feat: Add AWS Elastic Beanstalk to deploy-on-aws plugin

[azpaulp]

Add a new elastic-beanstalk skill to the deploy-on-aws plugin covering web and worker applications. EB is positioned as an application management service (AWS manages lifecycle) vs ECS/EKS as infrastructure management services (user manages lifecycle).

Changes

New files:

• skills/elastic-beanstalk/SKILL.md — routing, workflow, defaults
• skills/elastic-beanstalk/references/platforms.md — platform detection
• skills/elastic-beanstalk/references/configuration.md — ebextensions, hooks

Modified existing files:

• defaults.md — override triggers and Heroku migration row
• security.md — VPC, SG, IAM, logging entries for EB
• cost-estimation.md — EB pricing (free service, underlying costs)
• deploy SKILL.md — principle and reference link

Testing:

• markdownlint-cli2: 0 errors in changed files
• dprint check: passes clean (no self-mutations)
• validate-references.py: 0 broken links
• validate-size.py: SKILL.md = 160 lines / 1954 tokens (rated "ideal")
• validate-cross-refs.cjs: 0 errors
• End-to-end test: Deployed a .NET 10 ASP.NET Core chatbot (Bedrock integration) to Elastic Beanstalk using only AWS CLI commands from the skill. Verified health endpoint responded 200 OK and Bedrock invocation succeeded via IAM instance profile. Two issues found and fixed in the skill: pre-built artifact requirement for .NET, and reverse proxy port configuration.

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

[krokoko]

PR Review Summary

Reviewed by: code-reviewer, comment-analyzer, code-simplifier agents

CI: All checks passing (markdownlint, dprint, cross-refs, size validation)

---

Critical Issues (1 found)

#	Agent	Issue	File
1	comment-analyzer	Incorrect reverse proxy port claims — States .NET: 5000, Node.js/Python/Ruby/Go/PHP: 8080. AWS docs confirm ALL AL2/AL2023 platforms default to port 5000 uniformly, not per-platform.	references/configuration.md:98-101

Fix: Replace the platform-specific list with:

All AL2/AL2023 platforms default to port 5000. Set the PORT environment property if the application listens on a different port. Mismatched ports result in 502 Bad Gateway from nginx.

---

Important Issues (3 found)

#	Agent	Issue	File
2	comment-analyzer	Missing deployment policy — Table omits "Traffic splitting" (canary testing), a valid production policy. Agents will never suggest canary deployments.	references/configuration.md:78-86
3	comment-analyzer	Java platform table conflates two branches — Maps all Java to "Corretto on AL2023" but Tomcat is a separate platform branch. Selection rule #4 acknowledges this distinction, but the detection table doesn't.	references/platforms.md:12
4	comment-analyzer	Environment secrets requires platform version caveat — The environmentsecrets namespace requires platform versions released March 2025+. No note about this prerequisite.	references/configuration.md:64-76

---

Suggestions (8 found)

#	Agent	Issue	File
5	comment-analyzer	CDK guidance lists L1 constructs without clarifying no L2 exists for EB	SKILL.md:131
6	comment-analyzer	create-storage-location step implies it's required (it's auto-created)	SKILL.md:109
7	comment-analyzer	Worker SG table says "EB health agent is local" — should say "SQS daemon communicates via localhost"	security.md
8	comment-analyzer	Consider mentioning --platform-arn as alternative to --solution-stack-name	SKILL.md:119-121
9	simplifier	Cost table duplicated in 3 places with slight inconsistency ("1x t3.small" vs "1 instance")	SKILL.md, cost-estimation.md
10	simplifier	Period placement: "prod." → "prod".	SKILL.md
11	simplifier	EB abbreviation inconsistency across files (full name vs "EB" in tables)	Multiple files
12	simplifier	Heroku migration PORT bullet is confusing — should reference the Reverse Proxy Port section	configuration.md:122

---

Strengths

• Excellent skill structure — follows the established SKILL.md + references/ pattern exactly
• Well-crafted trigger description — rich with natural language triggers for auto-matching ("Heroku alternative", "don't want to manage servers", "managed operational lifecycle")
• Clear routing logic — "When to Use" vs "NOT the right choice" criteria are non-overlapping
• Strong "Key Distinction" framing — "infrastructure management" (ECS/EKS) vs "application management" (EB) gives agents a clear mental model
• End-to-end tested — PR author deployed a real .NET app and fixed issues found during testing
• Accurate CLI syntax — --tier, option-settings JSON format, and SQS daemon behavior all verified correct
• Consistent integration — pricing, sizing, VPC, and security entries added to shared reference files match the new skill
• Appropriate size — SKILL.md at 160 lines / 1954 tokens rated "ideal" by validation

---

Recommended Action

1. Must fix: Correct the reverse proxy port claim (Critical 1)
2. Should fix: Add traffic-splitting deployment policy, split Java platform row, add secrets version caveat (Important 2-4)
3. Consider: Address suggestions for precision and consistency
4. Ready to merge after critical and important issues are addressed

---

Generated with Claude Code