The Agent Skills Directory

Infrastructure Management and Best Practices: The skill provides a structured approach to deploying AWS resources using the AWS CLI. It defaults to secure configurations, such as encrypted EBS volumes (gp3), termination protection for production environments, and detailed CloudWatch monitoring.\n- Secure Credential Management: For instances requiring SSH access, the procedure includes steps to create key pairs. It explicitly instructs the user to save the private key material locally and directs the agent to never request or inspect the key contents, preventing sensitive data exposure to the model.\n- Least-Privilege Security Configuration: Security groups are configured with a 'least privilege' mindset, recommending restricted ingress rules (e.g., avoiding 0.0.0.0/0 for SSH) and preferring AWS Systems Manager Session Manager for access, which does not require open inbound ports or SSH keys.\n- Identity and Access Management: The skill automates the creation of IAM roles and instance profiles, attaching only the specific policies required for the defined workload (e.g., AmazonSSMManagedInstanceCore or S3 read-only access).\n- Trusted Resource Usage: External downloads, such as the CloudWatch agent, are sourced from official AWS S3 buckets. The skill also utilizes well-known utilities like ifconfig.me for IP detection to assist in configuring security group rules accurately.

launching-ec2-instance-with-best-practices