creating-production-vpc-multi-az
aws/agent-toolkit-for-aws
How to install creating-production-vpc-multi-az
npx skills add https://github.com/aws/agent-toolkit-for-aws --skill creating-production-vpc-multi-azFull instructions (SKILL.md)
Source of truth, from aws/agent-toolkit-for-aws.
name: creating-production-vpc-multi-az description: Creates a production-ready VPC with public and private subnets across multiple Availability Zones, including internet gateway, NAT gateways, route tables, and security groups following AWS Well-Architected principles. Use when deploying multi-AZ VPC infrastructure with automatic CIDR planning and DNS resolution. version: 1
Creating a Production-Ready VPC Across Multiple Availability Zones
Overview
Domain expertise for creating production-ready VPC infrastructure distributed across multiple Availability Zones. Covers VPC creation with DNS support, public and private subnet layout with automatic CIDR calculation, internet gateway, NAT gateways for high-availability outbound access, route table configuration, and tiered security groups following AWS Well-Architected principles.
Create a production VPC
To create a fully configured multi-AZ VPC with public/private subnets, NAT gateways, route tables, and security groups, follow the procedure exactly. See Production VPC creation procedure.
Key parameters:
vpc_name(required): Name prefix for all resourcesregion(required): Target AWS regionallowed_web_cidrs(required): CIDR blocks allowed for web access — allow 0.0.0.0/0 only if explicitly requestedvpc_cidr(optional, default10.0.0.0/16): VPC CIDR blockavailability_zones(optional, default 3): Number of AZs (2–6)environment(required): Environment tagenable_ssh_access(optional, default false): Whether to create SSH security group
Troubleshooting
Insufficient Availability Zones
The target region must have at least 2 available AZs. Use aws ec2 describe-availability-zones to verify.
NAT Gateway creation delays
NAT Gateways can take several minutes to become available. The procedure waits for availability before configuring route tables.
Security group CIDR warnings
The procedure warns about 0.0.0.0/0 for web access CIDRs and recommends specific IP ranges for production workloads, but allows it if explicitly requested.
Related skills
More from aws/agent-toolkit-for-aws and the wider catalog.
aws-iam
"Verified corrections for IAM behaviors that AI agents frequently get\
aws-serverless
Builds, deploys, manages, debugs, configures, and optimizes serverless applications on AWS using Lambda, API Gateway, Step Functions, EventBridge, and SAM/CDK. Covers cold starts, CORS debugging, event source mappings, troubleshooting, concurrency, SnapStart, Powertools, function URLs, EventBridge Scheduler, Lambda layers, and production readiness. Triggers on mentions of Lambda, API Gateway, Step Functions, SAM templates, CDK serverless stacks, DynamoDB stream triggers, SQS event sources, cold starts, timeouts, 502/504 errors, throttling, concurrency, CORS, Powertools, or any event-driven architecture on AWS, even without the word "serverless." Does not apply to EC2, ECS/Fargate containers, or Amplify hosting.
aws-cdk
Authors, deploys, and troubleshoots AWS infrastructure using CDK with TypeScript or Python. Covers best practices, stack architecture, and construct patterns. Always use when writing CDK constructs, bootstrapping environments, running cdk deploy/synth/diff, fixing CDK or CloudFormation errors, planning stack structure, importing existing resources, resolving drift, or refactoring stacks without resource replacement.
aws-observability
Builds, configures, debugs, and optimizes AWS observability using CloudWatch (Logs Insights, Metrics, Alarms, Dashboards, EMF), X-Ray, CloudTrail, and ADOT. Covers Log Insights query syntax (fields, filter, stats, parse, pattern, join, subqueries), alarm configuration (metric, composite, anomaly detection, missing data treatment), dashboard design, custom metrics (PutMetricData, EMF, metric filters), X-Ray tracing (ADOT, sampling rules, annotations vs metadata), ADOT collector config, and CloudTrail auditing. Use when the user mentions CloudWatch, Log Insights, alarms, INSUFFICIENT_DATA, dashboards, custom metrics, EMF, X-Ray, traces, sampling, CloudTrail, who deleted, ADOT, OpenTelemetry, observability, monitoring, synthetics, canaries, or troubleshooting alarm behavior. Do NOT use for application logging setup, container log drivers, or security threat detection.
amazon-bedrock
Builds generative AI applications on Amazon Bedrock. Covers model invocation (Converse API, InvokeModel), RAG with Knowledge Bases, Bedrock Agents, Guardrails, and AgentCore. Use when invoking models, setting up Knowledge Bases, creating agents, applying guardrails, deploying to AgentCore, troubleshooting Bedrock errors (ThrottlingException, AccessDeniedException), or choosing models (Claude, Llama, Nova, Titan). ALSO USE for prompt caching setup and debugging, quota health checks and throttling diagnosis, cost attribution and tracking, migrating between Claude model generations (4.5 to 4.6 to 4.7), chunking strategies, API selection (Converse vs InvokeModel), guardrail capabilities, and model selection. Also covers AgentCore Payments setup (x402, microtransactions, Payment Manager, Connector, Instrument, Coinbase CDP, Stripe Privy, 402 Payment Required, pay for content, paid endpoint, agent payments). NOT for custom model training, Rekognition, or Comprehend.
aws-billing-and-cost-management
|