feat(deploy-on-aws): enhance with CDK best practices, monitoring, and validation#35
feat(deploy-on-aws): enhance with CDK best practices, monitoring, and validation#35zxkane wants to merge 9 commits intoawslabs:mainfrom
Conversation
…script Add CDK development best practices distilled from community patterns: - Resource naming conventions (let CDK generate names) - Lambda construct selection (NodejsFunction, PythonFunction) - IAM permission patterns (grant methods over raw policies) - Pre-deployment validation with cdk-nag integration - Testing patterns (snapshot and fine-grained assertions) - Stack organization guidelines - Common anti-patterns to avoid Add validate-stack.sh script for pre-deployment CDK stack validation: - Language detection (TypeScript, Python, Java, Go, C#) - CDK synthesis verification - Template size and resource count checks - cdk-nag integration detection
Add post-deployment monitoring patterns for deployed AWS resources: - CloudWatch alarm configurations by service type (Lambda, ECS/Fargate, ALB, RDS/Aurora) - Alarm threshold guidelines (warning vs critical) - SNS notification setup for alarm actions - Production dashboard layout recommendations - Environment-aware monitoring (dev: basic alerts, prod: full observability)
…ing steps Update SKILL.md to integrate new capabilities into the workflow: - Add Validate step between Generate and Deploy - Add Monitor step after Deploy for post-deployment observability - Document awscdk MCP server usage - Add CDK best practices section with key rules - Add pre-deployment validation checklist - Reference new cdk-best-practices.md, monitoring.md, and validate-stack.sh
- Bump plugin version from 1.0.0 to 1.1.0 (new features, backward compatible) - Update description to mention CDK best practices and monitoring - Add monitoring and cloudwatch keywords for discoverability - Update marketplace.json to match plugin.json
- Rename LANG variable to CDK_LANG to avoid shadowing POSIX locale - Remove TypeScript-biased synthesis command; use generic 'cdk synth' which reads the app command from cdk.json for all languages
Address review feedback: - Add Error Handling section covering MCP server failures, validation failures, and deployment failures - Add tags and examples to YAML frontmatter per DESIGN_GUIDELINES - Fix inaccurate claim that validate-stack.sh runs security scans; clarify it handles synthesis validation while checkov/cfn-nag run separately
theagenticguy
left a comment
theagenticguy
left a comment
There was a problem hiding this comment.
Looks great! One small nit on the frontmatter
| --- | ||
| name: deploy | ||
| description: "Deploy applications to AWS. Triggers on phrases like: deploy to AWS, host on AWS, run this on AWS, AWS architecture, estimate AWS cost, generate infrastructure. Analyzes any codebase and deploys to optimal AWS services." | ||
| tags: |
There was a problem hiding this comment.
are these valid frontmatter fields? per https://agentskills.io/specification#frontmatter-required or https://kiro.dev/docs/skills/#frontmatter-fields or https://code.claude.com/docs/en/skills#frontmatter-reference
There was a problem hiding this comment.
Good catch! You're right — tags and examples are not valid frontmatter fields per the Agent Skills specification or the Claude Code docs. Only name, description, license, compatibility, metadata, and allowed-tools are defined.
I was following the suggestion in DESIGN_GUIDELINES.md which mentions tags/examples, but that appears to be aspirational rather than spec-compliant.
Removed in the latest commit — frontmatter now only has name and description.
There was a problem hiding this comment.
I will update the design guidelines to be more clear, thanks @zxkane ! Will add validation as well to fail the build in case something is not spec compliant
Remove tags and examples from SKILL.md frontmatter — these are not valid fields per the Agent Skills specification (agentskills.io) or Claude Code docs. Only name and description are required.
| @@ -0,0 +1,63 @@ | |||
| # CDK Best Practices | |||
There was a problem hiding this comment.
Q: does this conflict with the cdk_best_practices tool exposed by the IaC MCP server ?
|
|
||
| ## Pre-Deployment Validation | ||
|
|
||
| Before deploying, run these checks in order: |
There was a problem hiding this comment.
Q: similar question, does this conflict with the tools exposed by the IaC mcp server ?
3 participants
Summary
Enhance the
deploy-on-awsplugin with CDK development best practices, post-deployment monitoring patterns, and a pre-deployment validation script. These additions strengthen the existing deployment workflow without changing existing behavior.Related
Contributes patterns from community CDK and operational best practices to improve the deploy-on-aws plugin quality.
Changes
New reference files:
references/cdk-best-practices.md— CDK patterns for resource naming, Lambda constructs, IAM grants, construct levels, cdk-nag validation, testing, stack organization, and anti-patternsreferences/monitoring.md— Post-deployment CloudWatch alarm patterns for Lambda, ECS/Fargate, ALB, and RDS/Aurora with threshold guidelines and dashboard recommendationsNew script:
scripts/validate-stack.sh— Pre-deployment CDK stack validation (language detection, synthesis verification, template size/resource count checks, cdk-nag integration detection)Enhanced SKILL.md:
tagsandexamplesper Design GuidelinesUpdated metadata:
Design Guidelines Compliance
mise run lint:cross-refs)mise run lint:manifests)mise run fmt:check)Acknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.