Run DevSecOps workflows from Claude Code: review pull requests for release readiness, scan code for vulnerabilities, execute penetration tests, investigate cloud incidents, and remediate security findings using AWS DevOps and Security Agents.
Based on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Set up both AWS DevOps Agent and AWS Security Agent connections
Set up the AWS Security Agent workspace
Open a chat session with the AWS DevOps Agent and ask a question
Ask the AWS DevOps Agent for cost optimization opportunities, scoped to your local IaC
Start a deep root-cause investigation on the AWS DevOps Agent and stream progress
Trigger a pre-merge release readiness review on a GitHub PR, GitLab MR, or local branch. Use when the user wants to analyze code changes for risk, correctness, and potential rollback issues before merging. Trigger words include release readiness, analyze PR, analyze MR, review PR, risk analysis, pre-merge, safe to ship, ready to merge, ready to commit, any risks, before merging, validate changes, release management.
Have a fast, conversational analysis with the AWS DevOps Agent. Use for cost optimization, architecture review, topology mapping, knowledge / runbook discovery, security audits, dependency questions, and quick diagnostics — anything that needs a 5-30 second answer rather than a 5-8 minute deep investigation. Trigger words include cost, optimize, review, architecture, topology, what runbooks, show me, compare, audit, what if.
Coordinate the AWS DevOps Agent across multiple AgentSpaces from one Claude Code session — route questions to the right space (prod vs staging vs knowledge), query several spaces in parallel and synthesize, or compare findings across accounts. Use whenever the user has more than one AgentSpace configured, mentions multiple AWS accounts, or asks something like "check both prod and staging", "compare across accounts", or "ask the knowledge space".
Run a fast AWS Security Agent diff scan on only the changed code since a git ref. Use when the user asks to scan changes, run a diff scan, check what changed for security issues, scan before committing, scan before PR, or any pre-commit/pre-push security check.
Run a deep root-cause investigation on the AWS DevOps Agent. Use when the user describes an incident, alarm, outage, or unexplained behavior — keywords like "5xx", "503", "OOM", "latency spike", "deployment failure", "rollback", "sev1", "investigate", "root cause", "debug", "alarm fired", "service down". Polls and streams progress, then surfaces recommendations.
Help AI coding agents build, deploy, and manage applications on AWS.
The Agent Toolkit for AWS gives AI coding agents the tools, knowledge, and guardrails they need to work with AWS services. It works with the coding agents developers already use — including Claude Code, Codex, Cursor, and Kiro.
The plugins are available on the official Anthropic marketplace (claude-plugins-official) which is added to your Claude Code installation by default.
Use the following commands to install supported plugins from the toolkit:
For aws-core that covers service selection, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, and deployment:
/plugin install aws-core@claude-plugins-official
Tip: If you get
Plugin not found, update your local marketplace index first:/plugin marketplace update claude-plugins-official
For aws-agents that covers building AI agents on AWS with Amazon Bedrock and AgentCore:
/plugin install aws-agents@claude-plugins-official
For aws-data-analytics that covers data lake, analytics, and ETL workflows with S3 Tables, AWS Glue, and Athena:
/plugin install aws-data-analytics@claude-plugins-official
For aws-agents-for-devsecops used to investigate incidents, review code and execute UAT for release readiness, scan code for vulnerabilities, and run penetration tests with AWS DevOps Agent and AWS Security Agent.
/plugin marketplace add aws/agent-toolkit-for-aws
/plugin install aws-agents-for-devsecops
/reload-plugins
# Or from Claude's official marketplace:
/plugin install aws-agents-for-devsecops@claude-plugins-official
/reload-plugins
# Setup:
/aws-agents-for-devsecops:setup
In your terminal:
codex plugin marketplace add aws/agent-toolkit-for-aws
Then launch Codex and run /plugins to browse and install the aws-core plugin.
Add this repository as a team marketplace from Settings → Plugins → Team Marketplaces → Add Marketplace → Import from Repo, pointing it at aws/agent-toolkit-for-aws. Cursor indexes the plugins listed in .cursor-plugin/marketplace.json on import.
Then open the Plugins panel and install the aws-core plugin (start here), or aws-agents and aws-data-analytics as needed. Each plugin bundles the AWS MCP Server configuration and agent skills.
Add the AWS MCP Server to your Kiro MCP configuration (.kiro/settings/mcp.json):
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": [
"[email protected]",
"https://aws-mcp.us-east-1.api.aws/mcp",
"--metadata", "AWS_REGION=us-west-2"
]
}
}
}
Note: It is recommended to pin to a specific version (e.g.,
@1.6.2) to ensure reproducible behavior and protect against supply chain risks. We recommend regularly checking PyPI for new stable versions and updating accordingly.
Then install skills from this repository:
npx skills add aws/agent-toolkit-for-aws/skills
Prerequisites: You need uv installed. An AWS account with credentials configured locally is required for API calls and script execution, but not for documentation search or skill discovery. See the user guide for detailed setup instructions.
See the AWS MCP Server getting started guide for instructions on configuring the AWS MCP Server with your agent.
Then install skills from this repository:
npx skills add aws/agent-toolkit-for-aws/skills
Prerequisites: You need uv installed. An AWS account with credentials configured locally is required for API calls and script execution, but not for documentation search or skill discovery. See the user guide for detailed setup instructions.
Plugins bundle the AWS MCP Server configuration and agent skills into a single install for your coding agent.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claim'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
npx claudepluginhub anthropics/claude-plugins-official --plugin aws-agents-for-devsecopsData lake, analytics, and ETL workflows with S3 Tables, AWS Glue, and Athena. Covers managed Iceberg tables on S3 Tables, ingestion from JDBC databases (Oracle, SQL Server, PostgreSQL, MySQL, RDS), Amazon Redshift, Snowflake, BigQuery, and DynamoDB, AWS Glue Data Catalog inventory and asset discovery, federated Athena queries, and vector storage and semantic search on Amazon S3 Vectors.
awsBuild, deploy, and operate applications on AWS. Skills to author infrastructure-as-code (CDK, CloudFormation), use core services (Lambda, API Gateway, Step Functions, ECS/Fargate, ECR, IAM, Amazon Bedrock with Knowledge Bases and Guardrails, AWS Blocks), and complete common tasks across observability (CloudWatch, X-Ray, CloudTrail, ADOT), messaging and streaming (SQS, SNS, EventBridge, Kinesis, MSK), AWS SDKs (boto3, JS v3, Swift), and cost optimization.
awsBuild, deploy, and operate AI agents on AWS. Skills for scaffolding agents with Amazon Bedrock AgentCore (Strands, LangGraph), connecting tools via Gateway and MCP, multi-agent and A2A orchestration, memory, Cedar policies, evaluation, observability, debugging traces and logs, and production hardening (inbound auth, IAM, rate limiting, cold-start tuning).
awsBuild, deploy, and operate applications on AWS. Skills to author infrastructure-as-code (CDK, CloudFormation), use core services (Lambda, API Gateway, Step Functions, ECS/Fargate, ECR, IAM, Amazon Bedrock with Knowledge Bases and Guardrails, AWS Blocks), and complete common tasks across observability (CloudWatch, X-Ray, CloudTrail, ADOT), messaging and streaming (SQS, SNS, EventBridge, Kinesis, MSK), AWS SDKs (boto3, JS v3, Swift), and cost optimization.
awsEditorial "Security Engineer" bundle for Claude Code from Antigravity Awesome Skills.
sickn3336 on-demand AWS and cloud skills, slash commands, agents, and security hooks for Claude Code
whchoi98Design, build, deploy, test, and debug serverless applications with AWS Serverless services.
awslabsVendor-neutral SRE methodology skills for AI agents: investigate a live incident, analyze change impact, hand over oncall, author a postmortem, audit reliability. Runs offline against fixtures, no credentials required.
anyshift-ioDevsForge cloud cost optimization specialist for analyzing and reducing infrastructure expenses
devsforge