aws/agent-toolkit-for-aws
43 skills46.7k installs35.2k starsGitHub
Install
npx skills add https://github.com/aws/agent-toolkit-for-awsSkills in this repo
1Aws IamAWS IAM is a correction-oriented agent skill from the AWS agent toolkit that steers coding agents away from common IAM mistakes during implementation. Solo and indie builders shipping on AWS use it alongside official documentation when designing roles, inline and managed policies, trust relationships, STS sessions, Organizations delegation, and SAML or MFA flows. The skill is not a full IAM tutorial; it is a pitfall checklist for behaviors that models often misstate, including which account records organization handshake events, how console login regions appear in trails, and when session tokens cannot call broader IAM or STS APIs. It fits the build integrations moment when you are wiring least-privilege access for agents, Lambdas, or cross-account deploy roles, and it complements ship-time security reviews without replacing them. Invoke it whenever the task is authorization at the AWS control plane, and skip it for Cognito-only or application permission models.1.7kinstalls2Aws ServerlessAWS Serverless is an agent skill that gives solo builders a vetted Lambda handler template using AWS Lambda Powertools: structured logging with inject_lambda_context, X-Ray tracing on handler and methods, custom metrics including cold starts, and idempotent execution backed by DynamoDB. It fits indie teams shipping APIs or event-driven backends on AWS who want observability and safe retries without reading every Powertools doc first. Use it when you are implementing a new function or refactoring a bare handler into something you can operate confidently. The snippet emphasizes replacing placeholders (domain, table name, process body) while keeping security defaults like log_event=False in production. It is a code pattern skill, not a deploy or IaC workflow—pair it with your SAM/CDK or console deploy process.1.6kinstalls3Aws Cdkaws-cdk is an agent skill from the AWS agent toolkit that teaches solo and indie builders how to prepare AWS CDK environments and projects the right way before writing or deploying stacks. It centers on the bootstrap procedure—what gets created in each account and region, how to run bootstrap safely with qualifiers and permission boundaries, and how to handle cross-account deployment trust. On the application side, it walks through TypeScript and Python project setup: prerequisites, virtual environments where relevant, project layout, tooling like tsx and linters, and everyday synth, diff, and deploy commands. The guidance stresses pinned dependency versions and repeatable builds so agent-assisted edits do not drift across machines. Use it when you are starting a new AWS-backed SaaS or API, moving from console clicks to infrastructure as code, or hitting first-deploy failures because bootstrap was skipped. It pairs with agent workflows that generate stack code but still need a grounded operator checklist for AWS-specific setup steps.1.5kinstalls4Aws ObservabilityAWS Observability is an agent skill bundled with AWS CDK snippets for CloudWatch monitoring aimed at solo builders and small teams running Lambda in production. Use it when you are wiring alarms, composite rules, dashboards, and SNS notifications and want opinionated defaults that reduce flapping—three evaluation periods, two datapoints to alarm, missing data treated as not breaching, one-minute periods, percentage-based error rates instead of raw error counts, and p99 duration thresholds. The skill materializes as construct-level patterns you paste or adapt inside CDK apps rather than a standalone CLI. It sits in Prism’s operate monitoring lane alongside ship-time hardening: you typically adopt it after deploy when incidents and noisy pages become real costs. Quantified defaults in the reference (3/2 M-of-N, 60s period, 5% error rate, 3000 ms p99) are the citable anchors for agents implementing infra as code.1.5kinstalls5Amazon Bedrockamazon-bedrock is an AWS-focused agent skill that treats its bundled reference files as the primary source of truth for fast-moving Bedrock APIs and model IDs. Solo builders shipping AI features use it when invoking foundation models, standing up retrieval with Knowledge Bases, creating Bedrock Agents, applying Guardrails, or deploying through AgentCore. It deliberately excludes custom model training, Rekognition, and Comprehend so scope stays on generative application patterns. The skill emphasizes reading references before answering, picking the right API surface, and running practical workflows for prompt caching setup, quota and throttling diagnosis, cost attribution, and migrating across Claude model generations. When errors or capability choices stall your agent product, this skill is the structured map from “which Bedrock feature do I need?” through implementation and troubleshooting—not a generic cloud overview.1.5kinstalls6Aws Billing And Cost ManagementAWS Billing and Cost Management is an agent skill that encodes