deploy
Scannednpx machina-cli add skill awslabs/agent-plugins/deploy --openclawDeploy on AWS
Take any application and deploy it to AWS with minimal user decisions.
Philosophy
Minimize cognitive burden. User has code, wants it on AWS. Pick the most straightforward services. Don't ask questions with obvious answers.
Workflow
- Analyze - Scan codebase for framework, database, dependencies
- Recommend - Select AWS services, concisely explain rationale
- Estimate - Show monthly cost before proceeding
- Generate - Write IaC code with security defaults applied
- Deploy - Run security checks, then execute with user confirmation
Defaults
See defaults.md for the complete service selection matrix.
Core principle: Default to dev-sized (cost-conscious: small instance sizes, minimal redundancy, and non-HA/single-AZ defaults) unless user says "production-ready".
MCP Servers
awsknowledge
Consult for architecture decisions. Use when choosing between AWS services or validating that a service fits the use case. Helps answer "what's the right AWS service for X?"
Key topics: general for architecture, amplify_docs for static sites/SPAs,
cdk_docs and cdk_constructs for IaC patterns.
awspricing
Get cost estimates. Always present costs before generating IaC so user can adjust before committing. See cost-estimation.md for query patterns.
awsiac
Consult for IaC best practices. Use when writing CDK/CloudFormation/Terraform to ensure patterns follow AWS recommendations.
Principles
- Concisely explain why each service was chosen
- Always show cost estimate before generating code
- Apply security defaults automatically (encryption, private subnets, least privilege)
- Run IaC security scans (cfn-nag, checkov) before deployment
- Don't ask "Lambda or Fargate?" - just pick the obvious one
- If genuinely ambiguous, then ask
References
Source
git clone https://github.com/awslabs/agent-plugins/blob/main/plugins/deploy-on-aws/skills/deploy/SKILL.mdView on GitHub Overview
Deploy on AWS analyzes your codebase, recommends straightforward AWS services, and generates infrastructure as code with security defaults. It presents a cost estimate before proceeding and runs security checks prior to deployment, minimizing cognitive burden.
How This Skill Works
Workflow: Analyze → Recommend → Estimate → Generate → Deploy. It scans the codebase to identify framework, database, and dependencies, then selects suitable AWS services with a concise rationale. Costs are shown before generating IaC, which is produced with security defaults and subjected to IaC security scans before deployment.
When to Use It
- You have a codebase and want it on AWS quickly with minimal setup.
- You need a transparent monthly cost estimate before committing to infrastructure.
- You want infrastructure as code generated automatically with security defaults.
- You’re validating which AWS services fit your use case.
- You want a straightforward deployment without deciding between Lambda or Fargate.
Quick Start
- Step 1: Analyze your codebase to identify framework, database, and dependencies.
- Step 2: Review the recommended AWS services and view the cost estimate.
- Step 3: Generate IaC with security defaults and deploy after your confirmation.
Best Practices
- Always show cost estimates before generating IaC.
- Default to dev-sized resources unless you specify production readiness.
- Automatically apply security defaults (encryption, private subnets, least privilege).
- Run IaC security scans (cfn-nag, checkov) prior to deployment.
- Explain service choices concisely and avoid unnecessary questions.
Example Use Cases
- Node.js REST API deployed to AWS Lambda with API Gateway after analysis.
- Web app deployed on ECS/Fargate with a managed database.
- Static site hosted in S3 with CloudFront and secure bucket policies.
- Monolith app moved to EC2/ECS with VPC isolation and encryption.
- Data processing pipeline built with Lambda and Step Functions.
