home / skills / doanchienthangdev / omgkit / aws

aws skill

needs review

/plugin/skills/devops/aws

This skill helps you design and deploy AWS infrastructure using Lambda, S3, DynamoDB, ECS, and CDK with best practices.

npx playbooks add skill doanchienthangdev/omgkit --skill aws

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

3.5 KB

---
name: Deploying to AWS
description: The agent implements AWS cloud solutions with Lambda, S3, DynamoDB, ECS, and CDK infrastructure as code. Use when building serverless functions, deploying containers, managing cloud storage, or defining infrastructure as code.
---

# Deploying to AWS

## Quick Start

```typescript
// Lambda handler
import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';

export const handler = async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
  const { id } = event.pathParameters || {};
  return {
    statusCode: 200,
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ id, message: 'Success' }),
  };
};
```

```bash
# Deploy with CDK
npx cdk deploy --all
```

## Features

| Feature | Description | Guide |
|---------|-------------|-------|
| Lambda | Serverless function execution | Use for APIs, event processing, scheduled tasks |
| S3 | Object storage with presigned URLs | Store files, serve static assets, data lakes |
| DynamoDB | NoSQL database with single-digit ms latency | Design single-table schemas with GSIs |
| ECS/Fargate | Container orchestration | Run Docker containers without managing servers |
| API Gateway | REST and WebSocket API management | Throttling, auth, request validation |
| CDK | Infrastructure as TypeScript code | Define stacks, manage deployments programmatically |

## Common Patterns

### S3 Presigned Upload URL

```typescript
import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3';
import { getSignedUrl } from '@aws-sdk/s3-request-presigner';

const s3 = new S3Client({});

async function getUploadUrl(key: string, contentType: string): Promise<string> {
  const command = new PutObjectCommand({ Bucket: process.env.BUCKET!, Key: key, ContentType: contentType });
  return getSignedUrl(s3, command, { expiresIn: 3600 });
}
```

### DynamoDB Single-Table Pattern

```typescript
import { DynamoDBDocumentClient, QueryCommand } from '@aws-sdk/lib-dynamodb';

// pk: USER#123, sk: PROFILE | ORDER#timestamp
async function getUserWithOrders(userId: string) {
  const result = await docClient.send(new QueryCommand({
    TableName: process.env.TABLE!,
    KeyConditionExpression: 'pk = :pk',
    ExpressionAttributeValues: { ':pk': `USER#${userId}` },
  }));
  return result.Items;
}
```

### CDK Stack Definition

```typescript
import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';

const table = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING },
  sortKey: { name: 'sk', type: dynamodb.AttributeType.STRING },
  billingMode: dynamodb.BillingMode.PAY_PER_REQUEST,
});

const fn = new lambda.Function(this, 'Handler', {
  runtime: lambda.Runtime.NODEJS_20_X,
  handler: 'index.handler',
  code: lambda.Code.fromAsset('dist'),
  environment: { TABLE_NAME: table.tableName },
});

table.grantReadWriteData(fn);
```

## Best Practices

| Do | Avoid |
|----|-------|
| Use IAM roles, never access keys in code | Hardcoding credentials or secrets |
| Enable encryption at rest and in transit | Exposing S3 buckets publicly |
| Tag resources for cost tracking | Over-provisioning resources |
| Use environment variables for config | Skipping CloudWatch alarms |
| Implement least-privilege IAM policies | Using root account for deployments |
| Enable X-Ray tracing for debugging | Synchronous invocations for long tasks |
| Use VPC for sensitive workloads | Ignoring backup and disaster recovery |

Overview

This skill implements AWS cloud solutions using Lambda, S3, DynamoDB, ECS/Fargate, API Gateway, and CDK infrastructure-as-code. It helps you build serverless functions, manage object storage, design single-table NoSQL schemas, deploy containers, and define reproducible stacks in TypeScript. The focus is on practical patterns, deployable code, and secure defaults.

How this skill works

The skill provides TypeScript examples and CDK constructs to define and deploy AWS resources programmatically. It includes Lambda handlers, S3 presigned upload patterns, DynamoDB single-table queries, and ECS/CDK snippets to wire permissions and environment variables. Use the CDK CLI to synthesize and deploy stacks (for example: npx cdk deploy --all).

When to use it

Building REST APIs or event-driven processing with serverless Lambda functions
Serving and ingesting files via S3 with presigned upload/download URLs
Storing and querying user- or event-driven data with DynamoDB single-table design
Running containerized services without server management using ECS/Fargate
Defining repeatable infrastructure and deployments using CDK in TypeScript

Best practices

Use IAM roles and least-privilege policies; never hardcode credentials in code
Keep config in environment variables and secrets managers, not source
Enable encryption at rest/in transit, tagging, and CloudWatch alarms for observability
Design DynamoDB access patterns up front (single-table with GSIs) to avoid hot partitions
Grant Lambda functions only the specific table/bucket permissions they need

Example use cases

API backend: Lambda + API Gateway for CRUD, DynamoDB as the single-table datastore
File upload service: generate S3 presigned URLs for client direct uploads
Batch processing: ECS/Fargate workers pulling tasks from SQS and writing to DynamoDB
Real-time features: WebSocket API Gateway with Lambda handlers and DynamoDB state
Infrastructure CI/CD: CDK stacks in TypeScript to provision dev/staging/production

FAQ

How do I deploy the TypeScript CDK stacks?

Build your TypeScript assets, then run npx cdk deploy --all from the project root to synthesize and deploy stacks.

Where should I store secrets and credentials?

Use AWS Secrets Manager or SSM Parameter Store and attach IAM roles to resources; avoid embedding keys in code or environment files.