/ Каталог / Песочница / aws-skills
← Все серверы ↗ GitHub
● Сообщество zxkane ⚡ Сразу

aws-skills

автор zxkane · zxkane/aws-skills

Claude agent skills for AWS — shell-first workflows covering common services, with sensible defaults and least-privilege IAM.

aws-skills wraps common AWS CLI workflows as agent skills: EC2 fleet ops, S3 policy checks, IAM audits, CloudFormation/CDK scaffolding, and cost queries. Shell-first so you always see the commands being run. Pairs well with TerraShark for IaC.

▶ Смотреть демо 📦 Установить 💡 Сценарии

Зачем использовать

Ключевые функции

Живое демо

Как выглядит на практике

aws-skill.replay ▶ готово
0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "aws-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ],
      "_inferred": true
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "aws-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/zxkane/aws-skills",
        "~/.claude/skills/aws-skills"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json
{
  "context_servers": {
    "aws-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/zxkane/aws-skills",
          "~/.claude/skills/aws-skills"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add aws-skill -- git clone https://github.com/zxkane/aws-skills ~/.claude/skills/aws-skills

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: aws-skills

How to run a fleet-wide operation on EC2 safely

👤 Cloud ops engineers running one-off fleet operations ⏱ ~20 min intermediate

Когда использовать: You need to patch or restart a group of instances matching a tag, without writing the whole script yourself.

Предварительные требования
  • Skill installed — git clone https://github.com/zxkane/aws-skills ~/.claude/skills/aws-skills
  • aws CLI configured — aws configure or SSO profile
Поток
  1. Dry-run the query
    Use aws-skill. List EC2 instances tagged Env=staging, App=api. Just describe, don't mutate.✓ Скопировано
    → Table of instance IDs with state
  2. Plan the action
    Now propose the command to restart all running ones. Show me the exact aws cli call before running it.✓ Скопировано
    → Command printed; no execution yet
  3. Execute with guardrails
    Execute in batches of 3 with 30s between batches. Abort if any fails.✓ Скопировано
    → Batched output with success/failure per batch

Итог: A controlled fleet operation with no unpleasant surprises.

Подводные камни
  • Wrong profile/region destroys prod — Always echo the resolved profile + region as the first line of any action

Audit S3 bucket policies for public exposure

👤 Security engineers looking for public S3 risk ⏱ ~30 min intermediate

Когда использовать: Before a compliance review, or after a misconfig alert.

Поток
  1. List buckets
    List all S3 buckets in our account with their public access block settings and any bucket policies that allow *.✓ Скопировано
    → Table with per-bucket status
  2. Triage
    Flag buckets that have public access and don't match our known public-bucket allowlist (list: [...]). Propose remediation for each.✓ Скопировано
    → Remediation plan per flagged bucket

Итог: A prioritized remediation list for S3 public exposure.

Подводные камни
  • OAI / OAC for CloudFront looks public at the bucket level — Check CloudFront origin config before flagging

Scope an IAM policy to least privilege

👤 Engineers with an overly-broad policy to tighten ⏱ ~45 min advanced

Когда использовать: A service account works with AdministratorAccess and you want to scope it down.

Поток
  1. Collect usage
    Pull the Access Analyzer / CloudTrail-derived actions used by this role over last 30 days.✓ Скопировано
    → Actions table
  2. Generate scoped policy
    Write the minimal policy matching those actions. No wildcard Resource unless necessary; comment where wildcards are justified.✓ Скопировано
    → Policy JSON with comments

Итог: A least-privilege policy with documented rationale.

Подводные камни
  • 30 days isn't long enough to capture all paths — Verify against known monthly or quarterly jobs before flipping the policy
Сочетать с: claude-code-owasp-skill

Answer a cost question quickly

👤 Engineers and finance owners chasing spend ⏱ ~20 min intermediate

Когда использовать: Finance asks 'why did S3 spend spike in April?' — you want an answer before the meeting.

Поток
  1. Query
    Use Cost Explorer to compare S3 spend April vs March by usage type.✓ Скопировано
    → Diff table by usage type
  2. Explain
    Which usage type grew most, and which bucket is most likely responsible?✓ Скопировано
    → Hypothesis with specific bucket candidates

Итог: A specific attribution you can follow up on.

Комбинации

Сочетайте с другими MCP — эффект x10

aws-skill + terrashark-skill

AWS-skill for one-off ops, TerraShark for codified infra

Investigate with aws-skill, then codify the fix as Terraform with terrashark.✓ Скопировано
aws-skill + claude-code-owasp-skill

Security reviews on IAM and S3 configs

After IAM scoping, run OWASP review on the resulting policy.✓ Скопировано

Инструменты

Что предоставляет этот MCP

ИнструментВходные данныеКогда вызыватьСтоимость
EC2 fleet ops - Tag-scoped fleet ops 1+ AWS API calls
S3 policy audit - Security review 1+ API calls
IAM scoping role_name Tightening access Access Analyzer + CloudTrail calls
Cost queries service, range Spend investigations Cost Explorer calls
CFN/CDK scaffolding - New stacks Claude tokens

Стоимость и лимиты

Во что обходится

Квота API
AWS API limits vary per service; usually non-issue for interactive use
Токенов на вызов
5-15k for planning; execution is free of Claude tokens
Деньги
Free skill; AWS usage billed as normal
Совет
Cost Explorer API has per-request pricing. Cache results when iterating.

Безопасность

Права, секреты, радиус поражения

Хранение учётных данных: Standard AWS CLI credentials (shared config, SSO). Skill reads active profile.
Исходящий трафик: All AWS API calls. Command outputs may contain sensitive data (ARNs, tags).
Никогда не давайте: AdministratorAccess for interactive use

Устранение неполадок

Частые ошибки и исправления

AccessDenied despite correct profile

Role session may have expired. Re-authenticate (aws sso login or STS refresh)

Проверить: aws sts get-caller-identity
Commands hit the wrong region

Skill respects AWS_REGION env; set explicitly or pass --region each call

Rate-limiting on large fleet ops

Use the skill's batch mode with delays

Альтернативы

aws-skills в сравнении

АльтернативаКогда использоватьКомпромисс
AWS MCP serverYou want native MCP tool calls instead of shell-firstLess shell visibility; different trust model

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills