aws-cloudformation-security

Solid

Provides AWS CloudFormation patterns for security infrastructure including KMS encryption, Secrets Manager, IAM security, VPC security, ACM certificates, parameter security, outputs, and secure cross-stack references. Use when implementing security best practices, encrypting data, managing secrets, applying least privilege IAM policies, securing VPC configurations, managing TLS/SSL certificates, and implementing defense in depth strategies.

DevOps & Infrastructure 261 stars 29 forks Updated 1 weeks ago MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# AWS CloudFormation Security Infrastructure ## Overview Create production-ready security infrastructure using AWS CloudFormation templates. This skill covers KMS encryption, Secrets Manager, IAM security with least privilege, VPC security configurations, ACM certificates, parameter security, secure outputs, cross-stack references, CloudWatch Logs encryption, defense in depth strategies, and security best practices. ## When to Use - Implementing KMS encryption at rest and in transit - Managing secrets with Secrets Manager and automatic rotation - Applying IAM least privilege policies and permission boundaries - Securing VPC with security groups, NACLs, and VPC endpoints - Managing TLS/SSL certificates with ACM - Encrypting CloudWatch Logs and S3 buckets - Creating secure cross-stack references and outputs ## Instructions Follow these steps to create security infrastructure with CloudFormation: ### 1. Define KMS Encryption Keys Create customer-managed keys for encryption: ```yaml Resources: EncryptionKey: Type: AWS::KMS::Key Properties: Description: Customer-managed key for data encryption KeyPolicy: Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: - kms:Decrypt - kms:GenerateDataKey Resource: "*" - Effect: Allow Principal: AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root" Action:...

Details

Author: giuseppe-trisciuoglio
Repository: giuseppe-trisciuoglio/developer-kit
Created: 7 months ago
Last Updated: 1 weeks ago
Language: Python
License: MIT

Integrates with

LangChain · AI AWS · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Solid

aws-cloudformation-ec2

Provides AWS CloudFormation patterns for EC2 instances, Security Groups, IAM roles, and load balancers. Use when creating EC2 instances, SPOT instances, Security Groups, IAM roles for EC2, Application Load Balancers (ALB), Target Groups, and implementing template structure with Parameters, Outputs, Mappings, Conditions, and cross-stack references.

261 Updated 1 weeks ago

giuseppe-trisciuoglio

DevOps & Infrastructure Solid

aws-cloudformation-iam

Provides AWS CloudFormation patterns for IAM roles, policies, managed policies, permission boundaries, and trust relationships. Use when modeling least-privilege access, cross-account assumptions, service roles, or reusable IAM stacks that other CloudFormation templates consume.

261 Updated 1 weeks ago

giuseppe-trisciuoglio

DevOps & Infrastructure Solid

aws-cloudformation-dynamodb

Provides AWS CloudFormation patterns for DynamoDB tables, GSIs, LSIs, auto-scaling, and streams. Use when creating DynamoDB tables with CloudFormation, configuring primary keys, local/global secondary indexes, capacity modes (on-demand/provisioned), point-in-time recovery, encryption, TTL, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references.

261 Updated 1 weeks ago

giuseppe-trisciuoglio

DevOps & Infrastructure Solid

cloud-security

Use this skill when securing cloud infrastructure, configuring IAM policies, managing secrets, implementing network policies, or achieving compliance. Triggers on cloud IAM, secrets management, network security groups, VPC security, cloud compliance, SOC 2, HIPAA, zero trust, and any task requiring cloud security architecture or hardening.

164 Updated today

AbsolutelySkilled

DevOps & Infrastructure Listed

cloud-security

3 Updated today

Samuelca6399