s3_skill
- Python
976
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill itsmostafa/aws-agent-skills --skill s3- security.md7.4 KB
- SKILL.md9.1 KB
Overview
This skill provides AWS S3 object storage capabilities for programmatic bucket management, object operations, and access control. It exposes actions to create and configure buckets, upload and download objects, generate presigned URLs, and apply lifecycle or replication policies. The skill is optimized for automation tasks in agentic workflows using boto3 and AWS CLI patterns.
How this skill works
The skill wraps common S3 operations: bucket creation with secure defaults, versioning and public access controls, object uploads/downloads and sync, presigned URL generation for temporary access, and lifecycle or notification configuration. It validates region, permission requirements, and typical failure modes (access denied, CORS, signer/region mismatch) and surfaces actionable error conditions. Commands follow AWS CLI and boto3 idioms so they integrate easily into automation scripts.
When to use it
- Create new buckets with secure defaults (encryption, block public access, versioning).
- Upload, download, sync, or copy large numbers of objects across prefixes or buckets.
- Provide temporary upload or download access via presigned URLs.
- Implement lifecycle policies to transition or expire objects for cost control.
- Configure event notifications to trigger Lambdas or other consumers.
- Set up static website hosting or cross-region replication for durability and availability.
Best practices
- Block public access at account and bucket level unless explicit public hosting is required.
- Enable versioning and consider MFA Delete for critical buckets to protect against accidental or malicious deletes.
- Prefer bucket policies over ACLs and enable server-side encryption (SSE-S3 or SSE-KMS).
- Use lifecycle rules and Intelligent-Tiering to optimize cost for infrequently accessed data.
- Use multipart upload for large files and enable transfer acceleration for cross-region performance.
- Enable access logging, S3 Storage Lens, and VPC endpoints for secure, auditable access.
Example use cases
- Provision a secure bucket for application backups with versioning, encryption, and lifecycle rules.
- Generate presigned PUT URLs so clients can upload files without exposing credentials.
- Sync a local data directory to S3 and transition older objects to Glacier using lifecycle policies.
- Configure S3 event notifications to invoke a Lambda that processes newly uploaded images.
- Copy or replicate objects to another region for disaster recovery.
FAQ
Check the bucket policy, IAM permissions, public access block settings, object ownership, and any VPC endpoint policy. Use aws sts get-caller-identity and get-bucket-policy to debug.
How long are presigned URLs valid and what can cause 403 errors?
Presigned URLs expire after the specified ExpiresIn. 403 errors commonly come from URL expiry, signer lacking s3:GetObject or s3:PutObject, bucket policy blocking access, or using the wrong region for v4 signatures.