Skip to main content
ClaudeWave
Skill279 repo starsupdated 6d ago

aws-cloudformation-s3

This CloudFormation skill provides patterns for building production-ready S3 bucket configurations, including bucket policies, versioning, lifecycle rules, and template best practices like Parameters, Outputs, and Mappings. Use it when deploying S3 infrastructure through CloudFormation that requires access control, data protection, lifecycle management, or cross-stack resource references.

View sourceRepository: developer-kit
Install in Claude Code
Copy
git clone --depth 1 https://github.com/giuseppe-trisciuoglio/developer-kit /tmp/aws-cloudformation-s3 && cp -r /tmp/aws-cloudformation-s3/plugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-s3 ~/.claude/skills/aws-cloudformation-s3
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# AWS CloudFormation S3 Patterns

Provides S3 bucket configurations, policies, versioning, lifecycle rules, and CloudFormation template structure best practices for production-ready infrastructure.

## When to Use

- Creating S3 buckets with custom configurations
- Implementing bucket policies for access control
- Configuring S3 versioning for data protection
- Setting up lifecycle rules for data management
- Creating Outputs for cross-stack references
- Using Parameters with AWS-specific types
- Organizing templates with Mappings and Conditions

## Overview

S3 bucket configurations, policies, versioning, lifecycle rules, and CloudFormation template structure for production-ready infrastructure.

## Instructions

1. **Define Bucket Resources**: Create `AWS::S3::Bucket` with versioning, encryption, PublicAccessBlock
2. **Configure Bucket Policy**: Set up IAM policies for access control
3. **Set Up Lifecycle Rules**: Define transitions and expiration policies
4. **Configure CORS**: Allow cross-origin requests if needed
5. **Add Outputs**: Export bucket names/ARNs for cross-stack references

**Validate before deploy:**
```bash
aws cloudformation validate-template --template-body file://template.yaml
```

**Deploy with rollback on failure:**
```bash
aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name my-s3-stack \
  --capabilities CAPABILITY_IAM
```

If deployment fails, CloudFormation automatically rolls back. Check failures with:
```bash
aws cloudformation describe-stack-events --stack-name my-s3-stack
```

## Quick Reference

| Resource Type | Purpose |
|---------------|---------|
| `AWS::S3::Bucket` | Create S3 bucket |
| `AWS::S3::BucketPolicy` | Set bucket-level policies |
| `AWS::S3::BucketReplication` | Cross-region replication |
| Parameters | Input values for customization |
| Mappings | Static configuration tables |
| Conditions | Conditional resource creation |
| Outputs | Return values for cross-stack references |

## Examples

### Basic S3 Bucket

```yaml
Resources:
  DataBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-data-bucket
```

### Bucket with Versioning and Encryption

```yaml
DataBucket:
  Type: AWS::S3::Bucket
  Properties:
    BucketName: !Sub "${AWS::StackName}-data"
    VersioningConfiguration:
      Status: Enabled
    BucketEncryption:
      ServerSideEncryptionConfiguration:
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256
    PublicAccessBlockConfiguration:
      BlockPublicAcls: true
      BlockPublicPolicy: true
```

### Lifecycle Rule

```yaml
DataBucket:
  Type: AWS::S3::Bucket
  Properties:
    LifecycleConfiguration:
      Rules:
        - Id: ArchiveOldData
          Status: Enabled
          Transitions:
            - StorageClass: GLACIER
              TransitionInDays: 365
```

### Bucket Policy

```yaml
BucketPolicy:
  Type: AWS::S3::BucketPolicy
  Properties:
    Bucket: !Ref DataBucket
    PolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            AWS: !Ref RoleArn
          Action:
            - s3:GetObject
          Resource: !Sub "${DataBucket.Arn}/*"
```

See [references/complete-examples.md](references/complete-examples.md) for more complete examples including CORS, static websites, replication, and production-ready configurations.

## Template Structure

### Template Sections

```yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Template description

Mappings: {}       # Static configuration tables
Metadata: {}       # Additional information
Parameters: {}     # Input values
Conditions: {}     # Conditional creation
Transform: {}      # Macro processing
Resources: {}      # AWS resources (REQUIRED)
Outputs: {}        # Return values
```

### Parameters

```yaml
Parameters:
  BucketName:
    Type: String
    Description: S3 bucket name
    Default: my-bucket
    MinLength: 3
    MaxLength: 63
    AllowedPattern: '^[a-z0-9-]+$'
```

### Conditions

```yaml
Conditions:
  IsProduction: !Equals [!Ref Environment, prod]
  ShouldEnableVersioning: !Equals [!Ref EnableVersioning, 'true']

Resources:
  DataBucket:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: !If [ShouldEnableVersioning, Enabled, Suspended]
```

### Outputs

```yaml
Outputs:
  BucketName:
    Description: Name of the S3 bucket
    Value: !Ref DataBucket
    Export:
      Name: !Sub '${AWS::StackName}-BucketName'
```

See [references/advanced-configuration.md](references/advanced-configuration.md) for detailed Mappings, Conditions, Parameters, and cross-stack references.

## Best Practices

1. **Public Access Block**: Always enable for non-static website buckets
2. **Versioning**: Enable for critical data to prevent accidental deletion
3. **Bucket Policies**: Use instead of ACLs for access control
4. **Lifecycle Rules**: Implement cost optimization with tiering
5. **Encryption**: Enable default encryption (SSE-KMS or AES256)
6. **Tags**: Tag all resources for organization and cost allocation
7. **Outputs**: Export bucket names/ARNs for cross-stack references
8. **Parameters**: Use parameters for reusability across environments

## Common Troubleshooting

**Bucket already exists**: Use unique bucket names with CloudFormation stack name
**Access denied**: Verify bucket policy and IAM permissions
**Versioning conflicts**: Cannot suspend versioning once objects exist
**Lifecycle not working**: Check rule status and prefix filters
**Cross-stack references**: Ensure outputs are exported before importing

## Related Skills

- [aws-cloudformation-security](../aws-cloudformation-security/) - Security best practices for S3
- [aws-cloudformation-lambda](../aws-cloudformation-lambda/) - Lambda triggers for S3 events
- [aws-cloudformation-iam](../aws-cloudformation-iam/) - IAM roles for S3 access

## References

### Complete Examples
- **[references/complete-examples.md](references/complete-examples.md)** - Basic buckets, versioning, lifecycle, C
More from this repository
chunking-strategySkill

Provides chunking strategies for RAG systems. Generates chunk size recommendations (256-1024 tokens), overlap percentages (10-20%), and semantic boundary detection methods. Validates semantic coherence and evaluates retrieval precision/recall metrics. Use when building retrieval-augmented generation systems, vector databases, or processing large documents.

prompt-engineeringSkill

>

ragSkill

Implements document chunking, embedding generation, vector storage, and retrieval pipelines for Retrieval-Augmented Generation systems. Use when building RAG applications, creating document Q&A systems, or integrating AI with knowledge bases.

aws-cloudformation-auto-scalingSkill

Provides AWS CloudFormation patterns for Auto Scaling including EC2, ECS, and Lambda. Use when creating Auto Scaling groups, launch configurations, launch templates, scaling policies, lifecycle hooks, and predictive scaling. Covers template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references, and best practices for high availability and cost optimization.

aws-cloudformation-bedrockSkill

Provides AWS CloudFormation patterns for Amazon Bedrock resources including agents, knowledge bases, data sources, guardrails, prompts, flows, and inference profiles. Use when creating Bedrock agents with action groups, implementing RAG with knowledge bases, configuring vector stores, setting up content moderation guardrails, managing prompts, orchestrating workflows with flows, and configuring inference profiles for model optimization.

aws-cloudformation-cloudfrontSkill

Provides AWS CloudFormation patterns for CloudFront distributions, origins (ALB, S3, Lambda@Edge, VPC Origins), CacheBehaviors, Functions, SecurityHeaders, parameters, Outputs and cross-stack references. Use when creating CloudFront distributions with CloudFormation, configuring multiple origins, implementing caching strategies, managing custom domains with ACM, configuring WAF, and optimizing performance.

aws-cloudformation-cloudwatchSkill

Provides AWS CloudFormation patterns for CloudWatch monitoring, metrics, alarms, dashboards, logs, and observability. Use when creating CloudWatch metrics, alarms, dashboards, log groups, log subscriptions, anomaly detection, synthesized canaries, Application Signals, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references, and CloudWatch best practices for monitoring production infrastructure.

aws-cloudformation-dynamodbSkill

Provides AWS CloudFormation patterns for DynamoDB tables, GSIs, LSIs, auto-scaling, and streams. Use when creating DynamoDB tables with CloudFormation, configuring primary keys, local/global secondary indexes, capacity modes (on-demand/provisioned), point-in-time recovery, encryption, TTL, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references.