MCP HubMCP Hub
SKILL·208458

aws-sst-development

zxkane
업데이트됨 1 month ago
332
35
332
GitHub에서 보기
메타wordaidesign

정보

이 스킬은 AWS 인프라를 코드로 관리하기 위한 Pulumi 기반 프레임워크인 SST v4(Ion)에 대한 전문 지원을 제공합니다. 개발자가 `sst.config.ts` 작성 및 디버깅, `sst.aws.*` 구성체와 Pulumi 리소스를 활용한 인프라 구축, `deploy`나 `dev` 같은 SST 명령어 실행을 돕습니다. SST 설정이나 의존성을 포함하는 프로젝트 작업 시 사용하세요. AWS CDK, Terraform 또는 순수 CloudFormation 작업에는 사용하지 마십시오.

빠른 설치

Claude Code

추천
기본
npx skills add zxkane/aws-skills -a claude-code
플러그인 명령대체
/plugin add https://github.com/zxkane/aws-skills
Git 클론대체
git clone https://github.com/zxkane/aws-skills.git ~/.claude/skills/aws-sst-development

Claude Code에서 이 명령을 복사하여 붙여넣어 스킬을 설치하세요

문서

SST v4 for AWS

SST v4 (the "Ion" engine) is a Pulumi-backed IaC framework: you describe AWS resources in TypeScript and SST/Pulumi reconciles them into your account. It gives you high-level sst.aws.* components (Function, Bucket, Dynamo, Cron, Service, …) that expand into many underlying resources, plus an escape hatch to any raw Pulumi aws.* resource for the long tail. This skill encodes a production-proven way to author, link, test, deploy, and troubleshoot SST stacks on AWS — distilled from real multi-stack projects that have paid for each lesson with a prod incident.

SST and Pulumi are third-party — verify current syntax with Context7 (resolve-library-idquery-docs for sst or pulumi-aws) when you're unsure about a component's options. Verify AWS-side facts (service limits, model IDs, IAM action names, region availability) with the AWS docs MCP, never from memory. The patterns here are the how; the docs are the what.

When you're invoked

Figure out which mode you're in and jump to the right reference:

SituationGo to
New project, or adding a resource/module to an existing SST appAuthorreferences/authoring.md
Wiring one module's output into another (links, SSM, IAM scope)Authorreferences/authoring.md § Sharing
Writing tests for infra so changes don't silently breakTestreferences/testing.md
Running a deploy, or a deploy just failedDeploy/Operatereferences/deploy-and-troubleshoot.md
Migrating a resource between Pulumi types, renaming a physical nameDeploy/Operatereferences/deploy-and-troubleshoot.md § Migrations

Always read the relevant reference before editing — they carry the why behind each rule, which matters more than the rule itself.

Orientation: read the repo before you touch it

SST projects are conventional but not identical. Before editing, build a quick map so your change matches the house style instead of fighting it:

  1. sst.config.ts — the app name, home, providers/region, defaultTags, any global $transform (Node runtime pin, bundle fixups), and the order in which run() imports infra/ modules. The import order is the dependency order; respect it.
  2. infra/ — one file per domain (storage, functions, api, observability…). This is where resources are declared. Check for an infra/CLAUDE.md — these projects keep IaC-specific rules there, and it's the single most valuable file to read first.
  3. infra/tests/ — source-level Vitest assertions that pin resource invariants. If they exist, your change must keep them green and probably needs a new assertion.
  4. package.json / .nvmrc — package manager (npm vs pnpm), Node version, and the sst/pulumi versions actually installed.

Run npx sst version to confirm you're on v4/Ion (the $config + .sst/platform/ signature). v2/v3 ("SST Classic", CDK-based) is a different framework — these patterns don't apply there.

The conventions, and which are universal vs tunable

The projects this skill is built from share a deliberate house style. Some of it is universal (true for any SST v4 + AWS project — apply it everywhere); some is project-specific (a sensible default these projects chose — adopt it for consistency, but recognize a project may differ).

