Amazon Web Services

Overview

Amazon Web Services (AWS) provides cloud computing services for building scalable applications. The AWS SDK for JavaScript v3 uses modular packages (@aws-sdk/client-*) with first-class TypeScript support. AWS CDK v2 defines infrastructure as code using TypeScript constructs that synthesize to CloudFormation templates.

When to use: Building cloud-native applications, serverless architectures, container deployments, managed databases, CDN distribution, event-driven systems, or infrastructure as code.

When NOT to use: Simple static sites (consider Vercel/Netlify), local-only development tools, projects with no cloud deployment requirement.

Quick Reference

Service / Pattern	API / Construct	Key Points
S3 upload	`PutObjectCommand`	Modular import from `@aws-sdk/client-s3`
S3 presigned URL	`getSignedUrl()`	From `@aws-sdk/s3-request-presigner`, max 7 days
Lambda function	`new lambda.Function()`	CDK L2 construct, set `memorySize` and `timeout`
Lambda layers	`new lambda.LayerVersion()`	Share code/deps across functions
IAM policy	`new iam.PolicyStatement()`	Always use least privilege, avoid `*` resources
DynamoDB table	`new dynamodb.Table()`	Single-table design, PAY_PER_REQUEST for variable loads
DynamoDB GSI	`table.addGlobalSecondaryIndex()`	Separate throughput, eventual consistency
SQS queue	`new sqs.Queue()`	DLQ for failed messages, long polling with `WaitTimeSeconds`
SNS topic	`new sns.Topic()`	Fan-out to SQS, Lambda, HTTP endpoints
CloudFront	`new cloudfront.Distribution()`	OAC for S3 origins, cache policies
RDS/Aurora	`new rds.DatabaseCluster()`	Use RDS Proxy for connection pooling
ECS Fargate	`new ecs_patterns.ApplicationLoadBalancedFargateService()`	Higher-level pattern construct
Route 53	`new route53.ARecord()`	Alias records for AWS resources
Secrets Manager	`secretsmanager.Secret.fromSecretNameV2()`	Automatic rotation, never hardcode secrets
CDK stack	`new cdk.Stack(app, 'Id')`	One stack per deployment unit
CDK testing	`Template.fromStack(stack)`	Fine-grained assertions and snapshot tests

Common Mistakes

Mistake	Correct Pattern
Using AWS SDK v2 (`aws-sdk`)	Use modular v3 (`@aws-sdk/client-*`) for smaller bundles
IAM `Action: ""` or `Resource: ""`	Scope to specific actions and resource ARNs
No DLQ on SQS queues	Always attach a dead-letter queue for failed messages
DynamoDB scan for queries	Design access patterns first, use Query with GSI/LSI
Hardcoding secrets in code or env vars	Use Secrets Manager or SSM Parameter Store
Lambda bundling `node_modules` without tree-shaking	Use `NodejsFunction` with esbuild bundling
Missing `RemovalPolicy` on stateful resources	Set `RemovalPolicy.RETAIN` for production databases and buckets
Creating one Lambda per CRUD operation	Group related operations, use event routing
No connection pooling for RDS	Use RDS Proxy or limit `max_connections` per Lambda
CloudFront without cache policy	Define explicit `CachePolicy` to control TTL and headers
CDK testing only with snapshots	Combine fine-grained assertions with snapshot tests
Presigned URL without content-type	Include `ContentType` in `PutObjectCommand` for uploads

Delegation

Infrastructure patterns: Use Explore agent for AWS architecture discovery
Security review: Use Task agent for IAM policy auditing
Cost optimization: Use Task agent for resource right-sizing

If the docker skill is available, delegate container build patterns and Dockerfile optimization to it. If the github-actions skill is available, delegate CI/CD pipeline patterns for AWS deployments to it. If the typescript-patterns skill is available, delegate TypeScript strict mode and type patterns used in CDK code to it. If the application-security skill is available, delegate AWS security best practices and threat modeling to it.