agent-stack-aws

Transversal AWS / infrastructure patterns for AWaC (Agent Workspace as Code) workspaces.

This stack is independent of any specific product. Include it whenever the project deploys to or operates on AWS.

What lives here

• rules/
  • use_aws_cli_terraform.md — autonomy protocol for aws and terraform commands. Read-only operations are SafeToAutoRun; anything that mutates infrastructure requires explicit confirmation.
• skills/
  • terraform_iac_parity — canonical pattern for keeping Terraform code, state, and live AWS in sync. Covers repo layout, remote state in S3, DynamoDB locks, the 3-check parity audit, secret handling, and environment-per-directory.
• workflows/
  • setup_aws_terraform.md — first-time setup for a Terraform-managed AWS project: state bucket, DynamoDB lock table, provider config, baseline tags.

When to include

Add to workspace.yml/stacks when the project deploys to or operates on AWS:

stacks:
  - core
  - aws
  - <your-product>/agent-stack

Cross-project safety

Generic resource-safety rules (positive tag filters, no destructive bulk operations without confirmation) belong in agent-stack-core because they apply to every workspace, not just AWS-tagged ones. Product-specific extensions can live in the product's own agent-stack and add guardrails on top of these transversal rules.

License

MIT.