playbooks

home / skills / partme-ai / full-stack-skills / cloud-aws-s3

cloud-aws-s3 skill

/skills/cloud-aws-s3

This skill provides comprehensive guidance for AWS S3 setup, bucket management, access control, and storage optimization.

npx playbooks add skill partme-ai/full-stack-skills --skill cloud-aws-s3

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
647 B
---
name: cloud-aws-s3
description: Provides comprehensive guidance for AWS S3 including bucket creation, object storage, access control, and S3 management. Use when the user asks about AWS S3, needs to store files in S3, configure S3 buckets, or work with S3 storage.
license: Complete terms in LICENSE.txt
---

## When to use this skill

Use this skill whenever the user wants to:
- [待完善:根据具体工具添加使用场景]

## How to use this skill

[待完善:根据具体工具添加使用指南]

## Best Practices

[待完善:根据具体工具添加最佳实践]

## Keywords

[待完善:根据具体工具添加关键词]

Overview

This skill provides comprehensive, practical guidance for working with AWS S3. It covers bucket creation, object storage patterns, access control (IAM and bucket policies), lifecycle management, and common management tasks. The content is aimed at developers and operators who need clear, actionable steps for storing and securing data in S3.

How this skill works

The skill explains how to create and configure S3 buckets, upload and manage objects, and apply access controls using IAM roles, policies, and ACLs. It details versioning, encryption options (SSE-S3, SSE-KMS), and lifecycle rules for cost optimization. It also highlights common operational tasks like logging, monitoring, and cross-region replication.

When to use it

  • Setting up new object storage for web, backup, or data lakes
  • Configuring secure access for applications, users, or cross-account access
  • Implementing lifecycle rules to transition or expire objects for cost control
  • Enabling versioning and replication for data protection and disaster recovery
  • Troubleshooting S3 access or performance issues in production

Best practices

  • Use least-privilege IAM roles and bucket policies; avoid using public ACLs unless required
  • Enable versioning for critical buckets and use MFA delete where needed
  • Apply server-side encryption (SSE-KMS recommended for sensitive data) and enforce encryption with bucket policies
  • Use lifecycle rules to move objects to cheaper storage classes and to delete stale data
  • Enable access logging and CloudTrail for auditability; monitor metrics with CloudWatch

Example use cases

  • Host static website assets in a public S3 bucket with CloudFront for CDN
  • Store application uploads and use pre-signed URLs for secure client uploads
  • Archive logs to S3 Glacier using lifecycle rules to reduce storage cost
  • Replicate critical data across regions with Cross-Region Replication for DR
  • Grant a CI/CD pipeline temporary upload permissions using an IAM role

FAQ

How do I restrict public access to a bucket?

Enable the S3 Block Public Access settings and add restrictive bucket policies; verify there are no public ACLs or policies granting s3:GetObject to Everyone.

When should I use SSE-KMS vs SSE-S3?

Use SSE-KMS when you need granular key management, auditing, or cross-account key usage. SSE-S3 is simpler and suitable when KMS features are not required.