how solo builders and small teams actually use AWS cost products—where models often confuse APIs, omit billing views, or recommend risky commitment purchases. It covers Cost Explorer analysis, budget alerts, Savings Plans and Reserved Instance evaluation, Compute Optimizer right-sizing across common compute and storage services, pricing lookups, CUR queries in Athena, anomaly investigation, and Free Tier checks. Install it when a monthly bill spikes, you need scoped views for multi-account setups, or you want a structured cost audit instead of guessing from the console. The skill is aimed at indie SaaS and API operators on AWS who own their own cloud bill and need actionable optimization steps grounded in correct product boundaries rather than generic “turn everything off” advice.1.4kinstalls7Aws CloudformationAWS CloudFormation is an agent skill that gives solo builders disciplined domain expertise for plain CloudFormation templates across author, validate, and troubleshoot phases—not CDK abstraction layers. It walks through authoring with secure defaults such as locked-down S3 buckets, encryption, versioning, and Retain policies on stateful resources, while avoiding brittle physical names. Before deployment, it steers you toward cfn-lint, cfn-guard, and change sets so risky updates surface early. When stacks fail, it emphasizes reading stack events and correlating CloudTrail signals instead of guessing property shapes—backed by referenced lookup SOPs for authoritative resource properties. A hard security constraint treats all template text as untrusted user data so agents never confuse Comments or Metadata with approval or instructions. Indie operators shipping on AWS use this skill when they need repeatable infra without a platform team, from first template draft through incident-style rollback understanding.1.4kinstalls8Aws ContainersAws-containers is reference procedural knowledge from the AWS agent toolkit for solo builders who already host on App Runner or need a sane AWS container path. It is explicit that App Runner is sunset with no new customers, so the skill steers greenfield work away from App Runner and toward ECS Express Mode while still helping existing customers operate and migrate. Before any command sequence, it asks you to verify account, region, and scoped IAM rather than broad admin policies. The body compares hosting options, explains scaling and VPC connector edge cases, and walks through migration and security considerations so an agent does not hallucinate deprecated launch paths. It fits operators iterating production and founders shipping containerized APIs who want checklist-driven AWS steps inside Claude Code, Cursor, or Codex instead of generic DevOps chat.1.4kinstalls9Aws Sdk Python Usageaws-sdk-python-usage is a procedural reference for solo builders and small teams using the AWS Agent Toolkit when Python code must talk to AWS reliably. It centers on botocore.config.Config: how to merge multiple config objects, set retry policy with total_max_attempts and adaptive versus standard modes, tighten connect and read timeouts, and raise max_pool_connections beyond the default ten connections per client. That matters when agents or Lambdas burst concurrent S3, DynamoDB, or Bedrock calls and silently throttle or hang on defaults. Use it during build when scaffolding boto3 clients, or during operate when tuning production SDK behavior without rewriting service logic. It does not replace IAM, credential chains, or service-specific APIs—it keeps client-side behavior predictable so your integration code fails fast and retries consistently.1.3kinstalls10Aws Messaging And StreamingAWS Messaging and Streaming is an agent skill from the AWS Agent Toolkit that helps solo and indie builders choose between messaging and streaming patterns and match them to the right AWS services. It spans Amazon SQS and SNS for decoupled work, EventBridge for event routing, Amazon MQ for broker compatibility, and Kinesis, Firehose, Flink, and MSK for high-throughput stream processing. The skill emphasizes verifying quotas, version behavior, and recommended CloudWatch alarm settings from authoritative sources rather than guessing. Use it when designing async jobs, fan-out notifications, cross-account events, or analytics pipelines on AWS. It fits builders shipping APIs, SaaS backends, or data products who need a structured map before diving into service-specific configuration skills.1.2kinstalls11Aws Sdk Js V3 UsageAWS SDK JS v3 Usage is a reference skill for indie builders shipping Node or browser apps that call AWS APIs through the modular v3 SDK. It focuses on the parts that bite in production: how to set request and connection timeouts on NodeHttpHandler or the newer shorthand config, when to raise maxSockets and enable keepAlive to avoid Smithy socket-capacity warnings, and how browser Fetch differs from Xhr when you need upload progress. Retry guidance covers simple maxAttempts bumps and ConfiguredRetryStrategy for bespoke backoff. The content is configuration-first—not a full service catalog—so your agent stops hallucinating deprecated v2 patterns or missing handler imports. Use it while scaffolding a Lambda worker, a SaaS API layer, or a dashboard that talks to S3 from the browser with the correct handler package.1.2kinstalls12Connecting To Data SourceConnecting to Data Source is an AWS Agent Toolkit skill that documents how solo builders and small teams attach Google BigQuery to AWS Glue for read-oriented ingestion. It explains GCP service account creation, the minimum BigQuery IAM roles, base64-encoding the key for AWS Secrets Manager, and how the Glue BigQuery native connection expects that secret—not a JSON wrapper. The flow suits indie SaaS or data products that land warehouse data in GCP but transform or orchestrate on AWS. It is procedural cloud integration knowledge meant to be executed stepwise with bash and console work, reducing misconfigured auth that blocks Glue jobs. Pair it with your actual job scripts and dataset contracts after the connection exists.1.1kinstalls13Securing S3 BucketsSecuring S3 Buckets is an AWS agent skill that walks solo builders and small teams through Well-Architected S3 hardening in five explicit workflows: provisioning a secure new bucket, auditing an existing configuration, remediating a specific finding, turning on encryption, and enabling logging plus monitoring. It is meant for intentional security work—not everyday object storage, S3 Tables setup, or broad data-asset discovery. The skill routes each request through a classification table, verifies tools and caller identity, and executes changes via the AWS MCP server when connected or the AWS CLI otherwise. You get repeatable guardrails around public access, encryption at rest, logging, and misconfiguration fixes so agents do not improvise one-off shell recipes. Use it when a scanner or checklist surfaced a bucket issue or when you are creating production buckets with defense in depth from day one.1.1kinstalls14Aws AmplifyThe aws-amplify skill is procedural guidance for solo builders using AWS Amplify Gen 2 who already have auth and data on `defineBackend` and want managed AI in the same schema. It explains how to pick models for multi-turn `a.conversation()` routes versus single-shot `a.generation()` routes, including the hard split that generation routes only accept Anthropic Claude while conversations can use the broader supported model list from Amplify docs. You learn the human-readable `a.ai.model()` string pattern and when to fall back to raw Bedrock model IDs via `aiModel: { resourcePath: '...' }`, plus regional availability and console steps when Bedrock returns access denied. The readme is backend-first—schema snippets in TypeScript—not a full greenfield Amplify tutorial, so it pairs best with an existing Amplify app shipping agent or SaaS features that need server-side LLM calls without hand-rolling Bedrock clients.1.1kinstalls15Storing And Querying VectorsStoring and Querying Vectors is an AWS agent skill that teaches solo builders how to use Amazon S3 Vectors as the durable foundation for embeddings when a managed in-memory vector database is overkill or over budget. It explains when subsecond to roughly 100 millisecond query latency is acceptable, how strong consistency helps RAG pipelines see freshly ingested chunks, and how to choose between per-tenant indexes and a shared index filtered by metadata. The batch ingestion section is practical for indie scale-ups: group up to five hundred vectors per PutVectors request, parallelize workers, and backoff on ServiceUnavailableException instead of hammering the API. Multi-tenant guidance helps you decide whether strict isolation or simpler operations matter more for your SaaS or agent product. The skill is pattern-oriented rather than a single deploy script, so you still wire IAM, bucket policies, and application query code yourself. Use it while designing backend retrieval for Claude or Cursor-powered features on AWS, then pair with your framework’s embedding job for the actual vector generation.1.1kinstalls16Creating Secrets Using Best PracticesCreating Secrets Using Best Practices is an AWS agent skill that walks solo builders and small teams through a disciplined Secrets Manager workflow instead of pasting credentials into env files or console forms. It expects explicit inputs—secret name, description, type (database, api-key, oauth, custom), value structure, region, and optional KMS, rotation, principals, and tags—so the agent batches questions once rather than improvising insecure defaults. The procedure emphasizes encryption at rest with customer-managed KMS keys, enabling rotation on a sensible cadence, scoping who can read secrets via IAM, and pairing changes with observable audit trails. For indie SaaS and API products shipping on AWS, this skill turns ad-hoc secret handling into a repeatable security artifact you can reuse across staging and production, which matters when you are the only person on call for leaks, key rotation, and compliance questions.1.1kinstalls17Connecting Lambda To Api GatewayConnecting Lambda to API Gateway is an agent skill packaged as a standard operating procedure for Amazon Web Services. It targets solo and indie builders who already have a Lambda function and need a repeatable way to stand up a REST API Gateway in front of it without walking the console step by step. The skill expects the agent to ask for all required parameters at once—function name and API name are mandatory—and supports direct chat input or values from AWS configuration files. You can tune deployment stage, resource path, HTTP verb, IAM or other authorization modes, API keys, and cross-origin settings. The workflow is intentionally scoped to HTTP-based invocation of one existing function, making it a practical Build-phase integration task when you are shipping serverless APIs, webhooks, or agent backends on AWS.1kinstalls18Troubleshooting Application FailuresTroubleshooting Application Failures is an AWS agent skill that walks you through a standard operating procedure for apps that are failing in production. You supply the application name and AWS region, optionally widen or narrow the CloudWatch lookback in hours, and the skill only proceeds once required parameters are confirmed. It verifies that call_aws is available, discovers log groups tied to your app, hunts for error signatures and exceptions in the window, and synthesizes recommendations aligned with what the logs actually show. Solo builders and small teams shipping APIs or SaaS on AWS get a repeatable agent-driven path from “something broke” to log-backed next steps instead of ad-hoc CLI guessing. It fits the operate phase when uptime and fast mean-time-to-understanding matter more than feature work.1kinstalls19Querying Data LakeQuerying Data Lake is an agent skill that packages common Presto and Amazon Athena SQL patterns for solo builders and small teams who already land data in S3-backed lakes. It walks you through safe discovery—column types, quick counts, earliest and latest timestamps—and insists you sample a few rows before expensive scans. Profiling helpers include null-rate checks so you do not ship dashboards on hollow fields. For growth work, it supplies a cohort retention template that joins first-activity cohorts to monthly activity and reports retention at 0, 1, 3, and 6 months. Use it when your agent needs concrete SQL stubs instead of inventing syntax, when you are validating a new external table, or when you are answering retention questions from raw event tables. It does not replace IAM, Glue catalog setup, or cost controls; it accelerates the query layer once those exist.1kinstalls20Exploring Data CatalogExploring Data Catalog is an AWS Agent Toolkit skill that guides systematic discovery of organizational data assets across Glue Data Catalog, S3 Tables, Redshift-federated catalogs, and remote Iceberg endpoints. It mandates a consistent deliverable: catalog landscape counts, executive totals, per-database inventories, unregistered S3 Tables that Athena cannot see, schema and storage analysis (formats, partitions, S3 locations), and actionable recommendations. Column typing and null-rate quality tiers help solo builders and small data teams decide which tables are safe for metrics versus exploratory joins. The skill fits build work when you integrate agents, BI, or ETL against AWS—not as a substitute for business validation of which metrics matter. Use it when standing up lakehouse queries, documenting a messy account, or prior to optimization work; pair with validation when choosing which datasets back a customer-facing feature.1kinstalls21Creating Data Lake TableCreating Data Lake Table is an AWS Agent Toolkit skill focused on S3 Tables access control and prerequisites for creating tables in a lakehouse-style stack. Solo builders and small teams use it when an AI coding agent must emit correct least-privilege bucket policies, identity-based Glue policies, and KMS grants instead of copying overly broad AdministratorAccess templates. The documented surface covers s3tables and glue action sets, mandatory catalog root ARNs for federated resolution, and optional encryption paths when buckets use SSE-KMS. It points to companion docs for Glue ETL job roles and current AWS identity-based policy search terms. Install it when you are wiring Iceberg-style tables on S3 Tables and need agent-safe, auditable IAM snippets aligned with AWS’s current access-management model.1kinstalls22Ingesting Into Data LakeIngesting Into Data Lake is an AWS Agent Toolkit skill that walks solo builders through a lightweight data-lake load using Amazon Athena INSERT INTO instead of a full Glue ETL job. It assumes source files already live in S3 and focuses on creating a temporary external table—whether row-delimited CSV with header skip, JSON via JsonSerDe, or columnar Parquet or ORC—then transforming and inserting into a cataloged namespace table with explicit casts, date parsing, and null guards. For indie SaaS teams shipping analytics on AWS, this is the pragmatic path when volume and complexity do not justify pipeline infrastructure yet. The skill points to type-transformations.md for richer conversion patterns and shows how to kick queries from the CLI. Use it in Claude Code or Cursor when your agent needs copy-paste SQL structure rather than guessing Athena DDL. Complexity sits at intermediate: you need catalog, bucket, and IAM basics, but the workflow is a short two-step ritual.1kinstalls23Finding Data Lake Assetsfinding-data-lake-assets is an AWS Agent Toolkit skill that acts as a resolver for data lake and lakehouse references. Solo builders and small teams use it when someone asks where a dataset lives, which table matches a keyword, or what catalog entry owns an S3 prefix—without launching a heavyweight exploration session. It accepts a single argument (name, keyword, column, or path), demands a region when missing, and clarifies ambiguous targets before searching. The workflow favors AWS MCP tools when available, with fallback execution paths described in the skill body. It complements—not replaces—exploring-data-catalog, querying-data-lake, and creating-data-lake-table. Primary placement is Build integrations while wiring agents, ETL, or analytics features; it also helps Operate when debugging production data location questions.1kinstalls24Troubleshooting S3 Filestroubleshooting-s3-files is an AWS-focused agent skill that walks operators through classifying and fixing Amazon S3 Files problems—from missing mount clients and security-group timeouts to IAM access denied, synchronization gaps, conflict handling, and slow I/O. It mandates verifying the AWS CLI s3files subcommand and credentials up front without running mutating commands during checks, then routes each symptom into installation, networking, permissions, or data-path categories consistent with AWS user guide troubleshooting. Solo builders running EC2 or hybrid workloads that mount S3 as a POSIX-like filesystem invoke it when mounts fail silently, changes never reach the bucket, or files land in lost+found. The skill emphasizes explaining steps, confirming write operations with the human, and linking authoritative AWS docs rather than guessing bucket policies from memory.1kinstalls25Connecting Lambda To Dynamodbconnecting-lambda-to-dynamodb is domain expertise from the AWS agent toolkit for hooking Lambda functions to DynamoDB tables. It targets solo builders and small teams shipping event-driven serverless backends who need a reliable checklist instead of piecing together IAM, streams, and mappings from scattered docs. The skill directs the agent to follow an exact connection procedure covering execution roles, function deployment assumptions, stream enablement, and event source mapping so changes actually trigger your handler. Troubleshooting sections cover the usual failures: mappings that look fine but never fire, permission denied from missing managed policies, and timeouts that need batch or timeout tuning. Use it when you are implementing change-data-capture style workflows, processing table updates in Lambda, or standing up a new integration in AWS. It is procedural infrastructure work—best invoked while the architecture is still being wired, before you depend on the pipeline in production.1kinstalls26Configuring Vpc Endpoints For Private Aws Service AccessConfiguring VPC Endpoints for Private AWS Service Access is an AWS Agent Toolkit standard operating procedure that walks an agent through creating VPC endpoints for private connectivity to AWS APIs and PrivateLink services. Solo builders and small teams use it when hardening a VPC so application subnets never send management or data-plane traffic over the public internet. The flow expects required inputs (VPC ID, subnets for interface endpoints, target service names) and optional routing, security group, and policy overrides. It begins with a dependency check that confirms the call_aws tool and AWS CLI context, tells the user that real API calls will run, and offers to stop if tooling is missing. Remaining steps follow the SOP to stand up the right endpoint types per service, attach security and DNS settings, and align route tables for gateway endpoints. It fits operate-phase infra work alongside existing VPCs and pairs with broader AWS toolkit skills for security groups, NAT, and private subnet design.978installs27Debugging Lambda TimeoutsDebugging Lambda Timeouts is an agent skill packaged as a standard operating procedure for solo builders and small teams running functions on AWS. When invocations fail with timeout errors, the skill walks through dependency checks, function configuration, CloudWatch logs and metrics over a user-defined time window, and common failure modes such as slow downstream APIs, connection pooling issues, and undersized timeout or memory settings. Supply the function name and region up front; optionally pass recent code so the agent can tie metrics to implementation patterns. The workflow is built for Claude Code, Cursor, Codex, and similar coding agents that can call AWS tooling or guide you through CLI steps. It