- Home
- Skills
- Giuseppe Trisciuoglio
- Developer Kit
- Aws Cloudformation S3
aws-cloudformation-s3_skill
- Python
99
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-s3- SKILL.md36.9 KB
Overview
This skill provides production-ready AWS CloudFormation patterns for Amazon S3. It helps you define buckets, policies, versioning, lifecycle rules, encryption, logging, replication, and cross-stack outputs. Use it to build consistent, reusable templates that follow AWS best practices for S3 infrastructure.
How this skill works
The skill supplies template structure and examples that show how to declare Parameters, Mappings, Conditions, Resources, and Outputs for S3. It covers common resource types (AWS::S3::Bucket, AWS::S3::BucketPolicy) and configurations like PublicAccessBlock, ServerSideEncryption, VersioningConfiguration, LifecycleConfiguration, LoggingConfiguration, and cross-stack Exports/Imports. Templates are ready to adapt with AWS-specific parameter types and conditional logic.
When to use it
- Creating new S3 buckets with encryption, tags, and access controls
- Implementing bucket policies and IAM roles for scoped access
- Enabling versioning and lifecycle rules for data protection and cost control
- Adding logging, replication, or CORS for operational and DR requirements
- Building reusable CloudFormation stacks and cross-stack references
Best practices
- Use AWS-specific parameter types (e.g., AWS::S3::Bucket::Name) for validation and console UX
- Always enable PublicAccessBlock and server-side encryption unless public hosting is required
- Enable versioning and use lifecycle rules to transition older objects to cheaper storage classes
- Export only necessary Outputs and import with Fn::ImportValue to keep stacks decoupled
- Group template inputs with Metadata and use Mappings/Conditions to avoid hard-coded region or environment values
Example use cases
- A production data bucket with versioning, AES-256 encryption, and lifecycle rules to GLACIER
- A logging bucket configured for access logs with LogDeliveryWrite ACL and separate logging stack
- A cross-region replication setup using source and destination buckets defined in separate stacks
- A serverless application where an S3 bucket triggers a Lambda via AWS::Serverless::Function Transform
- A deployable template that exposes BucketName and BucketArn as exported Outputs for other teams
FAQ
Yes. Use parameters typed as AWS::S3::Bucket::Name or Fn::ImportValue to reference existing exported bucket names and ARNs.
How do I prevent accidental public access?
Enable PublicAccessBlockConfiguration (BlockPublicAcls, BlockPublicPolicy, IgnorePublicAcls, RestrictPublicBuckets) and restrict bucket policies to least privilege.