AWS development with CDK best practices, infrastructure patterns, and deployment workflows.
What it does
Claude generates CDK code that looks like CloudFormation written in TypeScript — raw L1 constructs, manually specified resource properties that CDK's L2 constructs handle automatically, missing IAM permissions that are only discovered at deploy time, and infrastructure patterns that work in isolation but violate AWS security baselines. This skill loads CDK best practices: correct L2 construct usage, least-privilege IAM generation, VPC and networking patterns, environment-aware stacks, and the specific CDK idioms that differ from what CloudFormation experience suggests.
Use case
Building AWS infrastructure with CDK. The failure mode this prevents most often: Claude generating IAM policies that are too permissive or CDK code that deploys but fails at runtime because permissions are incorrect. Made by zxkane.
"Build a CDK stack for a serverless API: API Gateway, Lambda, and DynamoDB with correct IAM." "Create a VPC with public and private subnets, a NAT gateway, and security groups." "Add an S3 bucket with versioning, lifecycle rules, and a CloudFront distribution." "Build an ECS Fargate service with auto-scaling and a load balancer." "Review this CDK stack for security issues — specifically IAM and network exposure."
Describe the infrastructure you need at a high level. Claude generates L2 constructs, not L1 raw properties.
For IAM: describe what each resource needs to do. Claude generates least-privilege policies rather than wildcards.
Claude generates CDK in TypeScript by default — specify Python if preferred.
Input
A description of the infrastructure you need — services, connectivity requirements, security constraints, and scale characteristics.
Output
CDK TypeScript code using correct L2 constructs, least-privilege IAM policies generated from actual usage requirements, and infrastructure patterns that follow AWS security baselines.
npx skillsadd zxkane/skills/aws-cdk-skills
Requires skills.sh CLI
Agent Skills for developers using AI agents with Supabase — database, auth, storage, and edge functions.
Manage local CLI AI agents via tmux — start, stop, monitor, assign tasks, and schedule with cron.
Modern encryption alternative to GPG/PGP with post-quantum support and agent-to-agent communication.