s3_skill

This skill helps you manage AWS S3 buckets and objects securely, enabling efficient uploads, lifecycle policies, and access control.
  • Python

976

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill itsmostafa/aws-agent-skills --skill s3

  • security.md7.4 KB
  • SKILL.md9.1 KB

Overview

This skill provides AWS S3 object storage capabilities for programmatic bucket management, object operations, and access control. It exposes actions to create and configure buckets, upload and download objects, generate presigned URLs, and apply lifecycle or replication policies. The skill is optimized for automation tasks in agentic workflows using boto3 and AWS CLI patterns.

How this skill works

The skill wraps common S3 operations: bucket creation with secure defaults, versioning and public access controls, object uploads/downloads and sync, presigned URL generation for temporary access, and lifecycle or notification configuration. It validates region, permission requirements, and typical failure modes (access denied, CORS, signer/region mismatch) and surfaces actionable error conditions. Commands follow AWS CLI and boto3 idioms so they integrate easily into automation scripts.

When to use it

  • Create new buckets with secure defaults (encryption, block public access, versioning).
  • Upload, download, sync, or copy large numbers of objects across prefixes or buckets.
  • Provide temporary upload or download access via presigned URLs.
  • Implement lifecycle policies to transition or expire objects for cost control.
  • Configure event notifications to trigger Lambdas or other consumers.
  • Set up static website hosting or cross-region replication for durability and availability.

Best practices

  • Block public access at account and bucket level unless explicit public hosting is required.
  • Enable versioning and consider MFA Delete for critical buckets to protect against accidental or malicious deletes.
  • Prefer bucket policies over ACLs and enable server-side encryption (SSE-S3 or SSE-KMS).
  • Use lifecycle rules and Intelligent-Tiering to optimize cost for infrequently accessed data.
  • Use multipart upload for large files and enable transfer acceleration for cross-region performance.
  • Enable access logging, S3 Storage Lens, and VPC endpoints for secure, auditable access.

Example use cases

  • Provision a secure bucket for application backups with versioning, encryption, and lifecycle rules.
  • Generate presigned PUT URLs so clients can upload files without exposing credentials.
  • Sync a local data directory to S3 and transition older objects to Glacier using lifecycle policies.
  • Configure S3 event notifications to invoke a Lambda that processes newly uploaded images.
  • Copy or replicate objects to another region for disaster recovery.

FAQ

Check the bucket policy, IAM permissions, public access block settings, object ownership, and any VPC endpoint policy. Use aws sts get-caller-identity and get-bucket-policy to debug.

How long are presigned URLs valid and what can cause 403 errors?

Presigned URLs expire after the specified ExpiresIn. 403 errors commonly come from URL expiry, signer lacking s3:GetObject or s3:PutObject, bucket policy blocking access, or using the wrong region for v4 signatures.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
s3 skill by itsmostafa/aws-agent-skills | VeilStrat