommendations:

python scripts/architecture_designer.py --input requirements.json

Example output:

{
  "recommended_pattern": "serverless_web",
  "service_stack": ["S3", "CloudFront", "API Gateway", "Lambda", "DynamoDB", "Cognito"],
  "estimated_monthly_cost_usd": 35,
  "pros": ["Low ops overhead", "Pay-per-use", "Auto-scaling"],
  "cons": ["Cold starts", "15-min Lambda limit", "Eventual consistency"]
}

Select from recommended patterns:

Serverless Web: S3 + CloudFront + API Gateway + Lambda + DynamoDB
Event-Driven Microservices: EventBridge + Lambda + SQS + Step Functions
Three-Tier: ALB + ECS Fargate + Aurora + ElastiCache
GraphQL Backend: AppSync + Lambda + DynamoDB + Cognito

See references/architecture_patterns.md for detailed pattern specifications.

Validation checkpoint: Confirm the recommended pattern matches the team's operational maturity and compliance requirements before proceeding to Step 3.

Step 3: Generate IaC Templates

Create infrastructure-as-code for the selected pattern:

# Serverless stack (CloudFormation)
python scripts/serverless_stack.py --app-name my-app --region us-east-1

Example CloudFormation YAML output (core serverless resources):

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Parameters:
  AppName:
    Type: String
    Default: my-app

Resources:
  ApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs20.x
      MemorySize: 512
      Timeout: 30
      Environment:
        Variables:
          TABLE_NAME: !Ref DataTable
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref DataTable
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /{proxy+}
            Method: ANY

  DataTable:
    Type: AWS::DynamoDB::Table
    Properties:
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
        - AttributeName: pk
          AttributeType: S
        - AttributeName: sk
          AttributeType: S
      KeySchema:
        - AttributeName: pk
          KeyType: HASH
        - AttributeName: sk
          KeyType: RANGE

Full templates including API Gateway, Cognito, IAM roles, and CloudWatch logging are generated by serverless_stack.py and also available in references/architecture_patterns.md.

Example CDK TypeScript snippet (three-tier pattern):

import * as ecs from 'aws-cdk-lib/aws-ecs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as rds from 'aws-cdk-lib/aws-rds';

const vpc = new ec2.Vpc(this, 'AppVpc', { maxAzs: 2 });

const cluster = new ecs.Cluster(this, 'AppCluster', { vpc });

const db = new rds.ServerlessCluster(this, 'AppDb', {
  engine: rds.DatabaseClusterEngine.auroraPostgres({
    version: rds.AuroraPostgresEngineVersion.VER_15_2,
  }),
  vpc,
  scaling: { minCapacity: 0.5, maxCapacity: 4 },
});

Step 4: Review Costs

Analyze estimated costs and optimization opportunities:

python scripts/cost_optimizer.py --resources current_setup.json --monthly-spend 2000

Example output:

{
  "current_monthly_usd": 2000,
  "recommendations": [
    { "action": "Right-size RDS db.r5.2xlarge → db.r5.large", "savings_usd": 420, "priority": "high" },
    { "action": "Purchase 1-yr Compute Savings Plan at 40% utilization", "savings_usd": 310, "priority": "high" },
    { "action": "Move S3 objects >90 days to Glacier Instant Retrieval", "savings_usd": 85, "priority": "medium" }
  ],
  "total_potential_savings_usd": 815
}

Output includes:

Monthly cost breakdown by service
Right-sizing recommendations
Savings Plans opportunities
Potential monthly savings

Step 5: Deploy

Deploy the generated infrastructure:

# CloudFormation
aws cloudformation create-stack \
  --stack-name my-app-stack \
  --template-body file://template.yaml \
  --capabilities CAPABILITY_IAM

# CDK
cdk deploy

# Terraform
terraform init && terraform apply

Step 6: Validate and Handle Failures

Verify deployment and set up monitoring:

# Check stack status
aws cloudformation describe-stacks --stack-name my-app-stack

# Set up CloudWatch alarms
aws cloudwatch put-metric-alarm --alarm-name high-errors ...

If stack creation fails:

Check the failure reason:

aws cloudformation describe-stack-events \
  --stack-name my-app-stack \
  --query 'StackEvents[?ResourceStatus==`CREATE_FAILED`]'

Review CloudWatch Logs for Lambda or ECS errors.
Fix the template or resource configuration.

Delete the failed stack before retrying:

aws cloudformation delete-stack --stack-name my-app-stack
# Wait for deletion
aws cloudformation wait stack-delete-complete --stack-name my-app-stack
# Redeploy
aws cloudformation create-stack ...

Common failure causes:

IAM permission errors → verify --capabilities CAPABILITY_IAM and role trust policies
Resource limit exceeded → request quota increase via Service Quotas console
Invalid template syntax → run aws cloudformation validate-template --template-body file://template.yaml before deploying

Tools

architecture_designer.py

Generates architecture patterns based on requirements.

python scripts/architecture_designer.py --input requirements.json --output design.json

Input: JSON with app type, scale, budget, compliance needs Output: Recommended pattern, service stack, cost estimate, pros/cons

serverless_stack.py

Creates serverless CloudFormation templates.

python scripts/serverless_stack.py --app-name my-app --region us-east-1

Output: Production-ready CloudFormation YAML with:

API Gateway + Lambda
DynamoDB table
Cognito user pool
IAM roles with least privilege
CloudWatch logging

cost_optimizer.py

Analyzes costs and recommends optimizations.

python scripts/cost_optimizer.py --resources inventory.json --monthly-spend 5000

Output: Recommendations for:

Idle resource removal
Instance right-sizing
Reserved capacity purchases
Storage tier transitions
NAT Gateway alternatives

Quick Start

MVP Architecture (\x3C $100/month)

Ask: "Design a serverless MVP backend for a mobile app with 1000 users"

Result:
- Lambda + API Gateway for API
- DynamoDB pay-per-request for data
- Cognito for authentication
- S3 + CloudFront for static assets
- Estimated: $20-50/month

Scaling Architecture ($500-2000/month)

Ask: "Design a scalable architecture for a SaaS platform with 50k users"

Result:
- ECS Fargate for containerized API
- Aurora Serverless for relational data
- ElastiCache for session caching
- CloudFront for CDN
- CodePipeline for CI/CD
- Multi-AZ deployment

Cost Optimization

Ask: "Optimize my AWS setup to reduce costs by 30%. Current spend: $3000/month"

Provide: Current resource inventory (EC2, RDS, S3, etc.)

Result:
- Idle resource identification
- Right-sizing recommendations
- Savings Plans analysis
- Storage lifecycle policies
- Target savings: $900/month

IaC Generation

Ask: "Generate CloudFormation for a three-tier web app with auto-scaling"

Result:
- VPC with public/private subnets
- ALB with HTTPS
- ECS Fargate with auto-scaling
- Aurora with read replicas
- Security groups and IAM roles

Input Requirements

Provide these details for architecture design:

Requirement	Description	Example
Application type	What you're building	SaaS platform, mobile backend
Expected scale	Users, requests/sec	10k users, 100 RPS
Budget	Monthly AWS limit	$500/month max
Team context	Size, AWS experience	3 devs, intermediate
Compliance	Regulatory needs	HIPAA, GDPR, SOC 2
Availability	Uptime requirements	99.9% SLA, 1hr RPO

JSON Format:

{
  "application_type": "saas_platform",
  "expected_users": 10000,
  "requests_per_second": 100,
  "budget_monthly_usd": 500,
  "team_size": 3,
  "aws_experience": "intermediate",
  "compliance": ["SOC2"],
  "availability_sla": "99.9%"
}

Output Formats

Architecture Design

Pattern recommendation with rationale
Service stack diagram (ASCII)
Monthly cost estimate and trade-offs

IaC Templates

CloudFormation YAML: Production-ready SAM/CFN templates
CDK TypeScript: Type-safe infrastructure code
Terraform HCL: Multi-cloud compatible configs

Cost Analysis

Current spend breakdown with optimization recommendations
Priority action list (high/medium/low) and implementation checklist

