awsArchitect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls.
Install via ClawdBot CLI:
clawdbot install ivangdavila/awsInstall AWS CLI (Homebrew):
brew install awscliRequires:
On first use, read setup.md for integration options. The skill works immediately ā setup is optional for personalization.
User needs AWS infrastructure guidance. Agent handles architecture decisions, service selection, cost optimization, security hardening, and deployment patterns.
Memory lives in ~/aws/. See memory-template.md for structure.
~/aws/
āāā memory.md # Account context + preferences
āāā resources.md # Active infrastructure inventory
āāā costs.md # Cost tracking + alerts| Topic | File |
|-------|------|
| Setup process | setup.md |
| Memory template | memory-template.md |
| Service patterns | services.md |
| Cost optimization | costs.md |
| Security hardening | security.md |
Before any operation, confirm:
aws sts get-caller-identity
aws ec2 describe-vpcs --query 'Vpcs[].{ID:VpcId,CIDR:CidrBlock,Default:IsDefault}'Every recommendation includes cost impact:
| Stage | Recommended Stack | Monthly Cost |
|-------|-------------------|--------------|
| MVP (<1k users) | Single EC2 + RDS | ~$50 |
| Growth (1-10k) | ALB + ASG + RDS Multi-AZ | ~$200 |
| Scale (10k+) | ECS/EKS + Aurora + ElastiCache | ~$500+ |
Default to smallest viable instance. Scaling up is easy; scaling down wastes money.
Every resource includes:
Generate Terraform or CloudFormation for reproducibility:
# Prefer Terraform for multi-cloud portability
terraform init && terraform planNever rely on console-only changes.
Every resource gets tagged for cost allocation:
--tags Key=Environment,Value=prod Key=Project,Value=myapp Key=Owner,Value=teamDeploy CloudWatch alarms with infrastructure:
NAT Gateway data processing ($0.045/GB):
VPC endpoints are free for S3/DynamoDB. A busy app can burn $500/month on NAT alone.
aws ec2 create-vpc-endpoint --vpc-id vpc-xxx \
--service-name com.amazonaws.us-east-1.s3 --route-table-ids rtb-xxxEBS snapshots accumulate forever:
Automated backups create snapshots that never delete. Set lifecycle policies.
aws ec2 describe-snapshots --owner-ids self \
--query 'Snapshots[?StartTime<=`2024-01-01`].[SnapshotId,StartTime,VolumeSize]'CloudWatch Logs default retention is forever:
aws logs put-retention-policy --log-group-name /aws/lambda/fn --retention-in-days 14Idle load balancers cost $16/month minimum:
ALBs charge even with zero traffic. Delete unused ones.
Data transfer between AZs costs $0.01/GB each way:
Chatty microservices across AZs add up fast. Co-locate when possible.
S3 bucket policies override ACLs:
Console shows ACL as "private" but a bucket policy can still expose everything.
aws s3api get-bucket-policy --bucket my-bucket 2>/dev/null || echo "No policy"
aws s3api get-public-access-block --bucket my-bucketDefault VPC security groups allow all outbound:
Attackers exfiltrate through outbound. Restrict it.
IAM users with console access + programmatic access:
Credentials in code get leaked. Use roles + temporary credentials.
RDS publicly accessible defaults to Yes in console:
Always verify:
aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Public:PubliclyAccessible}'Lambda cold starts:
RDS connection limits:
| Instance | Max Connections |
|----------|-----------------|
| db.t3.micro | 66 |
| db.t3.small | 150 |
| db.t3.medium | 300 |
Use RDS Proxy for Lambda to avoid connection exhaustion.
