Does this skill support the AWS CDK?

Yes, it provides specific guidance for CDK conventions, including construct design, testing with assertions, and using cdk-nag for automated security audits.

What AWS services are covered by this skill?

It includes detailed best practices for IAM, S3, Lambda, ECS/Fargate, VPC Networking, and API Gateway (both REST and HTTP APIs).

How does this skill handle IAM security?

It enforces least-privilege access by preventing the use of wildcards in actions and resources, requiring Sids for readability, and promoting one IAM role per workload.

Can it help with networking design?

Yes, it provides patterns for VPC design, including multi-AZ setups, subnet tiering (public, private, isolated), and secure security group configurations that avoid catch-all rules.

AWS Infrastructure Architect

Name: AWS Infrastructure Architect
Author: Chogos

byChogos

0•

クラウドインフラストラクチャ

Enforces AWS best practices and security standards across CloudFormation, CDK, and serverless resource definitions.

This skill provides comprehensive guidance for architecting and implementing secure, scalable AWS infrastructure. It automates the application of industry-standard best practices for IAM least privilege, S3 bucket security, Lambda optimization, and Fargate container orchestration. Whether you are building with the AWS CDK or CloudFormation, it ensures your networking, security groups, and API configurations are production-ready, cost-effective, and aligned with the AWS Well-Architected Framework.

主な機能

01Automated enforcement of IAM least-privilege principles and scoped trust policies

02Secure S3 configuration including public access blocking and encryption standards

03Optimized Lambda and ECS/Fargate resource definitions for performance and cost

04Best practices for infrastructure testing using AWS CDK assertions and cdk-nag

050 GitHub stars

06Standards-compliant VPC networking architecture with private subnet patterns

ユースケース

01Scaffolding production-ready serverless stacks using the AWS CDK with built-in unit testing

02Refactoring existing CloudFormation templates to meet enterprise security compliance

03Reviewing IAM policies to eliminate wildcard permissions and implement resource-level scoping

主な機能

01Automated enforcement of IAM least-privilege principles and scoped trust policies

02Secure S3 configuration including public access blocking and encryption standards

03Optimized Lambda and ECS/Fargate resource definitions for performance and cost

04Best practices for infrastructure testing using AWS CDK assertions and cdk-nag

050 GitHub stars

06Standards-compliant VPC networking architecture with private subnet patterns

ユースケース

01Scaffolding production-ready serverless stacks using the AWS CDK with built-in unit testing

02Refactoring existing CloudFormation templates to meet enterprise security compliance

03Reviewing IAM policies to eliminate wildcard permissions and implement resource-level scoping