fits the Operate phase when you need fast, repeatable incident response without guessing which knob to turn first.978installs28Launching Ec2 Instance With Best PracticesLaunching EC2 Instance with Best Practices is an AWS Agent Toolkit SOP skill that walks solo builders and small teams through provisioning EC2 without skipping security or tagging steps. The agent must collect required inputs—at minimum workload_type and region—plus optional environment, VPC, and subnet before proceeding, mirroring how experienced cloud engineers gate unsafe launches. It maps workload intent (web-server, database, bastion-host, and similar) to sizing and hardening patterns, IAM role attachment, and subnet selection when you omit network IDs. Use it in Operate when standing up VMs for backends, bastions, or batch jobs where default-console clicks leave gaps. It is procedural cloud knowledge packaged for Claude Code-style agents with AWS API access, not a one-click Terraform module—pair with your org change-management rules for production accounts.969installs29Setting Up Cloudwatch Alarm NotificationsSetting Up CloudWatch Alarm Notifications is an AWS agent skill that walks a solo builder through connecting existing or new CloudWatch alarms to Amazon SNS delivery channels. You specify which alarm to watch, how you want to be notified (email, SMS, webhook, Lambda, or SQS), and the destination endpoint, with optional control over topic naming and region. The workflow begins by confirming the call_aws tool is present—checking only, not executing—so you do not trigger charges or changes before you are ready. It fits indie operators who already run workloads on AWS and need reliable paging without living in the SNS console. Use it when an alarm exists but nobody gets paged, when you are standardizing on one SNS topic per service, or when you are adding SMS or webhook hooks to an on-call setup you manage yourself.966installs30Creating Api Gateway StageCreating API Gateway Stage is an AWS Agent Toolkit standard operating procedure that walks an agent through standing up a named API Gateway stage on an existing REST API and deployment. Solo and indie builders shipping serverless or API-backed SaaS use it when they need repeatable prod, test, or dev stages with execution logs, detailed metrics, throttling, and optional WAF without hand-rolling CLI sequences each time. The flow verifies that call_aws is available, then follows constrained steps for logging configuration, tracing, and security association. It targets operators who already have a REST API ID and deployment ID and want infrastructure-as-conversation consistency. It is not a substitute for API design, OpenAPI authoring, or full CI/CD pipeline setup—it completes the stage layer after you have an API and deployment ready to expose.965installs31Setting Up Ec2 Instance ProfilesSetting Up EC2 Instance Profiles is an agent skill that walks a solo builder through granting an EC2 instance secure access to AWS services using IAM roles and instance profiles. It is for anyone shipping on EC2 who needs S3, DynamoDB, SQS, Lambda, or CloudWatch without baking access keys into code or env files. The workflow starts by confirming instance ID, region, the comma-separated services the workload needs, and an optional role name, then verifies the instance, designs permissions, creates or reuses the role, attaches the profile, and validates access. Use it when provisioning a new server, tightening permissions after an audit, or migrating off long-lived keys. For Prism’s journey, it bridges Build integrations (app needs AWS APIs) and Operate infra (least-privilege on live hosts), with Operate as the primary shelf because the outcome is durable production security posture.935installs32Routing Traffic With Route53 And CloudfrontRouting Traffic With Route53 And Cloudfront is an AWS agent SOP for indie builders who already have a CloudFront distribution and need a repeatable, safe DNS cutover on a custom domain. The workflow systematically verifies prerequisites, finds or creates a Route 53 hosted zone, attaches alternate domain names on the distribution, and creates alias records—including optional IPv6 AAAA records when enabled. It insists on collecting required parameters upfront in one prompt and validating distribution IDs and domain formats before mutating infrastructure, which reduces the classic solo-builder failure mode of partial DNS updates or mismatched CNAMEs. Default region handling targets us-east-1 for Route 53 operations unless overridden. Use it during Ship when connecting your branded URL to static or dynamic origins behind CloudFront, not for application code changes or unrelated CDN tuning.931installs33Enabling Lambda Vpc Internet AccessEnabling Lambda VPC Internet Access is an AWS agent skill that walks a solo builder or small team through giving internet egress to a Lambda already placed in a VPC subnet that cannot reach the internet today. Because functions in a VPC do not receive public addresses, the documented path is NAT Gateway infrastructure that routes private subnet traffic outbound. The skill behaves like a standard operating procedure: it insists on required parameters—primarily the Lambda function name or ARN, with an optional availability zone—collected in a single upfront prompt rather than drip-fed questions, and it accepts text, files, URLs, or other user-preferred input channels before confirming acquisition and persisting context for later steps. Early steps verify that call-style AWS tooling is present in the agent context so work does not stall mid-change. For indie builders shipping serverless APIs or workers that must call third-party HTTPS APIs from inside a VPC, this skill reduces guesswork around AZ alignment, dependency checks, and the ordered sequence of networking changes compared to ad-hoc console clicking.914installs34Aws Sdk Swift UsageAws-sdk-swift-usage is an agent skill that keeps Swift + AWS code on the supported path in aws-sdk-swift. Solo builders shipping iOS or server-side Swift products often hit deprecated configuration classes and async lifecycle mistakes; this skill encodes the fixes: @main async entry, struct-based S3Client.S3ClientConfig and DynamoDBClient.DynamoDBClientConfig with region set correctly, and model types under each service’s ClientTypes namespace. It is narrowly scoped to coding patterns—not account setup, IAM design, or deployment—so it fits when your agent is already implementing S3, DynamoDB, STS, or similar calls. Intermediate complexity assumes you have a Swift target and AWS credentials resolved elsewhere in your stack.912installs35Creating Production Vpc Multi Azcreating-production-vpc-multi-az guides indie builders and small teams through AWS VPC creation that survives real traffic: named VPC, environment tags, region selection, and subnets stretched across multiple Availability Zones for fault isolation. The workflow expects explicit inputs such as `vpc_name`, `environment`, `region`, and `allowed_web_cidrs`, with sensible defaults for CIDR block and AZ count while capping AZ spread between two and six. It pairs internet-facing and private tiers with NAT so backends can reach the internet safely, and it nudges agents toward restrictive CIDR allowlists instead of open-world security group rules unless the user insists otherwise. Optional SSH access stays off by default with a private-range CIDR when enabled. Before any AWS calls, the skill mandates a dependency check for the `call_aws` tool without running it prematurely—reducing half-provisioned failures in agent-driven deploys. Use it when you are moving from a single-AZ experiment to production networking on AWS.903installs36Aws TransformAWS Transform is an agent skill for the AWS Transform (ATX) CLI, aimed at solo builders and small teams who must upgrade runtimes, migrate AWS SDKs, modernize frameworks, or roll consistent refactors across many repositories without hand-editing every file. The skill introduces itself on activation, then guides inspection of repositories, matching available transformation definitions, gathering required configuration, and executing either local mode for a handful of repos or remote mode when cloud-scale Batch/Fargate execution is appropriate—with explicit user consent before infrastructure is deployed. It covers performance-oriented changes, documentation generation from codebases, and custom transformations described in natural language. Intermediate-to-advanced users benefit most when they already target AWS and need repeatable migration playbooks rather than one-off chat suggestions.899installs37Exporting Rds To S3Exporting RDS to S3 is an AWS agent skill that walks a solo builder or small team through the native snapshot export path from Amazon RDS or Aurora into Amazon S3 as Apache Parquet. It is built for operational moments when you need analytics-ready copies, compliant archival, migration staging, or cost-aware long-term storage—not for everyday application CRUD. The skill enforces a parameter-gathering gate up front (database identifier, region, bucket, and related AWS settings), then covers IAM permissions, KMS encryption, bucket preparation, export initiation, monitoring, and verification. Use it when you already run RDS or Aurora in AWS and want repeatable exports without hand-rolling CLI steps each time. It assumes comfort with AWS consoles or CLI outcomes the agent drives on your behalf, and it stays focused on export mechanics rather than schema design or ETL job authoring.892installs38Creating Amazon Aurora Db Cluster With InstancesCreating Amazon Aurora DB Cluster with Instances is an AWS Agent Toolkit procedural skill that walks a solo builder through a complete Aurora setup using standardized parameters and ordered steps. You define cluster and instance identifiers, engine family, master username, and optional networking, backup, and encryption settings; the workflow emphasizes Secrets Manager for passwords instead of hard-coding credentials. It targets indie builders shipping SaaS or API backends on AWS who need repeatable, agent-executable