amazon-aurora-mysql
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAmazon Aurora MySQL
Amazon Aurora MySQL
A modular toolkit for Aurora MySQL organized as a registry of sub-skills. Each sub-skill handles one domain of Aurora MySQL work. The router matches user intent to the right sub-skill, then loads only the references needed. (For Aurora PostgreSQL — and its express-configuration quick-start — use the skill.)
amazon-aurora-postgresql这是一个针对Aurora MySQL的模块化工具包,以子技能注册表的形式组织。每个子技能负责处理Aurora MySQL某一领域的工作。路由模块会将用户意图匹配到对应的子技能,然后仅加载所需的参考资料。(如需处理Aurora PostgreSQL及其快速配置入门,请使用技能。)
amazon-aurora-postgresqlOperating procedure (follow in order)
操作流程(按顺序执行)
- Route — match the request to a sub-skill using the Trigger phrases column (match on meaning, not exact wording), then confirm with the When to route here column.
- Load — the matched sub-skill's
file_readand announce the path. Do not answer a matched sub-skill from general knowledge alone.references/{id}-instructions.md - Analyze / advise — perform the sub-skill's work; run a bundled script when the user supplies the inputs (see Scripts).
- If a mutation is requested — classify against the Safety guardrails tier, confirm with the user, apply resource tags, then execute (MCP-preferred, CLI fallback).
- Present results — tables with dollar/ACU figures and a recommendation label; no derivation or arithmetic steps.
Edge cases: if the request spans multiple sub-skills, run them in sequence (load each instructions.md in turn). If no sub-skill matches, answer directly from Aurora MySQL knowledge. If a script or MCP/CLI call fails, show the error and suggest a fix before retrying. The numbered Global rules below are details that hang off these steps.
- 路由 — 使用「触发短语」列将请求匹配到子技能(匹配语义而非精确措辞),再通过「路由至此的场景」列确认匹配结果。
- 加载 — 通过读取匹配子技能的
file_read文件,并告知文件路径。不得仅依靠通用知识回答匹配子技能的请求。references/{id}-instructions.md - 分析/建议 — 执行子技能对应的工作;当用户提供输入时运行捆绑脚本(参见脚本部分)。
- 若请求变更操作 — 根据安全防护层级分类,与用户确认,应用资源标签,然后执行操作(优先使用MCP,CLI作为备选)。
- 呈现结果 — 使用包含美元/ACU数值和推荐标签的表格;无需展示推导或计算步骤。
边缘情况:若请求涉及多个子技能,依次运行(逐个加载对应的instructions.md文件)。若无匹配的子技能,直接基于Aurora MySQL的通用知识回答。若脚本或MCP/CLI调用失败,显示错误信息并建议修复方案后再重试。以下列出的全局规则是上述步骤的详细补充。
Sub-skill registry
子技能注册表
Column semantics: Trigger phrases = the keyword index you match the request against (step 1). When to route here = the decision logic confirming the match. Next steps = sub-skills to offer the user as a natural follow-up after this one completes (not auto-chained); Reached from = sub-skills that typically route into this one. Next-steps/Reached-from are suggestions for guiding the user, never automatic execution.
| ID | Name | When to route here | Trigger phrases | Reached from | Next steps |
|---|---|---|---|---|---|
| Create Cluster | Routes Aurora MySQL cluster creation requests. Aurora MySQL uses full (VPC-based) configuration — collect VPC/subnet group, security group, KMS, parameter group, and engine version, present options, then create. (Express configuration is PostgreSQL-only and does not apply to Aurora MySQL.) | create a cluster, new database, set up Aurora MySQL, get started, need a MySQL database, provision | — | |
| Aurora serverless Advisory | All Aurora serverless questions: ACU sizing, scale-to-zero behavior and compatibility, provisioned→serverless migration, capacity planning, and feature constraints. | ACU sizing, Aurora serverless, scale-to-zero, provisioned to serverless, how many ACUs, capacity, auto-scaling, RDS Proxy compatibility, scale-to-zero incompatibility, serverless limitations | | |
| I/O-Optimized Storage | Evaluates whether to switch from Aurora Standard to I/O-Optimized (aurora-iopt1). Uses the 25% I/O cost threshold rule. | I/O-Optimized, aurora-iopt1, storage type switch, 25% threshold, I/O costs too high, storage comparison | — | — |
| Commitment Pricing | Compares Reserved Instances vs Database Savings Plans for provisioned clusters, and DSP-only for Aurora serverless. 1yr vs 3yr analysis. | Reserved Instance, RI, Savings Plan, DSP, 1yr vs 3yr, commitment, cost optimization, overpaying | | — |
| Upgrade Planning | Major and minor version upgrade planning for Aurora MySQL. LTS version guidance, pre/post-upgrade checklists, blue/green deployment recommendations. | upgrade, version, LTS, pre-upgrade checklist, post-upgrade, major version, minor version, end of life, deprecation | — | — |
列语义说明:「触发短语」= 用于匹配用户请求的关键词索引(步骤1)。「路由至此的场景」= 确认匹配的决策逻辑。「后续步骤」= 当前子技能完成后,向用户自然推荐的后续子技能(不会自动链式执行);「来源子技能」= 通常会路由到当前子技能的其他子技能。后续步骤/来源子技能仅用于引导用户,绝不会自动执行。
| ID | 名称 | 路由至此的场景 | 触发短语 | 来源子技能 | 后续步骤 |
|---|---|---|---|---|---|
| 创建集群 | 处理Aurora MySQL集群创建请求。Aurora MySQL采用完整的(基于VPC的)配置——需收集VPC/子网组、安全组、KMS、参数组和引擎版本,提供选项后再创建。(快速配置仅适用于PostgreSQL,不适用于Aurora MySQL。) | 创建集群, 新数据库, 搭建Aurora MySQL, 开始使用, 需要MySQL数据库, 配置 | — | |
| Aurora Serverless咨询 | 处理所有Aurora Serverless相关问题:ACU规格调整、缩容至零的行为与兼容性、预配置型到Serverless的迁移、容量规划以及功能限制。 | ACU规格调整, Aurora Serverless, 缩容至零, 预配置转Serverless, 需要多少ACU, 容量, 自动扩缩容, RDS Proxy兼容性, 缩容至零不兼容, Serverless限制 | | |
| I/O优化存储 | 评估是否从Aurora标准存储切换到I/O优化存储(aurora-iopt1)。采用25% I/O成本阈值规则。 | I/O优化存储, aurora-iopt1, 存储类型切换, 25%阈值, I/O成本过高, 存储对比 | — | — |
| 承诺定价 | 对比预配置集群的预留实例(Reserved Instances)与数据库储蓄计划(Database Savings Plans),以及Aurora Serverless仅适用的DSP方案。包含1年期与3年期分析。 | 预留实例, RI, 储蓄计划, DSP, 1年vs3年, 承诺定价, 成本优化, 过度付费 | | — |
| 升级规划 | 处理Aurora MySQL的主版本和次版本升级规划。提供LTS版本指导、升级前后检查清单、蓝绿部署建议。 | 升级, 版本, LTS, 升级前检查清单, 升级后, 主版本, 次版本, 生命周期结束, 弃用 | — | — |
Global rules (apply to every sub-skill)
全局规则(适用于所有子技能)
-
Execute, don't just suggest. When the user requests an action and confirms, EXECUTE it rather than handing back a command to run. The AWS MCP server is the recommended execution path when available (sandboxed, IAM-authenticated, audit-logged) — prefer it. When MCP tools are not available (e.g. Claude Code, Cursor, or other non-MCP hosts), use the AWS CLI / SDK directly with the sameoperation. Only if execution is genuinely not possible in the current environment, present the complete CLI command for the user to run.
aws rds ... -
Confirmation before mutation. MUST confirm with the user before any create or modify operation. Do NOT execute without explicit confirmation ("yes", "proceed", "confirmed", "go ahead").
-
Resource tagging (always apply on resource creation). When creating any cluster or instance, ALWAYS include these tags:Use your model id if known; if you cannot reliably determine it, use
--tags Key=created_by,Value=aurora-skill Key=generation_model,Value={your-model-id}— never let tagging block the create. Include these tags even if the user does not mention tagging. If the user provides additional tags, append these to their tags.Value=unknown -
Safety guardrails.Tier 1 — Confirm (a yes/no confirmation is enough; no risk briefing required):
- (full/VPC configuration — Aurora MySQL does not support express)
create-db-cluster create-db-instance- (ACU scaling)
modify-db-cluster --serverless-v2-scaling-configuration modify-db-cluster --backup-retention-period- /
modify-db-cluster --deletion-protection--no-deletion-protection modify-db-cluster --enable-cloudwatch-logs-exportsmodify-db-cluster --preferred-backup-window- (Data API)
modify-db-cluster --enable-http-endpoint - ,
add-tags-to-resourceremove-tags-from-resource
Tier 2 — High-impact: state the specific risk, THEN confirm (spell out the impact before asking; do not call any API until the user confirms with that risk in front of them):- — no downtime for most instance classes; requires restart for NVMe/Optimized Reads instances (r6gd, r6id, r8gd). Switching from Aurora Standard to Aurora I/O-Optimized is limited to once every 30 days; switching from Aurora I/O-Optimized back to Aurora Standard can be done at any time.
modify-db-cluster --storage-type - — causes failover in multi-AZ
modify-db-instance --db-instance-class - for a minor version upgrade — applied in the maintenance window (or immediately with
modify-db-cluster --engine-version); brief failover/restart. State the target version and the restart impact, then confirm. (For a major version upgrade, see Block below — route to--apply-immediatelyfirst.)upgrade-planning- How to tell minor from major (Aurora MySQL): the Aurora MySQL version is (e.g.
major.minor.patch,3.06). The major digit (3.08= MySQL 5.7-compatible,2= MySQL 8.0-compatible,3+) is the major version; the second number is the minor version. So 3.06 → 3.08 is a MINOR upgrade (major8.4unchanged) → handle here in Tier 2. A change in the leading major (e.g.3, or 5.7 → 8.0 compatibility) is a major upgrade → Block. When unsure, treat it as major and route to2.x → 3.x.upgrade-planning
- How to tell minor from major (Aurora MySQL): the Aurora MySQL version is
- Any modify with — bypasses maintenance window
--apply-immediately
Tier 3 — Block (refuse, explain why, redirect to console/change-control):- ,
delete-db-cluster— irreversibledelete-db-instance - ,
failover-db-cluster— production impactswitchover-blue-green-deployment - across major versions — requires prechecks and rollback plan
modify-db-cluster --engine-version - ,
modify-db-cluster --master-user-password— credential management must be performed by the customer directly. Use AWS Secrets Manager rotation or the AWS Console.--manage-master-user-password - — network security posture change
modify-db-cluster --vpc-security-group-ids - — can break applications
modify-db-cluster --db-cluster-parameter-group-name - ,
create-db-instance --publicly-accessible— NEVER make Aurora instances publicly accessible. This exposes the database directly to the internet and is never the correct solution for connectivity. See secure connection alternatives below.modify-db-instance --publicly-accessible - ,
purchase-reserved-db-instances-offering— financial commitmentcreate-savings-plan - ,
reboot-db-instance— production impactreboot-db-cluster
When blocking, you MUST refuse immediately. Do NOT call any AWS API. Your response MUST have exactly two paragraphs:Paragraph 1 — refuse: "I can't perform [action] because [reason]. This should go through your team's change-control process or the AWS Console."Paragraph 2 — alternative (from the table below, always included):- ,
purchase-reserved-db-instances-offering→ "I can run a commitment pricing assessment (RI vs DSP comparison) so you have the numbers to bring to procurement."create-savings-plan - ,
delete-db-cluster→ "I can help with snapshot creation or final-snapshot validation before deletion."delete-db-instance - (major version) → "I can run an upgrade assessment — target version recommendation, prechecks, and pre/post checklists."
