AgentSkillsCN

aws-env-discovery

跨环境探索 AWS 资源(RDS 实例、数据库、密钥),适用于需要查找数据库连接信息、列出可用数据库、从 Secrets Manager 中获取凭据,或配置数据库工具时使用。当用户输入诸如“QA 环境有哪些数据库?”、“获取 UAT 环境的凭据”、“列出 RDS 实例”、“查询数据库连接信息”或“设置数据库连接”等指令时,即可触发该功能。

SKILL.md
--- frontmatter
name: aws-env-discovery
description: Discover AWS resources (RDS instances, databases, secrets) across environments. Use when needing to find database connection details, list available databases, retrieve credentials from Secrets Manager, or set up database tool configurations. Triggers on phrases like "what databases are in QA", "get UAT credentials", "list RDS instances", "database connection info", or "set up database connections".

AWS Environment Discovery

Discover RDS instances, databases, and credentials across AWS environments (QA, UAT, Production).

Quick Reference

EnvironmentProfileTypical Use
QAqaTesting, development
UATuatUser acceptance testing
ProductionproductionLive systems (read-only discovery)

Workflow

1. Authenticate to Environment

Check if already authenticated:

bash
aws sts get-caller-identity --profile <env>

If expired or not authenticated:

bash
aws sso login --profile <env>

2. Discover RDS Instances

List all RDS instances in the environment:

bash
aws rds describe-db-instances --profile <env> \
  --query 'DBInstances[*].[DBInstanceIdentifier,Engine,Endpoint.Address,Endpoint.Port,DBInstanceStatus]' \
  --output table

3. List Databases on an Instance

For PostgreSQL instances, connect and list databases:

bash
psql -h <endpoint> -U <username> -d postgres -c "\l"

Or via AWS if using IAM auth:

bash
aws rds describe-db-instances --profile <env> \
  --db-instance-identifier <instance-id> \
  --query 'DBInstances[0]'

4. Retrieve Credentials from Secrets Manager

List available secrets:

bash
aws secretsmanager list-secrets --profile <env> \
  --query 'SecretList[*].[Name,Description]' \
  --output table

Get specific secret value:

bash
aws secretsmanager get-secret-value --profile <env> \
  --secret-id <secret-name> \
  --query 'SecretString' \
  --output text | jq .

Output Format

Present discoveries as markdown tables:

RDS Instances

InstanceEngineEndpointPortStatus
myapp-qapostgresmyapp-qa.xxx.rds.amazonaws.com5432available

Credentials Retrieved

Secret NameUsernameDatabaseNotes
myapp/qa/dbapp_usermyappRetrieved from Secrets Manager

Connection Strings

code
postgresql://username:password@endpoint:port/database

SSO Re-authentication

When commands fail with credential errors:

  1. Detect the error pattern: "Token has expired" or "credentials have expired"
  2. Prompt user: "SSO session expired for [env]. Run aws sso login --profile [env]?"
  3. After login, retry the failed command

Safety Notes

  • Production discovery is read-only (describe/list commands only)
  • Never output raw passwords in conversation - use **** redaction
  • Prefer connection string format over separate credential display
  • Always confirm environment before running commands