Skip to content

AWS Infra

Verified

Chat-based AWS infrastructure assistance using AWS CLI and console context. Use for querying, auditing, and monitoring AWS resources (EC2, S3, IAM, Lambda, ECS/EKS, RDS, CloudWatch, billing, etc.), and for proposing safe changes with explicit confirmation before any write/destructive action.

2,044

Install

Claude Code

Add to .claude/skills/

About This Skill

# AWS Infra

Overview Use the local AWS CLI to answer questions about AWS resources. Default to read‑only queries. Only propose or run write/destructive actions after explicit user confirmation.

Quick Start 1. Determine profile/region from environment or `~/.aws/config`. 2. Start with identity: - `aws sts get-caller-identity` 3. Use read‑only service commands to answer the question. 4. If the user asks for changes, outline the exact command and ask for confirmation before running.

Safety Rules (must follow) - Treat all actions as **read‑only** unless the user explicitly requests a change **and** confirms it. - For any potentially destructive change (delete/terminate/destroy/modify/scale/billing/IAM credentials), require a confirmation step. - Prefer `--dry-run` when available and show the plan before execution. - Never reveal or log secrets (access keys, session tokens).

Task Guide (common requests) - **Inventory / list**: use `list`/`describe`/`get` commands. - **Health / errors**: use CloudWatch metrics/logs queries. - **Security checks**: IAM, S3 public access, SG exposure, KMS key usage. - **Costs**: Cost Explorer / billing queries (read‑only). - **Changes**: show exact CLI command and require confirmation.

Region & Profile Handling - If the user specifies a region/profile, honor it. - Otherwise use `AWS_PROFILE` / `AWS_REGION` if set, then fall back to `~/.aws/config`. - When results are region‑scoped, state the region used.

References See `references/aws-cli-queries.md` for common command patterns.

Assets - `assets/icon.svg` — custom icon (dark cloud + terminal prompt)

Use Cases

  • Query EC2 instances, S3 buckets, and Lambda functions to inventory your AWS resources
  • Audit IAM policies and security group rules for exposed or overly permissive access
  • Monitor CloudWatch metrics and billing data to track costs and performance anomalies
  • Propose infrastructure changes with exact CLI commands and require confirmation before execution
  • Troubleshoot errors by querying CloudWatch logs and resource health endpoints

Pros & Cons

Pros

  • + Read-only by default with explicit confirmation required for any destructive operations
  • + Covers the full AWS service spectrum from compute to security to billing
  • + Supports --dry-run where available so you can preview changes before committing
  • + Automatically detects region and profile from environment or AWS config

Cons

  • - Requires AWS CLI to be installed and configured with valid credentials locally
  • - Cannot manage multi-account organizations — scoped to a single account/profile at a time
  • - Relies on the agent's knowledge of AWS CLI syntax which may not cover every edge case

Frequently Asked Questions

What does AWS Infra do?

Chat-based AWS infrastructure assistance using AWS CLI and console context. Use for querying, auditing, and monitoring AWS resources (EC2, S3, IAM, Lambda, ECS/EKS, RDS, CloudWatch, billing, etc.), and for proposing safe changes with explicit confirmation before any write/destructive action.

What platforms support AWS Infra?

AWS Infra is available on Claude Code, OpenClaw.

What are the use cases for AWS Infra?

Query EC2 instances, S3 buckets, and Lambda functions to inventory your AWS resources. Audit IAM policies and security group rules for exposed or overly permissive access. Monitor CloudWatch metrics and billing data to track costs and performance anomalies.

Stay Updated on Agent Skills

Get weekly curated skills + safety alerts