aws-agent-skills MCP — Use Cases, Install & Live Demo

Why use it

Key features

18 core AWS services covered (IAM, Lambda, DynamoDB, S3, API Gateway, EC2, ECS, EKS, CFN, CloudWatch, RDS, SQS, SNS, Cognito, Step Functions, Secrets Manager, EventBridge, Bedrock)
Each SKILL.md includes CLI reference with real flags, not guessed ones
Common-pattern section per service surfaces production idioms
Security best-practices baked in (least-privilege IAM, encryption defaults)
Metadata tracks last-updated so you know the reference's freshness

Live Demo

What it looks like in practice

aws-agent-skill.replay ▶ ready

0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "aws-agent-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/itsmostafa/aws-agent-skills",
        "~/.claude/skills/aws-agent-skills"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "aws-agent-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/itsmostafa/aws-agent-skills",
        "~/.claude/skills/aws-agent-skills"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "aws-agent-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/itsmostafa/aws-agent-skills",
        "~/.claude/skills/aws-agent-skills"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "aws-agent-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/itsmostafa/aws-agent-skills",
        "~/.claude/skills/aws-agent-skills"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "aws-agent-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/itsmostafa/aws-agent-skills",
        "~/.claude/skills/aws-agent-skills"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json

{
  "context_servers": {
    "aws-agent-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/itsmostafa/aws-agent-skills",
          "~/.claude/skills/aws-agent-skills"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add aws-agent-skill -- git clone https://github.com/itsmostafa/aws-agent-skills ~/.claude/skills/aws-agent-skills

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use aws-agent-skills

Write a least-privilege IAM policy for a Lambda + DynamoDB pair

👤 Backend engineers setting up AWS resources ⏱ ~15 min intermediate

When to use: You're wiring a Lambda to a Dynamo table and don't want to give it * permissions.

Flow

State the access needed

Use the aws iam + lambda skills. Write a policy for a Lambda that needs GetItem and UpdateItem on table Orders and nothing else.✓ Copied

→ Policy with exact actions + resource ARN, no wildcards
Test

Give me the aws iam simulate-custom-policy command to verify this allows only those two actions.✓ Copied

→ Runnable command with correct syntax

Outcome: A production-quality least-privilege IAM policy with verification.

Pitfalls

Policy uses wildcards for convenience — Insist on exact resource ARNs — skill supports this strongly

Combine with: terraform-skill

Design an EventBridge → Step Functions → Lambda pipeline

👤 Serverless engineers ⏱ ~40 min advanced

When to use: You need an event-driven workflow and want the right service boundaries.

Flow

Sketch the flow

Use the eventbridge + step-functions + lambda skills. Design a pipeline that triggers on S3 uploads, orchestrates 3 steps, and writes to DynamoDB.✓ Copied

→ Architecture diagram + IaC snippets
Observability

Now add CloudWatch alarms and structured logging.✓ Copied

→ Specific metric filters and alarm thresholds

Outcome: A buildable serverless architecture with monitoring.

Pitfalls

Step Functions costs explode at scale — Skill flags when Express workflows fit better than Standard

Combine with: terraform-skill

Scaffold a Bedrock-backed RAG service

👤 Engineers building LLM features on AWS ⏱ ~60 min advanced

When to use: You want to use Bedrock for embeddings + generation without piecing it together from blog posts.

Flow

Describe the service

Use the bedrock + s3 + dynamodb skills. Scaffold a RAG service: upload docs to S3, embed with Titan, store in DynamoDB, retrieve + generate at query time.✓ Copied

→ Runnable code with correct Bedrock invoke calls and embedding model IDs

Outcome: A first-pass RAG scaffold on AWS-native services.

Pitfalls

Using Dynamo for vector search at scale — Skill notes when OpenSearch or pgvector is a better fit

Combinations

Pair with other MCPs for X10 leverage

aws-agent-skill + terraform-skill

AWS skills propose the design; Terraform skill writes the HCL

Design the Lambda+Dynamo stack using the aws skills, then have terraform-skill write the module.✓ Copied

aws-agent-skill + aws

Skill tells Claude the right calls; AWS MCP actually runs them

Use the aws-agent-skills to design the policy, then apply it via the aws MCP.✓ Copied

Tools

What this MCP exposes

Tool	Inputs	When to call
IAM skill	role/policy intent	Any AWS permissions work
Lambda skill	function spec	Serverless function design
DynamoDB skill	access patterns	NoSQL modeling
CloudFormation skill	resources	IaC in CFN
Bedrock skill	LLM use case	Using AWS-native GenAI

Cost & Limits

What this costs to run

API quota: None for the skill
Tokens per call: 3-8k per service loaded
Monetary: Free — skill is local. AWS usage costs are yours.
Tip: Name the services you're using so Claude loads only those SKILL.md files.

Security

Permissions, secrets, blast radius

Credential storage: No credentials in the skill. Real AWS calls should use OIDC roles, not static keys.

Data egress: None from the skill itself

Double-check generated IAM policies before deploying — the skill aims for least-privilege but you know your workload best.

Troubleshooting

Common errors and fixes

CLI flag rejected by actual AWS CLI

AWS occasionally renames flags. Check the service's last-updated metadata; cross-reference official docs if stale.

Verify: aws <service> <command> help

Claude uses SDK v2 patterns for Python boto3

Boto3 is v1 (and stable); don't confuse with AWS SDK for JS v2/v3. Specify language explicitly.

Alternatives

aws-agent-skills vs others

Alternative	When to use it instead	Tradeoff
aws MCP	You want Claude to actually call AWS, not just write snippets	MCP executes; this skill informs
cloud-provider-agnostic IaC skills (pulumi, cdk)	You prefer code-first IaC	Different mental model

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills