Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| AWS_REGION | No | The AWS region to use (e.g., us-east-1) | us-east-1 |
| AWS_ACCESS_KEY_ID | Yes | Your AWS Access Key ID with read-only permissions | |
| AWS_SECRET_ACCESS_KEY | Yes | Your AWS Secret Access Key with read-only permissions |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| get_aws_caller_identity | Returns the AWS IAM caller identity (user/role) to verify credentials. |
| list_s3_buckets | Lists all S3 buckets in the AWS account. |
| list_ec2_instances | Lists EC2 instances in the current region, showing ID, type, state, and public IP. |
| list_iam_users | Lists IAM users in the AWS account. |
| list_recent_cloudtrail_events | Lists recent CloudTrail events to track console access and changes. |
| list_cloudwatch_alarms | Lists CloudWatch alarms, optionally filtering by state. |
| get_recent_cost | Retrieves daily AWS costs for the specified date range (default: last 7 days). |
| get_cost_by_service | Retrieves AWS costs broken down by service for the specified date range. |
| get_cost_breakdown | Detailed cost analysis. If service_name is provided, breaks down that service by Usage Type. Otherwise, breaks down by Service. |
| get_cost_forecast | Predicts future costs for a specified time range. |
| get_budget_details | Lists all AWS Budgets along with their status, limits, and current spend. |
| get_cost_anomalies | Retrieves cost anomalies detected by AWS Cost Anomaly Detection. |
| get_savings_plans_utilization | Retrieves Savings Plans utilization percentages. |
| get_reservation_utilization | Retrieves Reserved Instance (RI) utilization percentages. |
| get_instance_details | Retrieves detailed information about a specific EC2 instance. |
| list_vpcs | Lists all VPCs in the current region. |
| list_subnets | Lists subnets with availability zones and available IP counts. |
| list_route_tables | Lists route tables with their routes and associations. |
| list_internet_gateways | Lists Internet Gateways and their attachments. |
| list_nat_gateways | Lists NAT Gateways with their state and public IP. |
| list_security_groups | Lists all security groups. |
| list_users_without_mfa | Lists IAM users who do not have MFA enabled. |
| list_old_access_keys | Lists access keys older than 90 days (or specified days). |
| list_expiring_certificates | Lists ACM certificates expiring within the specified days. |
| list_rds_instances | Lists RDS instances with engine versions and status. |
| list_lambda_functions | Lists Lambda functions with runtimes and last modified dates. |
| list_backup_jobs | Lists recent backup jobs, optionally filtering by state (default: FAILED). |
| list_open_security_groups | Lists security groups that allow ingress from 0.0.0.0/0 on specified ports (default: 22, 3389). |
| list_unused_ebs_volumes | Lists EBS volumes that are available (not attached to any instance). |
| list_unassociated_eips | Lists Elastic IPs that are not associated with any instance. |
| list_guardduty_findings | Lists recent high-severity GuardDuty findings. |
| get_recent_logs | Retrieves recent log events from a CloudWatch Log Group. |
| search_cloudwatch_logs | Search CloudWatch logs using a filter pattern (e.g., 'ERROR', 'Exception'). |
| list_cloudtrail_changes | Lists write/mutation events (Create, Update, Delete) for a specific resource or service. |
| list_access_denied_events | Lists recent Access Denied or Unauthorized events from CloudTrail. |
| get_service_health | Lists recent open events from AWS Health Dashboard. |
| list_load_balancers | Lists all Application and Network Load Balancers. |
| list_target_groups | Lists all Target Groups. |
| list_listener_rules | Lists listeners and routing rules (host, path) for a specified Load Balancer. |
| get_target_health | Retrieves the health of targets in a specified Target Group. |
| list_web_acls | Lists Web ACLs (Global/CloudFront or Regional). |
| get_waf_sampled_requests | Retrieves sampled requests from a Web ACL. |
| check_ip_in_waf | Checks if an IP address exists in any WAF IP Set (Blocklists/Allowlists). |
| get_metric_statistics | Retrieves statistics for a specific CloudWatch metric. |
| list_sns_topics | Lists all SNS topics. |
| list_record_sets | Lists DNS records for a given hosted zone. |
| list_hosted_zones | Lists all Route53 Hosted Zones. |
| list_ecs_clusters | Lists ECS clusters with their status and running task counts. |
| list_ecs_services | Lists services in a specific ECS cluster. |
| list_eks_clusters | Lists EKS clusters in the current region. |
| list_auto_scaling_groups | Lists Auto Scaling Groups with their capacity settings. |
| list_scaling_activities | Describes recent scaling activities for an Auto Scaling Group. |
| list_cloudfront_distributions | Lists CloudFront distributions with their domain names and status. |
| list_secrets | Lists Secrets Manager secrets (names only). |
| list_ssm_parameters | Lists SSM Parameters (names only). |
| list_cloudformation_stacks | Lists CloudFormation stacks and their status. |
| list_dynamodb_tables | Lists DynamoDB tables. |
| list_trusted_advisor_checks | Lists Trusted Advisor checks available. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |