amazon-aurora-postgresql

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [Data Ingestion and Processing]: The skill is designed to process a requirements.json artifact from associated database selection tools. It implements sanity checks to validate required fields (engine, region, workload signals) before use, which helps mitigate risks associated with processing external data.
  • [Tiered Safety Guardrails]: A comprehensive safety model is enforced, categorizing operations into 'Confirm', 'High-impact' (requiring a risk briefing), and 'Block' (refusing destructive or high-risk actions like deletion or major upgrades). This structure ensures that high-risk operations are diverted to manual change-control processes or the AWS Console.
  • [Secure Authentication Practices]: The skill explicitly avoids the creation or storage of long-lived database credentials. Instead, it mandates the use of short-lived (15-minute) IAM authentication tokens generated via the official AWS SDK, which is a recommended security practice for cloud database environments.
  • [Use of Official AWS Resources]: All external data fetching for pricing and instance metadata targets official AWS domains (e.g., pricing.us-east-1.amazonaws.com). These downloads are performed by standard Python libraries or the official boto3 SDK to provide accurate, regionalized assessments.
  • [Operational Visibility]: The workflow includes steps to enable CloudWatch log exports after cluster creation, ensuring that database activity is logged and available for security auditing and operational monitoring.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 09:12 AM
Security Audit — agent-trust-hub — amazon-aurora-postgresql