Discover AWS infrastructure and save to JSON. Use when user asks to "discover AWS", "explore AWS account", "scan AWS infrastructure", or "create infrastructure JSON".
This skill inherits all available tools. When active, it can use any tool Claude has access to.
Explore an AWS account and collect comprehensive information about its infrastructure.
Ask the user for:
Use the profile and region flags with all AWS CLI commands:
aws <command> --profile <profile> --region <region>
Explore systematically. Start with basics, then dig deeper based on what you find.
aws sts get-caller-identity --profile <profile> --region <region>
aws ec2 describe-vpcsaws ec2 describe-subnetsaws ec2 describe-internet-gatewaysaws ec2 describe-nat-gatewaysaws ec2 describe-transit-gatewaysaws ec2 describe-vpc-endpointsaws ec2 describe-route-tablesaws ecs list-clusters then aws ecs describe-clustersaws ecs list-services --cluster <name> then aws ecs describe-servicesaws lambda list-functionsaws ec2 describe-instancesaws eks list-clustersaws elbv2 describe-load-balancersaws elbv2 describe-listeners --load-balancer-arn <arn>aws elbv2 describe-target-groupsaws elbv2 describe-rules --listener-arn <arn>aws rds describe-db-instancesaws rds describe-db-clustersaws dynamodb list-tablesaws elasticache describe-cache-clustersaws s3api list-bucketsaws efs describe-file-systemsaws ecr describe-repositoriesaws ec2 describe-security-groupsaws wafv2 list-web-acls --scope REGIONALaws cognito-idp list-user-pools --max-results 20aws acm list-certificatesaws secretsmanager list-secretsaws kms list-keysaws sqs list-queuesaws sns list-topicsaws events list-rulesaws apigateway get-rest-apisaws cloudfront list-distributionsCreate aws_infrastructure.json with this structure:
{
"metadata": {
"account_id": "...",
"region": "...",
"environment": "...",
"project": "...",
"discovered_at": "..."
},
"networking": {
"vpc": {"id": "...", "name": "...", "cidr": "..."},
"subnets": {
"public": [{"id": "...", "name": "...", "cidr": "...", "az": "..."}],
"private": [{"id": "...", "name": "...", "cidr": "...", "az": "..."}]
},
"internet_gateway": {"id": "..."},
"nat_gateways": [...],
"transit_gateway": {"id": "...", "routes": [...]},
"vpc_endpoints": [{"id": "...", "type": "...", "service": "..."}]
},
"load_balancers": {
"public": {"name": "...", "scheme": "internet-facing", "dns_name": "..."},
"private": {"name": "...", "scheme": "internal"}
},
"compute": {
"ecs_cluster": {"name": "..."},
"ecs_services": [{"name": "...", "launch_type": "FARGATE"}],
"lambda_functions": [{"name": "...", "runtime": "..."}],
"ec2_instances": [...]
},
"databases": {
"aurora_clusters": [{"database_name": "...", "engine": "..."}],
"dynamodb_tables": [{"name": "..."}],
"elasticache": {"engine": "redis", "num_cache_clusters": 2}
},
"storage": {
"s3_buckets": [{"name": "..."}],
"ecr_repositories": [...]
},
"security": {
"waf": {"web_acl": {"name": "..."}},
"acm_certificates": [{"domain": "..."}],
"cognito_pools": [{"name": "..."}]
},
"messaging": {
"sqs_queues": [...],
"sns_topics": [...],
"eventbridge_rules": [...]
},
"traffic_rules": {
"allowed_sources": {
"public_internet": {"cidrs": ["0.0.0.0/0"], "ports": [443]},
"corporate": {"cidrs": ["10.0.0.0/8"], "ports": [80, 443]}
},
"domains": {
"public": ["api.example.com"],
"private": ["internal.example.com"]
}
}
}
list-* returns empty, move onTell the user: