Creating Amazon Aurora Db Cluster With Instances
Provision a production-ready Amazon Aurora cluster and instance from an agent-guided SOP with Secrets Manager passwords and status polling.
Overview
Creating Amazon Aurora DB Cluster with Instances is an agent skill for the Build phase that provisions an Amazon Aurora cluster plus instance via a documented AWS SOP with Secrets Manager and status retries.
Install
npx skills add https://github.com/aws/agent-toolkit-for-aws --skill creating-amazon-aurora-db-cluster-with-instancesWhat is this skill?
- Two-step SOP: create empty Aurora cluster, then attach a queryable DB instance
- Supports aurora-mysql and aurora-postgresql with optional engine version and instance class (default db.t3.medium)
- Master credentials via AWS Secrets Manager with encryption-at-rest (default on) and optional KMS key
- Configurable VPC security groups, subnet group, backup retention (default 7 days), and maintenance/backup windows
- Includes prerequisite verification and retry logic while waiting for cluster/instance availability
- Default backup retention period: 7 days
- Default instance class: db.t3.medium
- Storage encrypted defaults to enabled
Adoption & trust: 889 installs on skills.sh; 819 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need a queryable Aurora database on AWS but do not have a repeatable, credential-safe procedure your coding agent can execute end to end.
Who is it for?
Solo builders deploying Aurora MySQL or PostgreSQL on AWS with defined VPC/subnet groups and who want agent-runnable infrastructure steps.
Skip if: Local-only development databases, non-AWS engines, or teams that already manage Aurora exclusively through Terraform/CloudFormation with no agent-driven changes.
When should I use this skill?
User needs to create or recreate an Amazon Aurora cluster and database instance on AWS with documented parameters and monitoring.
What do I get? / Deliverables
You get a configured Aurora cluster and instance with encryption, backup defaults, and monitored readiness so the app layer can connect using Secrets Manager–managed credentials.
- Running Aurora cluster and attached DB instance
- Secrets Manager–backed master credentials configuration
Recommended Skills
Journey fit
Database provisioning is a core integration step while building the product backend on AWS. The skill is an AWS API workflow for RDS Aurora—fits integrations rather than generic frontend or docs work.
How it compares
Use this SOP-style agent skill for guided RDS API steps instead of guessing boto3 calls in unstructured chat.
Common Questions / FAQ
Who is creating-amazon-aurora-db-cluster-with-instances for?
Indie and solo developers building on AWS who want their agent to create Aurora clusters and instances with consistent parameters and secret handling.
When should I use creating-amazon-aurora-db-cluster-with-instances?
During Build when wiring backend data stores, or when spinning up staging/production Aurora after networking (security groups, subnet group) is ready.
Is creating-amazon-aurora-db-cluster-with-instances safe to install?
Review the Security Audits panel on this Prism page and your org’s AWS IAM policies before granting the agent rights to create RDS resources and read Secrets Manager.
SKILL.md
READMESKILL.md - Creating Amazon Aurora Db Cluster With Instances
# Create Aurora Database Cluster with Instance ## Overview This SOP creates a complete Amazon Aurora database setup by first creating an empty Aurora cluster, then adding a database instance to make it queryable. The SOP uses AWS Secrets Manager for password management and includes proper status monitoring with retry logic. ## Parameters - **cluster_identifier** (required): Unique identifier for the Aurora cluster - **instance_identifier** (required): Unique identifier for the Aurora instance - **engine** (required): Database engine type (aurora-mysql or aurora-postgresql) - **engine_version** (optional): Specific engine version to use - **master_username** (required): Master username for the database - **instance_class** (optional, default: db.t3.medium): Instance class for the database instance (e.g., db.r6g.large) - **database_name** (optional): Name of the initial database to create - **vpc_security_group_ids** (optional): Comma-separated list of VPC security group IDs - **db_subnet_group_name** (optional): Name of the DB subnet group - **backup_retention_period** (optional, default: 7): Number of days to retain backups - **preferred_backup_window** (optional): Preferred backup window in UTC - **preferred_maintenance_window** (optional): Preferred maintenance window - **storage_encrypted** (optional, default: true): Enable encryption at rest for the database - **kms_key_id** (optional): KMS key ID for encryption (uses default if not specified) ## Steps ### 1. Verify Dependencies Check for required tools and warn the user if any are missing. Constraints: - You MUST verify the following tools are available in your context: `call_aws` - You MUST inform the user about any missing tools with a clear message - You MUST ask if the user wants to proceed anyway despite missing tools - You MUST respect the user's decision to proceed or abort ### 2. Validate AWS Credentials and Permissions Verify that AWS credentials are configured and have necessary permissions. Constraints: - You MUST check current AWS identity using `aws sts get-caller-identity` - You MUST verify the user has permissions to create RDS clusters and instances - You SHOULD inform the user about the AWS account and region being used - You MUST abort if credentials are not properly configured - You MUST NOT retrieve or display the actual password value because passwords should never be exposed in logs or outputs ### 3. Create Aurora Database Cluster Create the Aurora cluster with the specified configuration. Constraints: - You MUST use `call_aws` to create the cluster with: `aws rds create-db-cluster --db-cluster-identifier {cluster_identifier} --engine {engine} --master-username {master_username} --manage-master-user-password --master-user-secret-kms-key-id alias/aws/secretsmanager --storage-encrypted` - You MUST add `--kms-key-id {kms_key_id}` if kms_key_id parameter is provided - You MUST add `--no-storage-encrypted` only if storage_encrypted is explicitly set to false (encryption is recommended for production) - You MUST NOT use any password-related parameters like `--master-user-password` because managed passwords from Secrets Manager must be used exclusively - You SHOULD include optional parameters like `--engine-version`, `--database-name`, `--vpc-security-group-ids`, `--db-subnet-group-name`, `--backup-retention-period`, `--preferred-backup-window`, `--preferred-maintenance-window` if provided - You MUST capture the cluster creation response for monitoring purposes ### 4. Monitor Cluster Creation Status Wait for the cluster to become available before creating the instance. Constraints: - You MUST use `call_aws` to check cluster status with: `aws rds describe-db-clusters --db-cluster-identifier {cluster_identifier}` - You MUST retry status checks using only the `call_aws` tool and MUST NOT use any system tools for waiting or sleeping because system tools are not available in this context - You MUST check the cluster status by making repeated `cal