amazon-web-services
Amazon Web Services
Overview
Amazon Web Services (AWS) provides cloud computing services for building scalable applications. The AWS SDK for JavaScript v3 uses modular packages (@aws-sdk/client-*) with first-class TypeScript support. AWS CDK v2 defines infrastructure as code using TypeScript constructs that synthesize to CloudFormation templates.
When to use: Building cloud-native applications, serverless architectures, container deployments, managed databases, CDN distribution, event-driven systems, or infrastructure as code.
When NOT to use: Simple static sites (consider Vercel/Netlify), local-only development tools, projects with no cloud deployment requirement.
Quick Reference
| Service / Pattern | API / Construct | Key Points |
|---|---|---|
| S3 upload | PutObjectCommand |
Modular import from @aws-sdk/client-s3 |
| S3 presigned URL | getSignedUrl() |
From @aws-sdk/s3-request-presigner, max 7 days |
| Lambda function | new lambda.Function() |
CDK L2 construct, set memorySize and timeout |
| Lambda layers | new lambda.LayerVersion() |
Share code/deps across functions |
| IAM policy | new iam.PolicyStatement() |
Always use least privilege, avoid * resources |
| DynamoDB table | new dynamodb.Table() |
Single-table design, PAY_PER_REQUEST for variable loads |
| DynamoDB GSI | table.addGlobalSecondaryIndex() |
Separate throughput, eventual consistency |
| SQS queue | new sqs.Queue() |
DLQ for failed messages, long polling with WaitTimeSeconds |
| SNS topic | new sns.Topic() |
Fan-out to SQS, Lambda, HTTP endpoints |
| CloudFront | new cloudfront.Distribution() |
OAC for S3 origins, cache policies |
| RDS/Aurora | new rds.DatabaseCluster() |
Use RDS Proxy for connection pooling |
| ECS Fargate | new ecs_patterns.ApplicationLoadBalancedFargateService() |
Higher-level pattern construct |
| Route 53 | new route53.ARecord() |
Alias records for AWS resources |
| Secrets Manager | secretsmanager.Secret.fromSecretNameV2() |
Automatic rotation, never hardcode secrets |
| CDK stack | new cdk.Stack(app, 'Id') |
One stack per deployment unit |
| CDK testing | Template.fromStack(stack) |
Fine-grained assertions and snapshot tests |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
Using AWS SDK v2 (aws-sdk) |
Use modular v3 (@aws-sdk/client-*) for smaller bundles |
IAM Action: "*" or Resource: "*" |
Scope to specific actions and resource ARNs |
| No DLQ on SQS queues | Always attach a dead-letter queue for failed messages |
| DynamoDB scan for queries | Design access patterns first, use Query with GSI/LSI |
| Hardcoding secrets in code or env vars | Use Secrets Manager or SSM Parameter Store |
Lambda bundling node_modules without tree-shaking |
Use NodejsFunction with esbuild bundling |
Missing RemovalPolicy on stateful resources |
Set RemovalPolicy.RETAIN for production databases and buckets |
| Creating one Lambda per CRUD operation | Group related operations, use event routing |
| No connection pooling for RDS | Use RDS Proxy or limit max_connections per Lambda |
| CloudFront without cache policy | Define explicit CachePolicy to control TTL and headers |
| CDK testing only with snapshots | Combine fine-grained assertions with snapshot tests |
| Presigned URL without content-type | Include ContentType in PutObjectCommand for uploads |
Delegation
- Infrastructure patterns: Use
Exploreagent for AWS architecture discovery - Security review: Use
Taskagent for IAM policy auditing - Cost optimization: Use
Taskagent for resource right-sizing
If the
dockerskill is available, delegate container build patterns and Dockerfile optimization to it. If thegithub-actionsskill is available, delegate CI/CD pipeline patterns for AWS deployments to it. If thetypescript-patternsskill is available, delegate TypeScript strict mode and type patterns used in CDK code to it. If theapplication-securityskill is available, delegate AWS security best practices and threat modeling to it.
References
- S3 storage, presigned URLs, and lifecycle policies
- Lambda functions, layers, cold starts, and event sources
- IAM roles, policies, and least-privilege patterns
- DynamoDB single-table design, GSI/LSI, and streams
- SQS queues, SNS topics, and fan-out messaging
- ECS/Fargate container deployment and ECR
- CloudFront CDN, Route 53 DNS, and networking
- CDK v2 infrastructure as code, constructs, stacks, and testing