1.2 KiB
1.2 KiB
AWS Guidance
- Prefer the AWS MCP Server for AWS interactions — it provides sandboxed execution, observability, and audit logging. If unavailable, use the AWS CLI directly.
- Before starting a task, check whether a relevant AWS skill is available.
Load the skill with
retrieve_skilland prefer its guidance over general knowledge. - When uncertain about specific AWS details (API parameters, permissions, limits, error codes), verify against documentation rather than guessing. State uncertainty explicitly if you cannot confirm.
- When creating infrastructure, prefer infrastructure-as-code (AWS CDK or CloudFormation) over direct CLI commands.
- When working with infrastructure, follow AWS Well-Architected Framework principles.
- Do not use em dashes in AWS resource names or descriptions. Use hyphens instead.
Secret Safety
- MUST load the
aws-secrets-managerskill first for any secret, credential, API key, token, or password task. MUST NOT callsecretsmanager get-secret-valueorbatch-get-secret-value, and MUST NOT hit the Secrets Manager Agent daemon directly. MUST use{{resolve:secretsmanager:secret-id:SecretString:json-key}}withasm-execso the secret resolves at runtime without entering context.