shipshitdev/aws-infrastructure
bundles/infrastructure/skills/aws-infrastructure/SKILL.md
Expert in AWS infrastructure setup including EC2, VPC, security groups, Application Load Balancers, Route53 DNS, and SSL/TLS certificates. Use this skill for AWS infrastructure configuration and deployment.
$ install --global
skillsauthnpx skillsauth add shipshitdev/library aws-infrastructureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 6:38 AM194.7s2 files scanned
SKILL.md
- name:
- aws-infrastructure
- description:
- Expert in AWS infrastructure setup including EC2, VPC, security groups, Application Load Balancers, Route53 DNS, and SSL/TLS certificates. Use this skill for AWS infrastructure configuration and deployment.
- version:
- 1.0.0
- tags:
- aws, infrastructure, devops
AWS Infrastructure Expert
Overview
This skill enables AI assistants to help set up and configure AWS infrastructure for micro startups, including EC2 instances, VPCs, security groups, load balancers, DNS, and SSL certificates.
When to Use This Skill
This skill activates when users need:
- EC2 instance setup and configuration
- VPC and networking setup
- Security group configuration
- Application Load Balancer setup
- Route53 DNS configuration
- SSL/TLS certificate management (ACM)
- Auto-scaling groups
- CloudWatch monitoring
EC2 Setup
Instance Types
- Development: t3.medium (2 vCPU, 4GB RAM)
- Production (small): t3.large (2 vCPU, 8GB RAM)
- Production (medium): m5.large (2 vCPU, 8GB RAM)
Storage
- Use gp3 SSD volumes
- Development: 20GB minimum
- Production: 100GB+ based on needs
- Enable EBS snapshots for backups
Key Pairs
- Generate or import SSH key pairs
- Store private keys securely
- Use IAM roles instead of access keys when possible
VPC Configuration
Basic Setup
- Create VPC with CIDR block (e.g., 10.0.0.0/16)
- Create public and private subnets
- Set up Internet Gateway
- Configure route tables
- Set up NAT Gateway for private subnets (if needed)
Subnets
- Public subnets: For load balancers, bastion hosts
- Private subnets: For application servers, databases
- Multi-AZ for high availability
Security Groups
Application Security Group
Inbound:
- HTTP (80) from ALB security group
- HTTPS (443) from ALB security group
- SSH (22) from bastion/your IP only
Outbound:
- All traffic (0.0.0.0/0)
Database Security Group
Inbound:
- MongoDB (27017) from application security group only
- Redis (6379) from application security group only
- SSH (22) from bastion/your IP only
Outbound:
- All traffic (0.0.0.0/0)
Load Balancer Security Group
Inbound:
- HTTP (80) from 0.0.0.0/0
- HTTPS (443) from 0.0.0.0/0
Outbound:
- HTTP (80) to application security group
- HTTPS (443) to application security group
Application Load Balancer
Setup
- Create ALB in public subnets
- Configure target groups (EC2 instances)
- Set up health checks
- Configure listeners (HTTP → HTTPS redirect)
- Attach SSL certificate from ACM
Health Checks
- Path:
/healthor/api/health - Protocol: HTTP
- Port: 3001 (backend) or 3000 (frontend)
- Healthy threshold: 2
- Unhealthy threshold: 2
- Timeout: 5 seconds
- Interval: 30 seconds
Route53 DNS
Domain Setup
- Create hosted zone for domain
- Create A record (alias) pointing to ALB
- Create CNAME for www subdomain
- Update nameservers at domain registrar
SSL/TLS (ACM)
- Request certificate in ACM (us-east-1 for CloudFront/ALB)
- Validate via DNS (add CNAME records)
- Attach certificate to ALB listener
- Certificate auto-renews
CloudWatch Monitoring
Metrics
- EC2: CPU, Memory, Disk, Network
- ALB: Request count, Target response time, HTTP errors
- Custom metrics for application-specific data
Alarms
- High CPU utilization
- Low disk space
- Application errors (via CloudWatch Logs)
- Unhealthy target instances
Best Practices
- Use IAM roles instead of access keys
- Enable CloudTrail for audit logging
- Use VPC endpoints for AWS service access
- Implement least privilege security groups
- Use private subnets for databases
- Enable encryption at rest for EBS volumes
- Set up automated backups (EBS snapshots)
- Monitor costs with AWS Cost Explorer
Integration
This skill integrates with /db-setup for MongoDB on EC2 and /deploy for deployment workflows.
Related Skills
shipshitdev/worktree
development
VerifiedTrustedCommunity
Create an isolated git worktree from the correct base branch and check it out into a clean, gitignored directory. Use when the user asks to make a worktree, spin up a parallel/isolated workspace, work on something without disturbing the current checkout, branch off the current work, or run multiple agents on the same repo at once. Picks the base branch smartly — the current feature branch when you are on one, otherwise the develop integration branch — so worktrees continue your in-progress work by default instead of forking from the wrong place.
27SKILL.mdUpdated Jun 13, 2026
shipshitdev/release-cleanup
development
VerifiedTrustedCommunity
Verify a release was fully promoted through develop, staging, and master/main, then prune merged local and remote branches and stale git worktrees. Squash-merge aware — uses GitHub PR merge state as the merge oracle, not commit ancestry. Use when the user asks to clean up branches after a deploy, prune worktrees, remove merged branches, tidy up after promoting develop to staging to master, or confirm nothing stale was left behind before pruning.
27SKILL.mdUpdated Jun 13, 2026
shipshitdev/finishing-a-development-branch
development
VerifiedTrustedCommunity
Structured "done coding, now what?" workflow: verify tests pass, detect the repository environment (normal repo vs worktree, named branch vs detached HEAD), present exactly the right merge / PR / keep / discard options, and execute the chosen path including safe worktree cleanup. Use when implementation is complete and the branch needs to be integrated, published, or abandoned.
27SKILL.mdUpdated Jun 13, 2026
shipshitdev/feature-intake
tools
VerifiedTrustedCommunity
Capture a client or stakeholder feature request, turn it into a planner-ready PRD epic with scoped sub-issues, check for duplicate work, and place approved issues on a GitHub Projects kanban. Use when a user invokes feature intake, asks to turn a rough client requirement into GitHub issues, or wants an idea written as a PRD and pushed to a board.
27SKILL.mdUpdated Jun 13, 2026