aws-cloud
AWS Cloud
Core Capabilities
Provides expert guidance for AWS infrastructure and services:
- Compute Services - EC2, Lambda, ECS, EKS, Fargate, Batch, Elastic Beanstalk
- Storage Services - S3, EBS, EFS, FSx, Glacier, Storage Gateway
- Database Services - RDS (MySQL, PostgreSQL, Oracle, SQL Server), Aurora, DynamoDB, ElastiCache, DocumentDB
- Networking - VPC, ALB/NLB, Route 53, CloudFront, Direct Connect, VPN, Transit Gateway
- Container Services - ECS (Elastic Container Service), EKS (Elastic Kubernetes Service), ECR (Elastic Container Registry)
- Serverless - Lambda, API Gateway, Step Functions, EventBridge, SQS, SNS
- Infrastructure as Code - CloudFormation, Terraform, CDK (Cloud Development Kit), SAM
- Security - IAM, KMS, Secrets Manager, Security Hub, GuardDuty, WAF, Shield
- Migration - Cloud migration strategies from on-premise, GCP, Azure to AWS
Key Principles
General Best Practices
- Follow least privilege - Use IAM roles with minimal required permissions
- Enable monitoring - Configure CloudWatch for all services with appropriate alarms
- Use managed services - Prefer RDS over self-managed databases, ECS Fargate over EC2
- Implement IaC - Use CloudFormation, Terraform, or CDK for reproducible infrastructure
- Tag resources - Apply tags for cost allocation, automation, and compliance
- Design for HA - Use Multi-AZ deployments and Auto Scaling Groups
- Secure by default - Enable encryption, use private subnets, configure security groups properly
- Optimize costs - Use Reserved Instances, Savings Plans, Spot Instances, and right-sizing
Architecture Patterns
- Multi-tier web apps: VPC + ALB + EC2/ECS + RDS Multi-AZ
- Serverless APIs: API Gateway + Lambda + DynamoDB with CloudFront caching
- Container workloads: ECS/EKS with Fargate + RDS + ElastiCache
- Data processing: S3 + Lambda/Glue + Athena/EMR + QuickSight
- Microservices: EKS + Service Mesh + RDS Aurora + ElastiCache
When to Use What
- EC2: Full control, Windows workloads, lift-and-shift migrations, specialized hardware
- Lambda: Event-driven processing, APIs, scheduled tasks, short-lived workloads (<15 min)
- ECS/EKS: Containerized applications, microservices, long-running services
- RDS: Relational databases with automated backups, Multi-AZ, read replicas
- Aurora: High-performance MySQL/PostgreSQL, serverless option, global databases
- DynamoDB: NoSQL, single-digit millisecond latency, serverless, automatic scaling
- S3: Object storage, static websites, data lakes, backups, archival
- Elastic Beanstalk: Quick deployment, managed platform, minimal configuration
Detailed References
Load reference files based on specific needs:
-
Best Practices by Service: See best-practices.md for:
- EC2 instance selection, security, HA, performance, and cost optimization
- S3 security, encryption, data management, performance, and cost strategies
- RDS and Aurora HA, security, performance tuning, and cost optimization
- VPC networking, security groups, NACLs, load balancing, and DNS
- Lambda function design, performance, security, reliability, and cost
- ECS/EKS container orchestration and security
- IAM access control, credential management, and compliance
- Security threat detection, data protection, and compliance
- Comprehensive cost optimization strategies across all services
-
Compute Services: See compute-services.md for:
- EC2 instance types, families, and selection guide
- Auto Scaling Groups configuration and policies
- Lambda function patterns and event sources
- Elastic Beanstalk deployment strategies
- AWS Batch job scheduling and compute environments
-
Storage Solutions: See storage-solutions.md for:
- S3 bucket configuration and lifecycle management
- EBS volume types and performance optimization
- EFS file system setup and mounting
- FSx for Windows and Lustre use cases
- Storage tier selection and cost optimization
-
Database Services: See database-services.md for:
- RDS instance configuration and best practices
- Aurora serverless and global database setup
- DynamoDB data modeling and performance optimization
- ElastiCache (Redis/Memcached) patterns
- Database migration strategies with DMS
-
Networking Architecture: See networking-architecture.md for:
- VPC design patterns and CIDR planning
- ALB/NLB configuration and target group management
- Route 53 DNS routing policies
- CloudFront distribution setup and caching strategies
- Direct Connect and VPN Gateway configuration
- Transit Gateway hub-and-spoke architecture
-
Container Orchestration: See container-orchestration.md for:
- ECS cluster setup and task definition patterns
- EKS cluster provisioning with eksctl/Terraform
- Fargate vs EC2 launch type decision guide
- ECR repository management and image lifecycle
- Service mesh with AWS App Mesh
-
Serverless Architecture: See serverless-architecture.md for:
- Lambda function design patterns and best practices
- API Gateway REST/HTTP/WebSocket APIs
- Step Functions state machine workflows
- EventBridge event-driven architectures
- SQS/SNS messaging patterns
- SAM and Serverless Framework usage
-
Infrastructure as Code: See infrastructure-as-code.md for:
- CloudFormation templates and stack management
- Terraform AWS provider modules and patterns
- CDK (Cloud Development Kit) constructs and stacks
- SAM templates for serverless applications
- Multi-environment deployment strategies
- State management and remote backends
-
Cloud Migration: See cloud-migration.md for:
- Migration strategies (6 R's: Rehost, Replatform, Refactor, Repurchase, Retire, Retain)
- AWS Migration Hub and Application Discovery Service
- Database migration with DMS (Database Migration Service)
- Server migration with AWS MGN (Application Migration Service)
- Data transfer with DataSync, Transfer Family, Snowball
- Migration readiness assessment and planning
-
Security Configuration: See security-configuration.md for:
- IAM policy examples and best practices
- KMS key management and encryption patterns
- Secrets Manager integration patterns
- Security group and NACL rule templates
- CloudTrail multi-region setup
- GuardDuty and Security Hub configuration
- WAF rules and Shield Advanced setup
- Compliance frameworks (PCI-DSS, HIPAA, SOC 2)
-
Monitoring and Operations: See monitoring-operations.md for:
- CloudWatch metrics, logs, and alarms
- CloudWatch Insights queries for log analysis
- X-Ray distributed tracing setup
- EventBridge rules for event-driven automation
- Systems Manager for fleet management
- AWS Backup for centralized backup management
- Disaster recovery strategies
-
Cost Management: See cost-management.md for:
- Cost allocation tagging strategies
- Reserved Instance and Savings Plan planning
- Spot Instance strategies and best practices
- Cost Explorer reports and analysis
- AWS Budgets and anomaly detection
- Trusted Advisor recommendations
- FinOps best practices for cloud financial management
-
Well-Architected Framework: See well-architected.md for:
- Operational Excellence pillar best practices
- Security pillar implementation guide
- Reliability pillar design patterns
- Performance Efficiency optimization techniques
- Cost Optimization strategies
- Sustainability best practices
More from dauquangthanh/hanoi-rainbow
frontend-design-review
Conducts comprehensive frontend design reviews covering UI/UX design quality, design system validation, accessibility compliance, responsive design patterns, component library architecture, and visual design consistency. Evaluates design specifications, Figma/Sketch files, design tokens, interaction patterns, and user experience flows. Identifies usability issues, accessibility violations, design system deviations, and provides actionable recommendations for improvement. Produces detailed design review reports with severity-rated findings, visual examples, and implementation guidelines. Use when reviewing frontend designs, validating design systems, ensuring accessibility compliance, evaluating component libraries, assessing responsive designs, or when users mention design review, UI/UX review, Figma review, design system validation, accessibility audit, or frontend design quality.
276keycloak-administration
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
165frontend-ui-ux-design
Creates comprehensive frontend UI/UX designs including user interfaces, design systems, component libraries, responsive layouts, and accessibility implementations. Produces wireframes, mockups, design specifications, and implementation guidelines. Use when designing user interfaces, creating design systems, building component libraries, implementing responsive designs, ensuring accessibility compliance, or when users mention UI design, UX design, interface design, design systems, user experience, or frontend design patterns.
165oracle-cloud
Provides comprehensive Oracle Cloud Infrastructure (OCI) guidance including compute instances, networking (VCN, load balancers, VPN), storage (block, object, file), database services (Autonomous Database, MySQL, NoSQL), container orchestration (OKE), identity and access management (IAM), resource management, cost optimization, and infrastructure as code (Terraform OCI provider, Resource Manager). Produces infrastructure code, deployment scripts, configuration guides, and architectural diagrams. Use when designing OCI architecture, provisioning cloud resources, migrating to Oracle Cloud, implementing OCI security, setting up OCI databases, deploying containerized applications on OKE, managing OCI resources, or when users mention "Oracle Cloud", "OCI", "Autonomous Database", "VCN", "OKE", "OCI Terraform", "Resource Manager", "Oracle Cloud Infrastructure", or "OCI migration".
82backend-design
Designs comprehensive backend systems including RESTful APIs, microservices, database architecture, authentication/authorization, caching strategies, message queues, and scalability patterns. Produces API specifications, database schemas, architecture diagrams, and implementation guides. Use when designing backend services, APIs, data models, distributed systems, authentication flows, or when users mention backend architecture, API design, database design, microservices, or server-side development.
55requirement-review
Conducts comprehensive requirements review including completeness validation, clarity assessment, consistency checking, testability evaluation, and standards compliance. Produces detailed review reports with findings, gaps, conflicts, and improvement recommendations. Use when reviewing requirements documents (BRD, SRS, user stories), validating acceptance criteria, assessing requirements quality, identifying gaps and conflicts, or ensuring standards compliance (IEEE 830, INVEST criteria). Trigger when users mention "review requirements", "validate requirements", "check requirements quality", "find requirement issues", or "assess BRD/SRS quality".
52