Reference Documentation

Document	Contents
`references/architecture_patterns.md`	6 patterns: serverless, microservices, three-tier, data processing, GraphQL, multi-region
`references/service_selection.md`	Decision matrices for compute, database, storage, messaging
`references/best_practices.md`	Serverless design, cost optimization, security hardening, scalability

安全使用建议

This skill is coherent for designing and producing AWS architectures, IaC, and cost recommendations. Before using it: 1) Be aware running the publish/deploy commands (aws/cdk/terraform) will use your AWS credentials and can create or delete resources and incur costs — run in a test/sandbox account first. 2) Review generated CloudFormation/CDK/Terraform templates (especially IAM policies) before granting CAPABILITY_IAM or deploying; avoid blindly accepting overly-permissive '*' resources. 3) Provide least-privilege AWS credentials (or use an IAM role with narrow scope) and ensure logs/monitoring and billing alarms are enabled. 4) Verify there are no hardcoded secrets or ARNs in the generated output; the examples show using Secrets Manager (expected) but do not require hardcoding. If you want the agent to perform deployments autonomously, explicitly limit which account/role it may use and test in an isolated environment.

功能分析

Type: OpenClaw Skill Name: aws-solution-architect Version: 2.1.1 The skill bundle is a legitimate toolset for AWS architecture design and Infrastructure-as-Code (IaC) generation. The Python scripts (architecture_designer.py, cost_optimizer.py, and serverless_stack.py) contain clean, well-documented logic for recommending AWS patterns and generating CloudFormation, CDK, and Terraform templates based on user requirements. The instructions in SKILL.md follow a logical workflow for a solution architect, and the extensive reference documentation provides high-quality, security-conscious guidance (e.g., emphasizing IAM least privilege and encryption). No indicators of data exfiltration, malicious execution, or harmful prompt injection were found.

能力评估

✓ Purpose & Capability

Name/description match the included artifacts: architecture designer, cost optimizer, and serverless stack generator are present and the SKILL.md describes generating IaC, cost analysis, and deployment. The requested tools and files are proportional to designing AWS solutions.

ℹ Instruction Scope

SKILL.md directs running local Python scripts to generate templates and explicitly shows deployment commands (aws cloudformation, cdk deploy, terraform apply) and troubleshooting steps. Those deployment steps will use the user's AWS credentials and can create/delete resources (and incur cost). The instructions do not attempt to read unrelated system files or exfiltrate data, but they do assume the agent/operator has AWS credentials and the ability to run CLI/SDK operations.

✓ Install Mechanism

No install spec is provided (instruction-only with included scripts). Nothing is downloaded from external URLs or installed automatically by the skill, which minimizes installation risk.

ℹ Credentials

Registry metadata declares no required env vars, but the code and SKILL.md include AWS CLI/SDK usage (examples with boto3, aws CLI, CDK). This is expected for an AWS architect skill, but users should be aware the scripts and deploy commands require AWS credentials (AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY or configured CLI) and appropriate IAM permissions; those credentials are not requested explicitly in the skill metadata.

✓ Persistence & Privilege

Skill is not always-enabled and is user-invocable. It does not request persistent platform privileges or modify other skills' configs. Autonomous invocation remains possible (platform default) but there are no additional privilege escalations requested by the skill.

版本历史

v2.1.1

v2.1.1: optimization, reference splits

v1.0.0

- Initial release of aws-solution-architect skill for startups. - Supports design of AWS architectures using serverless and container-based patterns. - Provides step-by-step workflow for requirement gathering, architectural pattern selection, infrastructure-as-code (IaC) generation, cost analysis, and deployment. - Includes automation tools for architecture design, serverless CloudFormation template generation, and cost optimization. - Offers templates and best practices for Lambda, API Gateway, DynamoDB, ECS, Aurora, Cognito, and more. - Covers common startup use cases: MVP, scaling, cost reduction, secure deployments, and migration to AWS.

元数据

Slug aws-solution-architect

版本 2.1.1

许可证 MIT-0

累计安装 8

当前安装数 7

历史版本数 2

常见问题