AWS Expert
Expert knowledge base for AWS service behavior, defaults, and operational pitfalls. Contains 2,775 justified beliefs covering DynamoDB, CloudTrail, IAM, CloudFormation, RDS, S3, networking, compute, and cross-service interactions.
What is this?
This is an External Epistemic Memory (EEM) โ a model-agnostic knowledge base that any LLM can use via the reasons CLI or tool calling. Unlike a LoRA or fine-tune, this knowledge is not baked into model weights. It is external, inspectable, correctable, and works with any model.
Stats
| Metric | Value |
|---|---|
| Total beliefs | 2,775 |
| Status | 2,775 IN / 0 OUT |
| Premises (observations) | 2,615 |
| Derived (justified conclusions) | 160 |
| Nogoods (contradictions) | 0 |
| Retraction rate | 0% |
| Max derivation depth | 8 |
Top Topics
| Topic | Beliefs |
|---|---|
| dynamodb | 723 |
| cloudtrail | 416 |
| iam | 261 |
| account | 144 |
| rds | 134 |
| cfn | 132 |
| table | 128 |
| lake | 126 |
| default | 125 |
| max | 107 |
| region | 102 |
| backup | 98 |
| vpc | 95 |
| aws | 93 |
| ec2 | 89 |
| policy | 83 |
| data | 82 |
| cross | 80 |
Domain Coverage
- DynamoDB: capacity billing, GSI behavior, autoscaling pitfalls, TTL audit gaps, global tables consistency modes, DAX caching, item size overhead, cross-region replication (692 beliefs)
- CloudTrail: audit blind spots, Lake configuration, KMS key irrevocability, event data stores, data event logging gaps, automated operation blind spots (354 beliefs)
- IAM: policy evaluation, cross-account access, permission boundaries, default security posture, resource policies (222 beliefs)
- CloudFormation: stack lifecycle, drift detection, resource dependencies, rollback behavior, nested stacks (128 beliefs)
- RDS/Aurora: backup strategies, PITR windows, parameter groups, Multi-AZ failover, read replicas, lifecycle state transitions (139 beliefs)
- S3: bucket policies, lifecycle rules, versioning, cross-region replication, access points (119 beliefs)
- EC2 & Compute: instance lifecycle, spot interruptions, AMI management, EBS volumes, ENI limits (113 beliefs)
- Networking: VPC design, security groups, NACLs, Route 53 health checks, CloudFront distributions, EIP management (129 beliefs)
- Backup & DR: AWS Backup, PITR, cross-region backup, lifecycle transitions that degrade DR posture (65 beliefs)
- DAX: caching behavior, consistency implications, cluster management (61 beliefs)
- CloudWatch: metrics, alarms, log groups, observability investment ceilings (54 beliefs)
- API Gateway: REST vs HTTP APIs, throttling, authorization, stage management (89 beliefs)
- SQS: visibility timeout, dead letter queues, FIFO ordering, message retention (43 beliefs)
- AppSync: GraphQL resolvers, caching, authorization modes (31 beliefs)
- Lambda: cold starts, concurrency, event source mappings, resource limits (25 beliefs)
- Container Services: ECS task definitions, EKS node groups, ECR lifecycle policies (52 beliefs)
- Security: default hardening, KMS key management, ACM certificates, FIS chaos engineering (53 beliefs)
- Additional topics: ElastiCache, SES, CDK, spot instances, NoSQL Workbench patterns (remaining beliefs)
How to Use
Import into a reasons database
reasons init
reasons import-json network.json
Query beliefs
reasons search "DynamoDB capacity billing"
reasons explain lifecycle-transitions-silently-degrade-dr-posture
reasons show cloudtrail-eds-kms-key-irrevocable
Use as an MCP tool or CLI
Any LLM agent that can call reasons search, reasons show, and reasons explain can use this knowledge base. The agent does not need to be told it is an expert โ the knowledge base speaks for itself.
Key Beliefs
| Node | Summary |
|---|---|
lifecycle-transitions-silently-degrade-dr-posture |
Routine feature toggling and DR restores lose configuration state (PITR windows, audit settings) |
cloudtrail-eds-kms-key-irrevocable |
Once a KMS key is associated with a CloudTrail Lake event data store, it cannot be changed or removed |
dynamodb-ttl-deletions-not-logged-cloudtrail |
DynamoDB TTL data plane deletion actions are NOT logged by CloudTrail |
dynamodb-capacity-billing-penalizes-small-items-disproportionately |
DynamoDB capacity billing includes three hidden overhead mechanisms beyond raw item size |
aws-defaults-require-systematic-hardening-across-dimensions |
AWS default configurations systematically favor ease-of-use over security across operations |
full-observability-has-hard-ceiling-despite-investment |
Even after closing CloudTrail's configurable gaps, fundamental blind spots remain |
dynamodb-global-tables-consistency-mode-immutable |
DynamoDB Global Tables consistency mode is set at creation and cannot be changed afterward |
dynamodb-autoscaling-new-gsi-no-auto-scaling |
Creating a GSI on an existing DynamoDB table does not auto-enable scaling on the GSI |
cloudtrail-audit-blind-spots-exist-for-automated-operations |
Certain automated and system-initiated operations create audit gaps |
protocol-safety-unfalsifiable-under-current-testing |
Distributed protocol safety claims are unfalsifiable under the current testing methodology |
Sources
Built from exploration of AWS documentation, API behavior, and operational experience across DynamoDB, CloudTrail, IAM, CloudFormation, RDS, S3, EC2, VPC, and 25+ additional AWS services.
Files
| File | Description |
|---|---|
network.json |
Full belief network (machine-readable, portable) |
reasons.db |
SQLite database (gitignored, regenerate with reasons import-json network.json) |
CLAUDE.md |
Agent instructions for using this knowledge base |
entries/ |
655 exploration entries โ raw observations behind the premises |
Quality
- All 2,775 beliefs are IN (none retracted)
- 2,615 premises grounded in direct observations of AWS service behavior
- 160 derived beliefs justified from premises via SL justifications
- 0 nogoods โ no contradictions detected
- Max derivation depth of 8, indicating multi-step reasoning chains
- Built and reviewed using ftl-reasons derive and review-beliefs pipeline
Limitations
- Focused on AWS service behavior and defaults as of mid-2026
- AWS services evolve rapidly; some beliefs may become stale as features change
- Heavier coverage of DynamoDB and CloudTrail than other services
- Does not cover pricing in detail beyond capacity billing mechanics
- No ATMS or assumption-based beliefs (single-context TMS only)
Authors
- Ben Thomasson (@benthomasson)
License
mit
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support