aws-agents-for-devsecops

Agent Toolkit for AWS

Help AI coding agents build, deploy, and manage applications on AWS.

The Agent Toolkit for AWS gives AI coding agents the tools, knowledge, and guardrails they need to work with AWS services. It works with the coding agents developers already use — including Claude Code, Codex, Cursor, and Kiro.

Quick start

Claude Code

The plugins are available on the official Anthropic marketplace (claude-plugins-official) which is added to your Claude Code installation by default. Use the following commands to install supported plugins from the toolkit:

For aws-core that covers service selection, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, and deployment:

/plugin install aws-core@claude-plugins-official

Tip: If you get Plugin not found, update your local marketplace index first:

/plugin marketplace update claude-plugins-official

For aws-agents that covers building AI agents on AWS with Amazon Bedrock and AgentCore:

/plugin install aws-agents@claude-plugins-official

For aws-data-analytics that covers data lake, analytics, search, and ETL workflows with S3 Tables, AWS Glue, Athena, and Amazon OpenSearch Service (migration, provisioning, vector/semantic/hybrid search, log and trace analytics):

/plugin install aws-data-analytics@claude-plugins-official

For aws-databases that covers the AWS database portfolio — Amazon Aurora, ElastiCache, and Keyspaces (provisioning, sizing, migration, and RDS-to-S3 export):

/plugin install aws-databases@claude-plugins-official

For aws-agents-for-devsecops used to investigate incidents, review code and execute UAT for release readiness, scan code for vulnerabilities, and run penetration tests with AWS DevOps Agent and AWS Security Agent.

/plugin marketplace add aws/agent-toolkit-for-aws
/plugin install aws-agents-for-devsecops
/reload-plugins

# Or from Claude's official marketplace:
/plugin install aws-agents-for-devsecops@claude-plugins-official
/reload-plugins

# Setup:
/aws-agents-for-devsecops:setup

Codex

In your terminal:

codex plugin marketplace add aws/agent-toolkit-for-aws

Then launch Codex and run /plugins to browse and install the aws-core plugin.

Cursor

Add this repository as a team marketplace from Settings → Plugins → Team Marketplaces → Add Marketplace → Import from Repo, pointing it at aws/agent-toolkit-for-aws. Cursor indexes the plugins listed in .cursor-plugin/marketplace.json on import.

Then open the Plugins panel and install the aws-core plugin (start here), or aws-agents, aws-data-analytics, and aws-databases as needed. Each plugin bundles the AWS MCP Server configuration and agent skills.

Kiro

Add the AWS MCP Server to your Kiro MCP configuration (.kiro/settings/mcp.json):

{
  "mcpServers": {
    "aws": {
      "command": "uvx",
      "args": [
        "[email protected]",
        "https://aws-mcp.us-east-1.api.aws/mcp",
        "--metadata", "AWS_REGION=us-west-2"
      ]
    }
  }
}

Note: It is recommended to pin to a specific version (e.g., @1.6.0) to ensure reproducible behavior and protect against supply chain risks. We recommend regularly checking PyPI for new stable versions and updating accordingly.

Then install skills from this repository:

npx skills add aws/agent-toolkit-for-aws/skills

Prerequisites: You need uv installed. An AWS account with credentials configured locally is required for API calls and script execution, but not for documentation search or skill discovery. See the user guide for detailed setup instructions.

Other agents

See the AWS MCP Server getting started guide for instructions on configuring the AWS MCP Server with your agent.

Then install skills from this repository:

npx skills add aws/agent-toolkit-for-aws/skills

Prerequisites: You need uv installed. An AWS account with credentials configured locally is required for API calls and script execution, but not for documentation search or skill discovery. See the user guide for detailed setup instructions.

What's included

Plugins