infrastructure tasks rather than clicking through the console ad hoc. Use it when you are standing up relational storage during build—before application code can safely connect—or when refreshing staging clusters with the same guardrails as production. The SOP framing makes outcomes auditable for agents: verify inputs, create cluster, add instance, and monitor until the endpoint is ready.889installs39Connecting Vpcs With PeeringConnecting VPCs with peering is an AWS agent-toolkit standard operating procedure for indie builders and small teams who need private traffic between two VPCs without exposing services publicly. The skill walks through peering initiation and acceptance, route propagation, DNS options, and validation, with explicit parameters for requester and accepter VPCs, regions, and cross-account acceptance behavior. It is aimed at agents executing infrastructure changes methodically rather than improvising console clicks. Default flags favor DNS resolution and auto-accept where same-account policies allow. Use when you are integrating staging and production networks, linking shared services VPCs to app VPCs, or enabling cross-region private links. Complexity is advanced because mistakes affect routing, security groups, and blast radius across accounts.888installs40Creating Ec2 Image Builder PipelineCreating EC2 Image Builder Pipeline is an AWS-focused agent skill that walks a solo builder through provisioning and running EC2 Image Builder end to end: IAM, a build component, an image recipe, infrastructure and distribution settings, the pipeline resource, an execution run, and a launch template bound to the output AMI. It is meant for operators who need repeatable golden images without clicking through the console resource by resource. The skill enforces gathering parameters in one shot—region is mandatory; pipeline prefix, component metadata, instance type, distribution region, and semantic version are configurable with sensible defaults. That structure suits indie teams standardizing bake-time tooling (such as AWS CLI v2) before scaling instances. It pairs with broader AWS agent-toolkit patterns and assumes you already have AWS credentials and console/API access in the target account.874installs41Setting Up Cloudtrail Multi RegionSetting Up CloudTrail Multi-Region is an AWS agent-toolkit skill that walks solo builders and small teams through a strict, step-sequenced SOP to enable organization-wide API logging. You supply a trail name, globally unique S3 bucket, home region, and optional CloudWatch log group, data-event toggles, Insights, KMS encryption, and resource tags. The procedure emphasizes executing every step in order—critical for trails, bucket policies, and log delivery that are easy to misconfigure when rushed. Optional data events and Insights are flagged as cost-sensitive premium choices so indies do not accidentally balloon spend. The outcome is centralized CloudTrail storage plus Logs Insights readiness for security monitoring, compliance evidence, and post-incident API forensics. Best after you already deploy on AWS and need audit visibility across regions, not as a substitute for application-level logging or SIEM design.872installs42Troubleshooting EfsTroubleshooting EFS is an AWS agent-toolkit skill that gives solo operators a structured playbook when Amazon Elastic File System misbehaves in production. It covers the classic failure modes: wrong fs type from a missing client, mounts that hang for minutes pointing at security groups, server-side access denied from POSIX or IAM posture, and performance pain from throughput modes or exhausted burst credits. The SKILL.md enforces a safety-first rhythm—verify aws and NFS utilities exist without mutating anything, explain each step, and confirm before write operations. That makes it a strong fit for indie teams running shared storage on EC2, EKS, or batch workers who need checklist discipline instead of guessing at nfs4 mount strings. It is narrowly scoped to EFS domain expertise rather than general AWS support, so agents stay on-doc and cite AWS troubleshooting guides while narrowing the blast radius of automated fixes.841installs43Aws CleanroomsAWS Cleanrooms is a phase-specific agent skill from the AWS agent toolkit that walks through CloudWatch log publishing failures for Amazon Clean Rooms ML custom model training and inference. Indie builders and small teams running privacy-preserving ML collaborations use it when jobs look healthy in the console but logs never land where operators expect. The procedure is deliberately rigid: confirm caller identity and region, resolve the correct resource via get-trained-model or get-trained-model-inference-job (with list fallbacks), then continue through the documented verification steps. It is not a general Clean Rooms tutorial—it is a debugging runbook that expects you already have membership_id, region, and optionally a trained model or inference job ARN. Outcomes are actionable hypotheses tied to AWS API responses rather than ad-hoc console clicking.745installs