amazon-aurora-postgresql
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [Data Ingestion and Processing]: The skill is designed to process a
requirements.jsonartifact from associated database selection tools. It implements sanity checks to validate required fields (engine, region, workload signals) before use, which helps mitigate risks associated with processing external data. - [Tiered Safety Guardrails]: A comprehensive safety model is enforced, categorizing operations into 'Confirm', 'High-impact' (requiring a risk briefing), and 'Block' (refusing destructive or high-risk actions like deletion or major upgrades). This structure ensures that high-risk operations are diverted to manual change-control processes or the AWS Console.
- [Secure Authentication Practices]: The skill explicitly avoids the creation or storage of long-lived database credentials. Instead, it mandates the use of short-lived (15-minute) IAM authentication tokens generated via the official AWS SDK, which is a recommended security practice for cloud database environments.
- [Use of Official AWS Resources]: All external data fetching for pricing and instance metadata targets official AWS domains (e.g., pricing.us-east-1.amazonaws.com). These downloads are performed by standard Python libraries or the official boto3 SDK to provide accurate, regionalized assessments.
- [Operational Visibility]: The workflow includes steps to enable CloudWatch log exports after cluster creation, ensuring that database activity is logged and available for security auditing and operational monitoring.
Audit Metadata