Aws Solution Architect

v2.1.1

Design AWS architectures for startups using serverless patterns and IaC templates. Use when asked to design serverless architecture, create CloudFormation te...

⭐ 1· 1.9k·7 current·8 all-time

byAlireza Rezvani@alirezarezvani

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included artifacts: architecture designer, cost optimizer, and serverless stack generator are present and the SKILL.md describes generating IaC, cost analysis, and deployment. The requested tools and files are proportional to designing AWS solutions.

ℹ

Instruction Scope

SKILL.md directs running local Python scripts to generate templates and explicitly shows deployment commands (aws cloudformation, cdk deploy, terraform apply) and troubleshooting steps. Those deployment steps will use the user's AWS credentials and can create/delete resources (and incur cost). The instructions do not attempt to read unrelated system files or exfiltrate data, but they do assume the agent/operator has AWS credentials and the ability to run CLI/SDK operations.

✓

Install Mechanism

No install spec is provided (instruction-only with included scripts). Nothing is downloaded from external URLs or installed automatically by the skill, which minimizes installation risk.

ℹ

Credentials

Registry metadata declares no required env vars, but the code and SKILL.md include AWS CLI/SDK usage (examples with boto3, aws CLI, CDK). This is expected for an AWS architect skill, but users should be aware the scripts and deploy commands require AWS credentials (AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY or configured CLI) and appropriate IAM permissions; those credentials are not requested explicitly in the skill metadata.

✓

Persistence & Privilege

Skill is not always-enabled and is user-invocable. It does not request persistent platform privileges or modify other skills' configs. Autonomous invocation remains possible (platform default) but there are no additional privilege escalations requested by the skill.

Scan Findings in Context

[boto3_usage] expected: Multiple example code blocks and references use boto3 (SecretsManager, Kinesis, DynamoDB). This is appropriate for an AWS-focused skill that demonstrates or automates AWS operations.

[kinesis_put_record] expected: Kinesis producer example appears in references; expected for real-time/data pipeline patterns in the skill.

[secretsmanager_get_secret_value] expected: Examples show retrieving secrets from AWS Secrets Manager. This is expected for code that demonstrates secure secret retrieval but means the generated templates and runbooks will assume secret management is in use.

[aws_cli_deploy_commands] expected: SKILL.md shows aws cloudformation create-stack / cdk deploy / terraform apply commands. These are necessary for deploying generated IaC but will operate with the caller's AWS credentials and can create/delete resources.

Assessment

This skill is coherent for designing and producing AWS architectures, IaC, and cost recommendations. Before using it: 1) Be aware running the publish/deploy commands (aws/cdk/terraform) will use your AWS credentials and can create or delete resources and incur costs — run in a test/sandbox account first. 2) Review generated CloudFormation/CDK/Terraform templates (especially IAM policies) before granting CAPABILITY_IAM or deploying; avoid blindly accepting overly-permissive '*' resources. 3) Provide least-privilege AWS credentials (or use an IAM role with narrow scope) and ensure logs/monitoring and billing alarms are enabled. 4) Verify there are no hardcoded secrets or ARNs in the generated output; the examples show using Secrets Manager (expected) but do not require hardcoding. If you want the agent to perform deployments autonomously, explicitly limit which account/role it may use and test in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97csftvap8ng79f6dvw862xmh82jp5d

1.9kdownloads

1stars

2versions

Updated 1mo ago

v2.1.1

MIT-0

AWS Solution Architect

Design scalable, cost-effective AWS architectures for startups with infrastructure-as-code templates.

Workflow

Step 1: Gather Requirements

Collect application specifications:

- Application type (web app, mobile backend, data pipeline, SaaS)
- Expected users and requests per second
- Budget constraints (monthly spend limit)
- Team size and AWS experience level
- Compliance requirements (GDPR, HIPAA, SOC 2)
- Availability requirements (SLA, RPO/RTO)

Step 2: Design Architecture

Run the architecture designer to get pattern recommendations:

python scripts/architecture_designer.py --input requirements.json

Example output:

{
  "recommended_pattern": "serverless_web",
  "service_stack": ["S3", "CloudFront", "API Gateway", "Lambda", "DynamoDB", "Cognito"],
  "estimated_monthly_cost_usd": 35,
  "pros": ["Low ops overhead", "Pay-per-use", "Auto-scaling"],
  "cons": ["Cold starts", "15-min Lambda limit", "Eventual consistency"]
}

Select from recommended patterns:

Serverless Web: S3 + CloudFront + API Gateway + Lambda + DynamoDB
Event-Driven Microservices: EventBridge + Lambda + SQS + Step Functions
Three-Tier: ALB + ECS Fargate + Aurora + ElastiCache
GraphQL Backend: AppSync + Lambda + DynamoDB + Cognito

See references/architecture_patterns.md for detailed pattern specifications.

Validation checkpoint: Confirm the recommended pattern matches the team's operational maturity and compliance requirements before proceeding to Step 3.

Step 3: Generate IaC Templates

Create infrastructure-as-code for the selected pattern:

# Serverless stack (CloudFormation)
python scripts/serverless_stack.py --app-name my-app --region us-east-1

Example CloudFormation YAML output (core serverless resources):

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Parameters:
  AppName:
    Type: String
    Default: my-app

Resources:
  ApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs20.x
      MemorySize: 512
      Timeout: 30
      Environment:
        Variables:
          TABLE_NAME: !Ref DataTable
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref DataTable
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /{proxy+}
            Method: ANY

  DataTable:
    Type: AWS::DynamoDB::Table
    Properties:
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
        - AttributeName: pk
          AttributeType: S
        - AttributeName: sk
          AttributeType: S
      KeySchema:
        - AttributeName: pk
          KeyType: HASH
        - AttributeName: sk
          KeyType: RANGE

Full templates including API Gateway, Cognito, IAM roles, and CloudWatch logging are generated by serverless_stack.py and also available in references/architecture_patterns.md.

Example CDK TypeScript snippet (three-tier pattern):

import * as ecs from 'aws-cdk-lib/aws-ecs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as rds from 'aws-cdk-lib/aws-rds';

const vpc = new ec2.Vpc(this, 'AppVpc', { maxAzs: 2 });

const cluster = new ecs.Cluster(this, 'AppCluster', { vpc });

const db = new rds.ServerlessCluster(this, 'AppDb', {
  engine: rds.DatabaseClusterEngine.auroraPostgres({
    version: rds.AuroraPostgresEngineVersion.VER_15_2,
  }),
  vpc,
  scaling: { minCapacity: 0.5, maxCapacity: 4 },
});

Step 4: Review Costs

Analyze estimated costs and optimization opportunities:

python scripts/cost_optimizer.py --resources current_setup.json --monthly-spend 2000

Example output:

{
  "current_monthly_usd": 2000,
  "recommendations": [
    { "action": "Right-size RDS db.r5.2xlarge → db.r5.large", "savings_usd": 420, "priority": "high" },
    { "action": "Purchase 1-yr Compute Savings Plan at 40% utilization", "savings_usd": 310, "priority": "high" },
    { "action": "Move S3 objects >90 days to Glacier Instant Retrieval", "savings_usd": 85, "priority": "medium" }
  ],
  "total_potential_savings_usd": 815
}

Output includes:

Monthly cost breakdown by service
Right-sizing recommendations
Savings Plans opportunities
Potential monthly savings

Step 5: Deploy

Deploy the generated infrastructure:

# CloudFormation
aws cloudformation create-stack \
  --stack-name my-app-stack \
  --template-body file://template.yaml \
  --capabilities CAPABILITY_IAM

# CDK
cdk deploy

# Terraform
terraform init && terraform apply

Step 6: Validate and Handle Failures

Verify deployment and set up monitoring:

# Check stack status
aws cloudformation describe-stacks --stack-name my-app-stack

# Set up CloudWatch alarms
aws cloudwatch put-metric-alarm --alarm-name high-errors ...

If stack creation fails:

Check the failure reason:

aws cloudformation describe-stack-events \
  --stack-name my-app-stack \
  --query 'StackEvents[?ResourceStatus==`CREATE_FAILED`]'

Review CloudWatch Logs for Lambda or ECS errors.
Fix the template or resource configuration.

