← Back to Skills

Aws Cloudformation Security

🌐Community
by giuseppe-trisciuoglio · vlatest · Repository

Helps with AWS, security as part of deploying and managing cloud infrastructure workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add aws-cloudformation-security npx -- -y @trustedskills/aws-cloudformation-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "aws-cloudformation-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/aws-cloudformation-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill helps you create secure AWS infrastructure using CloudFormation templates, incorporating security best practices throughout your deployments. It focuses on securing various aspects of your cloud environment including encryption at rest and in transit, secrets management with AWS Secrets Manager, IAM least privilege policies, network security configurations (security groups), TLS/SSL certificates, and defense-in-depth strategies. The skill provides guidance and examples for implementing these security measures within CloudFormation templates.

When to use it

  • When creating CloudFormation templates that require encryption at rest or in transit.
  • For managing sensitive credentials and API keys using AWS Secrets Manager.
  • To configure AWS KMS for encrypting data.
  • When needing to implement secure parameters with the SSM Parameter Store.
  • To create IAM policies adhering to the principle of least privilege.
  • For configuring network access controls through security groups.

Key capabilities

  • Encryption: Guidance on creating and using KMS keys for encryption at rest, and ensuring encryption in transit.
  • Secrets Management: Integration with AWS Secrets Manager for securely storing credentials and API keys.
  • Secure Parameters: Utilizing the SSM Parameter Store to manage secure parameters.
  • IAM Least Privilege: Creating IAM policies that grant only necessary permissions.
  • Network Security: Configuring security groups to control network access.
  • TLS/SSL Certificates: Setting up TLS/SSL certificates using ACM for AWS services.
  • Defense-in-Depth: Implementing layered security approaches.

Example prompts

  • "Create a CloudFormation template that uses KMS encryption for an S3 bucket."
  • "Generate a Secrets Manager secret to store database credentials within my CloudFormation stack."
  • "Show me how to configure IAM policies with least privilege in my CloudFormation template."

Tips & gotchas

  • Refer to the EXAMPLES.md file for complete, production-ready examples of secure CloudFormation templates.
  • Ensure you understand KMS key policy and access control before implementing encryption.
  • The skill focuses on integrating security best practices within your CloudFormation templates; it does not cover all aspects of AWS security management.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
giuseppe-trisciuoglio
Installs
71
Repository (canonical source) →

🌐 Community

Passed automated security scans.