{ "schemaVersion": "1.0", "item": { "slug": "aws", "name": "AWS | Amazon Web Services", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/ivangdavila/aws", "canonicalUrl": "https://clawhub.ai/ivangdavila/aws", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/aws", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=aws", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "costs.md", "memory-template.md", "security.md", "services.md", "setup.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/aws" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/aws", "agentPageUrl": "https://openagent3.xyz/skills/aws/agent", "manifestUrl": "https://openagent3.xyz/skills/aws/agent.json", "briefUrl": "https://openagent3.xyz/skills/aws/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Setup", "body": "On first use, read setup.md for integration options. The skill works immediately — setup is optional for personalization." }, { "title": "When to Use", "body": "User needs AWS infrastructure guidance. Agent handles architecture decisions, service selection, cost optimization, security hardening, and deployment patterns." }, { "title": "Architecture", "body": "Memory lives in ~/aws/. See memory-template.md for structure.\n\n~/aws/\n├── memory.md # Account context + preferences\n├── resources.md # Active infrastructure inventory\n└── costs.md # Cost tracking + alerts" }, { "title": "Quick Reference", "body": "TopicFileSetup processsetup.mdMemory templatememory-template.mdService patternsservices.mdCost optimizationcosts.mdSecurity hardeningsecurity.md" }, { "title": "1. Verify Account Context First", "body": "Before any operation, confirm:\n\nRegion (default: us-east-1, but ask)\nAccount type (personal/startup/enterprise)\nExisting infrastructure (VPC, subnets, security groups)\n\naws sts get-caller-identity\naws ec2 describe-vpcs --query 'Vpcs[].{ID:VpcId,CIDR:CidrBlock,Default:IsDefault}'" }, { "title": "2. Cost-First Architecture", "body": "Every recommendation includes cost impact:\n\nStageRecommended StackMonthly CostMVP (<1k users)Single EC2 + RDS~$50Growth (1-10k)ALB + ASG + RDS Multi-AZ~$200Scale (10k+)ECS/EKS + Aurora + ElastiCache~$500+\n\nDefault to smallest viable instance. Scaling up is easy; scaling down wastes money." }, { "title": "3. Security by Default", "body": "Every resource includes:\n\nPrinciple of least privilege IAM\nEncryption at rest (KMS default key minimum)\nVPC isolation (no public subnets for databases)\nSecurity groups with explicit deny-all inbound" }, { "title": "4. Infrastructure as Code", "body": "Generate Terraform or CloudFormation for reproducibility:\n\n# Prefer Terraform for multi-cloud portability\nterraform init && terraform plan\n\nNever rely on console-only changes." }, { "title": "5. Tagging Strategy", "body": "Every resource gets tagged for cost allocation:\n\n--tags Key=Environment,Value=prod Key=Project,Value=myapp Key=Owner,Value=team" }, { "title": "6. Monitoring from Day 1", "body": "Deploy CloudWatch alarms with infrastructure:\n\nBilling alerts (before you get surprised)\nCPU/Memory thresholds\nError rate spikes" }, { "title": "Cost Traps", "body": "NAT Gateway data processing ($0.045/GB):\nVPC endpoints are free for S3/DynamoDB. A busy app can burn $500/month on NAT alone.\n\naws ec2 create-vpc-endpoint --vpc-id vpc-xxx \\\n --service-name com.amazonaws.us-east-1.s3 --route-table-ids rtb-xxx\n\nEBS snapshots accumulate forever:\nAutomated backups create snapshots that never delete. Set lifecycle policies.\n\naws ec2 describe-snapshots --owner-ids self \\\n --query 'Snapshots[?StartTime<=`2024-01-01`].[SnapshotId,StartTime,VolumeSize]'\n\nCloudWatch Logs default retention is forever:\n\naws logs put-retention-policy --log-group-name /aws/lambda/fn --retention-in-days 14\n\nIdle load balancers cost $16/month minimum:\nALBs charge even with zero traffic. Delete unused ones.\n\nData transfer between AZs costs $0.01/GB each way:\nChatty microservices across AZs add up fast. Co-locate when possible." }, { "title": "Security Traps", "body": "S3 bucket policies override ACLs:\nConsole shows ACL as \"private\" but a bucket policy can still expose everything.\n\naws s3api get-bucket-policy --bucket my-bucket 2>/dev/null || echo \"No policy\"\naws s3api get-public-access-block --bucket my-bucket\n\nDefault VPC security groups allow all outbound:\nAttackers exfiltrate through outbound. Restrict it.