Agent-Skills.md

Agent Skills: Cloud Security Configuration

Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.

UncategorizedID: aj-geddes/useful-ai-prompts/cloud-security-configuration

Repository

aj-geddes/useful-ai-prompts
aj-geddesLicense: MIT
607

Install this agent skill to your local

pnpm dlx add-skill https://github.com/aj-geddes/useful-ai-prompts/tree/HEAD/skills/cloud-security-configuration

Skill Files

Browse the full folder contents for cloud-security-configuration.

Download Skill

Loading file tree…

skills/cloud-security-configuration/SKILL.md

Skill Metadata

Name
cloud-security-configuration
Description
>

Cloud Security Configuration

Table of Contents

Overview

Cloud security requires comprehensive strategies spanning identity management, encryption, network controls, compliance, and threat detection. Implement defense-in-depth with multiple layers of protection and continuous monitoring.

When to Use

  • Protecting sensitive data in cloud
  • Compliance with regulations (GDPR, HIPAA, PCI-DSS)
  • Implementing zero-trust security
  • Securing multi-cloud environments
  • Threat detection and response
  • Identity and access management
  • Network isolation and segmentation
  • Encryption and key management

Quick Start

Minimal working example:

# Enable GuardDuty (threat detection)
aws guardduty create-detector \
  --enable \
  --finding-publishing-frequency FIFTEEN_MINUTES

# Enable CloudTrail (audit logging)
aws cloudtrail create-trail \
  --name organization-trail \
  --s3-bucket-name audit-bucket \
  --is-multi-region-trail

# Enable S3 bucket encryption by default
aws s3api put-bucket-encryption \
  --bucket my-bucket \
  --server-side-encryption-configuration '{
    "Rules": [{
      "ApplyServerSideEncryptionByDefault": {
        "SSEAlgorithm": "aws:kms",
        "KMSMasterKeyID": "arn:aws:kms:region:account:key/key-id"
      },
      "BucketKeyEnabled": true
    }]
  }'

# Enable VPC Flow Logs
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

| Guide | Contents | |---|---| | AWS Security Configuration | AWS Security Configuration | | Terraform Security Configuration | Terraform Security Configuration | | Azure Security Configuration | Azure Security Configuration | | GCP Security Configuration | GCP Security Configuration |

Best Practices

✅ DO

  • Implement least privilege access
  • Enable MFA everywhere
  • Use service accounts for applications
  • Encrypt data at rest and in transit
  • Enable comprehensive logging
  • Implement network segmentation
  • Use secrets management
  • Enable threat detection
  • Regular security assessments
  • Keep systems patched

❌ DON'T

  • Use root/default credentials
  • Store secrets in code
  • Over-permissive security groups
  • Disable encryption
  • Ignore logs and monitoring
  • Share credentials
  • Skip compliance requirements
  • Trust unverified data sources