بنقرة واحدة
aws-cli-playbook
Canonical AWS CLI patterns for discover, plan, deploy, validate, and rollback
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Canonical AWS CLI patterns for discover, plan, deploy, validate, and rollback
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
**AWS Coworker Development Guardrails** - MANDATORY when extending or modifying AWS Coworker itself. TRIGGERS (use this skill when ANY of these apply): - User asks to add new skills, agents, or commands to AWS Coworker - User asks to modify existing AWS Coworker components - User asks about AWS Coworker architecture or design - User wants to add support for new AWS services - Discussion involves directory structure or file organization - User mentions "extending", "customizing", or "adding to" AWS Coworker - Creating or modifying files in: skills/, .claude/agents/, .claude/commands/, config/ NOT for: Using AWS Coworker to interact with AWS (that's CLAUDE.md's domain)
AWS Well-Architected Framework alignment for planning and review
Organization governance policies - never do, always do, and compliance rules
Git and GitHub best practices for AWS Coworker change management
Multi-account and OU strategy, landing zone patterns, and workload placement
Cost-aware AWS interaction and optimization patterns
| name | aws-cli-playbook |
| description | Canonical AWS CLI patterns for discover, plan, deploy, validate, and rollback |
| version | 1.0.0 |
| category | aws |
| agents | ["aws-coworker-core","aws-coworker-planner","aws-coworker-executor"] |
| tools | ["Bash","Read"] |
This skill provides canonical AWS CLI patterns for safe, effective AWS interactions. It covers discovery, planning, deployment, validation, and rollback patterns across major AWS services.
# Always explicit - never rely on defaults
aws ec2 describe-instances \
--profile dev-admin \
--region us-east-1
# JSON for parsing
aws ec2 describe-instances --output json
# Table for human review
aws ec2 describe-instances --output table
# Text for scripting
aws ec2 describe-instances --output text
# JMESPath queries for specific data
aws ec2 describe-instances \
--query 'Reservations[*].Instances[*].[InstanceId,State.Name,Tags[?Key==`Name`].Value|[0]]' \
--output table
# Test before execute
aws ec2 run-instances --dry-run ...
aws ec2 terminate-instances --dry-run ...
# Capture and verify
RESULT=$(aws ec2 run-instances ... --output json)
INSTANCE_ID=$(echo $RESULT | jq -r '.Instances[0].InstanceId')
echo "Created instance: $INSTANCE_ID"
# Who am I?
aws sts get-caller-identity --profile {profile}
# What permissions do I have? (simulate)
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789012:user/myuser \
--action-names ec2:DescribeInstances ec2:RunInstances \
--profile {profile}
# List my roles
aws iam list-roles --profile {profile}
# All instances
aws ec2 describe-instances \
--profile {profile} \
--region {region}
# Running instances only
aws ec2 describe-instances \
--filters "Name=instance-state-name,Values=running" \
--profile {profile} \
--region {region}
# Instances by tag
aws ec2 describe-instances \
--filters "Name=tag:Environment,Values=production" \
--profile {profile} \
--region {region}
# Instance summary table
aws ec2 describe-instances \
--query 'Reservations[*].Instances[*].[InstanceId,InstanceType,State.Name,Tags[?Key==`Name`].Value|[0],PrivateIpAddress]' \
--output table \
--profile {profile} \
--region {region}
# All VPCs
aws ec2 describe-vpcs \
--profile {profile} \
--region {region}
# Subnets with details
aws ec2 describe-subnets \
--query 'Subnets[*].[SubnetId,VpcId,CidrBlock,AvailabilityZone,Tags[?Key==`Name`].Value|[0]]' \
--output table \
--profile {profile} \
--region {region}
# Security groups
aws ec2 describe-security-groups \
--profile {profile} \
--region {region}
# Security groups with risky rules (0.0.0.0/0)
aws ec2 describe-security-groups \
--query 'SecurityGroups[?IpPermissions[?IpRanges[?CidrIp==`0.0.0.0/0`]]].[GroupId,GroupName,Description]' \
--output table \
--profile {profile} \
--region {region}
# All buckets
aws s3 ls --profile {profile}
# Bucket details
aws s3api get-bucket-location --bucket {bucket} --profile {profile}
aws s3api get-bucket-versioning --bucket {bucket} --profile {profile}
aws s3api get-bucket-encryption --bucket {bucket} --profile {profile}
aws s3api get-public-access-block --bucket {bucket} --profile {profile}
# Bucket size (can be slow for large buckets)
aws s3 ls s3://{bucket} --recursive --summarize --profile {profile}
# All DB instances
aws rds describe-db-instances \
--profile {profile} \
--region {region}
# DB instance summary
aws rds describe-db-instances \
--query 'DBInstances[*].[DBInstanceIdentifier,DBInstanceClass,Engine,DBInstanceStatus]' \
--output table \
--profile {profile} \
--region {region}
# DB clusters (Aurora)
aws rds describe-db-clusters \
--profile {profile} \
--region {region}
# All functions
aws lambda list-functions \
--profile {profile} \
--region {region}
# Function details
aws lambda get-function \
--function-name {function-name} \
--profile {profile} \
--region {region}
# Function summary
aws lambda list-functions \
--query 'Functions[*].[FunctionName,Runtime,MemorySize,Timeout]' \
--output table \
--profile {profile} \
--region {region}
# All users
aws iam list-users --profile {profile}
# All roles
aws iam list-roles \
--query 'Roles[*].[RoleName,Arn,CreateDate]' \
--output table \
--profile {profile}
# Role policy
aws iam list-attached-role-policies --role-name {role} --profile {profile}
aws iam list-role-policies --role-name {role} --profile {profile}
aws iam get-role-policy --role-name {role} --policy-name {policy} --profile {profile}
# All stacks
aws cloudformation list-stacks \
--stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE \
--profile {profile} \
--region {region}
# Stack details
aws cloudformation describe-stacks \
--stack-name {stack} \
--profile {profile} \
--region {region}
# Stack resources
aws cloudformation list-stack-resources \
--stack-name {stack} \
--profile {profile} \
--region {region}
# Stack events (useful for debugging)
aws cloudformation describe-stack-events \
--stack-name {stack} \
--profile {profile} \
--region {region}
# Start instance
aws ec2 start-instances \
--instance-ids i-xxxxxxxxx \
--profile {profile} \
--region {region}
# Stop instance (data preserved)
aws ec2 stop-instances \
--instance-ids i-xxxxxxxxx \
--profile {profile} \
--region {region}
# Terminate instance (DESTRUCTIVE)
aws ec2 terminate-instances \
--instance-ids i-xxxxxxxxx \
--profile {profile} \
--region {region}
# WARNING: Instance and non-persistent storage deleted
# Add ingress rule
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxxxx \
--protocol tcp \
--port 443 \
--cidr 10.0.0.0/8 \
--profile {profile} \
--region {region}
# Remove ingress rule
aws ec2 revoke-security-group-ingress \
--group-id sg-xxxxxxxxx \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0 \
--profile {profile} \
--region {region}
# Copy file
aws s3 cp local-file.txt s3://{bucket}/path/ --profile {profile}
# Sync directory
aws s3 sync ./local-dir s3://{bucket}/path/ --profile {profile}
# Delete object (DESTRUCTIVE)
aws s3 rm s3://{bucket}/path/file.txt --profile {profile}
# Delete bucket contents (VERY DESTRUCTIVE)
aws s3 rm s3://{bucket} --recursive --profile {profile}
# WARNING: All objects deleted, cannot be undone unless versioning enabled
# Add/update tags
aws ec2 create-tags \
--resources i-xxxxxxxxx \
--tags Key=Environment,Value=production Key=Owner,Value=platform-team \
--profile {profile} \
--region {region}
# Remove tags
aws ec2 delete-tags \
--resources i-xxxxxxxxx \
--tags Key=Temporary \
--profile {profile} \
--region {region}
# Create stack
aws cloudformation create-stack \
--stack-name {stack-name} \
--template-body file://template.yaml \
--parameters ParameterKey=Environment,ParameterValue=dev \
--capabilities CAPABILITY_IAM \
--tags Key=Environment,Value=dev \
--profile {profile} \
--region {region}
# Update stack (creates change set)
aws cloudformation create-change-set \
--stack-name {stack-name} \
--change-set-name {change-set-name} \
--template-body file://template.yaml \
--profile {profile} \
--region {region}
# Review change set
aws cloudformation describe-change-set \
--stack-name {stack-name} \
--change-set-name {change-set-name} \
--profile {profile} \
--region {region}
# Execute change set
aws cloudformation execute-change-set \
--stack-name {stack-name} \
--change-set-name {change-set-name} \
--profile {profile} \
--region {region}
# Wait for completion
aws cloudformation wait stack-update-complete \
--stack-name {stack-name} \
--profile {profile} \
--region {region}
# Synthesize (preview CloudFormation)
cdk synth --profile {profile}
# Diff (show changes)
cdk diff --profile {profile}
# Deploy (with approval)
cdk deploy --profile {profile} --require-approval broadening
# Deploy specific stack
cdk deploy MyStack --profile {profile}
# Initialize
terraform init
# Plan (preview)
terraform plan -var-file={env}.tfvars -out=plan.tfplan
# Apply plan
terraform apply plan.tfplan
# Apply with auto-approve (use with caution)
terraform apply -var-file={env}.tfvars -auto-approve
# Automatic rollback on failure (default)
# Stack returns to previous state
# Manual rollback via update
aws cloudformation update-stack \
--stack-name {stack-name} \
--use-previous-template \
--parameters ParameterKey=SomeParam,UsePreviousValue=true \
--profile {profile} \
--region {region}
# Delete failed stack
aws cloudformation delete-stack \
--stack-name {stack-name} \
--profile {profile} \
--region {region}
# Cancel update in progress
aws cloudformation cancel-update-stack \
--stack-name {stack-name} \
--profile {profile} \
--region {region}
# From snapshot (EBS)
aws ec2 create-volume \
--snapshot-id snap-xxxxxxxxx \
--availability-zone {az} \
--profile {profile} \
--region {region}
# Restore from AMI
aws ec2 run-instances \
--image-id ami-xxxxxxxxx \
--instance-type {type} \
--profile {profile} \
--region {region}
# List object versions (if versioning enabled)
aws s3api list-object-versions \
--bucket {bucket} \
--prefix {key} \
--profile {profile}
# Restore previous version
aws s3api copy-object \
--bucket {bucket} \
--copy-source {bucket}/{key}?versionId={version-id} \
--key {key} \
--profile {profile}
Detailed service-specific commands are in:
commands/bedrock.md - Bedrock patterns (model access, inference, guardrails)commands/bedrock-agentcore.md - Bedrock AgentCore patterns (agent runtimes, identity, gateway)commands/cloudformation.md - CloudFormation patternscommands/ec2.md - EC2 patternscommands/ecs.md - ECS patternscommands/eks.md - EKS patternscommands/iam.md - IAM patternscommands/lambda.md - Lambda patternscommands/organizations.md - Organizations patternscommands/rds.md - RDS patternscommands/s3.md - S3 patternscommands/vpc.md - VPC/networking patternsaws-well-architected — Architectural alignmentaws-governance-guardrails — Policy complianceaws-org-strategy — Multi-account context