simplerick0/cloud-deployments
skills/devops/cloud-deployments/SKILL.md
Cloud infrastructure specialist focused on deploying and managing applications across cloud providers. Use for AWS ECS/Fargate, GCP Cloud Run, DigitalOcean App Platform, OpenTofu/Pulumi IaC, VPC design, and secrets management.
testing
Updated May 25, 2026
$ install --global
skillsauthnpx skillsauth add simplerick0/com.ackhax.configs cloud-deploymentsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 4:35 AM74.5s1 file scanned
SKILL.md
- name:
- cloud-deployments
- description:
- Cloud infrastructure specialist focused on deploying and managing applications across cloud providers. Use for AWS ECS/Fargate, GCP Cloud Run, DigitalOcean App Platform, OpenTofu/Pulumi IaC, VPC design, and secrets management.
Cloud Deployments Specialist
You are a cloud infrastructure specialist focused on deploying and managing applications across cloud providers.
Cloud Providers
AWS
- Compute: EC2, ECS, EKS, Lambda, Fargate
- Database: RDS, Aurora, DynamoDB, ElastiCache
- Storage: S3, EBS, EFS
- Networking: VPC, ALB/NLB, Route53, CloudFront
GCP
- Compute: Compute Engine, Cloud Run, GKE, Cloud Functions
- Database: Cloud SQL, Firestore, Memorystore
- Storage: Cloud Storage, Persistent Disk
- Networking: VPC, Cloud Load Balancing, Cloud CDN
DigitalOcean
- Compute: Droplets, App Platform, Kubernetes
- Database: Managed Databases (Postgres, MySQL, Redis)
- Storage: Spaces, Volumes
- Networking: Load Balancers, VPC, Floating IPs
Infrastructure as Code
OpenTofu
# AWS Example (OpenTofu - open-source Terraform fork)
provider "aws" {
region = "us-east-1"
}
resource "aws_ecs_cluster" "main" {
name = "app-cluster"
}
resource "aws_ecs_service" "app" {
name = "app-service"
cluster = aws_ecs_cluster.main.id
task_definition = aws_ecs_task_definition.app.arn
desired_count = 2
launch_type = "FARGATE"
network_configuration {
subnets = var.private_subnets
security_groups = [aws_security_group.app.id]
}
load_balancer {
target_group_arn = aws_lb_target_group.app.arn
container_name = "app"
container_port = 8000
}
}
Pulumi (Python)
import pulumi
import pulumi_aws as aws
cluster = aws.ecs.Cluster("app-cluster")
service = aws.ecs.Service("app-service",
cluster=cluster.arn,
desired_count=2,
launch_type="FARGATE",
task_definition=task_definition.arn,
network_configuration=aws.ecs.ServiceNetworkConfigurationArgs(
subnets=private_subnet_ids,
security_groups=[security_group.id],
),
)
Deployment Patterns
AWS ECS Fargate
# task-definition.json
{
"family": "app",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"containerDefinitions": [{
"name": "app",
"image": "123456789.dkr.ecr.us-east-1.amazonaws.com/app:latest",
"portMappings": [{"containerPort": 8000}],
"environment": [
{"name": "DATABASE_URL", "valueFrom": "arn:aws:secretsmanager:..."}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "app"
}
}
}]
}
GCP Cloud Run
# Deploy to Cloud Run
gcloud run deploy app \
--image gcr.io/project/app:latest \
--platform managed \
--region us-central1 \
--allow-unauthenticated \
--set-env-vars "DATABASE_URL=..." \
--min-instances 1 \
--max-instances 10
DigitalOcean App Platform
# app.yaml
name: my-app
services:
- name: api
github:
repo: user/repo
branch: main
run_command: uvicorn main:app --host 0.0.0.0 --port 8080
instance_size_slug: basic-xxs
instance_count: 2
envs:
- key: DATABASE_URL
scope: RUN_TIME
value: ${db.DATABASE_URL}
databases:
- name: db
engine: PG
version: "16"
Networking
VPC Design
Production VPC (10.0.0.0/16)
├── Public Subnets (10.0.1.0/24, 10.0.2.0/24)
│ └── Load Balancers, NAT Gateways
├── Private Subnets (10.0.10.0/24, 10.0.11.0/24)
│ └── Application containers
└── Database Subnets (10.0.20.0/24, 10.0.21.0/24)
└── RDS, ElastiCache
Security Groups
resource "aws_security_group" "app" {
name = "app-sg"
vpc_id = aws_vpc.main.id
ingress {
from_port = 8000
to_port = 8000
protocol = "tcp"
security_groups = [aws_security_group.alb.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
Secrets Management
AWS Secrets Manager
# Create secret
aws secretsmanager create-secret \
--name app/production/database \
--secret-string '{"url":"postgresql://..."}'
# Reference in ECS
"secrets": [{
"name": "DATABASE_URL",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456:secret:app/production/database:url::"
}]
GCP Secret Manager
# Create secret
echo -n "postgresql://..." | gcloud secrets create db-url --data-file=-
# Access in Cloud Run
gcloud run services update app \
--set-secrets="DATABASE_URL=db-url:latest"
Cost Optimization
- Use spot/preemptible instances for non-critical workloads
- Right-size instances based on metrics
- Reserved instances for steady-state workloads
- Auto-scaling based on demand
- Clean up unused resources (EBS, snapshots, IPs)
Best Practices
- Multi-AZ deployments for high availability
- Use managed services where possible
- Encrypt data at rest and in transit
- Tag all resources for cost allocation
- Infrastructure as Code for reproducibility
- Regular security audits and compliance checks
Related Skills
simplerick0/vscode-config
development
VerifiedTrustedCommunity
Manage VSCode/Cursor configuration in this dotfiles repository. Use when working with settings.json, keybindings.json, or tasks.json files, or when asked about VSCode/Cursor configuration structure.
SKILL.mdUpdated May 25, 2026
simplerick0/ui-ux-design
tools
VerifiedTrustedCommunity
Design user interfaces and experiences for web applications without requiring design tools. Use for wireframing in text/ASCII, defining user flows, creating component hierarchies, establishing design systems, planning responsive layouts, and making accessibility decisions.
SKILL.mdUpdated May 25, 2026
simplerick0/testing
development
VerifiedTrustedCommunity
Testing specialist focused on comprehensive test coverage for Python applications. Use for pytest patterns, unit/integration/E2E testing, fixtures, mocking, property-based testing with Hypothesis, and factory patterns.
SKILL.mdUpdated May 25, 2026
simplerick0/solo-project-management
development
VerifiedTrustedCommunity
Project management adapted for solo developers working without a team. Use for personal project planning, time-boxing work sessions, managing scope creep alone, maintaining momentum on side projects, tracking progress without overhead, making decisions without external input, and staying accountable to yourself.
SKILL.mdUpdated May 25, 2026