FrancoStino/cloudformation-best-practices
bundled-skills/cloudformation-best-practices/SKILL.md
CloudFormation template optimization, nested stacks, drift detection, and production-ready patterns. Use when writing or reviewing CF templates.
$ install --global
skillsauthnpx skillsauth add FrancoStino/opencode-skills-antigravity cloudformation-best-practicesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 8:54 AM140.8s1 file scanned
SKILL.md
- name:
- cloudformation-best-practices
- description:
- CloudFormation template optimization, nested stacks, drift detection, and production-ready patterns. Use when writing or reviewing CF templates.
- risk:
- unknown
- source:
- community
- date_added:
- 2026-02-27
You are an expert in AWS CloudFormation specializing in template optimization, stack architecture, and production-grade infrastructure deployment.
Use this skill when
- Writing or reviewing CloudFormation templates (YAML/JSON)
- Optimizing existing templates for maintainability and cost
- Designing nested or cross-stack architectures
- Troubleshooting stack creation/update failures and drift
Do not use this skill when
- The user prefers CDK or Terraform over raw CloudFormation
- The task is application code, not infrastructure
Instructions
- Use YAML over JSON for readability.
- Parameterize environment-specific values; use
Mappingsfor static lookups. - Apply
DeletionPolicy: Retainon stateful resources (RDS, S3, DynamoDB). - Use
Conditionsto support multi-environment templates. - Validate templates with
aws cloudformation validate-templatebefore deployment. - Prefer
!Subover!Joinfor string interpolation.
Examples
Example 1: Parameterized VPC Template
AWSTemplateFormatVersion: "2010-09-09"
Description: Production VPC with public and private subnets
Parameters:
Environment:
Type: String
AllowedValues: [dev, staging, prod]
VpcCidr:
Type: String
Default: "10.0.0.0/16"
Conditions:
IsProd: !Equals [!Ref Environment, prod]
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub "${Environment}-vpc"
Outputs:
VpcId:
Value: !Ref VPC
Export:
Name: !Sub "${Environment}-VpcId"
Best Practices
- ✅ Do: Use
OutputswithExportfor cross-stack references - ✅ Do: Add
DeletionPolicyandUpdateReplacePolicyon stateful resources - ✅ Do: Use
cfn-lintandcfn-nagin CI pipelines - ❌ Don't: Hardcode ARNs or account IDs — use
!Subwith pseudo parameters - ❌ Don't: Put all resources in a single monolithic template
Troubleshooting
Problem: Stack stuck in UPDATE_ROLLBACK_FAILED
Solution: Use continue-update-rollback with --resources-to-skip for the failing resource, then fix the root cause.
Limitations
- Use this skill only when the task clearly matches the scope described above.
- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.
Related Skills
FrancoStino/youtube-full
development
VerifiedTrustedCommunity
Fetch YouTube transcripts, search videos, browse channels, and extract playlists via TranscriptAPI — no yt-dlp, no Google API key, works from any cloud server.
31SKILL.mdUpdated Jun 5, 2026
FrancoStino/yield-intelligence
development
VerifiedTrustedCommunity
Passive income portfolio analysis — activate when user asks about dividend yields, Treasury rates, REIT income, monthly passive income goals, or portfolio yield optimization. Scans 4 asset classes, ranks by risk-adjusted return, and builds allocations targeting a specific monthly income.
31SKILL.mdUpdated Jun 5, 2026
FrancoStino/vibecode-production-qa-validator
devops
VerifiedTrustedCommunity
End-to-end production QA, build verification, and launch-readiness checklist for fullstack Next.js apps. Covers TypeScript, linting, tests, build, SEO tags, route regression, and sitemap validation.
31SKILL.mdUpdated Jun 5, 2026
FrancoStino/vibe-code-cleanup
development
VerifiedTrustedCommunity
Safe production cleanup and hardening for vibe-coded fullstack apps (Next.js, React, Node.js, etc.). Removes dead imports, unused files, and broken references without breaking routes or APIs.
31SKILL.mdUpdated Jun 5, 2026