Universal — these principles hold for any SST v4 + AWS project:

  • Control the Node runtime deliberately, in one place. Don't leave it to whatever the installed SST happens to default to. The idiom is a single global $transform(sst.aws.Function, (args) => { args.runtime ??= "nodejs24.x" }) in run()??= is correct here (the transform runs before the component applies its own default, so it fills in only when the user didn't set one). Recent SST already defaults to a current Node runtime, so check the installed default first (Context7); the transform is then version-independence insurance so a future SST downgrade can't silently move your fleet. See references/authoring.md.
  • Never interpolate a Pulumi Output<T> into a plain JS template literal. Use $interpolate (or pulumi.interpolate). A bare top-level `${bucket.arn}/*` stringifies the Output to a [Output<T>] placeholder and produces a broken ARN that only fails at deploy time (it type-checks and sst dev runs fine). The fix is $interpolate`${bucket.arn}/*`. This has caused prod deploy outages. See references/authoring.md § Outputs.
  • Migrating a resource between Pulumi types should default to two PRs — Pulumi creates-before-destroys, so for a uniqueness-constrained AWS name (bucket, IAM role, gateway) the old resource still owns it and the create fails with ConflictException. Two sequential deploys (teardown, then recreate) is the conservative default; aliases: / pulumi import / state surgery can bridge identity in some cases but only with a reviewed plan. See references/deploy-and-troubleshoot.md § Migrations.
  • Prefer typed sst.aws.* / aws.* resources over the aws.cloudcontrol.Resource escape hatch. CloudControl outputs are stringly-typed and oneOf fields don't patch cleanly. Use it only when no typed resource exists yet, and migrate off it when one ships.

Project-specific defaults — adopt for consistency, but confirm per repo:

  • Region ap-northeast-1, home: "aws", and defaultTags carrying Project / Stage / ManagedBy: "sst".
  • Stage-gated lifecycle: removal: stage === "prod" ? "retain" : "remove" and protect: stage === "prod" so prod resources survive a stack tear-down and non-prod previews clean up.
  • SSM Parameter Store as the out-of-graph contract under a /{app}/{stage}/{domain}/... prefix — for consumers that aren't in the Pulumi graph (CI scripts, sibling apps, operators). For same-app Lambdas, prefer SST link: (it wires a real dependency edge and grants IAM); don't route same-app sharing through SSM. See references/authoring.md § Sharing.
  • Lazy await import("./infra/<module>") inside run() so sst dev hot-reload stays light. (For testing, a module export still runs its top-level new sst.aws.* unless it's wrapped in a factory function — see references/testing.md for how to test infra.)
  • Source-level Vitest tests on every infra module — a lightweight, house-style regression net asserting on the source text (resource names, index shapes, IAM scopes). It's a deliberate choice, not an SST limit: Pulumi does support runtime mocks (@pulumi/pulumi/runtime) for behavioral graph tests when a module has real logic. Source assertions don't replace a preview-deploy + smoke test. See references/testing.md.
  • An observability gate: every new Lambda/queue/schedule gets an alarm and structured logging before merge. Whether you enforce this depends on the project, but it's cheap insurance. See references/deploy-and-troubleshoot.md § Observability.

When you introduce a convention, say which bucket it's in ("this is universal" vs "matching this repo's house style") so the user can override the project-specific ones deliberately.

Working rhythm

  1. Orient (above) — map config, modules, tests, tooling.
  2. Verify syntax with Context7 / AWS docs MCP if anything is non-obvious. Don't guess at a component's option name.
  3. Author the resource/module following references/authoring.md. Match the surrounding file's commenting density and naming — these projects comment the why heavily, and a terse one-liner in a heavily-annotated file reads as a regression.
  4. Test — add or update source-level assertions (references/testing.md) and run npx vitest (or the repo's test script). Run npx sst diff and/or tsc --noEmit to catch type and plan errors before deploying.
  5. Deploy/operate per references/deploy-and-troubleshoot.md. Confirm the target account with aws sts get-caller-identity before any sst deploy.
  6. Clean up any exported state files — they contain account IDs and ARNs and must not linger in /tmp or chat history.