modify-db-cluster --engine-version - ,
failover-db-cluster→ "I can validate the cluster's state and review the failover/switchover plan with you."switchover-blue-green-deployment - ,
reboot-db-instance→ "I can check for pending modifications and recommend a maintenance window."reboot-db-cluster - /
modify-db-cluster --master-user-password→ "Rotate the password via AWS Secrets Manager or the AWS Console; both are safer than a direct API call. I can walk you through enabling Secrets Manager managed rotation."--manage-master-user-password - → "Making the instance publicly accessible exposes the database directly to the internet — this is a security anti-pattern even for prototypes. Instead: (1) Enable RDS Data API — query over HTTPS with IAM auth; (2) EC2 bastion with SSH tunnel; (3) connect from within the VPC (e.g. a workload in the same VPC or via VPN/Direct Connect). I can help you set up any of these."
--publicly-accessible - → "I can describe the cluster's current security-group configuration and help you draft the intended change so you can apply it through your team's change-control process or the AWS Console."
modify-db-cluster --vpc-security-group-ids - → "I can review the current parameter group and compare it against the target group (highlighting reboot-required parameters) so you can prepare the change for your team's change-control process or the AWS Console."
modify-db-cluster --db-cluster-parameter-group-name
Never omit paragraph 2. A refusal without an alternative is incomplete. -
Reference loading. Before responding to any matched sub-skill request, you MUST readusing your file-read tool (
references/{id}-instructions.mdif available, otherwise whatever your runtime exposes). Do not answer a matched sub-skill from the registry summary alone. Announce the path in your reply.file_read -
Stay in scope. Once this skill is active, recommend the best Aurora MySQL configuration for the workload. Do not suggest non-AWS alternatives. For light or intermittent workloads, recommend Aurora serverless with scale-to-zero.
-
Never fabricate. Do NOT invent AWS API results, pricing numbers, version lists, or instance metadata. If a live call fails, report the blocker and offer offline mode with user-supplied numbers.
-
Carry context forward. Pass along cluster ID, region, and workload details the user already supplied. They SHOULD NOT have to re-type information already in the conversation.
-
Broad requests. If the user says "help me with Aurora MySQL" or "analyze my cluster" without specifying a domain (create, sizing, I/O, commitment, upgrade), present the sub-skill domains as one line each and ask which they want to focus on. Do NOT silently pick a sub-skill and run it. Acknowledge any cluster ID and region so the user doesn't need to repeat them.
-
Out-of-scope topics. If the user asks about an Aurora feature not covered by a sub-skill (e.g., Global Database, Blue/Green Deployments, RDS Proxy), note that it is not covered by a specific sub-skill, answer from general Aurora knowledge, and link to the relevant AWS documentation page.
-
Credential safety. Do not create, store, or display long-lived credentials or DB passwords.is approved when IAM database authentication is enabled on the cluster — it produces a short-lived (15-minute) IAM token. Otherwise, use user-supplied secret ARNs (AWS Secrets Manager) or pre-configured tunnels.
aws rds generate-db-auth-token -
Present results clearly. Use tables with dollar figures, ACU numbers, and recommendation labels. Do NOT show derivation or arithmetic steps. Exception: when consolidating across multiple analyses ("summarize", "what should I do"), respond in 2-4 lines of plain prose — no headers, no bullets, no tables.
-
执行而非仅建议。当用户请求操作并确认后,直接执行操作,而非返回需要手动运行的命令。AWS MCP服务器是推荐的执行路径(沙箱环境、IAM认证、审计日志)——优先使用。当MCP工具不可用时(如Claude Code、Cursor或其他非MCP宿主环境),直接使用AWS CLI/SDK执行相同的操作。只有当当前环境确实无法执行时,才向用户提供完整的CLI命令供其自行运行。
aws rds ... -
变更前需确认。在执行任何创建或修改操作前,必须与用户确认。未经明确确认(如“yes”、“proceed”、“confirmed”、“go ahead”)不得执行操作。
-
资源标签(创建资源时始终应用)。创建任何集群或实例时,必须包含以下标签:若已知模型ID则使用;若无法可靠确定模型ID,使用
--tags Key=created_by,Value=aurora-skill Key=generation_model,Value={your-model-id}——绝不能因标签问题阻止创建操作。即使用户未提及标签,也需添加这些标签。若用户提供额外标签,将这些标签追加到用户提供的标签之后。Value=unknown -
安全防护机制层级1 — 确认(只需是/否确认;无需风险说明):
- (完整/VPC配置——Aurora MySQL不支持快速配置)
create-db-cluster create-db-instance- (ACU扩缩容)
modify-db-cluster --serverless-v2-scaling-configuration modify-db-cluster --backup-retention-period- /
modify-db-cluster --deletion-protection--no-deletion-protection modify-db-cluster --enable-cloudwatch-logs-exportsmodify-db-cluster --preferred-backup-window- (Data API)
modify-db-cluster --enable-http-endpoint - ,
add-tags-to-resourceremove-tags-from-resource
层级2 — 高影响:说明具体风险,再确认(明确说明影响后再请求确认;用户确认前不得调用任何API):- — 大多数实例类无停机时间;NVMe/优化读取实例(r6gd、r6id、r8gd)需重启。从Aurora标准存储切换到I/O优化存储限制为每30天一次;从I/O优化存储切换回标准存储无时间限制。
modify-db-cluster --storage-type - — 多可用区部署会触发故障转移
modify-db-instance --db-instance-class - (次版本升级)—— 在维护窗口应用(或使用
modify-db-cluster --engine-version立即应用);会出现短暂故障转移/重启。说明目标版本和重启影响,再确认。(主版本升级请参见下方“阻止”部分——先路由到--apply-immediately子技能。)upgrade-planning- 如何区分Aurora MySQL的主/次版本:Aurora MySQL版本格式为(如
主版本.次版本.补丁、3.06)。主版本数字(3.08=兼容MySQL 5.7,2=兼容MySQL 8.0,3+)为主版本;第二个数字为次版本。因此3.06 → 3.08是次版本升级(主版本8.4未变)——在此层级处理。主版本变更(如3,或5.7→8.0兼容)为主版本升级——阻止操作。若不确定,视为主版本升级并路由到2.x → 3.x。upgrade-planning
- 如何区分Aurora MySQL的主/次版本:Aurora MySQL版本格式为
- 任何带的修改操作——绕过维护窗口
--apply-immediately
层级3 — 阻止(拒绝执行,说明原因,重定向到控制台/变更控制流程):- ,
delete-db-cluster— 不可逆操作delete-db-instance - ,
failover-db-cluster— 影响生产环境switchover-blue-green-deployment - 跨主版本升级——需要预检查和回滚计划
modify-db-cluster --engine-version - ,
modify-db-cluster --master-user-password— 凭证管理必须由客户直接执行。使用AWS Secrets Manager自动轮换或AWS控制台。--manage-master-user-password - — 变更网络安全策略
modify-db-cluster --vpc-security-group-ids - — 可能导致应用故障
modify-db-cluster --db-cluster-parameter-group-name - ,
create-db-instance --publicly-accessible— 绝不能将Aurora实例设置为公开访问。这会将数据库直接暴露到互联网,绝非连接问题的正确解决方案。请参见下方安全连接替代方案。modify-db-instance --publicly-accessible - ,
purchase-reserved-db-instances-offering— 财务承诺create-savings-plan - ,
reboot-db-instance— 影响生产环境reboot-db-cluster
阻止操作时,必须立即拒绝。不得调用任何AWS API。回复必须包含两段内容:第一段 — 拒绝:“我无法执行[操作],原因是[理由]。此操作应通过您团队的变更控制流程或AWS控制台执行。”第二段 — 替代方案(从下表选择,必须包含):- ,
purchase-reserved-db-instances-offering→ “我可以进行承诺定价评估(RI与DSP对比),为您提供提交给采购部门的数据。”create-savings-plan - ,
delete-db-cluster→ “我可以协助您创建快照或在删除前验证最终快照。”delete-db-instance - (主版本)→ “我可以进行升级评估——提供目标版本建议、预检查和升级前后检查清单。”
modify-db-cluster --engine-version - ,
failover-db-cluster→ “我可以验证集群状态并与您一起审核故障转移/切换计划。”switchover-blue-green-deployment - ,
reboot-db-instance→ “我可以检查待处理的修改操作并推荐合适的维护窗口。”reboot-db-cluster - /
modify-db-cluster --master-user-password→ “通过AWS Secrets Manager或AWS控制台轮换密码;这两种方式比直接API调用更安全。我可以指导您启用Secrets Manager托管的自动轮换功能。”--manage-master-user-password - → “将实例设置为公开访问会将数据库直接暴露到互联网——即使是原型环境,这也是一种安全反模式。替代方案:(1) 启用RDS Data API——通过HTTPS和IAM认证查询;(2) 带SSH隧道的EC2堡垒机;(3) 从VPC内部连接(如同一VPC内的工作负载或通过VPN/Direct Connect)。我可以协助您设置其中任何一种方案。”
--publicly-accessible - → “我可以描述集群当前的安全组配置,并协助您起草预期的变更内容,以便您通过团队的变更控制流程或AWS控制台应用。”
modify-db-cluster --vpc-security-group-ids - → “我可以审核当前参数组并与目标组进行对比(突出显示需要重启的参数),以便您为团队的变更控制流程或AWS控制台准备变更内容。”
modify-db-cluster --db-cluster-parameter-group-name
绝不能省略第二段。仅拒绝而不提供替代方案的回复是不完整的。 -
参考资料加载。在回复任何匹配子技能的请求前,必须使用文件读取工具(如,或运行时提供的其他工具)读取
file_read文件。不得仅依靠注册表摘要回答匹配子技能的请求。回复中需告知文件路径。references/{id}-instructions.md -
保持范围。激活此技能后,为工作负载推荐最佳的Aurora MySQL配置。不得建议非AWS替代方案。对于轻量或间歇性工作负载,推荐支持缩容至零的Aurora Serverless。
-
绝不编造。不得虚构AWS API结果、定价数据、版本列表或实例元数据。若实时调用失败,报告阻塞问题并提供使用用户提供数据的离线模式。
-
上下文延续。传递用户已提供的集群ID、区域和工作负载详情。用户无需重复输入对话中已有的信息。
-
宽泛请求。若用户仅说“帮我处理Aurora MySQL”或“分析我的集群”而未指定领域(创建、规格调整、I/O、承诺定价、升级),将子技能领域以单行形式列出并询问用户关注哪一项。不得静默选择子技能并执行。确认用户提供的集群ID和区域,避免用户重复输入。
-
超出范围的主题。若用户询问子技能未覆盖的Aurora功能(如全局数据库、蓝绿部署、RDS Proxy),说明该功能未被特定子技能覆盖,基于Aurora通用知识回答,并链接到相关AWS文档页面。
-
凭证安全。不得创建、存储或显示长期凭证或数据库密码。当集群启用IAM数据库认证时,是允许的——它会生成短期(15分钟)IAM令牌。否则,使用用户提供的密钥ARN(AWS Secrets Manager)或预配置隧道。
aws rds generate-db-auth-token -
清晰呈现结果。使用包含美元数值、ACU数字和推荐标签的表格。不得展示推导或计算步骤。例外情况:当整合多个分析结果时(如“总结”、“我该怎么做”),以2-4行普通 prose 回复——无标题、无项目符号、无表格。
Scripts
脚本
Bundled scripts in for offline analysis. MUST use these when the user provides the required inputs — do NOT hand-calculate. Each script documents its full flags/usage in its own and header docstring; read those on demand rather than relying only on the one-line usage below.
scripts/--helpScript execution model: If a shell is available, execute the script directly and present the output. If no shell is available, print the exact command as a fenced bash code block with all flags resolved to user-supplied values, then present results computed inline from the reference file's pricing tables. (Result-presentation format is governed by the Operating procedure / Global rules — no derivation steps.)
| Script | Purpose | Usage |
|---|---|---|
| Aurora serverless ACU sizing | |
| I/O-Optimized breakeven | |
| RI vs DSP cost comparison | |
scripts/--help**脚本执行模型:**若有shell可用,直接执行脚本并呈现输出。若无shell可用,打印完整的命令(以fenced bash代码块形式,所有参数替换为用户提供的值),然后基于参考文件中的定价表在线计算并呈现结果。(结果呈现格式需遵循操作流程/全局规则——无推导步骤。)
| 脚本 | 用途 | 用法 |
|---|---|---|
| Aurora Serverless ACU规格计算 | |
| I/O优化存储收支平衡点分析 | |
| RI与DSP成本对比 | |
Troubleshooting
故障排除
- AccessDenied: Attach +
AmazonRDSReadOnlyAccessfor reads. For creates/modifies, use a custom policy scoped toCloudWatchReadOnlyAccess,rds:CreateDBCluster,rds:CreateDBInstance,rds:ModifyDBCluster,rds:ModifyDBInstance, andrds:AddTagsToResource. See Identity and access management for Amazon Aurora.rds:Describe* - ExpiredToken / credentials: Refresh your AWS credentials using whatever mechanism you use (e.g. re-run your SSO/,
aws sso login, assume-role, or refresh the profile), then retry. Do not assume a specific credential tool.ada credentials update - DBClusterNotFoundFault: Verify region and cluster ID.
- Throttling: Retry once, then narrow scope.
- AccessDenied: 附加+
AmazonRDSReadOnlyAccess权限用于读取操作。对于创建/修改操作,使用范围限定为CloudWatchReadOnlyAccess,rds:CreateDBCluster,rds:CreateDBInstance,rds:ModifyDBCluster,rds:ModifyDBInstance和rds:AddTagsToResource的自定义策略。参见Amazon Aurora的身份与访问管理。rds:Describe* - ExpiredToken / 凭证问题: 使用您常用的机制刷新AWS凭证(如重新运行SSO/、
aws sso login、角色切换或刷新配置文件),然后重试。不得假设特定的凭证工具。ada credentials update - DBClusterNotFoundFault: 验证区域和集群ID。
- Throttling: 重试一次,然后缩小请求范围。
Additional Resources
额外资源
Handoff from aws-database-selection
从aws-database-selection移交
This skill can be entered from after it produces a . When you see a path matching in conversation:
aws-database-selectionrequirements.jsonaws_dbs_requirements/*/requirements.json- Read the artifact. Sanity-check it has the fields you'll use — at minimum (or workload type),
engine, and the workload signals you route on (capacity/ACU hints, storage size, connectivity/VPC needs, version). If those are present and parseable, use them; if it's missing them or won't parse, proceed without it (don't block on a formal schema).region - Acknowledge relevant facts in 1-2 bold sentences.
- Scope-check: if the artifact doesn't match Aurora (e.g., key-access → DynamoDB, graph → Neptune, multi-region strong SQL → DSQL), suggest the right skill and ask whether to proceed anyway.
- Continue with this skill's sub-skill routing.
当生成后,可进入此技能。若对话中出现路径匹配的文件:
aws-database-selectionrequirements.jsonaws_dbs_requirements/*/requirements.json- 读取该文件。检查是否包含所需字段——至少包含(或工作负载类型)、
engine以及用于路由的工作负载信号(容量/ACU提示、存储大小、连接/VPC需求、版本)。若这些字段存在且可解析,则使用;若缺失或无法解析,无需依赖该文件继续操作(不要因格式问题阻塞流程)。region - 用1-2句加粗的句子确认相关信息。
- 范围检查:若文件内容与Aurora不匹配(如键值访问→DynamoDB、图数据库→Neptune、多区域强一致性SQL→DSQL),建议使用对应的技能并询问是否仍要继续。
- 继续执行此技能的子技能路由流程。