EBS volume types:
| Type | Use Case | IOPS |
|------|----------|------|
| gp3 | Default (consistent) | 3,000 base |
| io2 | Databases (guaranteed) | Up to 64,000 |
| st1 | Big data (throughput) | 500 MiB/s |
| Need | Service | Why |
|------|---------|-----|
| Static site | S3 + CloudFront | Pennies/month, global CDN |
| API backend | Lambda + API Gateway | Zero idle cost |
| Container app | ECS Fargate | No cluster management |
| Database | RDS PostgreSQL | Managed, Multi-AZ ready |
| Cache | ElastiCache Redis | Session/cache, < DynamoDB latency |
| Queue | SQS | Simpler than SNS for most cases |
| Search | OpenSearch | Elasticsearch managed |
# Configure credentials
aws configure --profile myproject
# Always specify profile
export AWS_PROFILE=myproject
# Check current identity
aws sts get-caller-identity
# List all regions
aws ec2 describe-regions --query 'Regions[].RegionName'
# Estimate monthly cost
aws ce get-cost-forecast --time-period Start=$(date +%Y-%m-01),End=$(date -v+1m +%Y-%m-01) \
--metric UNBLENDED_COST --granularity MONTHLYCredentials: This skill uses the AWS CLI, which reads credentials from ~/.aws/credentials or environment variables. The skill never stores, logs, or transmits AWS credentials.
Local storage: Preferences and context stored in ~/aws/ ā no data leaves your machine.
CLI commands: All commands shown are read-only by default. Destructive operations (delete, terminate) require explicit user confirmation.
Install with clawhub install if user confirms:
infrastructure ā architecture decisionscloud ā multi-cloud patternsdocker ā container basicsbackend ā API designclawhub star awsclawhub syncGenerated Mar 1, 2026
A tech startup needs to deploy a web application with minimal upfront cost and scalability for growth. The skill guides selecting a single EC2 instance and RDS database, setting up cost alerts, and implementing security defaults like VPC isolation and least privilege IAM.
An enterprise is migrating legacy on-premises infrastructure to AWS, requiring architecture decisions, cost optimization, and security hardening. The skill helps design multi-AZ deployments with ALB and ASG, generate Terraform for reproducibility, and avoid cost traps like idle load balancers.
An e-commerce business experiences traffic spikes during sales events and needs to scale infrastructure efficiently. The skill recommends ECS/EKS with Aurora and ElastiCache, implements monitoring with CloudWatch alarms, and optimizes performance using RDS Proxy to handle connection limits.
A research organization requires a big data pipeline for processing large datasets with cost-effective storage and compute. The skill advises using S3 for storage, Lambda for serverless processing, and selecting EBS volume types like st1 for throughput, while setting up lifecycle policies to manage snapshots.
A SaaS provider needs to architect a multi-tenant application with isolated resources and cost allocation. The skill assists in designing VPC endpoints to avoid NAT Gateway costs, tagging strategies for billing, and security hardening with encryption and restricted outbound rules.
This model involves recurring revenue from users accessing cloud-hosted software. The skill optimizes costs with serverless components like Lambda and API Gateway to minimize idle expenses, while ensuring scalability and security for multi-tenant environments.
Revenue is generated through transaction fees or product sales on an online platform. The skill helps deploy scalable infrastructure with ALB and ASG to handle variable traffic, implement caching with ElastiCache for performance, and monitor costs to avoid surprises during peak seasons.
Businesses offer AWS infrastructure management and optimization services to clients. The skill provides tools for architecture guidance, cost tracking, and security audits, enabling consultants to deliver value by avoiding common traps and ensuring efficient deployments.
š¬ Integration Tip
Integrate this skill by first configuring AWS CLI with profiles and verifying account context, then use the memory files in ~/aws/ to track infrastructure and costs for personalized recommendations.
Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of what changed.
Full desktop computer use for headless Linux servers. Xvfb + XFCE virtual desktop with xdotool automation. 17 actions (click, type, scroll, screenshot, drag,...
Essential Docker commands and workflows for container management, image operations, and debugging.
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge
Deploy applications and manage projects with complete CLI reference. Commands for deployments, projects, domains, environment variables, and live documentation access.
Monitor topics of interest and proactively alert when important developments occur. Use when user wants automated monitoring of specific subjects (e.g., product releases, price changes, news topics, technology updates). Supports scheduled web searches, AI-powered importance scoring, smart alerts vs weekly digests, and memory-aware contextual summaries.