Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

giuseppe-trisciuoglio/aws-cli-beast

Name: aws-cli-beast
Author: giuseppe-trisciuoglio

plugins/developer-kit-aws/skills/aws/aws-cli-beast/SKILL.md

npx skillsauth add giuseppe-trisciuoglio/developer-kit aws-cli-beast

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

AWS CLI Beast Mode

Overview

Advanced AWS CLI patterns for speed, precision, and security-first automation. Covers JMESPath queries, bulk operations, waiters, cross-account access, and destructive operation safety.

When to Use

Bulk operations across thousands of AWS resources
Advanced JMESPath filtering and output transformation
Automated scripts for AWS routines
Multi-profile and multi-region management
Security auditing and compliance checks
CLI-driven infrastructure-as-code workflows

Instructions

Step 1: Categorize the Request

| Category | Services | Commands | |----------|----------|----------| | Compute | EC2, Lambda | describe-instances, invoke, publish-version | | Storage | S3 | sync, cp, mb, rb, presign | | Database | DynamoDB, RDS | query, scan, batch-write-item | | Networking | VPC, Route53 | describe-vpcs, describe-security-groups | | Security | IAM | simulate-principal-policy, get-policy-version | | Observability | CloudWatch | get-metric-statistics, filter-log-events |

Step 2: Apply Beast Mode Principles

Dry-run first: Always validate with --dryrun or --dry-run
Query server-side: Use --query with JMESPath to filter before transfer
Batch intelligently: Paginate with --max-results and parallelize with xargs
Wait properly: Use built-in waiters or exponential backoff polling
Switch contexts: Use --profile and --region for multi-account operations

Step 3: Validate Destructive Operations

MANDATORY for any destructive operation:

# S3 sync with delete - MUST dry-run first
aws s3 sync s3://source/ s3://dest/ --delete --dryrun
# Review output, then remove --dryrun only if satisfied

# Bulk EC2 stop - validate targets first
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
  --query 'Reservations[].Instances[?State.Name==`running`].InstanceId' \
  --output text
# Confirm list, then pipe to stop command

# IAM policy attachment - simulate first
aws iam simulate-principal-policy \
  --policy-source-arn arn:aws:iam::123456789012:user/myuser \
  --action-names s3:DeleteObject \
  --resource-arns arn:aws:s3:::my-bucket/*

Step 4: Reference Detailed Guides

compute-mastery.md - EC2, Lambda, Spot Fleets, ASG
data-ops-beast.md - S3 multipart, DynamoDB batch, RDS snapshots
networking-security-hardened.md - VPC Flow Logs, IAM policies, security groups
automation-patterns.md - Shell aliases, JMESPath templates, CI/CD integration

Examples

Example 1: Bulk EC2 Stop

"Stop all development instances"

# 1. Dry-run: identify targets
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
           "Name=instance-state-name,Values=running" \
  --query 'Reservations[].Instances[].InstanceId' \
  --output text

# 2. Confirm IDs, then execute
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
           "Name=instance-state-name,Values=running" \
  --query 'Reservations[].Instances[].InstanceId' \
  --output text | xargs aws ec2 stop-instances --instance-ids

Example 2: S3 Migration with Encryption

"Migrate data between buckets with SSE"

# 1. Dry-run migration
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
  --sse AES256 \
  --storage-class GLACIER \
  --exclude "*.tmp" \
  --dryrun

# 2. Enable versioning on destination
aws s3api put-bucket-versioning \
  --bucket dest-bucket \
  --versioning-configuration Status=Enabled

# 3. Execute after review
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
  --sse AES256 \
  --storage-class GLACIER \
  --exclude "*.tmp"

Example 3: IAM Security Audit

"Find overprivileged IAM users"

aws iam list-users --query 'Users[].UserName' --output text | \
while read user; do
  echo "Checking $user..."
  aws iam simulate-principal-policy \
    --policy-source-arn "arn:aws:iam::123456789012:user/$user" \
    --action-names DeleteItem,DeleteTable,DeleteFunction \
    --resource-arns "*" \
    --query 'EvaluationResults[?EvalDecision==`allowed`]'
done

Example 4: Multi-Region Lambda Deployment

"Deploy Lambda to all regions"

for region in us-east-1 us-west-2 eu-west-1; do
  echo "Deploying to $region..."
  aws lambda update-function-code \
    --function-name my-function \
    --zip-file fileb://function.zip \
    --region $region \
    --publish
  aws lambda wait function-active \
    --function-name my-function \
    --region $region
done

Example 5: JMESPath Advanced Filtering

"Get running instances with specific tags as table"

aws ec2 describe-instances \
  --query 'Reservations[].Instances[?State.Name==`running`].[InstanceId,Tags[?Key==`Name`].Value[0]|[0],PrivateIpAddress]' \
  --output table

Best Practices

Use --output json for programmatic processing
Filter with JMESPath server-side before transfer
Implement retry logic with exponential backoff
Use waiters instead of manual polling loops
Tag all resources for cost allocation and automation
Separate dev/staging/prod with AWS profiles
Enable CloudTrail for audit compliance
Validate IAM policies with simulate-principal-policy before attachment
Use --dry-run on every state-modifying operation
Enable MFA for security-sensitive operations

