cloud-platforms
SKILL.md
Cloud Platforms
Core Principles
- Zero Trust: Never trust, always verify
- Least Privilege: Minimum necessary permissions
- Defense in Depth: Multiple layers of security
- Infrastructure as Code: All infrastructure defined in code
- Observability: Comprehensive logging, metrics, and tracing
Platform Selection
| Use Case | Recommended |
|---|---|
| Enterprise, broad services | AWS |
| Microsoft ecosystem | Azure |
| Data/ML workloads | GCP |
| Edge/CDN, simple serverless | Cloudflare |
AWS Quick Reference
IAM Best Practices
# EKS Pod Identity (Recommended over IRSA)
resource "aws_eks_pod_identity_association" "app" {
cluster_name = aws_eks_cluster.main.name
namespace = "default"
service_account = "app"
role_arn = aws_iam_role.app_pod_identity.arn
}
VPC Pattern
# Private subnets only - Zero Trust
resource "aws_subnet" "private" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = "10.16.${count.index + 1}.0/24"
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
Name = "private-subnet-${count.index + 1}"
Type = "Private"
}
}
Essential Services
- EKS: Managed Kubernetes
- Lambda: Serverless compute
- RDS/Aurora: Managed databases
- S3: Object storage
- CloudFront: CDN
- Secrets Manager: Secret storage
Azure Quick Reference
Managed Identity
resource "azurerm_user_assigned_identity" "app" {
name = "app-identity"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
}
Essential Services
- AKS: Managed Kubernetes
- Azure Functions: Serverless
- Azure SQL: Managed databases
- Blob Storage: Object storage
- Azure CDN: Content delivery
- Key Vault: Secret management
GCP Quick Reference
Workload Identity
resource "google_service_account" "app" {
account_id = "app-sa"
display_name = "Application Service Account"
}
resource "google_project_iam_member" "app" {
project = var.project_id
role = "roles/storage.objectViewer"
member = "serviceAccount:${google_service_account.app.email}"
}
Essential Services
- GKE: Managed Kubernetes
- Cloud Functions: Serverless
- Cloud SQL: Managed databases
- Cloud Storage: Object storage
- Cloud CDN: Content delivery
- Secret Manager: Secrets
Cloudflare Quick Reference
Workers
export default {
async fetch(request, env) {
const url = new URL(request.url);
if (url.pathname === '/api/data') {
const data = await env.MY_KV.get('key');
return new Response(JSON.stringify({ data }), {
headers: { 'Content-Type': 'application/json' }
});
}
return new Response('Hello World');
}
};
Essential Services
- Workers: Edge compute
- Pages: Static site hosting
- D1: SQLite database
- KV: Key-value storage
- R2: S3-compatible storage
Security Checklist
- IAM roles with least privilege
- Network segmentation (VPCs, security groups)
- Encryption at rest and in transit
- Secret management (not in code)
- Audit logging enabled
- Multi-factor authentication
- Regular security assessments
Detailed References
- AWS: See references/aws.md for EKS, IAM, networking
- Azure: See references/azure.md for AKS, identity
- GCP: See references/gcp.md for GKE, IAM
- Cloudflare: See references/cloudflare.md for Workers, Pages
Weekly Installs
1
Repository
kiraneswaran/en…g-skillsGitHub Stars
9
First Seen
Mar 1, 2026
Security Audits
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1