aws-samples

Generate a complete ECS Fargate SOCI (Seekable OCI) example with Terraform. Demonstrates lazy-loading container images for faster task startup using SOCI index v2 manifests. Includes a heavy ML inference container (PyTorch + FastAPI) with and without SOCI for comparison. Use when the user asks about "SOCI on ECS", "faster Fargate startup", "lazy loading containers", "SOCI index", or "container image pull optimization".

Guide customers from idea to AWS architecture with structured discovery, service selection, and Well-Architected review. Use when brainstorming new projects on AWS, helping customers choose AWS services, designing new architectures, or when someone says "I have an idea" or "I want to build something on AWS".

Guided migration from AWS App Runner to Amazon ECS Express Mode. Covers IAM setup, deployment, custom domains, DNS cutover, cost comparison, and troubleshooting. Use when the user asks to "migrate from App Runner", "move to ECS Express Mode", "replace App Runner", or mentions App Runner deprecation.

Azure to AWS migration guidance with service mappings, gotchas, and assessment. Use when migrating from Microsoft Azure, mapping Azure services to AWS equivalents, assessing Azure environments, or planning Azure-to-AWS migrations.

GCP to AWS migration guidance with service mappings, gotchas, and assessment. Use when migrating from Google Cloud Platform, mapping GCP services to AWS equivalents, assessing GCP environments, or planning GCP-to-AWS migrations.

Deep-dive into Amazon RDS and Aurora database design, engine selection, high availability, and operations. This skill should be used when the user asks to "design an RDS database", "choose between RDS and Aurora", "configure Aurora Serverless", "set up read replicas", "plan a database migration", "configure RDS Proxy", "tune database parameters", "set up Multi-AZ", "plan blue/green deployments", or mentions RDS, Aurora, Aurora Serverless v2, database failover, or relational database design on AWS.

Deep-dive into Amazon Bedrock AgentCore platform design, service selection, deployment, and production operations. This skill should be used when the user asks to "design an AgentCore architecture", "deploy agents on AgentCore", "configure AgentCore Runtime", "set up AgentCore Memory", "use AgentCore Gateway", "configure AgentCore Identity", "set up AgentCore Policy", "plan agent observability", "evaluate agent quality", "move agent PoC to production", or mentions AgentCore, AgentCore Runtime, AgentCore Memory, AgentCore Gateway, AgentCore Identity, AgentCore Policy, AgentCore Evaluations, AgentCore Code Interpreter, AgentCore Browser, A2A protocol, or multi-agent orchestration on AWS.

Design and review AWS architectures following Well-Architected Framework principles. Use when planning new infrastructure, reviewing existing architectures, evaluating trade-offs between AWS services, or when asked about AWS best practices.

모든 사용자 발화·agent 행동·phase 전환·gate 판정을 ISO 8601 타임스탬프와 함께 감사 로그에 기록한다. 사용자 입력은 축약·요약 없이 verbatim blockquote로 보존하며, SOC2·ISMS-P 감사 요구사항에 매핑되는 보존 정책(30·90·365일)을 프로젝트별로 선택한다. 모든 AIDLC skill이 호출 가능한 공통 감사 계층을 제공한다.

Enforce Input/Output Guardrails at the LLM Gateway layer — PII redaction, Prompt Injection defense, Jailbreak detection, Toxicity filter, and Tool Allow-list. Integrates Bedrock Guardrails, NeMo Guardrails, Llama Guard 3, and regex/regex-ML policies on Bifrost/LiteLLM with Langfuse audit trail.

Inception 아티팩트(requirements, user-stories, workflow-plan)를 입력으로 받아 agentic 시스템의 컴포넌트 경계·인터페이스 계약·데이터 모델을 설계하고 `.omao/plans/construction/design.md`를 생성한다. Agent·Tool·Memory·Gateway 경계를 명확히 나누고 후속 code-generation·test-strategy skill의 단일 진실원 역할을 한다.

AIDLC 각 phase 종료 시점에 필수 gate 체크리스트를 강제한다. Inception gate는 요구사항·사용자 스토리·워크플로우 계획 서명을, Construction gate는 설계·코드·테스트 전수 통과와 risk-discovery PASS를, Operations gate는 continuous-eval 24시간 green과 cost-governance budget OK를 요구한다. 미통과 시 `.omao/state/gates/<phase>.json`에 blocked 상태를 기록하고 다음 phase 진입을 차단한다.

Construction 단계 실행 직전, Inception 아티팩트와 설계 문서를 교차 분석하여 12개 카테고리 기반 위험 체크포인트를 탐지한다. 비즈니스 연속성·보안·외부 통합·데이터 일관성·비용·성능·규제·가용성·장애 전파 반경·운영 복잡도·의존성 취약점·롤백 가능성을 각각 PASS/WARN/BLOCK으로 판정하고 BLOCK 항목은 다음 phase 진입을 차단한다.

AIDLC Inception 시작 시 자유 형식 발화 대신 구조화된 템플릿으로 프로젝트 정보를 수집한다. project-info 템플릿과 requirements 템플릿을 순차 생성하여 후속 workspace-detection·requirements-analysis·user-stories skill이 소비할 단일 진실원을 제공한다.

Conditionally generate user stories in As-a/I-want/So-that format only when changes are user-facing. Skips story generation for pure infrastructure or internal refactor work. Produces stories with acceptance criteria linked back to REQ-IDs.

Strategic workflow planning for AIDLC Phase 1 close-out. Chooses sequential / parallel-units / iterative execution mode via a decision tree, maps stories to units, and defines checkpoint gates. Produces workflow-plan.md as the hand-off artifact to the aidlc plugin construction phase.

Deep research with structured reports and charts. ONLY use when the user explicitly requests research/analysis, or needs data visualization with charts, or quantitative/comparative analysis across multiple sources. Do NOT use for simple questions or quick lookups.

Search the web and fetch content from URLs for current information, news, and research topics.

Web browser automation for tasks requiring UI interaction, login-protected pages, or human-like browsing when APIs are insufficient.

Autonomous coding agent. Delegate any task that involves understanding, writing, or running code — from a GitHub issue, a bug report, or a user request. It explores, implements, and verifies on its own.

Create hand-drawn style diagrams and flowcharts using Excalidraw

Create, modify, and manage Excel spreadsheets.

Manage GitHub issues, PRs, branches, and repositories via OAuth (3LO). For reading issues or PR details, not for deep code analysis — delegate that to code-agent.

Read, send, draft, delete, and organize Gmail emails

Guide developer teams through AIDLC Inception — structured requirements gathering, design, and artifact generation

Reviews agent code for security vulnerabilities, quality issues, and agent-specific best practices. Checks for prompt injection, credential exposure, unsafe execution, error handling, and testing.

Debugging specialist for AgentCore deployments: container failures, IAM permission errors, runtime exceptions, networking issues, and performance problems. Use when developers report errors, crashes, deployment failures, or need help troubleshooting their agent applications.

Generates deployment configurations for Amazon Bedrock AgentCore. Produces Dockerfiles, IAM policies, CDK stacks, buildspec files, runtime configs, and environment variable templates following AWS security best practices and least-privilege principles.

Reviews agent applications for platform deployment readiness. Checks containerization, secrets, config, health endpoints, statefulness, error handling, dependencies, and security.

Fleet operations specialist for agent restart, scaling, graceful draining, and capacity planning. Use when teams need to restart agents, scale the fleet up or down, drain agents for maintenance, or plan capacity.

Governance specialist for agent registration, Cedar policy management, message routing configuration, and platform compliance. Use when teams need to register agents, configure policies, set up routing patterns, or enforce governance standards.

Create structured GitHub issues from review and compliance findings

Compose a deployment from stack skills and generate executable artifacts (Makefiles, security disposition). Use when the user says 'compose', 'generate deployment', or invokes /ipa-compose.

Deploy a CodePipeline CI/CD pipeline with CodeBuild for automated build/test/deploy.

Deploy one-time prerequisite infrastructure from scripts/prepare.mk. Use when the user says 'prepare', 'deploy prerequisites', 'create ECR', or invokes /ipa-prepare.

Provision or update centralized security infrastructure (IAM roles) for an IPA project. Use when the user says 'security', 'set up security', 'IAM roles', or invokes /ipa-security.

Deploy a frontend tier stack: S3 static hosting + CloudFront distribution + OAC.

Deploy a centralized S3 log bucket for CloudFront, S3 access, and VPC flow logs.

[DEPRECATED] Use /ipa-compose codepipeline + /ipa-prepare instead.

Deploy a CodeCommit repository for source code management.

Evaluate AI Agent Skills across safety, quality, reliability, and cost efficiency. Audit for security issues (secrets, injection, unsafe installs), test functional correctness with-skill vs without-skill, measure trigger precision, classify cost-efficiency tradeoffs, track version lifecycle, and generate unified grades. Use when evaluating a skill before installing, auditing marketplace skills, proving your skill works with automated tests, setting up CI/CD quality gates, or comparing two skill versions. NOT for: evaluating full agent systems, testing non-skill plugins, runtime performance benchmarking, or monitoring production agent behavior.

checks PR names

Validates PR titles and branch names against the company naming convention. Use when the user mentions PR titles, branch naming, pull request naming conventions, or asks to check whether a PR title or branch name follows the standard format.

Validates PR titles and branch names against the company naming convention. Use when the user mentions PR titles, branch naming, pull request naming conventions, or asks to check whether a PR title or branch name follows the standard format.

Analyze CSV and JSON data files to produce summary statistics, detect anomalies, and generate formatted reports. Use when the user asks to summarize data, compute statistics (mean, median, percentiles), find outliers, or produce tabular reports from structured data files. NOT for: image analysis, unstructured text processing, database queries, or real-time streaming data.

Gets weather

A well-structured test skill that follows the agentskills.io spec. Use when testing skill evaluation tools.

A well-structured test skill that follows the agentskills.io spec. Use when testing skill evaluation tools.

Proactive prevention and pre-alarm health checks across the two China region accounts (aws-cn and aws-cn-2). Use this skill when the user asks about prevention, 防护, 预防, proactive, 体检, health check, risk assessment, 潜在风险, 隐患, or "what might break soon", and when the Evaluation agent runs scheduled recommendation workflows. Looks for conditions that predict future incidents — single points of failure, service quotas nearing limits, stale AMIs, aging credentials, certificates expiring within 30 days, deprecated Lambda runtimes. This skill is distinct from cross-account-security-posture-check, which reports current-state security risk. Prevention predicts future failure; security posture describes current exposure.

Draft step-by-step mitigation CLI commands for a root-caused incident in either China account (aws-cn or aws-cn-2). Use this skill after RCA has identified the root cause, when the user asks for mitigation, remediation, 缓解, 修复, 回滚, rollback, restore service, 怎么修, fix it, 怎么办. Covers common mitigation patterns such as credential rotation, Kubernetes pod rollout-restart, ALB target group reattach, security group rule revoke, IAM policy rollback, and safe CloudFormation stack rollback. Output always includes the exact CLI command, a one-line explanation of what it changes, a rollback/undo command, and an explicit human approval prompt. CRITICAL — this skill NEVER executes commands autonomously; every mitigation step requires explicit user approval before running.

Root cause analysis for a triaged incident in either China account (aws-cn or aws-cn-2). Use this skill after triage has produced a Triage Card, or when the user directly asks RCA, 根本原因, 根因, 为什么挂, why did X fail, deep dive, deep investigation, 深入分析, dig into, 调查. Correlates the CloudTrail API log window around the incident, recent deploy events (CloudFormation stack events, CodeDeploy, ECR pushes, Lambda updates), metric anomalies against prior-week baseline, and cross-account blast radius — specifically, whether the same failure pattern also hit the other China account around the same time, which would suggest a shared upstream cause (IAM partition-wide, AWS region event, or common dependency). Produces a single root-cause hypothesis plus the evidence chain. Does NOT execute remediation.

First-response triage for an incoming alarm, ticket, or failure report originating from either China account (aws-cn or aws-cn-2). Use this skill when the trigger is an alarm name, CloudWatch alarm payload, SIM ticket body, error log snippet, or a user phrase such as 告警, 出事了, 服务挂了, incident, triage, 分类, 初步判断, 看一下这个告警, what happened. Determines which of the two accounts is affected, classifies the incident into one of six classes (compute / network / identity-credentials / data / cost / unknown), estimates severity from the signal, and checks whether a similar incident fired recently so duplicates are marked. Output is a short triage card that hands off to RCA or mitigation depending on severity. This skill is the entry point of the incident response pipeline.

Routing and disambiguation guidance for the two AWS China region MCP servers exposed by this Agent Space. Use this skill whenever the user's request mentions "中国区", "China", "cn-north-1", "cn-northwest-1", "Beijing", "Ningxia", or any AWS resource that must resolve to a specific China partition account. The skill explains which MCP endpoint maps to which account, how to pick when the user does not specify, and how to label cross-account results so the user can tell them apart.

Diagnose and explain AWS partition ARN mismatches in China region accounts. Use this skill whenever an investigation in `cn-north-1` or `cn-northwest-1` involves ARNs starting with `arn:aws:` instead of `arn:aws-cn:`, or whenever symptoms include AccessDenied, AuthFailure, MalformedPolicyDocument, NoSuchEntity, or "principal cannot be assumed" errors against IAM roles, SNS topics, KMS keys, S3 buckets, or any other ARN-bearing resource. Triggers also include the user mentioning "partition", "aws-cn vs aws", "cross-partition", "中国区 ARN 不对", "global partition ARN in China account", "trust policy 写错了", or pasting any ARN that looks like `arn:aws:iam::*` while the account context is China. Importantly, use this skill BEFORE concluding that an IAM trust policy or resource policy is "missing permissions" — the more common root cause in China region accounts is a partition string mismatch that the agent and generic LLM debuggers consistently get wrong.

Retrieve, compare, and attribute AWS spend across the two China region accounts (aws-cn in cn-northwest-1 and aws-cn-2 in cn-north-1). Use this skill when the user asks about cost, spend, billing, 花费, 成本, 账单, 多少钱, expensive, 贵, top services, cost breakdown, month-over-month, budget, or wants to know which China account spends more and on what. Covers month-to-date, last month, last 90 days, and custom time ranges. Also use when the user wants to correlate cost with specific resources or services (e.g. "哪个账号的 EC2 花费高"). Report totals per account, top services per account, and deltas vs previous period when available.

Query the same AWS resource type (EC2, RDS, VPC, subnets, security groups, S3 buckets, Lambda functions, IAM roles, CloudFormation stacks, etc.) across both China region MCPs (aws-cn and aws-cn-2) and present a side-by-side comparison. Use this skill when the user asks to compare, diff, list across both, find differences, find matching resources by name or tag, or detect drift/inconsistency between the two China accounts. Triggers on phrases like "对比两个账号", "两边", "两个中国区", "aws-cn vs aws-cn-2", "宁夏和北京", "compare the two China accounts", "diff", "drift", "同名资源", "一致吗". Also use when the user wants an inventory that must cover both accounts regardless of which.

Publish HTML/Markdown design documents on GitLab Pages with selection-driven discussion. Reviewers select any text in the published doc; a floating 💬 bubble opens a prefilled GitLab Issue (title + anchor link + selection quote + label) in a new tab. GitLab handles auth via the user's existing session — no OAuth, no PAT, no API calls. Works on gitlab.com, self-hosted, and proxy-fronted GitLab.

AWS Bedrock AgentCore comprehensive expert for deploying and managing AI agents at scale. Use when working with any AgentCore service including Gateway, Runtime, Memory, Identity, Code Interpreter, Browser, Observability, Agent Registry, or Evaluations. Covers agent deployment, MCP tool integration, credential management, agent discovery, governance workflows, and automated quality assessment. Essential when user mentions AgentCore, agent runtime, agent registry, agent evaluation, MCP gateway, deploy agent, register MCP server, discover agents, evaluate agent quality, agent credentials, or wants to build, deploy, catalog, or monitor AI agents on AWS.

Systematic E2E testing workflow with evidence capture and reporting. Use when running integration tests, validating complete user flows, capturing test evidence, or generating test reports.

Migrate Quip documents to GitLab Wiki with full content preservation. Use when converting Quip docs to wiki, migrating documentation, or setting up GitLab wiki from Quip sources.

Comprehensive security and compliance scanning for AWS CDK projects. Use when running security audits, checking license compliance, scanning container vulnerabilities, or running aggregated SAST/IaC/secret analysis before deployment.

AWS Cloud Development Kit (CDK) expert for building cloud infrastructure with TypeScript/Python. Use when creating CDK stacks, defining CDK constructs, implementing infrastructure as code, or when the user mentions CDK, CloudFormation, IaC, cdk synth, cdk deploy, or wants to define AWS infrastructure programmatically. Covers CDK app structure, construct patterns, stack composition, and deployment workflows.

AWS cost optimization, monitoring, and operational excellence expert. Use when analyzing AWS bills, estimating costs, setting up CloudWatch alarms, querying logs, auditing CloudTrail activity, or assessing security posture. Essential when user mentions AWS costs, spending, billing, budget, pricing, CloudWatch, observability, monitoring, alerting, CloudTrail, audit, or wants to optimize AWS infrastructure costs and operational efficiency.

Configure AWS MCP servers for documentation search and API access. Use when setting up AWS MCP, configuring AWS documentation tools, troubleshooting MCP connectivity, or when user mentions aws-mcp, awsdocs, uvx setup, or MCP server configuration. Covers both Full AWS MCP Server (with uvx + credentials) and lightweight Documentation MCP (no auth required).

Use when a researcher needs to query biomedical databases for biomarker discovery, build target profiles from UniProt/Open Targets/STRING, rank biomarker candidates by evidence strength, or generate SQL queries against clinical genomic databases.

Use when orchestrating a multi-agent biomarker discovery workflow that requires coordinating database queries, pathway analysis, literature review, statistical modeling, and clinical evidence synthesis to produce ranked biomarker panels.

Use when a researcher needs to analyze biological pathways for biomarker discovery, map disease mechanisms to druggable targets using Reactome/KEGG, identify pathway enrichment from gene sets, or understand mechanism-of-action for candidate biomarkers.

Use when interpreting genomic variants from VCF files, performing clinical variant classification using ClinVar/VEP annotations, analyzing allele frequencies against population data (1000 Genomes), or generating clinical reports for genetic counseling.

Use when a developer wants to build a new healthcare or life sciences agent, structure tools and system prompts for an HCLS workflow, or create a Strands agent with domain-specific capabilities. Also use when someone asks about agent architecture, tool design, or system prompt patterns for clinical, genomics, or drug discovery use cases.

Use when a developer wants to deploy an HCLS agent to Amazon Bedrock AgentCore, configure Gateway tools as MCP endpoints, set up authentication with Cognito, configure memory, or register an agent in the AgentCore Registry. Also use for deployment troubleshooting.

Use when a developer asks how to get started building healthcare or life sciences agents, wants to understand the HCLS Agents Toolkit, or asks what's available in this repository. Also use when someone asks about genomics, drug discovery, clinical trials, or biomarker agents on AWS.

Use when a developer needs to query biomedical databases (UniProt, ClinVar, gnomAD, PDB, Reactome, Open Targets, etc.) via the Biomni Research Tools MCP server. Covers protein lookup, variant interpretation, pathway analysis, drug-target associations, and genomic annotation queries.

Generate a Well-Architected-aligned Architecture Decision Record (ADR) that documents a design decision with context, options evaluated, trade-offs, and WA pillar impact.

Analyze an AWS architecture for cost waste, right-sizing opportunities, and pricing model improvements aligned with the Well-Architected Cost Optimization pillar.

Assess a workload's readiness to migrate to AWS using Well-Architected principles, covering the 7 Rs, dependencies, risks, and a migration plan.

Assess a workload's operational excellence posture against the Well-Architected Operational Excellence pillar, covering organization, preparation, operation, and evolution. Use this skill when evaluating CI/CD practices, observability, incident management, runbook coverage, or operational maturity.

Evaluate a workload's performance efficiency against the Well-Architected Performance Efficiency pillar, covering resource selection, scaling, monitoring, and optimization opportunities.

Identify single points of failure, assess recovery capabilities, and produce a prioritized remediation plan aligned with the Well-Architected Reliability pillar.

Deep-dive security posture assessment against the Well-Architected Security pillar, covering identity, detection, infrastructure protection, data protection, and incident response.

Assess a workload's environmental sustainability posture against the Well-Architected Sustainability pillar, identifying opportunities to reduce carbon footprint through resource efficiency, managed services, and architectural optimization.

Expert guide for backing up AWS databases including Amazon Relational Database Service (Amazon RDS), Aurora, MS-SQL, MySQL, and PostgreSQL. Use when planning or executing database backup operations, retention policies, or restore procedures. Covers Amazon Simple Storage Service (Amazon S3) upload security.

