aws-cloud-ops
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAWS Cloud Operations Skill
AWS云运维Skill
Installation
安装
The skill invokes the AWS CLI v2. Install and configure:
- Linux x86: Download AWS CLI v2, unzip, then
sudo ./aws/install - macOS: then run the installer
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" - Windows: Download MSI from AWS CLI v2 or use ; or install via package managers
msiexec
Configure: (access key, secret, region). Verify:
aws configureaws --version该Skill调用AWS CLI v2。请安装并配置:
- Linux x86:下载AWS CLI v2,解压后执行
sudo ./aws/install - macOS:执行,然后运行安装程序
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" - Windows:从AWS CLI v2下载MSI安装包,或使用;也可通过包管理器安装
msiexec
配置:执行(输入访问密钥、密钥、区域)。验证:执行
aws configureaws --versionCheat Sheet & Best Practices
速查表与最佳实践
Identity & config: — who am I; — list profiles.
aws sts get-caller-identityaws configure list-profilesS3: ; ; ; .
aws s3 lsaws s3 cp <local> s3://bucket/aws s3 sync ./dir s3://bucket/aws s3 rm s3://bucket/keyLambda: ; ; .
aws lambda list-functionsaws lambda invoke --function-name X output.jsonaws lambda get-function --function-name XCloudWatch: ; ; ; for alerts.
aws cloudwatch list-metricsaws cloudwatch get-metric-statisticsaws cloudwatch describe-alarmsput-metric-alarmEC2: ; // with .
aws ec2 describe-instancesstart-instancesstop-instancesterminate-instances--instance-idsBest practices: Use IAM roles over long-lived keys; set /; use and to limit response size; run destructive ops only after to confirm resources.
AWS_REGIONAWS_PROFILE--output json--querydescribe身份与配置: —— 查看当前身份; —— 列出配置文件。
aws sts get-caller-identityaws configure list-profilesS3:;;;。
aws s3 lsaws s3 cp <本地路径> s3://bucket/aws s3 sync ./dir s3://bucket/aws s3 rm s3://bucket/keyLambda:;;。
aws lambda list-functionsaws lambda invoke --function-name X output.jsonaws lambda get-function --function-name XCloudWatch:;;;使用创建告警。
aws cloudwatch list-metricsaws cloudwatch get-metric-statisticsaws cloudwatch describe-alarmsput-metric-alarmEC2:;使用//并指定。
aws ec2 describe-instancesstart-instancesstop-instancesterminate-instances--instance-ids最佳实践:优先使用IAM角色而非长期密钥;设置/环境变量;使用和限制响应大小;执行破坏性操作前先通过确认资源。
AWS_REGIONAWS_PROFILE--output json--querydescribeCertifications & Training
认证与培训
Free: AWS Skill Builder — exam prep, Cloud Quest, Cloud Essentials. Cloud Practitioner (CLF-C02): Cloud concepts, security/compliance, technology/services, billing (~6 months exposure). Solutions Architect Associate: Next step; prep on Skill Builder.
Skill data: Map to S3, Lambda, CloudWatch, EC2, IAM; security best practices; no hardcoded credentials.
免费资源:AWS Skill Builder —— 备考资料、Cloud Quest、Cloud Essentials。云从业者认证(CLF-C02):涵盖云概念、安全与合规、技术与服务、计费(建议有6个月相关经验)。解决方案架构师助理认证:进阶认证;可在Skill Builder上备考。
Skill相关数据:覆盖S3、Lambda、CloudWatch、EC2、IAM;包含安全最佳实践;禁止硬编码凭证。
Hooks & Workflows
钩子与工作流
Suggested hooks: Pre-deploy: validate credentials (). Cost-tracking hook: optional CloudWatch/billing checks. No mandatory hook; use when devops is routed for AWS tasks.
aws sts get-caller-identityWorkflows: Use with devops (contextual: ). Flow: detect AWS project → load aws-cloud-ops → run CLI via skill script. See if debugging AWS resources.
aws_projectoperations/incident-response推荐钩子:部署前:验证凭证(执行)。成本追踪钩子:可选CloudWatch/账单检查。无强制钩子;处理AWS任务时路由至devops时使用。
aws sts get-caller-identity工作流:与devops配合使用(上下文:)。流程:检测AWS项目 → 加载aws-cloud-ops → 通过Skill脚本运行CLI。如需调试AWS资源,请查看。
aws_projectoperations/incident-responseOverview
概述
Provides 90%+ context savings vs raw AWS MCP server. Multi-service support with progressive disclosure by service category.
相比原生AWS MCP服务器,可节省90%以上的上下文信息。支持多服务,按服务类别逐步展示内容。
Requirements
要求
- AWS CLI v2
- Configured credentials (AWS_PROFILE or ~/.aws/credentials)
- AWS_REGION environment variable
- AWS CLI v2
- 已配置凭证(AWS_PROFILE或~/.aws/credentials)
- AWS_REGION环境变量
Tools (Progressive Disclosure)
工具(逐步展示)
CloudWatch Operations
CloudWatch操作
| Tool | Description | Confirmation |
|---|---|---|
| logs-groups | List log groups | No |
| logs-tail | Tail log stream | No |
| logs-filter | Filter log events | No |
| metrics-list | List metrics | No |
| metrics-get | Get metric data | No |
| alarm-list | List alarms | No |
| alarm-create | Create alarm | Yes |
| 工具 | 描述 | 是否需要确认 |
|---|---|---|
| logs-groups | 列出日志组 | 否 |
| logs-tail | 跟踪日志流 | 否 |
| logs-filter | 过滤日志事件 | 否 |
| metrics-list | 列出指标 | 否 |
| metrics-get | 获取指标数据 | 否 |
| alarm-list | 列出告警 | 否 |
| alarm-create | 创建告警 | 是 |
S3 Operations
S3操作
| Tool | Description | Confirmation |
|---|---|---|
| s3-ls | List buckets/objects | No |
| s3-cp | Copy objects | Yes |
| s3-sync | Sync directories | Yes |
| s3-rm | Delete objects | Yes |
| 工具 | 描述 | 是否需要确认 |
|---|---|---|
| s3-ls | 列出存储桶/对象 | 否 |
| s3-cp | 复制对象 | 是 |
| s3-sync | 同步目录 | 是 |
| s3-rm | 删除对象 | 是 |
Lambda Operations
Lambda操作
| Tool | Description | Confirmation |
|---|---|---|
| lambda-list | List functions | No |
| lambda-get | Get function details | No |
| lambda-invoke | Invoke function | Yes |
| lambda-logs | Get function logs | No |
| 工具 | 描述 | 是否需要确认 |
|---|---|---|
| lambda-list | 列出函数 | 否 |
| lambda-get | 获取函数详情 | 否 |
| lambda-invoke | 调用函数 | 是 |
| lambda-logs | 获取函数日志 | 否 |
EC2 Operations
EC2操作
| Tool | Description | Confirmation |
|---|---|---|
| ec2-list | List instances | No |
| ec2-describe | Describe instance | No |
| ec2-start | Start instance | Yes |
| ec2-stop | Stop instance | Yes |
| sg-list | List security groups | No |
| 工具 | 描述 | 是否需要确认 |
|---|---|---|
| ec2-list | 列出实例 | 否 |
| ec2-describe | 描述实例信息 | 否 |
| ec2-start | 启动实例 | 是 |
| ec2-stop | 停止实例 | 是 |
| sg-list | 列出安全组 | 否 |
IAM Operations (Read-Only)
IAM操作(只读)
| Tool | Description | Confirmation |
|---|---|---|
| iam-users | List users | No |
| iam-roles | List roles | No |
| iam-policies | List policies | No |
| 工具 | 描述 | 是否需要确认 |
|---|---|---|
| iam-users | 列出用户 | 否 |
| iam-roles | 列出角色 | 否 |
| iam-policies | 列出策略 | 否 |
Quick Reference
快速参考
bash
undefinedbash
undefinedList EC2 instances
列出EC2实例
aws ec2 describe-instances --output table
aws ec2 describe-instances --output table
Tail CloudWatch logs
跟踪CloudWatch日志
aws logs tail /aws/lambda/my-function --follow
aws logs tail /aws/lambda/my-function --follow
List S3 buckets
列出S3存储桶
aws s3 ls
aws s3 ls
Invoke Lambda
调用Lambda
aws lambda invoke --function-name my-func output.json
undefinedaws lambda invoke --function-name my-func output.json
undefinedConfiguration
配置
- AWS_PROFILE: Named profile to use
- AWS_REGION: Target region (e.g., us-east-1)
- AWS_DEFAULT_OUTPUT: Output format (json/table/text)
- AWS_PROFILE:要使用的命名配置文件
- AWS_REGION:目标区域(例如:us-east-1)
- AWS_DEFAULT_OUTPUT:输出格式(json/table/text)
Security
安全
⚠️ Never hardcode credentials
⚠️ Use IAM roles when possible
⚠️ IAM write operations are blocked
⚠️ 禁止硬编码凭证
⚠️ 尽可能使用IAM角色
⚠️ IAM写入操作已被阻止
Agent Integration
Agent集成
- devops (primary): Cloud operations
- cloud-integrator (primary): Multi-cloud
- incident-responder (secondary): Troubleshooting
- devops(主要):云运维
- cloud-integrator(主要):多云集成
- incident-responder(次要):故障排查
Troubleshooting
故障排除
| Issue | Solution |
|---|---|
| Access denied | Check IAM permissions |
| Region error | Set AWS_REGION |
| Credentials | Run aws configure |
| 问题 | 解决方案 |
|---|---|
| 访问被拒绝 | 检查IAM权限 |
| 区域错误 | 设置AWS_REGION环境变量 |
| 凭证问题 | 执行aws configure |
Memory Protocol (MANDATORY)
内存协议(必须遵守)
Before starting:
Read
.claude/context/memory/learnings.mdAfter completing:
- New pattern ->
.claude/context/memory/learnings.md - Issue found ->
.claude/context/memory/issues.md - Decision made ->
.claude/context/memory/decisions.md
ASSUME INTERRUPTION: If it's not in memory, it didn't happen.
开始前:
阅读
.claude/context/memory/learnings.md完成后:
- 新模式 → 写入
.claude/context/memory/learnings.md - 发现问题 → 写入
.claude/context/memory/issues.md - 决策记录 → 写入
.claude/context/memory/decisions.md
假设会被中断:未记录到内存中的操作视为未执行。