aws-cli-beast
AWS CLI Beast provides advanced command-line patterns for managing AWS services at scale, including EC2, Lambda, S3, DynamoDB, RDS, VPC, and IAM. Use it when performing bulk operations, executing complex JMESPath queries for filtering, automating cross-service workflows, managing multi-region or multi-profile environments, validating security configurations, or building CLI-driven infrastructure automation with safety-first practices like dry-run validation.
git clone --depth 1 https://github.com/giuseppe-trisciuoglio/developer-kit /tmp/aws-cli-beast && cp -r /tmp/aws-cli-beast/plugins/developer-kit-aws/skills/aws/aws-cli-beast ~/.claude/skills/aws-cli-beastSKILL.md
# AWS CLI Beast Mode
## Overview
Advanced AWS CLI patterns for speed, precision, and security-first automation. Covers JMESPath queries, bulk operations, waiters, cross-account access, and destructive operation safety.
## When to Use
- Bulk operations across thousands of AWS resources
- Advanced JMESPath filtering and output transformation
- Automated scripts for AWS routines
- Multi-profile and multi-region management
- Security auditing and compliance checks
- CLI-driven infrastructure-as-code workflows
## Instructions
### Step 1: Categorize the Request
| Category | Services | Commands |
|----------|----------|----------|
| Compute | EC2, Lambda | describe-instances, invoke, publish-version |
| Storage | S3 | sync, cp, mb, rb, presign |
| Database | DynamoDB, RDS | query, scan, batch-write-item |
| Networking | VPC, Route53 | describe-vpcs, describe-security-groups |
| Security | IAM | simulate-principal-policy, get-policy-version |
| Observability | CloudWatch | get-metric-statistics, filter-log-events |
### Step 2: Apply Beast Mode Principles
1. **Dry-run first**: Always validate with `--dryrun` or `--dry-run`
2. **Query server-side**: Use `--query` with JMESPath to filter before transfer
3. **Batch intelligently**: Paginate with `--max-results` and parallelize with xargs
4. **Wait properly**: Use built-in waiters or exponential backoff polling
5. **Switch contexts**: Use `--profile` and `--region` for multi-account operations
### Step 3: Validate Destructive Operations
**MANDATORY** for any destructive operation:
```bash
# S3 sync with delete - MUST dry-run first
aws s3 sync s3://source/ s3://dest/ --delete --dryrun
# Review output, then remove --dryrun only if satisfied
# Bulk EC2 stop - validate targets first
aws ec2 describe-instances \
--filters "Name=tag:Environment,Values=development" \
--query 'Reservations[].Instances[?State.Name==`running`].InstanceId' \
--output text
# Confirm list, then pipe to stop command
# IAM policy attachment - simulate first
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789012:user/myuser \
--action-names s3:DeleteObject \
--resource-arns arn:aws:s3:::my-bucket/*
```
### Step 4: Reference Detailed Guides
- `compute-mastery.md` - EC2, Lambda, Spot Fleets, ASG
- `data-ops-beast.md` - S3 multipart, DynamoDB batch, RDS snapshots
- `networking-security-hardened.md` - VPC Flow Logs, IAM policies, security groups
- `automation-patterns.md` - Shell aliases, JMESPath templates, CI/CD integration
## Examples
### Example 1: Bulk EC2 Stop
**"Stop all development instances"**
```bash
# 1. Dry-run: identify targets
aws ec2 describe-instances \
--filters "Name=tag:Environment,Values=development" \
"Name=instance-state-name,Values=running" \
--query 'Reservations[].Instances[].InstanceId' \
--output text
# 2. Confirm IDs, then execute
aws ec2 describe-instances \
--filters "Name=tag:Environment,Values=development" \
"Name=instance-state-name,Values=running" \
--query 'Reservations[].Instances[].InstanceId' \
--output text | xargs aws ec2 stop-instances --instance-ids
```
### Example 2: S3 Migration with Encryption
**"Migrate data between buckets with SSE"**
```bash
# 1. Dry-run migration
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
--sse AES256 \
--storage-class GLACIER \
--exclude "*.tmp" \
--dryrun
# 2. Enable versioning on destination
aws s3api put-bucket-versioning \
--bucket dest-bucket \
--versioning-configuration Status=Enabled
# 3. Execute after review
aws s3 sync s3://source-bucket/ s3://dest-bucket/ \
--sse AES256 \
--storage-class GLACIER \
--exclude "*.tmp"
```
### Example 3: IAM Security Audit
**"Find overprivileged IAM users"**
```bash
aws iam list-users --query 'Users[].UserName' --output text | \
while read user; do
echo "Checking $user..."
aws iam simulate-principal-policy \
--policy-source-arn "arn:aws:iam::123456789012:user/$user" \
--action-names DeleteItem,DeleteTable,DeleteFunction \
--resource-arns "*" \
--query 'EvaluationResults[?EvalDecision==`allowed`]'
done
```
### Example 4: Multi-Region Lambda Deployment
**"Deploy Lambda to all regions"**
```bash
for region in us-east-1 us-west-2 eu-west-1; do
echo "Deploying to $region..."
aws lambda update-function-code \
--function-name my-function \
--zip-file fileb://function.zip \
--region $region \
--publish
aws lambda wait function-active \
--function-name my-function \
--region $region
done
```
### Example 5: JMESPath Advanced Filtering
**"Get running instances with specific tags as table"**
```bash
aws ec2 describe-instances \
--query 'Reservations[].Instances[?State.Name==`running`].[InstanceId,Tags[?Key==`Name`].Value[0]|[0],PrivateIpAddress]' \
--output table
```
## Best Practices
1. Use `--output json` for programmatic processing
2. Filter with JMESPath server-side before transfer
3. Implement retry logic with exponential backoff
4. Use waiters instead of manual polling loops
5. Tag all resources for cost allocation and automation
6. Separate dev/staging/prod with AWS profiles
7. Enable CloudTrail for audit compliance
8. Validate IAM policies with simulate-principal-policy before attachment
9. Use --dry-run on every state-modifying operation
10. Enable MFA for security-sensitive operations
## Constraints and Warnings
### Rate Limiting
- AWS API throttling applies; use `--max-throttle` and exponential backoff
- Check `aws service-quotas` for current limits
### Pagination
- Default page size is variable; use `--max-results` for consistency
- Use `--no-paginate` with jq for full dataset processing
### Destructive Operations
- **S3 sync --delete**: Irreversibly removes files not in source
- **EC2 terminate-instances**: Cannot be undone; validate instance IDs first
- **IAM detach/policy**: May break existing access; simulate before applying
- **RDS delete-db-instance**: Snapshots do not protect all scProvides chunking strategies for RAG systems. Generates chunk size recommendations (256-1024 tokens), overlap percentages (10-20%), and semantic boundary detection methods. Validates semantic coherence and evaluates retrieval precision/recall metrics. Use when building retrieval-augmented generation systems, vector databases, or processing large documents.
>
Implements document chunking, embedding generation, vector storage, and retrieval pipelines for Retrieval-Augmented Generation systems. Use when building RAG applications, creating document Q&A systems, or integrating AI with knowledge bases.
Provides AWS CloudFormation patterns for Auto Scaling including EC2, ECS, and Lambda. Use when creating Auto Scaling groups, launch configurations, launch templates, scaling policies, lifecycle hooks, and predictive scaling. Covers template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references, and best practices for high availability and cost optimization.
Provides AWS CloudFormation patterns for Amazon Bedrock resources including agents, knowledge bases, data sources, guardrails, prompts, flows, and inference profiles. Use when creating Bedrock agents with action groups, implementing RAG with knowledge bases, configuring vector stores, setting up content moderation guardrails, managing prompts, orchestrating workflows with flows, and configuring inference profiles for model optimization.
Provides AWS CloudFormation patterns for CloudFront distributions, origins (ALB, S3, Lambda@Edge, VPC Origins), CacheBehaviors, Functions, SecurityHeaders, parameters, Outputs and cross-stack references. Use when creating CloudFront distributions with CloudFormation, configuring multiple origins, implementing caching strategies, managing custom domains with ACM, configuring WAF, and optimizing performance.
Provides AWS CloudFormation patterns for CloudWatch monitoring, metrics, alarms, dashboards, logs, and observability. Use when creating CloudWatch metrics, alarms, dashboards, log groups, log subscriptions, anomaly detection, synthesized canaries, Application Signals, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references, and CloudWatch best practices for monitoring production infrastructure.
Provides AWS CloudFormation patterns for DynamoDB tables, GSIs, LSIs, auto-scaling, and streams. Use when creating DynamoDB tables with CloudFormation, configuring primary keys, local/global secondary indexes, capacity modes (on-demand/provisioned), point-in-time recovery, encryption, TTL, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references.