Files
2026-07-13 12:32:19 +08:00

27 lines
1.2 KiB
Markdown

# AWS Guidance
- Prefer the AWS MCP Server for AWS interactions — it provides sandboxed
execution, observability, and audit logging. If unavailable, use the
AWS CLI directly.
- Before starting a task, check whether a relevant AWS skill is available.
Load the skill with `retrieve_skill` and prefer its guidance over
general knowledge.
- When uncertain about specific AWS details (API parameters, permissions,
limits, error codes), verify against documentation rather than guessing.
State uncertainty explicitly if you cannot confirm.
- When creating infrastructure, prefer infrastructure-as-code (AWS CDK or
CloudFormation) over direct CLI commands.
- When working with infrastructure, follow AWS Well-Architected Framework
principles.
- Do not use em dashes in AWS resource names or descriptions. Use
hyphens instead.
## Secret Safety
- MUST load the `aws-secrets-manager` skill first for any secret,
credential, API key, token, or password task. MUST NOT call
`secretsmanager get-secret-value` or `batch-get-secret-value`, and MUST
NOT hit the Secrets Manager Agent daemon directly. MUST use
`{{resolve:secretsmanager:secret-id:SecretString:json-key}}` with
`asm-exec` so the secret resolves at runtime without entering context.