Delete the failed stack before retrying:

aws cloudformation delete-stack --stack-name my-app-stack
# Wait for deletion
aws cloudformation wait stack-delete-complete --stack-name my-app-stack
# Redeploy
aws cloudformation create-stack ...

Common failure causes:

IAM permission errors → verify --capabilities CAPABILITY_IAM and role trust policies
Resource limit exceeded → request quota increase via Service Quotas console
Invalid template syntax → run aws cloudformation validate-template --template-body file://template.yaml before deploying

Tools

architecture_designer.py

Generates architecture patterns based on requirements.

python scripts/architecture_designer.py --input requirements.json --output design.json

Input: JSON with app type, scale, budget, compliance needs Output: Recommended pattern, service stack, cost estimate, pros/cons

serverless_stack.py

Creates serverless CloudFormation templates.

python scripts/serverless_stack.py --app-name my-app --region us-east-1

Output: Production-ready CloudFormation YAML with:

API Gateway + Lambda
DynamoDB table
Cognito user pool
IAM roles with least privilege
CloudWatch logging

cost_optimizer.py

Analyzes costs and recommends optimizations.

python scripts/cost_optimizer.py --resources inventory.json --monthly-spend 5000

Output: Recommendations for:

Idle resource removal
Instance right-sizing
Reserved capacity purchases
Storage tier transitions
NAT Gateway alternatives

Quick Start

MVP Architecture (< $100/month)

Ask: "Design a serverless MVP backend for a mobile app with 1000 users"

Result:
- Lambda + API Gateway for API
- DynamoDB pay-per-request for data
- Cognito for authentication
- S3 + CloudFront for static assets
- Estimated: $20-50/month

Scaling Architecture ($500-2000/month)

Ask: "Design a scalable architecture for a SaaS platform with 50k users"

Result:
- ECS Fargate for containerized API
- Aurora Serverless for relational data
- ElastiCache for session caching
- CloudFront for CDN
- CodePipeline for CI/CD
- Multi-AZ deployment

Cost Optimization

Ask: "Optimize my AWS setup to reduce costs by 30%. Current spend: $3000/month"

Provide: Current resource inventory (EC2, RDS, S3, etc.)

Result:
- Idle resource identification
- Right-sizing recommendations
- Savings Plans analysis
- Storage lifecycle policies
- Target savings: $900/month

IaC Generation

Ask: "Generate CloudFormation for a three-tier web app with auto-scaling"

Result:
- VPC with public/private subnets
- ALB with HTTPS
- ECS Fargate with auto-scaling
- Aurora with read replicas
- Security groups and IAM roles

Input Requirements

Provide these details for architecture design:

Requirement	Description	Example
Application type	What you're building	SaaS platform, mobile backend
Expected scale	Users, requests/sec	10k users, 100 RPS
Budget	Monthly AWS limit	$500/month max
Team context	Size, AWS experience	3 devs, intermediate
Compliance	Regulatory needs	HIPAA, GDPR, SOC 2
Availability	Uptime requirements	99.9% SLA, 1hr RPO

JSON Format:

{
  "application_type": "saas_platform",
  "expected_users": 10000,
  "requests_per_second": 100,
  "budget_monthly_usd": 500,
  "team_size": 3,
  "aws_experience": "intermediate",
  "compliance": ["SOC2"],
  "availability_sla": "99.9%"
}

Output Formats

Architecture Design

Pattern recommendation with rationale
Service stack diagram (ASCII)
Monthly cost estimate and trade-offs

IaC Templates

CloudFormation YAML: Production-ready SAM/CFN templates
CDK TypeScript: Type-safe infrastructure code
Terraform HCL: Multi-cloud compatible configs

Cost Analysis

Current spend breakdown with optimization recommendations
Priority action list (high/medium/low) and implementation checklist

Reference Documentation

Document	Contents
`references/architecture_patterns.md`	6 patterns: serverless, microservices, three-tier, data processing, GraphQL, multi-region
`references/service_selection.md`	Decision matrices for compute, database, storage, messaging
`references/best_practices.md`	Serverless design, cost optimization, security hardening, scalability

Comments

Loading comments...