Build, deploy, and operate AI agents on AWS. Skills for scaffolding agents with Amazon Bedrock AgentCore (Strands, LangGraph), connecting tools via Gateway and MCP, multi-agent and A2A orchestration, memory, Cedar policies, evaluation, observability, debugging traces and logs, and production hardening (inbound auth, IAM, rate limiting, cold-start tuning).
Based on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Use when adding capabilities to an existing agent project — memory, app integration, VPC, multi-agent, migration, model changes, browser, code interpreter, or resource removal. Triggers on: "add memory", "remember across sessions", "call agent from app", "invoke agent from code", "auth to call agent", "streaming responses", "VPC", "VPC connectivity", "VPC error", "can't reach from VPC", "multi-agent", "A2A", "A2A auth", "orchestrator not delegating", "specialist not called", "migrate Bedrock Agent", "after import", "migration issue", "framework for migration", "change model", "browser tool", "code interpreter", "delete agent", "tear down", "agentcore remove", "cross-account memory", "resource-based policy on memory". Not for connecting to external APIs via Gateway — use agents-connect. Not for scaffolding a new project — use agents-get-started. Not for CLI/dev server errors — use agents-debug. Strands vs LangGraph in a migration context routes here.
Use when connecting your agent to external APIs, tools, or services via Gateway, or restricting tool access with Cedar policies. Handles gateway setup, target types, outbound auth (OAuth, API key, IAM), credentials, and Cedar policy authoring. Triggers on: "connect to API", "add gateway", "connect to MCP server", "Lambda tools", "OpenAPI", "gateway target", "Cedar policy", "restrict tools", "policy engine", "gateway auth error", "store API key", "outbound credential", "env var API key", "API key None after deploy", "credential not available after deploy", "should this be a gateway target", "give my agent tools", "add tools to agent". Not for inbound auth (who can call your agent) — use agents-harden. Not for debugging agent behavior — use agents-debug. Not for VPC networking errors (agent can't reach APIs due to VPC) — use agents-build. Not for creating or hosting a new MCP server project — use agents-get-started.
Use when your agent or environment is broken — wrong answers, errors, timeouts, tool failures, or CLI issues. Reads traces and logs to diagnose root causes. Also checks prerequisites when the CLI itself isn't working. Triggers on: "agent not working", "wrong answer", "agent error", "tool call failing", "debug agent", "check logs", "read traces", "broken", "500 error", "424 error", "model access denied", "command not found", "stuck in DELETING", "maxVms exceeded", "cold start diagnosis", "cold start slow", "agentcore create error", "create failed", "exit code 7", "connection refused local dev". Not for deploy failures — use agents-deploy. Not for performance tuning without errors — use agents-optimize. Not for VPC configuration — use agents-build. Not for observability setup or missing logs — use agents-optimize.
Use when deploying your agent to AWS, or when a deploy has failed. Handles pre-flight validation, CDK/IAM/quota error diagnosis, version management, rollback, and canary deployments. Triggers on: "deploy my agent", "agentcore deploy", "deploy failed", "CDK error", "rollback", "canary deploy", "pin version", "redeploy", "deploy stuck". Not for production hardening — use agents-harden. Not for adding capabilities before deploy — use agents-build or agents-connect. Not for VPC configuration errors — use agents-build.
Use when a developer wants to create a new agent project or get started with AgentCore. Handles framework selection, project scaffolding, first deploy, and first invocation. Triggers on: "build an agent", "create an agent", "get started", "new project", "agentcore create", "which framework", "Strands vs LangGraph", "hello world agent", "first agent", "create MCP server", "host MCP server", "agentcore dev", "dev server", "what port", "local development". Not for adding capabilities to existing projects — use agents-build or agents-connect. Strands vs LangGraph in a migration context routes to agents-build, not here. Connecting to an existing MCP server routes to agents-connect, not here.
External network access
Connects to servers outside your machine
Help AI coding agents build, deploy, and manage applications on AWS.
The Agent Toolkit for AWS gives AI coding agents the tools, knowledge, and guardrails they need to work with AWS services. It works with the coding agents developers already use — including Claude Code, Codex, Cursor, and Kiro.
The plugins are available on the official Anthropic marketplace (claude-plugins-official) which is added to your Claude Code installation by default.
Use the following commands to install supported plugins from the toolkit:
For aws-core that covers service selection, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, and deployment:
/plugin install aws-core@claude-plugins-official
Tip: If you get
Plugin not found, update your local marketplace index first:/plugin marketplace update claude-plugins-official
For aws-agents that covers building AI agents on AWS with Amazon Bedrock and AgentCore:
/plugin install aws-agents@claude-plugins-official
For aws-data-analytics that covers data lake, analytics, search, and ETL workflows with S3 Tables, AWS Glue, Athena, and Amazon OpenSearch Service (migration, provisioning, vector/semantic/hybrid search, log and trace analytics):
/plugin install aws-data-analytics@claude-plugins-official
For aws-databases that covers the AWS database portfolio — Amazon Aurora, ElastiCache, and Keyspaces (provisioning, sizing, migration, and RDS-to-S3 export):
/plugin install aws-databases@claude-plugins-official
For aws-agents-for-devsecops used to investigate incidents, review code and execute UAT for release readiness, scan code for vulnerabilities, and run penetration tests with AWS DevOps Agent and AWS Security Agent.
/plugin marketplace add aws/agent-toolkit-for-aws
/plugin install aws-agents-for-devsecops
/reload-plugins
# Or from Claude's official marketplace:
/plugin install aws-agents-for-devsecops@claude-plugins-official
/reload-plugins
# Setup:
/aws-agents-for-devsecops:setup
In your terminal:
codex plugin marketplace add aws/agent-toolkit-for-aws
Then launch Codex and run /plugins to browse and install the aws-core plugin.
Add this repository as a team marketplace from Settings → Plugins → Team Marketplaces → Add Marketplace → Import from Repo, pointing it at aws/agent-toolkit-for-aws. Cursor indexes the plugins listed in .cursor-plugin/marketplace.json on import.
Then open the Plugins panel and install the aws-core plugin (start here), or aws-agents, aws-data-analytics, and aws-databases as needed. Each plugin bundles the AWS MCP Server configuration and agent skills.
Add the AWS MCP Server to your Kiro MCP configuration (.kiro/settings/mcp.json):
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": [
"[email protected]",
"https://aws-mcp.us-east-1.api.aws/mcp",
"--metadata", "AWS_REGION=us-west-2"
]
}
}
}
Note: It is recommended to pin to a specific version (e.g.,
@1.6.0) to ensure reproducible behavior and protect against supply chain risks. We recommend regularly checking PyPI for new stable versions and updating accordingly.
Then install skills from this repository:
npx skills add aws/agent-toolkit-for-aws/skills
Prerequisites: You need uv installed. An AWS account with credentials configured locally is required for API calls and script execution, but not for documentation search or skill discovery. See the user guide for detailed setup instructions.
See the AWS MCP Server getting started guide for instructions on configuring the AWS MCP Server with your agent.
Then install skills from this repository:
npx skills add aws/agent-toolkit-for-aws/skills
Prerequisites: You need uv installed. An AWS account with credentials configured locally is required for API calls and script execution, but not for documentation search or skill discovery. See the user guide for detailed setup instructions.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimnpx claudepluginhub andrekurait/claude-marketplace-test --plugin aws-agentsBuild, deploy, and operate applications on AWS. Skills to author infrastructure-as-code (CDK, CloudFormation), use core services (Lambda, API Gateway, Step Functions, ECS/Fargate, ECR, IAM, Amazon Bedrock with Knowledge Bases and Guardrails, Amplify), and complete common tasks across observability (CloudWatch, X-Ray, CloudTrail, ADOT), messaging and streaming (SQS, SNS, EventBridge, Kinesis, MSK), AWS SDKs (boto3, JS v3, Swift), and cost optimization.
AndreKuraitData lake, analytics, search, and ETL workflows with S3 Tables, AWS Glue, Athena, and Amazon OpenSearch Service. Covers managed Iceberg tables on S3 Tables, ingestion from JDBC databases (Oracle, SQL Server, PostgreSQL, MySQL, RDS), Amazon Redshift, Snowflake, BigQuery, and DynamoDB, AWS Glue Data Catalog inventory and asset discovery, federated Athena queries, vector storage and semantic search on Amazon S3 Vectors, and Amazon OpenSearch Service and Serverless (migration from Solr/Elasticsearch, provisioning, vector/semantic/hybrid search, log analytics, trace analytics).
AndreKuraitDesign, operate, and migrate workloads across the AWS database portfolio. Skills for Amazon Aurora (PostgreSQL and MySQL — cluster provisioning, ACU sizing, I/O-Optimized storage, upgrades), Amazon ElastiCache (Valkey/Redis data modeling, vector search, semantic caching, migration), and Amazon Keyspaces (Cassandra compatibility, capacity modes, SQL-to-CQL migration), plus exporting RDS snapshots to Amazon S3.
AndreKuraitInvestigate incidents, review code and execute UAT for release readiness, scan code for vulnerabilities, and run penetration tests with AWS DevOps Agent and AWS Security Agent.
AndreKuraitHarness-native ECC operator layer - 67 agents, 271 skills, 92 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
affaan-mComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
JeffallanUpstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
upstashReliable automation, in-depth debugging, and performance analysis in Chrome using Chrome DevTools and Puppeteer
ChromeDevToolsComprehensive feature development workflow with specialized agents for codebase exploration, architecture design, and quality review
anthropicsReal-time statusline HUD for Claude Code - context health, tool activity, agent tracking, and todo progress
jarrodwatts