aws/agent-toolkit-for-aws / Chapter 6

Programming /

README

# Article Index — Agent Toolkit for AWS A 5-chapter deep dive into AWS's first-party distribution of MCP server configurations, agent skills, and plugins for AI coding agents (Claude Code, Codex, Cursor, Kiro). Source: [`aws/agent-toolkit-for-aws`](https://github.com/aws/agent-toolkit-for-aws) (commit `49c4592`, GA, Apache-2.0). ## Series red thread The Agent Toolkit for AWS is the answer to a question AWS Labs MCP servers could not answer: **how to let AI coding agents act on AWS without the security team losing observability or the developer losing control.** The answer is not a better MCP server. The answer is a curated library of 107 skills, three cross-host manifest shims, one regional MCP endpoint, and one PreToolUse hook that refuses to let a secret leak. ## Chapters | # | File | Title | Core thesis | |---|------|-------|-------------| | E00 | [`E00_Introduction_The_Agent_Trust_Problem.md`](./E00_Introduction_The_Agent_Trust_Problem.md) | The Agent Trust Problem | AWS did not release another MCP server — it released a governance answer to the ungoverned agent. | | E01 | [`E01_The_Plugin_Surface.md`](./E01_The_Plugin_Surface.md) | The Plugin Surface | The toolkit is four plugins and 107 skills. The plugins are packaging. The skills are the work. | | E02 | [`E02_One_Server_Four_Configurations.md`](./E02_One_Server_Four_Configurations.md) | One Server, Four Configurations | There is one managed AWS MCP server, accessed through a pinned proxy, with f

Chapter 6 of 6 2m Article Learning path

Article Index — Agent Toolkit for AWS

A 5-chapter deep dive into AWS's first-party distribution of MCP server configurations, agent skills, and plugins for AI coding agents (Claude Code, Codex, Cursor, Kiro). Source: aws/agent-toolkit-for-aws (commit 49c4592, GA, Apache-2.0).

Series red thread

The Agent Toolkit for AWS is the answer to a question AWS Labs MCP servers could not answer: how to let AI coding agents act on AWS without the security team losing observability or the developer losing control. The answer is not a better MCP server. The answer is a curated library of 107 skills, three cross-host manifest shims, one regional MCP endpoint, and one PreToolUse hook that refuses to let a secret leak.

Chapters

| # | File | Title | Core thesis | |---|------|-------|-------------| | E00 | [E00_Introduction_The_Agent_Trust_Problem.md](./E00_Introduction_The_Agent_Trust_Problem.md) | The Agent Trust Problem | AWS did not release another MCP server — it released a governance answer to the ungoverned agent. | | E01 | [E01_The_Plugin_Surface.md](./E01_The_Plugin_Surface.md) | The Plugin Surface | The toolkit is four plugins and 107 skills. The plugins are packaging. The skills are the work. | | E02 | [E02_One_Server_Four_Configurations.md](./E02_One_Server_Four_Configurations.md) | One Server, Four Configurations | There is one managed AWS MCP server, accessed through a pinned proxy, with four different per-plugin configurations that signal AWS's design priorities. | | E03 | [E03_The_PreToolUse_Hook.md](./E03_The_PreToolUse_Hook.md) | The PreToolUse Hook | The toolkit's enterprise posture is a PreToolUse hook + three IAM primitives. Skip any of them and the toolkit is AWS Labs with a new name. | | E04 | [E04_Skills_Migration_and_What_Comes_Next.md](./E04_Skills_Migration_and_What_Comes_Next.md) | Skills, Migration, and What Comes Next | SKILL.md frontmatter is a routing graph; the toolkit is in active release cadence; the AWS Labs migration is real. Adopt by persona. |

Reading order

Read E00 → E01 → E02 → E03 → E04. The chapters are progressive: each introduces concepts used by later chapters. E00 sets the red thread; E01–E03 build the evidence; E04 closes the loop with adoption guidance and future signals.

Adoption summary (from E04)

  • Solo developer. Install aws-core first. Run npx skills add aws/agent-toolkit-for-aws/skills for the rest. Pin your proxy. Read the routing graph in the SKILL.md frontmatters.
  • Platform team. Audit the four plugins against your workloads. Adopt aws-core for general work, aws-data-analytics for data engineering, aws-agents for Bedrock AgentCore, aws-agents-for-devsecops for incident response. Write the IAM condition key policy in the README's example. Enable CloudTrail data events.
  • Regulated enterprise. Pilot behind a feature flag for 30 days with a single team. Capture CloudTrail evidence that the agent's actions are scoped by aws:CalledVia. Pentest the PreToolUse hook. Review the secret resolution pattern end-to-end.

Source citation conventions

Each chapter cites specific files inside the repository. File paths are written as source/agent-toolkit-for-aws/... so the reader can cross-reference. Where the chapter references behavior documented in the README, the reference is to the repository's README.md directly.

License

Article text in this directory is original. Source code excerpts are quoted under the Apache-2.0 license of the upstream repository. The repository's LICENSE and NOTICE files are at source/agent-toolkit-for-aws/LICENSE and source/agent-toolkit-for-aws/NOTICE.