Cross-region migration for compute services including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS), and Amazon Elastic Kubernetes Service (Amazon EKS). Covers AZ failure recovery, AMI/snapshot migration, coldsnap EBS Direct API transfers, AWS MGN agent-based migration, WSFC/SQL FCI cluster recovery, FSx ONTAP iSCSI, container image replication, task definition migration, Kubernetes workload backup/restore, and IRSA re-association.

Cross-region migration for database services including Amazon Relational Database Service (Amazon RDS), Amazon Aurora, Amazon Redshift, and Amazon ElastiCache. Covers snapshot copy and restore, cross-region read replica promotion, cross-region automated backups, Aurora Global Database failover, AWS KMS re-encryption, native database dump fallback, Amazon Redshift cross-region snapshot copy, and ElastiCache Global Datastore failover.

Cross-region migration for networking services including AWS Transit Gateway, AWS Site-to-Site VPN, AWS Client VPN, and AWS Direct Connect. Covers Transit Gateway recreation with VPC and Direct Connect gateway attachments, VPN tunnel configuration with pre-shared keys, Client VPN endpoint migration with certificate handling, and Direct Connect Gateway association.

Cross-region migration for security services including ACM, AWS KMS, AWS IAM Identity Center, IAM/STS federation, and AWS WAF. Covers certificate re-issuance and validation, KMS key re-encryption workflows, Encryption SDK re-keying, IAM Identity Center multi-region replication, SAML regional endpoint failover, STS endpoint configuration, and WAF WebACL cloning.

Querying and analyzing CloudWatch Logs, CloudTrail events, and other AWS log sources. Use when investigating errors, auditing actions, or understanding what happened with an AWS resource.

Debugging AWS network connectivity issues including Amazon Virtual Private Cloud (Amazon VPC), security groups, network ACLs (NACLs), route tables, VPC endpoints, DNS, load balancers, and AWS Transit Gateway. Use when troubleshooting connectivity failures or validating network paths.

Preflight validation for AWS CLI operations. Use before executing any AWS action to verify resource existence, permissions, quotas, and readiness. Covers Amazon S3, Amazon EC2, Amazon RDS, AWS Lambda, AWS IAM, Amazon ECS, Amazon DynamoDB, and other services.

Deploy RAPID application AWS infrastructure using CDK, including stack deployment, database migrations, and post-deployment verification. Use when explicitly asked to deploy, when running CDK bootstrap for first-time setup, or when deploying after code or infrastructure changes. Only execute when user says "please deploy".

Add new example use cases to the Examples feature, including file setup, metadata registration, thumbnail generation, and link verification. Use when a contributor provides PDF/PNG/TXT files for a new use case, when adding entries to the Examples page, or when verifying existing example GitHub URLs are accessible.

Run build verification and code formatting across all RAPID project components (backend, frontend, CDK). Use after implementing code changes, before committing, after modifying Prisma schema, or before creating a pull request.

Modify the review-item-processor agent's prompts, model configuration, confidence thresholds, JSON output schemas, and tool setup. Use when changing document or image review prompts, adjusting model IDs, modifying output format, updating citation settings, or adding new tools to the agent.

Modify CDK Step Functions workflows (ReviewProcessor and ChecklistProcessor) for the RAPID application, including workflow step changes, Map State concurrency, retry/timeout configuration, error handling, and parameter updates. Use when changing workflow step sequences, adjusting concurrency, modifying retry logic, or adding/removing workflow steps.

Create implementation plans for backend API endpoints and frontend features following RAPID layered architecture (domain/usecase/routes pattern, SWR hooks, feature-based organization). Use when adding or modifying backend APIs, frontend components, database schemas, or repository implementations. Also use for refactoring backend/frontend code.

Run repository integration tests against a local MySQL database for the RAPID backend. Use after implementing new repository methods, modifying Prisma database schema, testing use cases that depend on database access, or verifying data access patterns.

UI/CSS design patterns and component reference for the RAPID frontend, covering color semantics, button variant selection, status badge colors, dark mode, spacing, and component inventory. Use when implementing UI components, choosing button variants or colors, styling with Tailwind CSS, or checking available shared components.