\n\nIAM users with console access + programmatic access:\nCredentials in code get leaked. Use roles + temporary credentials.\n\nRDS publicly accessible defaults to Yes in console:\nAlways verify:\n\naws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Public:PubliclyAccessible}'" }, { "title": "Performance Patterns", "body": "Lambda cold starts:\n\nUse provisioned concurrency for latency-sensitive functions\nKeep packages small (<50MB unzipped)\nInitialize SDK clients outside handler\n\nRDS connection limits:\n\nInstanceMax Connectionsdb.t3.micro66db.t3.small150db.t3.medium300\n\nUse RDS Proxy for Lambda to avoid connection exhaustion.\n\nEBS volume types:\n\nTypeUse CaseIOPSgp3Default (consistent)3,000 baseio2Databases (guaranteed)Up to 64,000st1Big data (throughput)500 MiB/s" }, { "title": "Service Selection", "body": "NeedServiceWhyStatic siteS3 + CloudFrontPennies/month, global CDNAPI backendLambda + API GatewayZero idle costContainer appECS FargateNo cluster managementDatabaseRDS PostgreSQLManaged, Multi-AZ readyCacheElastiCache RedisSession/cache, < DynamoDB latencyQueueSQSSimpler than SNS for most casesSearchOpenSearchElasticsearch managed" }, { "title": "CLI Essentials", "body": "# Configure credentials\naws configure --profile myproject\n\n# Always specify profile\nexport AWS_PROFILE=myproject\n\n# Check current identity\naws sts get-caller-identity\n\n# List all regions\naws ec2 describe-regions --query 'Regions[].RegionName'\n\n# Estimate monthly cost\naws ce get-cost-forecast --time-period Start=$(date +%Y-%m-01),End=$(date -v+1m +%Y-%m-01) \\\n --metric UNBLENDED_COST --granularity MONTHLY" }, { "title": "Security & Privacy", "body": "Credentials: This skill uses the AWS CLI, which reads credentials from ~/.aws/credentials or environment variables. The skill never stores, logs, or transmits AWS credentials.\n\nLocal storage: Preferences and context stored in ~/aws/ — no data leaves your machine.\n\nCLI commands: All commands shown are read-only by default. Destructive operations (delete, terminate) require explicit user confirmation." }, { "title": "Related Skills", "body": "Install with clawhub install if user confirms:\n\ninfrastructure — architecture decisions\ncloud — multi-cloud patterns\ndocker — container basics\nbackend — API design" }, { "title": "Feedback", "body": "If useful: clawhub star aws\nStay updated: clawhub sync" } ], "body": "Setup\n\nOn first use, read setup.md for integration options. The skill works immediately — setup is optional for personalization.\n\nWhen to Use\n\nUser needs AWS infrastructure guidance. Agent handles architecture decisions, service selection, cost optimization, security hardening, and deployment patterns.\n\nArchitecture\n\nMemory lives in ~/aws/. See memory-template.md for structure.\n\n~/aws/\n├── memory.md # Account context + preferences\n├── resources.md # Active infrastructure inventory\n└── costs.md # Cost tracking + alerts\n\nQuick Reference\nTopic\tFile\nSetup process\tsetup.md\nMemory template\tmemory-template.md\nService patterns\tservices.md\nCost optimization\tcosts.md\nSecurity hardening\tsecurity.md\nCore Rules\n1. Verify Account Context First\n\nBefore any operation, confirm:\n\nRegion (default: us-east-1, but ask)\nAccount type (personal/startup/enterprise)\nExisting infrastructure (VPC, subnets, security groups)\naws sts get-caller-identity\naws ec2 describe-vpcs --query 'Vpcs[].{ID:VpcId,CIDR:CidrBlock,Default:IsDefault}'\n\n2. Cost-First Architecture\n\nEvery recommendation includes cost impact:\n\nStage\tRecommended Stack\tMonthly Cost\nMVP (<1k users)\tSingle EC2 + RDS\t~$50\nGrowth (1-10k)\tALB + ASG + RDS Multi-AZ\t~$200\nScale (10k+)\tECS/EKS + Aurora + ElastiCache\t~$500+\n\nDefault to smallest viable instance. Scaling up is easy; scaling down wastes money.\n\n3. Security by Default\n\nEvery resource includes:\n\nPrinciple of least privilege IAM\nEncryption at rest (KMS default key minimum)\nVPC isolation (no public subnets for databases)\nSecurity groups with explicit deny-all inbound\n4. Infrastructure as Code\n\nGenerate Terraform or CloudFormation for reproducibility:\n\n# Prefer Terraform for multi-cloud portability\nterraform init && terraform plan\n\n\nNever rely on console-only changes.