aws▌

Aws Skills \n Overview \n AWS development with infrastructure automation and cloud architecture patterns \n When to Use This Skill \n Use this skill when you need to work with aws development with infrastructure automation and cloud architecture patterns. \n Instructions \n This skill provides guidance and patterns for aws development with infrastructure automation and cloud architecture patterns. \n For more information, see the source repository .

Design scalable, cost-effective AWS architectures for startups with infrastructure-as-code templates. \n \n Recommends architecture patterns (serverless web, event-driven microservices, three-tier, GraphQL) based on application type, scale, budget, and compliance requirements \n Generates production-ready CloudFormation YAML, CDK TypeScript, and Terraform templates with API Gateway, Lambda, DynamoDB, ECS, Aurora, and IAM configurations \n Analyzes current AWS costs and identifies optimization op

Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation. Covers CREATE TABLE DDL with partition projection, forensic SQL queries for detecting unauthorized access, data exfiltration, lateral movement, and privilege escalation. Use when investigating AWS security incidents or building cloud-native forensic workflows at scale.

Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify misconfigurations, and generate actionable security reports.

Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using TruffleHog, git-secrets, and AWS-native detection mechanisms to prevent credential theft and unauthorized account access.

Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation using Athena, CloudWatch Logs Insights, and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity.

Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking credentials, preserving forensic evidence, and applying security group restrictions to prevent lateral movement.

Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.