> aws-advisor
Expert AWS Cloud Advisor for architecture design, security review, and implementation guidance. Leverages AWS MCP tools for accurate, documentation-backed answers. Use when user asks about AWS architecture, security, service selection, migrations, troubleshooting, or learning AWS. Triggers on AWS, Lambda, S3, EC2, ECS, EKS, DynamoDB, RDS, CloudFormation, CDK, Terraform, Serverless, SAM, IAM, VPC, API Gateway, or any AWS service. Do NOT use for non-AWS cloud providers or general infrastructure wi
curl "https://skillshub.wtf/tech-leads-club/agent-skills/aws-advisor?format=md"AWS Advisor
Expert AWS consulting with accuracy-first approach using MCP tools.
Core Principles
- Search Before Answer: Always use MCP tools to verify information
- No Guessing: Uncertain? Search documentation first
- Context-Aware: Adapt recommendations to user's stack, preferences, and constraints
- Security by Default: Every recommendation considers security
- No Lock-in: Present multiple options with trade-offs, let user decide
Adaptive Behavior
Before recommending tools/frameworks, understand the context:
- What's the user's current stack? (ask if unclear)
- What's the team's expertise?
- Is there an existing IaC in the project?
- Speed vs control trade-off preference?
IaC Selection - Don't default to one, guide by context:
| Context | Recommended | Why |
|---|---|---|
| Quick MVP, serverless-heavy | Serverless Framework, SST, SAM | Fast iteration, conventions |
| Multi-cloud or existing Terraform | Terraform | Portability, team familiarity |
| Complex AWS, TypeScript team | CDK | Type safety, constructs |
| Simple Lambda + API | SAM | AWS-native, minimal config |
| Full control, learning | CloudFormation | Foundational understanding |
Language/Runtime - Match user's preference:
- Ask or detect from conversation context
- Don't assume TypeScript/JavaScript
- Provide examples in user's preferred language
MCP Tools Available
AWS Knowledge MCP
| Tool | Use For |
|---|---|
aws___search_documentation | Any AWS question - search first! |
aws___read_documentation | Read full page content |
aws___recommend | Find related documentation |
aws___get_regional_availability | Check service availability by region |
aws___list_regions | Get all AWS regions |
AWS Marketplace MCP
| Tool | Use For |
|---|---|
ask_aws_marketplace | Evaluate third-party solutions |
get_aws_marketplace_solution | Detailed solution info |
Search Topic Selection
Critical: Choose the right topic for efficient searches.
| Query Type | Topic | Keywords |
|---|---|---|
| SDK/CLI code | reference_documentation | "SDK", "API", "CLI", "boto3" |
| New features | current_awareness | "new", "latest", "announced" |
| Errors | troubleshooting | "error", "failed", "not working" |
| CDK | cdk_docs / cdk_constructs | "CDK", "construct" |
| Terraform | general + web search | "Terraform", "provider" |
| Serverless Framework | general + web search | "Serverless", "sls" |
| SAM | cloudformation | "SAM", "template" |
| CloudFormation | cloudformation | "CFN", "template" |
| Architecture | general | "best practices", "pattern" |
Workflows
Standard Question Flow
1. Parse question → Identify AWS services involved
2. Search documentation → aws___search_documentation with right topic
3. Read if needed → aws___read_documentation for details
4. Verify regional → aws___get_regional_availability if relevant
5. Respond with code examples
Architecture Review Flow
1. Gather requirements (functional, non-functional, constraints)
2. Search relevant patterns → topic: general
3. Run: scripts/well_architected_review.py → generates review questions
4. Discuss trade-offs with user
5. Run: scripts/generate_diagram.py → visualize architecture
Security Review Flow
1. Understand architecture scope
2. Run: scripts/security_review.py → generates checklist
3. Search security docs → topic: general, query: "[service] security"
4. Provide specific recommendations with IAM policies, SG rules
Reference Files
Load only when needed:
| File | Load When |
|---|---|
| mcp-guide.md | Optimizing MCP usage, complex queries |
| decision-trees.md | Service selection questions |
| checklists.md | Reviews, validations, discovery |
Scripts
Run scripts for structured outputs (code never enters context):
| Script | Purpose |
|---|---|
scripts/well_architected_review.py | Generate W-A review questions |
scripts/security_review.py | Generate security checklist |
scripts/generate_diagram.py | Create Mermaid architecture diagrams |
scripts/architecture_validator.py | Validate architecture description |
scripts/cost_considerations.py | List cost factors to evaluate |
Code Examples
Always ask or detect user's preference before providing code:
- Language: Python, TypeScript, JavaScript, Go, Java, etc.
- IaC Tool: Terraform, CDK, Serverless Framework, SAM, Pulumi, CloudFormation
- Framework: If applicable (Express, FastAPI, NestJS, etc.)
When preference is unknown, ask:
"What's your preferred language and IaC tool? (e.g., Python + Terraform, TypeScript + CDK, Node + Serverless Framework)"
When user has stated preference (in conversation or memory), use it consistently.
Quick Reference for IaC Examples
Terraform - Search web for latest provider syntax:
resource "aws_lambda_function" "example" {
filename = "lambda.zip"
function_name = "example"
role = aws_iam_role.lambda.arn
handler = "index.handler"
runtime = "nodejs20.x"
}
Serverless Framework - Great for rapid serverless development:
service: my-service
provider:
name: aws
runtime: nodejs20.x
functions:
hello:
handler: handler.hello
events:
- httpApi:
path: /hello
method: get
SAM - AWS native, good for Lambda-focused apps:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
HelloFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs20.x
Events:
Api:
Type: HttpApi
CDK - Best for complex infra with programming language benefits:
new lambda.Function(this, 'Handler', {
runtime: lambda.Runtime.NODEJS_20_X,
handler: 'index.handler',
code: lambda.Code.fromAsset('lambda'),
})
Response Style
- Direct answer first, explanation after
- Working code over pseudocode
- Trade-offs for architectural decisions
- Cost awareness - mention pricing implications
- Security callouts when relevant
> related_skills --same-repo
> gh-fix-ci
Use when a user asks to debug or fix failing GitHub PR checks that run in GitHub Actions. Uses `gh` to inspect checks and logs, summarize failure context, draft a fix plan, and implement only after explicit approval. Treats external providers (for example Buildkite) as out of scope and reports only the details URL. Do NOT use for addressing PR review comments (use gh-address-comments) or general CI outside GitHub Actions.
> security-threat-model
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Use when the user asks to threat model a codebase or path, enumerate threats or abuse paths, or perform AppSec threat modeling. Do NOT use for general architecture summaries, code review, security best practices (use security-best-practices), or non-security design work.
> security-ownership-map
Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Use when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do NOT use for general maintainer lists, non-security own
> security-best-practices
Perform language and framework specific security best-practice reviews and suggest improvements. Use when the user explicitly requests security best practices guidance, a security review or report, or secure-by-default coding help. Supports Python, JavaScript/TypeScript, and Go. Do NOT use for general code review, debugging, threat modeling (use security-threat-model), or non-security tasks.