\n\n5. Tagging Strategy\n\nEvery resource gets tagged for cost allocation:\n\n--tags Key=Environment,Value=prod Key=Project,Value=myapp Key=Owner,Value=team\n\n6. Monitoring from Day 1\n\nDeploy CloudWatch alarms with infrastructure:\n\nBilling alerts (before you get surprised)\nCPU/Memory thresholds\nError rate spikes\nCost Traps\n\nNAT Gateway data processing ($0.045/GB): VPC endpoints are free for S3/DynamoDB. A busy app can burn $500/month on NAT alone.\n\naws ec2 create-vpc-endpoint --vpc-id vpc-xxx \\\n --service-name com.amazonaws.us-east-1.s3 --route-table-ids rtb-xxx\n\n\nEBS snapshots accumulate forever: Automated backups create snapshots that never delete. Set lifecycle policies.\n\naws ec2 describe-snapshots --owner-ids self \\\n --query 'Snapshots[?StartTime<=`2024-01-01`].[SnapshotId,StartTime,VolumeSize]'\n\n\nCloudWatch Logs default retention is forever:\n\naws logs put-retention-policy --log-group-name /aws/lambda/fn --retention-in-days 14\n\n\nIdle load balancers cost $16/month minimum: ALBs charge even with zero traffic. Delete unused ones.\n\nData transfer between AZs costs $0.01/GB each way: Chatty microservices across AZs add up fast. Co-locate when possible.\n\nSecurity Traps\n\nS3 bucket policies override ACLs: Console shows ACL as \"private\" but a bucket policy can still expose everything.\n\naws s3api get-bucket-policy --bucket my-bucket 2>/dev/null || echo \"No policy\"\naws s3api get-public-access-block --bucket my-bucket\n\n\nDefault VPC security groups allow all outbound: Attackers exfiltrate through outbound. Restrict it.\n\nIAM users with console access + programmatic access: Credentials in code get leaked. Use roles + temporary credentials.\n\nRDS publicly accessible defaults to Yes in console: Always verify:\n\naws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Public:PubliclyAccessible}'\n\nPerformance Patterns\n\nLambda cold starts:\n\nUse provisioned concurrency for latency-sensitive functions\nKeep packages small (<50MB unzipped)\nInitialize SDK clients outside handler\n\nRDS connection limits:\n\nInstance\tMax Connections\ndb.t3.micro\t66\ndb.t3.small\t150\ndb.t3.medium\t300\n\nUse RDS Proxy for Lambda to avoid connection exhaustion.\n\nEBS volume types:\n\nType\tUse Case\tIOPS\ngp3\tDefault (consistent)\t3,000 base\nio2\tDatabases (guaranteed)\tUp to 64,000\nst1\tBig data (throughput)\t500 MiB/s\nService Selection\nNeed\tService\tWhy\nStatic site\tS3 + CloudFront\tPennies/month, global CDN\nAPI backend\tLambda + API Gateway\tZero idle cost\nContainer app\tECS Fargate\tNo cluster management\nDatabase\tRDS PostgreSQL\tManaged, Multi-AZ ready\nCache\tElastiCache Redis\tSession/cache, < DynamoDB latency\nQueue\tSQS\tSimpler than SNS for most cases\nSearch\tOpenSearch\tElasticsearch managed\nCLI Essentials\n# Configure credentials\naws configure --profile myproject\n\n# Always specify profile\nexport AWS_PROFILE=myproject\n\n# Check current identity\naws sts get-caller-identity\n\n# List all regions\naws ec2 describe-regions --query 'Regions[].RegionName'\n\n# Estimate monthly cost\naws ce get-cost-forecast --time-period Start=$(date +%Y-%m-01),End=$(date -v+1m +%Y-%m-01) \\\n --metric UNBLENDED_COST --granularity MONTHLY\n\nSecurity & Privacy\n\nCredentials: This skill uses the AWS CLI, which reads credentials from ~/.aws/credentials or environment variables. The skill never stores, logs, or transmits AWS credentials.\n\nLocal storage: Preferences and context stored in ~/aws/ — no data leaves your machine.\n\nCLI commands: All commands shown are read-only by default. Destructive operations (delete, terminate) require explicit user confirmation.\n\nRelated Skills\n\nInstall with clawhub install if user confirms:\n\ninfrastructure — architecture decisions\ncloud — multi-cloud patterns\ndocker — container basics\nbackend — API design\nFeedback\nIf useful: clawhub star aws\nStay updated: clawhub sync" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/aws", "publisherUrl": "https://clawhub.ai/ivangdavila/aws", "owner": "ivangdavila", "version": "1.0.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/aws", "downloadUrl": "https://openagent3.xyz/downloads/aws", "agentUrl": "https://openagent3.xyz/skills/aws/agent", "manifestUrl": "https://openagent3.xyz/skills/aws/agent.json", "briefUrl": "https://openagent3.xyz/skills/aws/agent.md" } }