Constraints and Warnings

Rate Limiting

AWS API throttling applies; use --max-throttle and exponential backoff
Check aws service-quotas for current limits

Pagination

Default page size is variable; use --max-results for consistency
Use --no-paginate with jq for full dataset processing

Destructive Operations

S3 sync --delete: Irreversibly removes files not in source
EC2 terminate-instances: Cannot be undone; validate instance IDs first
IAM detach/policy: May break existing access; simulate before applying
RDS delete-db-instance: Snapshots do not protect all scenarios; verify retention

Security

Never commit AWS credentials; use aws configure or environment variables
Rotate access keys regularly with aws iam create-access-key
Use least-privilege: simulate before granting permissions

giuseppe-trisciuoglio/aws-cli-beast

plugins/developer-kit-aws/skills/aws/aws-cli-beast/SKILL.md

Provides advanced AWS CLI patterns for managing EC2, Lambda, S3, DynamoDB, RDS, VPC, IAM, and CloudWatch. Generates bulk operation scripts, automates cross-service workflows, validates security configurations, and executes JMESPath queries for complex filtering. Triggers on "aws cli help", "aws command line", "aws scripting", "aws automation", "aws batch operations", "aws bulk operations", "aws cli pagination", "aws multi-region", "aws profiles", "aws cli troubleshooting".

193 stars

tools

Updated Apr 5, 2026

$ install --global

skillsauth

npx skillsauth add giuseppe-trisciuoglio/developer-kit aws-cli-beast

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 8:41 PM1.7s1 file scanned

SKILL.md

name:: aws-cli-beast
description:: Provides advanced AWS CLI patterns for managing EC2, Lambda, S3, DynamoDB, RDS, VPC, IAM, and CloudWatch. Generates bulk operation scripts, automates cross-service workflows, validates security configurations, and executes JMESPath queries for complex filtering. Triggers on "aws cli help", "aws command line", "aws scripting", "aws automation", "aws batch operations", "aws bulk operations", "aws cli pagination", "aws multi-region", "aws profiles", "aws cli troubleshooting".
allowed-tools:: Read, Write, Bash

AWS CLI Beast Mode

Overview

Advanced AWS CLI patterns for speed, precision, and security-first automation. Covers JMESPath queries, bulk operations, waiters, cross-account access, and destructive operation safety.

When to Use

Bulk operations across thousands of AWS resources
Advanced JMESPath filtering and output transformation
Automated scripts for AWS routines
Multi-profile and multi-region management
Security auditing and compliance checks
CLI-driven infrastructure-as-code workflows

Instructions

Step 1: Categorize the Request

Step 2: Apply Beast Mode Principles

Dry-run first: Always validate with --dryrun or --dry-run
Query server-side: Use --query with JMESPath to filter before transfer
Batch intelligently: Paginate with --max-results and parallelize with xargs
Wait properly: Use built-in waiters or exponential backoff polling
Switch contexts: Use --profile and --region for multi-account operations

Step 3: Validate Destructive Operations

MANDATORY for any destructive operation:

# S3 sync with delete - MUST dry-run first
aws s3 sync s3://source/ s3://dest/ --delete --dryrun
# Review output, then remove --dryrun only if satisfied

# Bulk EC2 stop - validate targets first
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
  --query 'Reservations[].Instances[?State.Name==`running`].InstanceId' \
  --output text
# Confirm list, then pipe to stop command

# IAM policy attachment - simulate first
aws iam simulate-principal-policy \
  --policy-source-arn arn:aws:iam::123456789012:user/myuser \
  --action-names s3:DeleteObject \
  --resource-arns arn:aws:s3:::my-bucket/*

Step 4: Reference Detailed Guides

compute-mastery.md - EC2, Lambda, Spot Fleets, ASG
data-ops-beast.md - S3 multipart, DynamoDB batch, RDS snapshots
networking-security-hardened.md - VPC Flow Logs, IAM policies, security groups
automation-patterns.md - Shell aliases, JMESPath templates, CI/CD integration

Examples

Example 1: Bulk EC2 Stop

"Stop all development instances"

# 1. Dry-run: identify targets
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
           "Name=instance-state-name,Values=running" \
  --query 'Reservations[].Instances[].InstanceId' \
  --output text

# 2. Confirm IDs, then execute
aws ec2 describe-instances \
  --filters "Name=tag:Environment,Values=development" \
           "Name=instance-state-name,Values=running" \
  --query 'Reservations[].Instances[].InstanceId' \
  --output text | xargs aws ec2 stop-instances --instance-ids

Example 2: S3 Migration with Encryption

"Migrate data between buckets with SSE"

# 1. Dry-run migration
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
  --sse AES256 \
  --storage-class GLACIER \
  --exclude "*.tmp" \
  --dryrun

# 2. Enable versioning on destination
aws s3api put-bucket-versioning \
  --bucket dest-bucket \
  --versioning-configuration Status=Enabled

# 3. Execute after review
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
  --sse AES256 \
  --storage-class GLACIER \
  --exclude "*.tmp"

Example 3: IAM Security Audit

"Find overprivileged IAM users"

aws iam list-users --query 'Users[].UserName' --output text | \
while read user; do
  echo "Checking $user..."
  aws iam simulate-principal-policy \
    --policy-source-arn "arn:aws:iam::123456789012:user/$user" \
    --action-names DeleteItem,DeleteTable,DeleteFunction \
    --resource-arns "*" \
    --query 'EvaluationResults[?EvalDecision==`allowed`]'
done

Example 4: Multi-Region Lambda Deployment

"Deploy Lambda to all regions"

for region in us-east-1 us-west-2 eu-west-1; do
  echo "Deploying to $region..."
  aws lambda update-function-code \
    --function-name my-function \
    --zip-file fileb://function.zip \
    --region $region \
    --publish
  aws lambda wait function-active \
    --function-name my-function \
    --region $region
done

Example 5: JMESPath Advanced Filtering

"Get running instances with specific tags as table"

aws ec2 describe-instances \
  --query 'Reservations[].Instances[?State.Name==`running`].[InstanceId,Tags[?Key==`Name`].Value[0]|[0],PrivateIpAddress]' \
  --output table

Best Practices

Use --output json for programmatic processing
Filter with JMESPath server-side before transfer
Implement retry logic with exponential backoff
Use waiters instead of manual polling loops
Tag all resources for cost allocation and automation
Separate dev/staging/prod with AWS profiles
Enable CloudTrail for audit compliance
Validate IAM policies with simulate-principal-policy before attachment
Use --dry-run on every state-modifying operation
Enable MFA for security-sensitive operations

Constraints and Warnings

Rate Limiting

AWS API throttling applies; use --max-throttle and exponential backoff
Check aws service-quotas for current limits

Pagination

Default page size is variable; use --max-results for consistency
Use --no-paginate with jq for full dataset processing

Destructive Operations

S3 sync --delete: Irreversibly removes files not in source
EC2 terminate-instances: Cannot be undone; validate instance IDs first
IAM detach/policy: May break existing access; simulate before applying
RDS delete-db-instance: Snapshots do not protect all scenarios; verify retention

Security

Never commit AWS credentials; use aws configure or environment variables
Rotate access keys regularly with aws iam create-access-key
Use least-privilege: simulate before granting permissions

Related Skills

giuseppe-trisciuoglio/specs-code-cleanup

development

VerifiedTrustedCommunity

Provides final code cleanup after task review approval. Removes debug logs, temporary comments, dead code, optimizes imports, and improves readability. Use when asked to clean up code, polish, finalize, tidy up, remove technical debt, or prepare code for completion after review. Not for refactoring logic or fixing bugs—focused solely on cosmetic and hygiene cleanup.

250SKILL.mdUpdated May 5, 2026

giuseppe-trisciuoglio/specs-code-cleanup

giuseppe-trisciuoglio/ralph-loop

tools

VerifiedTrustedCommunity

Ralph Wiggum-inspired automation loop for specification-driven development. Orchestrates task implementation, review, cleanup, and synchronization using a Python script. Use when: user runs /loop command, user asks to automate task implementation, user wants to iterate through spec tasks step-by-step, or user wants to run development workflow automation with context window management. One step per invocation. State machine: init → choose_task → implementation → review → fix → cleanup → sync → update_done. Supports --from-task and --to-task for task range filtering. State persisted in fix_plan.json.

250SKILL.mdUpdated May 5, 2026

giuseppe-trisciuoglio/ralph-loop

giuseppe-trisciuoglio/constitution

testing

VerifiedTrustedCommunity

Creates, updates, validates, and displays the architectural DNA of a project through two shared documents: docs/specs/architecture.md (technology stack, architectural rules, security constraints, AI guardrails) and docs/specs/ontology.md (domain glossary / Ubiquitous Language). Use BEFORE brainstorm as a project setup step, or at any point in the SDD lifecycle to validate specs/tasks against architecture principles. Triggers on 'create constitution', 'update constitution', 'constitution check', 'validate against constitution', 'project principles', 'architectural guardrails', 'setup project architecture', 'define ontology'.

250SKILL.mdUpdated May 5, 2026

giuseppe-trisciuoglio/constitution

giuseppe-trisciuoglio/qwen-coder

tools

VerifiedTrustedCommunity

Provides Qwen Coder CLI delegation workflows for coding tasks using Qwen2.5-Coder and QwQ models, including English prompt formulation, execution flags, and safe result handling. Use when the user explicitly asks to use Qwen for tasks such as code generation, refactoring, debugging, or architectural analysis. Triggers on "use qwen", "use qwen coder", "delegate to qwen", "ask qwen", "second opinion from qwen", "qwen opinion", "continue with qwen", "qwen session".

237SKILL.mdUpdated May 5, 2026

giuseppe-trisciuoglio/qwen-coder

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/giuseppe-trisciuoglio/developer-kit.git

# Copy into Claude Code skills folder (global)
cp -r developer-kit/plugins/developer-kit-aws/skills/aws/aws-cli-beast ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

giuseppe-trisciuoglio/developer-kit

193 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT