What AWS services are specifically covered?

While general for AWS, it specializes in Serverless components like Lambda (including Function URLs), API Gateway, and DynamoDB, along with core security services like IAM, KMS, and Secrets Manager.

How does this skill improve IAM security?

It enforces least-privilege principles, scopes permissions to specific ARNs instead of wildcards, and prevents 'confused deputy' attacks using source ARN conditions.

Does it support the latest Terraform features?

Yes, it includes guidance for Terraform 1.10+, such as S3-native state locking and using ephemeral resources to keep secrets out of state files.

Can it help with CI/CD automation?

Absolutely, it provides patterns for GitHub Actions using OIDC federation, environment-specific pipelines, and drift detection without storing static secrets.

Does it integrate with security scanners?

It is specifically designed to align with Checkov (CKV_AWS) checks to ensure infrastructure passes static analysis audits and security scans.

AWS Terraform Best Practices

Name: AWS Terraform Best Practices
Author: a-pavithraa

bya-pavithraa

•

クラウドインフラストラクチャ

Optimizes AWS infrastructure using professional Terraform patterns, security-first IAM policies, and modern CI/CD workflows.

The terraform-aws skill empowers Claude with specialized knowledge for architecting, reviewing, and implementing AWS infrastructure using Terraform and OpenTofu. It enforces industry-standard patterns such as logical module encapsulation, least-privilege IAM roles, and OIDC-based CI/CD pipelines to eliminate static credentials. By leveraging modern features like S3-native state locking and ephemeral secret resources (Terraform 1.10+), it helps developers avoid common pitfalls like 'confused deputy' vulnerabilities, over-scoped permissions, and exposed secrets in state files.

主な機能

01Automates CI/CD pipeline design for GitHub Actions with environment protection and drift detection.

02Supports modern Terraform 1.10+ features including S3-native locking and ephemeral resources for secrets.

03Implements least-privilege IAM policies and OIDC federation to eliminate static AWS access keys.

044 GitHub stars

05Provides optimized module structures that encapsulate logical groupings like Lambda, IAM, and logging.

06Enforces security best practices through Checkov-aligned configurations and 'confused deputy' protections.

ユースケース

01Migrating legacy Terraform state management to modern S3-native locking patterns without DynamoDB.

02Conducting security audits of existing IaC to identify wildcard IAM permissions and unencrypted resources.

03Architecting a secure, multi-environment AWS Serverless stack with API Gateway, Lambda, and DynamoDB.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add a-pavithraa/aws-serverless-skill terraform-aws

For use in Claude.ai and ChatGPT

Download Skill