giuseppe-trisciuoglio/aws-cloudformation-s3
plugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-s3/SKILL.md
Provides AWS CloudFormation patterns for Amazon S3. Use when creating S3 buckets, policies, versioning, lifecycle rules, and implementing template structure with Parameters, Outputs, Mappings, Conditions, and cross-stack references.
$ install --global
skillsauthnpx skillsauth add giuseppe-trisciuoglio/developer-kit aws-cloudformation-s3Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:23 PM13.2s5 files scanned
SKILL.md
- name:
- aws-cloudformation-s3
- description:
- Provides AWS CloudFormation patterns for Amazon S3. Use when creating S3 buckets, policies, versioning, lifecycle rules, and implementing template structure with Parameters, Outputs, Mappings, Conditions, and cross-stack references.
- allowed-tools:
- Read, Write, Bash
AWS CloudFormation S3 Patterns
Provides S3 bucket configurations, policies, versioning, lifecycle rules, and CloudFormation template structure best practices for production-ready infrastructure.
When to Use
- Creating S3 buckets with custom configurations
- Implementing bucket policies for access control
- Configuring S3 versioning for data protection
- Setting up lifecycle rules for data management
- Creating Outputs for cross-stack references
- Using Parameters with AWS-specific types
- Organizing templates with Mappings and Conditions
Overview
S3 bucket configurations, policies, versioning, lifecycle rules, and CloudFormation template structure for production-ready infrastructure.
Instructions
- Define Bucket Resources: Create
AWS::S3::Bucketwith versioning, encryption, PublicAccessBlock - Configure Bucket Policy: Set up IAM policies for access control
- Set Up Lifecycle Rules: Define transitions and expiration policies
- Configure CORS: Allow cross-origin requests if needed
- Add Outputs: Export bucket names/ARNs for cross-stack references
Validate before deploy:
aws cloudformation validate-template --template-body file://template.yaml
Deploy with rollback on failure:
aws cloudformation deploy \
--template-file template.yaml \
--stack-name my-s3-stack \
--capabilities CAPABILITY_IAM
If deployment fails, CloudFormation automatically rolls back. Check failures with:
aws cloudformation describe-stack-events --stack-name my-s3-stack
Quick Reference
| Resource Type | Purpose |
|---------------|---------|
| AWS::S3::Bucket | Create S3 bucket |
| AWS::S3::BucketPolicy | Set bucket-level policies |
| AWS::S3::BucketReplication | Cross-region replication |
| Parameters | Input values for customization |
| Mappings | Static configuration tables |
| Conditions | Conditional resource creation |
| Outputs | Return values for cross-stack references |
Examples
Basic S3 Bucket
Resources:
DataBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-data-bucket
Bucket with Versioning and Encryption
DataBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "${AWS::StackName}-data"
VersioningConfiguration:
Status: Enabled
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
Lifecycle Rule
DataBucket:
Type: AWS::S3::Bucket
Properties:
LifecycleConfiguration:
Rules:
- Id: ArchiveOldData
Status: Enabled
Transitions:
- StorageClass: GLACIER
TransitionInDays: 365
Bucket Policy
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref DataBucket
PolicyDocument:
Statement:
- Effect: Allow
Principal:
AWS: !Ref RoleArn
Action:
- s3:GetObject
Resource: !Sub "${DataBucket.Arn}/*"
See references/complete-examples.md for more complete examples including CORS, static websites, replication, and production-ready configurations.
Template Structure
Template Sections
AWSTemplateFormatVersion: 2010-09-09
Description: Template description
Mappings: {} # Static configuration tables
Metadata: {} # Additional information
Parameters: {} # Input values
Conditions: {} # Conditional creation
Transform: {} # Macro processing
Resources: {} # AWS resources (REQUIRED)
Outputs: {} # Return values
Parameters
Parameters:
BucketName:
Type: String
Description: S3 bucket name
Default: my-bucket
MinLength: 3
MaxLength: 63
AllowedPattern: '^[a-z0-9-]+$'
Conditions
Conditions:
IsProduction: !Equals [!Ref Environment, prod]
ShouldEnableVersioning: !Equals [!Ref EnableVersioning, 'true']
Resources:
DataBucket:
Type: AWS::S3::Bucket
Properties:
VersioningConfiguration:
Status: !If [ShouldEnableVersioning, Enabled, Suspended]
Outputs
Outputs:
BucketName:
Description: Name of the S3 bucket
Value: !Ref DataBucket
Export:
Name: !Sub '${AWS::StackName}-BucketName'
See references/advanced-configuration.md for detailed Mappings, Conditions, Parameters, and cross-stack references.