What good looks like

  • The change is the smallest diff that satisfies the requirement, in the right infra/ module, wired into run() in dependency order.
  • Every Lambda gets the right runtime via the global transform (you didn't hand-set runtime unless intentionally diverging — e.g. a Python function).
  • Cross-resource references use link: (in-graph) and/or $interpolate-scoped IAM; outputs other tools consume are published to SSM under the stage prefix.
  • New infra has a matching source-level test, and the existing suite stays green.
  • You confirmed AWS-side facts via the docs MCP and SST/Pulumi syntax via Context7 rather than relying on recall.
  • Anything irreversible (deploy, sst remove, a resource-type migration) was flagged to the user with the account it targets, and migrations were planned as two PRs, not one.

GitHub 저장소

zxkane/aws-skills
경로: plugins/aws-iac/skills/aws-sst-development
0
agent-skillsanthropicawsaws-agentcoreaws-cdkaws-cost-optimization
FAQ

Frequently asked questions

What is the aws-sst-development skill?

aws-sst-development is a Claude Skill by zxkane. Skills package instructions and resources that Claude loads on demand, so Claude can perform aws-sst-development-related tasks without extra prompting.

How do I install aws-sst-development?

Use the install commands on this page: add aws-sst-development to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.

What category does aws-sst-development belong to?

aws-sst-development is in the Meta category, tagged word, ai and design.

Is aws-sst-development free to use?

Yes. aws-sst-development is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.

연관 스킬

content-collections
메타

이 스킬은 콘텐츠 콜렉션(Content Collections)을 위한 프로덕션 검증된 설정을 제공합니다. 콘텐츠 콜렉션은 Markdown/MDX 파일을 Zod 검증이 포함된 타입 안전한 데이터 콜렉션으로 변환해주는 TypeScript 최우선 도구입니다. 블로그, 문서 사이트 또는 콘텐츠 중심의 Vite + React 애플리케이션을 구축할 때 타입 안전성과 자동 콘텐츠 검증을 보장하기 위해 사용하세요. Vite 플러그인 구성과 MDX 컴파일부터 배포 최적화 및 스키마 검증에 이르기까지 모든 것을 다룹니다.

스킬 보기
polymarket
메타

이 스킬은 개발자들이 Polymarket 예측 시장 플랫폼을 활용한 애플리케이션을 구축할 수 있도록 지원하며, 거래 및 시장 데이터를 위한 API 통합 기능을 포함합니다. 또한 WebSocket을 통한 실시간 데이터 스트리밍을 제공하여 실시간 거래와 시장 활동을 모니터링할 수 있습니다. 이를 통해 거래 전략을 구현하거나 실시간 시장 업데이트를 처리하는 도구를 생성하는 데 활용할 수 있습니다.

스킬 보기
creating-opencode-plugins
메타

이 스킬은 개발자들이 명령어, 파일, LSP 작업 등 25개 이상의 이벤트 유형에 연결되는 OpenCode 플러그인을 만들 수 있도록 돕습니다. JavaScript/TypeScript 모듈을 위한 플러그인 구조, 이벤트 API 명세, 구현 패턴을 제공합니다. OpenCode AI 어시스턴트의 라이프사이클을 사용자 정의 이벤트 기반 로직으로 가로채거나, 모니터링하거나, 확장해야 할 때 사용하세요.

스킬 보기
sglang
메타

SGLang은 RadixAttention 프리픽스 캐싱을 활용하여 JSON, 정규식, 에이전트 워크플로우를 위한 고속 구조화 생성에 특화된 고성능 LLM 서빙 프레임워크입니다. 특히 반복되는 프리픽스가 있는 작업에서 상당히 빠른 추론 속도를 제공하여 복잡한 구조화 출력 및 다중 턴 대화에 이상적입니다. 제약 디코딩이 필요하거나 광범위한 프리픽스 공유가 있는 애플리케이션을 구축할 때는 vLLM과 같은 대안보다 SGLang을 선택하십시오.

스킬 보기