aws-skills MCP — Anwendungsfälle, Installieren & Live-Demo

Warum nutzen

Hauptfunktionen

Shell-first — commands visible before execution
Common services: EC2, S3, IAM, Lambda, CloudFormation, Cost Explorer
Least-privilege IAM defaults
Region and profile aware
Works with Claude Code and Codex

Live-Demo

In der Praxis

aws-skill.replay ▶ bereit

0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "aws-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json

{
  "context_servers": {
    "aws-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/zxkane/aws-skills",
          "~/.claude/skills/aws-skills"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add aws-skill -- git clone https://github.com/zxkane/aws-skills ~/.claude/skills/aws-skills

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: aws-skills

How to run a fleet-wide operation on EC2 safely

👤 Cloud ops engineers running one-off fleet operations ⏱ ~20 min intermediate

Wann einsetzen: You need to patch or restart a group of instances matching a tag, without writing the whole script yourself.

Voraussetzungen

Skill installed — git clone https://github.com/zxkane/aws-skills ~/.claude/skills/aws-skills
aws CLI configured — aws configure or SSO profile

Ablauf

Dry-run the query

Use aws-skill. List EC2 instances tagged Env=staging, App=api. Just describe, don't mutate.✓ Kopiert

→ Table of instance IDs with state
Plan the action

Now propose the command to restart all running ones. Show me the exact aws cli call before running it.✓ Kopiert

→ Command printed; no execution yet
Execute with guardrails

Execute in batches of 3 with 30s between batches. Abort if any fails.✓ Kopiert

→ Batched output with success/failure per batch

Ergebnis: A controlled fleet operation with no unpleasant surprises.

Fallstricke

Wrong profile/region destroys prod — Always echo the resolved profile + region as the first line of any action

Audit S3 bucket policies for public exposure

👤 Security engineers looking for public S3 risk ⏱ ~30 min intermediate

Wann einsetzen: Before a compliance review, or after a misconfig alert.

Ablauf

List buckets

List all S3 buckets in our account with their public access block settings and any bucket policies that allow *.✓ Kopiert

→ Table with per-bucket status
Triage

Flag buckets that have public access and don't match our known public-bucket allowlist (list: [...]). Propose remediation for each.✓ Kopiert

→ Remediation plan per flagged bucket

Ergebnis: A prioritized remediation list for S3 public exposure.

Fallstricke

OAI / OAC for CloudFront looks public at the bucket level — Check CloudFront origin config before flagging

Scope an IAM policy to least privilege

👤 Engineers with an overly-broad policy to tighten ⏱ ~45 min advanced

Wann einsetzen: A service account works with AdministratorAccess and you want to scope it down.

Ablauf

Collect usage

Pull the Access Analyzer / CloudTrail-derived actions used by this role over last 30 days.✓ Kopiert

→ Actions table
Generate scoped policy

Write the minimal policy matching those actions. No wildcard Resource unless necessary; comment where wildcards are justified.✓ Kopiert

→ Policy JSON with comments

Ergebnis: A least-privilege policy with documented rationale.

Fallstricke

30 days isn't long enough to capture all paths — Verify against known monthly or quarterly jobs before flipping the policy

Kombinieren mit: claude-code-owasp-skill

Answer a cost question quickly

👤 Engineers and finance owners chasing spend ⏱ ~20 min intermediate

Wann einsetzen: Finance asks 'why did S3 spend spike in April?' — you want an answer before the meeting.

Ablauf

Query

Use Cost Explorer to compare S3 spend April vs March by usage type.✓ Kopiert

→ Diff table by usage type
Explain

Which usage type grew most, and which bucket is most likely responsible?✓ Kopiert

→ Hypothesis with specific bucket candidates

Ergebnis: A specific attribution you can follow up on.

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

aws-skill + terrashark-skill

AWS-skill for one-off ops, TerraShark for codified infra

Investigate with aws-skill, then codify the fix as Terraform with terrashark.✓ Kopiert

aws-skill + claude-code-owasp-skill

Security reviews on IAM and S3 configs

After IAM scoping, run OWASP review on the resulting policy.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

Werkzeug	Eingaben	Wann aufrufen	Kosten
EC2 fleet ops	-	Tag-scoped fleet ops	1+ AWS API calls
S3 policy audit	-	Security review	1+ API calls
IAM scoping	role_name	Tightening access	Access Analyzer + CloudTrail calls
Cost queries	service, range	Spend investigations	Cost Explorer calls
CFN/CDK scaffolding	-	New stacks	Claude tokens

Kosten & Limits

Was der Betrieb kostet

API-Kontingent: AWS API limits vary per service; usually non-issue for interactive use
Tokens pro Aufruf: 5-15k for planning; execution is free of Claude tokens
Kosten in €: Free skill; AWS usage billed as normal
Tipp: Cost Explorer API has per-request pricing. Cache results when iterating.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: Standard AWS CLI credentials (shared config, SSO). Skill reads active profile.

Datenabfluss: All AWS API calls. Command outputs may contain sensitive data (ARNs, tags).

Niemals gewähren: AdministratorAccess for interactive use

Always verify active profile and region before destructive commands. Skill prints both before execution — don't skip the check.
Use SSO short-lived credentials rather than long-lived access keys.

Fehlerbehebung

Häufige Fehler und Lösungen

AccessDenied despite correct profile

Role session may have expired. Re-authenticate (aws sso login or STS refresh)

Prüfen: aws sts get-caller-identity

Commands hit the wrong region

Skill respects AWS_REGION env; set explicitly or pass --region each call

Rate-limiting on large fleet ops

Use the skill's batch mode with delays

Alternativen

aws-skills vs. andere

Alternative	Wann stattdessen	Kompromiss
AWS MCP server	You want native MCP tool calls instead of shell-first	Less shell visibility; different trust model

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen