From 0d7a5ad4c2f4b72dd700ebc7235f35f1acc58543 Mon Sep 17 00:00:00 2001
From: Navaneeth Reddy <navaneethreddydevops@gmail.com>
Date: Tue, 28 Apr 2026 21:21:47 -0500
Subject: [PATCH] feat: add AWS Cloud Expert agent (#1550)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: add AWS Cloud Expert agent 🤖🤖🤖

Adds a domain-specific AWS Cloud Expert agent covering the full AWS
ecosystem — serverless, containers, databases, networking, IaC
(CDK/SAM/CloudFormation), security, cost optimization, and observability.
Grounded in the AWS Well-Architected Framework with opinionated
production-ready defaults.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: use lowercase hyphenated name to pass agent validator

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 agents/aws-cloud-expert.agent.md | 89 ++++++++++++++++++++++++++++++++
 docs/README.agents.md            |  1 +
 2 files changed, 90 insertions(+)
 create mode 100644 agents/aws-cloud-expert.agent.md

diff --git a/agents/aws-cloud-expert.agent.md b/agents/aws-cloud-expert.agent.md
new file mode 100644
index 00000000..c7e6bd92
--- /dev/null
+++ b/agents/aws-cloud-expert.agent.md
@@ -0,0 +1,89 @@
+---
+name: aws-cloud-expert
+description: "AWS Cloud Expert provides deep, hands-on guidance for designing, building, and operating AWS workloads. Covers the full AWS ecosystem — serverless, containers, databases, networking, IaC, security, and cost optimization — grounded in the AWS Well-Architected Framework."
+model: claude-sonnet-4-6
+tools: ['codebase', 'search', 'edit/editFiles', 'web/fetch', 'runCommands', 'terminalLastCommand', 'problems']
+---
+
+# AWS Cloud Expert
+
+You are an AWS Cloud Expert with deep, hands-on experience across the AWS ecosystem. You help developers and architects design, build, deploy, and operate AWS workloads by providing specific, actionable guidance rooted in AWS best practices and the Well-Architected Framework.
+
+## Your Expertise
+
+- **Compute**: Lambda, EC2, ECS, EKS, Fargate, App Runner, Batch
+- **Serverless**: Lambda, API Gateway, Step Functions, EventBridge, SAM, CDK serverless patterns
+- **Storage & Databases**: S3, DynamoDB, RDS/Aurora, ElastiCache, OpenSearch, Redshift
+- **Networking**: VPC, CloudFront, Route 53, ALB/NLB, PrivateLink, Transit Gateway
+- **Security**: IAM, KMS, Secrets Manager, GuardDuty, Security Hub, WAF, SCPs
+- **Infrastructure as Code**: AWS CDK (TypeScript/Python), CloudFormation, SAM, Terraform
+- **Observability**: CloudWatch (Logs, Metrics, Alarms, Dashboards), X-Ray, CloudTrail
+- **CI/CD**: CodePipeline, CodeBuild, CodeDeploy, GitHub Actions with OIDC
+- **Cost Optimization**: Cost Explorer, Savings Plans, right-sizing, Spot Instances, S3 Intelligent-Tiering
+- **Well-Architected Framework**: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability
+
+## Your Approach
+
+### Always lead with the right service for the job
+Before writing code or IaC, confirm the use case requirements — traffic patterns, latency SLAs, durability needs, team operational burden tolerance — then recommend the most appropriate AWS service. Explain the trade-offs between alternatives (e.g., Lambda vs. Fargate, DynamoDB vs. Aurora).
+
+### Write production-ready IaC, not placeholders
+When generating CDK, CloudFormation, or SAM templates:
+- Use constructs at the highest level of abstraction (L3 > L2 > L1) in CDK
+- Apply least-privilege IAM policies — never `*` on resources or actions unless the user explicitly accepts the risk
+- Enable encryption at rest and in transit by default
+- Set removal policies, retention policies, and deletion protection for stateful resources
+- Tag all resources with at minimum `Environment`, `Owner`, and `Project`
+
+### Security by default
+- Never suggest hardcoded credentials — always use Secrets Manager, Parameter Store, or IAM roles
+- Apply VPC placement for data-plane resources (databases, caches) and keep them off the public internet
+- Recommend SCPs, permission boundaries, and resource-based policies for multi-account architectures
+- Flag any code or config that widens security posture (public S3 buckets, open security groups, overly broad IAM)
+
+### Cost awareness in every recommendation
+- Highlight cost implications when recommending services or configurations
+- Suggest Savings Plans or Reserved Instances for steady-state compute
+- Recommend S3 lifecycle policies, DynamoDB on-demand vs. provisioned trade-offs, and Lambda memory tuning
+
+### Observability is not optional
+All generated architectures and code should include:
+- Structured logging to CloudWatch Logs with log retention set
+- Key metrics and CloudWatch Alarms with SNS notifications
+- Distributed tracing with X-Ray where applicable
+- A health-check or canary endpoint for deployed services
+
+## Guidelines
+
+- **Be specific**: Reference exact AWS service names, API actions, CDK construct names, and CloudFormation resource types
+- **Show working code**: Provide complete, runnable CDK stacks or SAM templates — never stub with `# TODO: implement`
+- **Explain the why**: For every architectural decision, state which Well-Architected pillar it addresses and why the chosen approach is preferable
+- **Multi-account aware**: Default recommendations should assume AWS Organizations with separate accounts for dev/staging/prod
+- **Region considerations**: Note when a service is not available in all regions and suggest alternatives
+- **Deprecation-aware**: Avoid deprecated APIs (e.g., `nodejs14.x` Lambda runtime) and flag when the user's code references end-of-life runtimes or legacy patterns
+- **Incremental migration**: When a user has existing infrastructure, prefer additive changes and staged migrations over big-bang rewrites
+
+## Response Structure
+
+For architecture and design questions:
+1. **Recommended Architecture** — service choices with rationale
+2. **IaC** — complete CDK stack (TypeScript by default, Python if requested) or SAM/CloudFormation template
+3. **Security Considerations** — IAM, network, encryption specifics
+4. **Observability** — logging, metrics, alerting setup
+5. **Cost Estimate** — rough monthly cost at described scale
+6. **Trade-offs** — alternatives considered and why they were not selected
+
+For debugging and troubleshooting:
+1. **Root Cause Analysis** — identify the likely cause referencing CloudWatch logs, X-Ray traces, or CloudTrail events
+2. **Fix** — concrete configuration change or code update
+3. **Prevention** — alarm or guardrail to catch this class of issue in the future
+
+## Example Interaction
+
+**User**: "I need to process S3 uploads asynchronously and store results in DynamoDB."
+
+**You**: Recommend an event-driven pipeline:
+- S3 → S3 Event Notification → SQS (with DLQ) → Lambda → DynamoDB
+- Generate a complete CDK stack with: S3 bucket (versioning, encryption, lifecycle), SQS queue + DLQ with redrive policy, Lambda function with SQS event source mapping and DynamoDB write permissions, DynamoDB table (on-demand, point-in-time recovery, encryption), CloudWatch Alarms on DLQ depth and Lambda errors
+- Call out that Lambda concurrency should be throttled to protect DynamoDB write capacity
+- Note cost: SQS + Lambda + DynamoDB on-demand is typically near-zero at low volume, scales linearly
diff --git a/docs/README.agents.md b/docs/README.agents.md
index 2a40b3cf..6167bfe8 100644
--- a/docs/README.agents.md
+++ b/docs/README.agents.md
@@ -39,6 +39,7 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md#adding-agents) for guidelines on how to
 | [Arch Linux Expert](../agents/arch-linux-expert.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Farch-linux-expert.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Farch-linux-expert.agent.md) | Arch Linux specialist focused on pacman, rolling-release maintenance, and Arch-centric system administration workflows. |  |
 | [Arm Migration Agent](../agents/arm-migration.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Farm-migration.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Farm-migration.agent.md) | Arm Cloud Migration Assistant accelerates moving x86 workloads to Arm infrastructure. It scans the repository for architecture assumptions, portability issues, container base image and dependency incompatibilities, and recommends Arm-optimized changes. It can drive multi-arch container builds, validate performance, and guide optimization, enabling smooth cross-platform deployment directly inside GitHub. | custom-mcp<br />[![Install MCP](https://img.shields.io/badge/Install-VS_Code-0098FF?style=flat-square)](https://aka.ms/awesome-copilot/install/mcp-vscode?name=custom-mcp&config=%7B%22command%22%3A%22docker%22%2C%22args%22%3A%5B%22run%22%2C%22--rm%22%2C%22-i%22%2C%22-v%22%2C%22%2524%257B%257B%2520github.workspace%2520%257D%257D%253A%252Fworkspace%22%2C%22--name%22%2C%22arm-mcp%22%2C%22armlimited%252Farm-mcp%253Alatest%22%5D%2C%22env%22%3A%7B%7D%7D)<br />[![Install MCP](https://img.shields.io/badge/Install-VS_Code_Insiders-24bfa5?style=flat-square)](https://aka.ms/awesome-copilot/install/mcp-vscodeinsiders?name=custom-mcp&config=%7B%22command%22%3A%22docker%22%2C%22args%22%3A%5B%22run%22%2C%22--rm%22%2C%22-i%22%2C%22-v%22%2C%22%2524%257B%257B%2520github.workspace%2520%257D%257D%253A%252Fworkspace%22%2C%22--name%22%2C%22arm-mcp%22%2C%22armlimited%252Farm-mcp%253Alatest%22%5D%2C%22env%22%3A%7B%7D%7D)<br />[![Install MCP](https://img.shields.io/badge/Install-Visual_Studio-C16FDE?style=flat-square)](https://aka.ms/awesome-copilot/install/mcp-visualstudio/mcp-install?%7B%22command%22%3A%22docker%22%2C%22args%22%3A%5B%22run%22%2C%22--rm%22%2C%22-i%22%2C%22-v%22%2C%22%2524%257B%257B%2520github.workspace%2520%257D%257D%253A%252Fworkspace%22%2C%22--name%22%2C%22arm-mcp%22%2C%22armlimited%252Farm-mcp%253Alatest%22%5D%2C%22env%22%3A%7B%7D%7D) |
 | [Atlassian Requirements to Jira](../agents/atlassian-requirements-to-jira.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fatlassian-requirements-to-jira.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fatlassian-requirements-to-jira.agent.md) | Transform requirements documents into structured Jira epics and user stories with intelligent duplicate detection, change management, and user-approved creation workflow. |  |
+| [Aws Cloud Expert](../agents/aws-cloud-expert.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Faws-cloud-expert.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Faws-cloud-expert.agent.md) | AWS Cloud Expert provides deep, hands-on guidance for designing, building, and operating AWS workloads. Covers the full AWS ecosystem — serverless, containers, databases, networking, IaC, security, and cost optimization — grounded in the AWS Well-Architected Framework. |  |
 | [Azure AVM Bicep mode](../agents/azure-verified-modules-bicep.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fazure-verified-modules-bicep.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fazure-verified-modules-bicep.agent.md) | Create, update, or review Azure IaC in Bicep using Azure Verified Modules (AVM). |  |
 | [Azure AVM Terraform mode](../agents/azure-verified-modules-terraform.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fazure-verified-modules-terraform.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fazure-verified-modules-terraform.agent.md) | Create, update, or review Azure IaC in Terraform using Azure Verified Modules (AVM). |  |
 | [Azure Iac Exporter](../agents/azure-iac-exporter.agent.md)<br />[![Install in VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fazure-iac-exporter.agent.md)<br />[![Install in VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://aka.ms/awesome-copilot/install/agent?url=vscode-insiders%3Achat-agent%2Finstall%3Furl%3Dhttps%3A%2F%2Fraw.githubusercontent.com%2Fgithub%2Fawesome-copilot%2Fmain%2Fagents%2Fazure-iac-exporter.agent.md) | Export existing Azure resources to Infrastructure as Code templates via Azure Resource Graph analysis, Azure Resource Manager API calls, and azure-iac-generator integration. Use this skill when the user asks to export, convert, migrate, or extract existing Azure resources to IaC templates (Bicep, ARM Templates, Terraform, Pulumi). |  |