Best Practices
- Public Access Block: Always enable for non-static website buckets
- Versioning: Enable for critical data to prevent accidental deletion
- Bucket Policies: Use instead of ACLs for access control
- Lifecycle Rules: Implement cost optimization with tiering
- Encryption: Enable default encryption (SSE-KMS or AES256)
- Tags: Tag all resources for organization and cost allocation
- Outputs: Export bucket names/ARNs for cross-stack references
- Parameters: Use parameters for reusability across environments
Common Troubleshooting
Bucket already exists: Use unique bucket names with CloudFormation stack name Access denied: Verify bucket policy and IAM permissions Versioning conflicts: Cannot suspend versioning once objects exist Lifecycle not working: Check rule status and prefix filters Cross-stack references: Ensure outputs are exported before importing
Related Skills
- aws-cloudformation-security - Security best practices for S3
- aws-cloudformation-lambda - Lambda triggers for S3 events
- aws-cloudformation-iam - IAM roles for S3 access
References
Complete Examples
- references/complete-examples.md - Basic buckets, versioning, lifecycle, CORS, policies, production stacks, event notifications, static websites, replication
Advanced Configuration
- references/advanced-configuration.md - Parameters, Mappings, Conditions, Outputs, Metadata, DeletionPolicy, DependsOn, Transform
Constraints and Warnings
- Bucket names: Must be globally unique (across all AWS accounts)
- Versioning: Cannot be suspended once objects exist in bucket
- Lifecycle rules: Minimum 1 day for expiration, 0 days for transitions
- Bucket policies: Limited to 20 KB in size
- Public access: Blocked by default; requires explicit configuration
- CORS: Limited to 100 rules per bucket
- Replication: Versioning must be enabled on both source and destination
- Encryption: KMS keys must be in same region as bucket
- Tags: Maximum 50 tags per resource
- Stack limits: CloudFormation limits resources per stack (200 default)
Related Skills
giuseppe-trisciuoglio/specs-code-cleanup
development
VerifiedTrustedCommunity
Provides final code cleanup after task review approval. Removes debug logs, temporary comments, dead code, optimizes imports, and improves readability. Use when asked to clean up code, polish, finalize, tidy up, remove technical debt, or prepare code for completion after review. Not for refactoring logic or fixing bugs—focused solely on cosmetic and hygiene cleanup.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/ralph-loop
tools
VerifiedTrustedCommunity
Ralph Wiggum-inspired automation loop for specification-driven development. Orchestrates task implementation, review, cleanup, and synchronization using a Python script. Use when: user runs /loop command, user asks to automate task implementation, user wants to iterate through spec tasks step-by-step, or user wants to run development workflow automation with context window management. One step per invocation. State machine: init → choose_task → implementation → review → fix → cleanup → sync → update_done. Supports --from-task and --to-task for task range filtering. State persisted in fix_plan.json.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/constitution
testing
VerifiedTrustedCommunity
Creates, updates, validates, and displays the architectural DNA of a project through two shared documents: docs/specs/architecture.md (technology stack, architectural rules, security constraints, AI guardrails) and docs/specs/ontology.md (domain glossary / Ubiquitous Language). Use BEFORE brainstorm as a project setup step, or at any point in the SDD lifecycle to validate specs/tasks against architecture principles. Triggers on 'create constitution', 'update constitution', 'constitution check', 'validate against constitution', 'project principles', 'architectural guardrails', 'setup project architecture', 'define ontology'.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/qwen-coder
tools
VerifiedTrustedCommunity
Provides Qwen Coder CLI delegation workflows for coding tasks using Qwen2.5-Coder and QwQ models, including English prompt formulation, execution flags, and safe result handling. Use when the user explicitly asks to use Qwen for tasks such as code generation, refactoring, debugging, or architectural analysis. Triggers on "use qwen", "use qwen coder", "delegate to qwen", "ask qwen", "second opinion from qwen", "qwen opinion", "continue with qwen", "qwen session".
237SKILL.mdUpdated May 5, 2026