>_
Marketplace

handler-storage-s3

AWS S3 storage handler for fractary-file plugin

model: claude-haiku-4-5

$ 설치

git clone https://github.com/fractary/claude-plugins /tmp/claude-plugins && cp -r /tmp/claude-plugins/plugins/file/skills/handler-storage-s3 ~/.claude/skills/claude-plugins

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: handler-storage-s3 description: AWS S3 storage handler for fractary-file plugin model: claude-haiku-4-5

<CRITICAL_RULES>

  1. NEVER expose credentials in outputs or logs
  2. ALWAYS validate inputs before executing operations
  3. ALWAYS return structured JSON results
  4. NEVER fail silently - report all errors clearly
  5. ALWAYS support IAM roles (no credentials needed if using IAM)
  6. NEVER log access keys or secrets </CRITICAL_RULES>

With AWS Profile (Recommended - uses ~/.aws/config):

{
  "handlers": {
    "s3": {
      "region": "us-east-1",
      "bucket_name": "my-bucket",
      "auth_method": "profile",
      "profile": "test-deploy",
      "endpoint": null,
      "public_url": null
    }
  }
}

With IAM Roles (Recommended for EC2/ECS/EKS):

{
  "handlers": {
    "s3": {
      "region": "us-east-1",
      "bucket_name": "my-bucket",
      "auth_method": "iam"
    }
  }
}

With Access Keys (Less secure, use environment variables):

{
  "handlers": {
    "s3": {
      "region": "us-east-1",
      "bucket_name": "my-bucket",
      "auth_method": "keys",
      "access_key_id": "${AWS_ACCESS_KEY_ID}",
      "secret_access_key": "${AWS_SECRET_ACCESS_KEY}",
      "endpoint": null,
      "public_url": null
    }
  }
}

Configuration Fields:

  • region: AWS region (required, default: "us-east-1")
  • bucket_name: S3 bucket name (required)
  • auth_method: Authentication method - "profile" | "iam" | "keys" (default: "profile")
  • profile: AWS profile name from ~/.aws/config (required if auth_method is "profile")
  • access_key_id: AWS access key (required if auth_method is "keys")
  • secret_access_key: AWS secret key (required if auth_method is "keys")
  • endpoint: Custom endpoint for S3-compatible services (optional)
  • public_url: Public URL for bucket (optional)

Security Best Practices:

  • Use AWS profiles for local development (test-deploy, prod-deploy)
  • Use IAM roles when running in AWS (EC2, ECS, EKS, Lambda)
  • Use environment variables for credentials if using "keys" method: ${AWS_ACCESS_KEY_ID}
  • Never commit credentials to version control
  • Use minimal required IAM permissions
  • Rotate credentials every 90 days if using access keys

See docs/s3-setup-guide.md for detailed setup instructions.

Parameter Flow:

  • Agent loads configuration and expands env vars
  • Skill receives: operation + region + bucket + auth_method + profile/credentials + paths
  • Skill sets AWS_PROFILE env var if using profile method
  • Skill invokes script with all parameters
  • Script executes AWS CLI with S3 (uses AWS_PROFILE or credentials)
  • Skill returns structured JSON result

Authentication Precedence:

  1. Profile method: Set AWS_PROFILE env var, AWS CLI uses profile from ~/.aws/config
  2. IAM method: No credentials or profile, AWS CLI uses instance/task role
  3. Keys method: Pass access_key_id and secret_access_key to script 
{
  "success": true,
  "message": "Operation completed successfully",
  "url": "https://my-bucket.s3.us-east-1.amazonaws.com/path/to/file",
  "size_bytes": 1024,
  "checksum": "sha256:abc123..."
}

Public File Upload:

{
  "success": true,
  "message": "File uploaded successfully (public)",
  "url": "https://my-bucket.s3.us-east-1.amazonaws.com/docs/document.pdf",
  "size_bytes": 2048,
  "checksum": "sha256:def456..."
}

Presigned URL:

{
  "success": true,
  "message": "Presigned URL generated",
  "url": "https://my-bucket.s3.amazonaws.com/file?X-Amz-Signature=...",
  "expires_in": 3600
}

<ERROR_HANDLING>

  • Missing configuration: Return error with setup instructions
  • Invalid credentials: Return error with credential check steps
  • Network error: Retry up to 3 times with exponential backoff
  • Bucket not found: Return error with bucket name
  • Permission denied: Return error with required IAM permissions
  • File not found: Return clear error message
  • Script execution failure: Capture stderr and return to agent </ERROR_HANDLING>

<IAM_ROLES> When running in AWS (EC2, ECS, EKS, Lambda), use IAM roles instead of credentials:

Benefits:

  • No credentials to manage or rotate
  • Automatic credential refresh (hourly)
  • Better security (credentials never exposed)
  • Simpler configuration

Required IAM Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "FractaryFilePlugin",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket",
        "s3:GetObjectMetadata"
      ],
      "Resource": [
        "arn:aws:s3:::my-bucket",
        "arn:aws:s3:::my-bucket/*"
      ]
    }
  ]
}

See docs/iam-permissions.md for detailed permission configurations. </IAM_ROLES>

Repository

fractary
fractary
Author
fractary/claude-plugins/plugins/file/skills/handler-storage-s3
1
Stars
0
Forks
Updated1d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
docstring
pytorch/pytorch
95.4k
at-dispatch-v2
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k