Cloud Architect
Design and review AWS architectures using Well-Architected pillars, service picks, and reliability patterns while you build or harden production.
Overview
Cloud Architect is an agent skill most often used in Build (also Ship security/perf, Operate infra) that applies the AWS Well-Architected Framework across services, security, reliability, and cost patterns.
Install
npx skills add https://github.com/jeffallan/claude-skills --skill cloud-architectWhat is this skill?
- Six Well-Architected pillars: operational excellence, security, reliability, performance, cost, sustainability
- Covers IaC (CloudFormation, CDK, Terraform), CI/CD, and observability (CloudWatch, X-Ray)
- Reliability patterns: multi-AZ, Auto Scaling, Route 53 health checks, AWS Backup, FIS chaos
- Security stack: IAM, GuardDuty, Security Hub, KMS encryption, VPC controls
- Cost levers: RIs, Savings Plans, Spot, S3 tiering, budgets and allocation tags
- Six Well-Architected Framework pillars documented in the reference
Adoption & trust: 2.7k installs on skills.sh; 9.7k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are shipping on AWS but lack a structured way to choose services, security controls, and reliability patterns that fit a small team budget.
Who is it for?
Indie SaaS or API builders planning or refactoring AWS deployments who want Well-Architected guardrails in-agent.
Skip if: Non-AWS clouds, shallow hello-world tutorials, or teams wanting automated live account audits without human review.
When should I use this skill?
Designing or reviewing AWS systems, choosing services, or applying Well-Architected operational, security, reliability, performance, cost, and sustainability practices.
What do I get? / Deliverables
You get pillar-aligned AWS architecture recommendations spanning IaC, observability, multi-AZ design, encryption, and cost controls you can implement in your stack.
- Pillar-aligned architecture recommendations and service patterns
- Security, reliability, and cost tradeoff notes for the described workload
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Most solo builders first invoke deep AWS reference when shaping backend topology and service choices during Build. Centers on service selection, VPC/IAM, and workload patterns—the backend and platform layer—not frontend polish.
Where it fits
Pick Lambda vs containers and data stores against performance and cost pillars.
Layer IAM, KMS, and GuardDuty expectations before go-live review.
Align CloudWatch, X-Ray, and runbooks with operational excellence.
Plan backups, chaos exercises, and multi-AZ failover for incident readiness.
How it compares
Structured AWS reference skill—not a one-click Terraform generator or generic "draw architecture" chat.
Common Questions / FAQ
Who is cloud-architect for?
Solo developers and small teams building or operating workloads on AWS who need framework-backed architecture guidance inside the agent.
When should I use cloud-architect?
During Build backend design, before Ship when reviewing security and reliability, and in Operate when tuning monitoring, backups, or cost on running AWS resources.
Is cloud-architect safe to install?
It is documentation-style guidance; review the Security Audits panel on this page and never paste production secrets into architecture prompts.
SKILL.md
READMESKILL.md - Cloud Architect
# AWS Architecture Reference Comprehensive guide for AWS services, patterns, and Well-Architected Framework implementation. ## Well-Architected Framework ### Six Pillars 1. **Operational Excellence** - Infrastructure as Code (CloudFormation, CDK, Terraform) - Continuous integration/deployment - Observability (CloudWatch, X-Ray) - Runbooks and playbooks - Game days and failure injection 2. **Security** - Identity and Access Management (IAM) - Detective controls (GuardDuty, Security Hub) - Infrastructure protection (VPC, security groups, NACLs) - Data protection (KMS, encryption at rest/transit) - Incident response automation 3. **Reliability** - Multi-AZ deployments - Auto Scaling groups - Route 53 health checks and failover - Backup and restore (AWS Backup) - Chaos engineering (AWS FIS) 4. **Performance Efficiency** - Right-sizing with Compute Optimizer - Caching strategies (CloudFront, ElastiCache) - Database optimization (RDS Performance Insights) - Serverless architectures - Global content delivery 5. **Cost Optimization** - Reserved Instances and Savings Plans - Spot Instances for fault-tolerant workloads - S3 Intelligent-Tiering and lifecycle policies - Right-sizing recommendations - Cost allocation tags and budgets 6. **Sustainability** - Region selection for renewable energy - Serverless to minimize idle resources - Efficient data storage patterns - Resource utilization optimization ## Core Services Architecture ### Compute **EC2 (Elastic Compute Cloud)** - Instance families: General (t3, m5), Compute (c5), Memory (r5), GPU (p3, g4) - Auto Scaling: Target tracking, step scaling, scheduled scaling - Placement groups: Cluster, partition, spread - Best practices: Use latest generation, right-size, enable detailed monitoring **Lambda** - Invocation models: Synchronous, asynchronous, event source mapping - Concurrency: Reserved, provisioned, burst limits - Layers for shared dependencies - Best practices: Keep functions small, use environment variables, set timeouts **ECS/EKS (Container Services)** - ECS: Fargate for serverless, EC2 for control - EKS: Managed Kubernetes with AWS integration - Service mesh: App Mesh for observability - Best practices: Use Fargate for simplicity, EKS for portability **Elastic Beanstalk** - Managed platform for web apps - Auto-scaling and load balancing included - Support for multiple languages and Docker ### Storage **S3 (Simple Storage Service)** - Storage classes: Standard, IA, One Zone-IA, Glacier, Deep Archive - Lifecycle policies for automatic tiering - Versioning and MFA delete for protection - Cross-region replication for DR - Best practices: Enable versioning, use lifecycle policies, block public access **EBS (Elastic Block Store)** - Volume types: gp3 (general), io2 (IOPS), st1 (throughput), sc1 (cold) - Snapshots to S3 for backup - Encryption by default - Best practices: Use gp3 for most workloads, enable encryption **EFS (Elastic File System)** - NFSv4 file system for shared access - Performance modes: General purpose, Max I/O - Throughput modes: Bursting, provisioned - Best practices: Use lifecycle management, enable encryption **FSx** - FSx for Windows File Server (SMB) - FSx for Lustre (HPC workloads) - FSx for NetApp ONTAP - FSx for OpenZFS ### Database **RDS (Relational Database Service)** - Engines: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora - Multi-AZ for high availability - Read replicas for scalability - Automated backups and point-in-time recovery - Best practices: Use Aurora for performance, enable Multi-AZ, use read replicas **Aurora** - MySQL and PostgreSQL compatible - 5x MySQL, 3x PostgreSQL performance - Global databases for cross-region DR - Serverless v2 for variable workloads - Best practices: Use Aurora Serverless for unpredictable workloads **DynamoDB** - NoSQL key-value and document database - On-demand or provisioned capacity - Global table