Skip to content

Commit 9d72ced

Browse files
zxkanezxkane
committed
refactor(deploy-on-aws): replace static CDK best practices with MCP tool guidance
Remove references/cdk-best-practices.md — its content (resource naming, IAM grants, construct levels, cdk-nag, testing, stack organization) is fully covered by the awsiac MCP server's cdk_best_practices tool. Update SKILL.md to guide the model to call awsiac MCP tools at each step: - cdk_best_practices before writing CDK code - search_cdk_documentation for construct details - search_cdk_samples_and_constructs for code examples - validate_cloudformation_template for template validation - check_cloudformation_template_compliance for compliance checks Retain deploy-specific rule not covered by MCP: use language-specific Lambda constructs (NodejsFunction, PythonFunction) for auto-bundling. Keep monitoring.md — its concrete alarm thresholds for Lambda, ECS, ALB, and RDS are not provided by the awsiac MCP server.
1 parent 29deb01 commit 9d72ced

2 files changed

Lines changed: 14 additions & 77 deletions

File tree

plugins/deploy-on-aws/skills/deploy/SKILL.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,8 @@ straightforward services. Don't ask questions with obvious answers.
2828
1. **Analyze** - Scan codebase for framework, database, dependencies
2929
2. **Recommend** - Select AWS services, concisely explain rationale
3030
3. **Estimate** - Show monthly cost before proceeding
31-
4. **Generate** - Write IaC code following [CDK best practices](references/cdk-best-practices.md)
32-
with [security defaults](references/security.md) applied
31+
4. **Generate** - Write IaC code following CDK best practices (call `cdk_best_practices`
32+
via `awsiac` MCP) with [security defaults](references/security.md) applied
3333
5. **Validate** - Run synthesis, security scans, and
3434
[validation script](scripts/validate-stack.sh)
3535
6. **Deploy** - Execute with user confirmation
@@ -61,8 +61,13 @@ for query patterns.
6161

6262
### awsiac
6363

64-
Consult for IaC best practices. Use when writing CDK/CloudFormation/Terraform
65-
to ensure patterns follow AWS recommendations.
64+
Use for IaC generation and validation:
65+
66+
- **Before writing CDK code** — call `cdk_best_practices` for development guidelines
67+
- **For construct usage** — call `search_cdk_documentation` with specific construct names
68+
- **For code examples** — call `search_cdk_samples_and_constructs` with language filter
69+
- **For template validation** — call `validate_cloudformation_template` on synthesized output
70+
- **For compliance checks** — call `check_cloudformation_template_compliance`
6671

6772
### awscdk
6873

@@ -74,15 +79,11 @@ CDK-specific guidance and utilities. Use for:
7479

7580
## CDK Best Practices
7681

77-
When generating IaC (default: CDK TypeScript), follow these rules:
78-
79-
- **No explicit resource names** — let CDK generate unique names
80-
- **Use grant methods** for IAM — `table.grantReadWriteData(fn)` not raw policies
81-
- **Use language-specific Lambda constructs**`NodejsFunction`, `PythonFunction`
82-
- **Prefer L2/L3 constructs** over L1 (`CfnXxx`)
83-
- **Add cdk-nag** for automated best-practice validation
82+
Call `cdk_best_practices` via the `awsiac` MCP server before generating CDK code.
83+
In addition to the MCP guidelines, apply these deploy-specific rules:
8484

85-
See [cdk-best-practices.md](references/cdk-best-practices.md) for patterns and examples.
85+
- **Use language-specific Lambda constructs**`NodejsFunction` (TypeScript),
86+
`PythonFunction` (Python) for automatic dependency bundling
8687

8788
## Pre-Deployment Validation
8889

@@ -139,7 +140,7 @@ See [monitoring.md](references/monitoring.md) for CloudWatch alarm patterns by s
139140
- Always show cost estimate before generating code
140141
- Apply [security defaults](references/security.md) automatically (encryption,
141142
private subnets, least privilege)
142-
- Follow [CDK best practices](references/cdk-best-practices.md) when generating IaC
143+
- Call `cdk_best_practices` via `awsiac` MCP when generating IaC
143144
- Run IaC security scans (cfn-nag, checkov) before deployment
144145
- Set up [monitoring](references/monitoring.md) after deployment
145146
- Don't ask "Lambda or Fargate?" — just pick the obvious one
@@ -150,6 +151,5 @@ See [monitoring.md](references/monitoring.md) for CloudWatch alarm patterns by s
150151
- [Service defaults](references/defaults.md)
151152
- [Security defaults](references/security.md)
152153
- [Cost estimation patterns](references/cost-estimation.md)
153-
- [CDK best practices](references/cdk-best-practices.md)
154154
- [Monitoring and observability](references/monitoring.md)
155155
- [Validation script](scripts/validate-stack.sh)

plugins/deploy-on-aws/skills/deploy/references/cdk-best-practices.md

Lines changed: 0 additions & 63 deletions
This file was deleted.

0 commit comments

Comments
 (0)