AWS Agent
- 🤖 AWS Agent is an LLM-powered agent built using the Strands Agents SDK and the official AWS EKS MCP Server.
- 🌐 Protocol Support: Compatible with A2A protocol for integration with external user clients.
- 🛡️ Secure by Design: Enforces AWS IAM token-based RBAC and supports secondary external authentication for strong access control.
- 🏭 MCP Server: Uses the official AWS EKS MCP Server for comprehensive Amazon EKS cluster management and Kubernetes operations.
- 💰 Cost Management (Optional): Integrate the AWS Cost Explorer MCP Server for FinOps insights, cost breakdowns, comparisons, forecasting, and optimization recommendations.
- 🔐 IAM Security (Optional): Integrate the AWS IAM MCP Server for comprehensive Identity and Access Management operations with read-only mode for safety.
Many more AWS MCP servers planned: Additional AWS MCP Servers and integrations will be supported in future releases.
🏗️ Architecture
System Diagram
Sequence Diagram
⚙️ Local Development Setup
Use this setup to test the agent against AWS services.
🔑 Get AWS Credentials
-
AWS CLI Configuration:
aws configure
# Enter your AWS Access Key ID, Secret Access Key, and region -
IAM Permissions: Ensure your AWS credentials have the following permissions:
Note: For production systems, always follow the principle of least privilege. Avoid using wildcard permissions (e.g.,
eks:*
) and instead grant only the specific actions required for your use case. Wildcard permissions are shown here for development and testing convenience.eks:*
(for EKS cluster management)cloudformation:*
(for CloudFormation operations)iam:*
(for IAM role and policy management)ec2:*
(for VPC and security group management)ce:*
(for Cost Explorer, if enabled)logs:*
(for CloudWatch logs access)
-
Environment Variables: Add to your
.env
:AWS_ACCESS_KEY_ID=<your-access-key>
AWS_SECRET_ACCESS_KEY=<your-secret-key>
AWS_DEFAULT_REGION=us-east-1
ENABLE_EKS_MCP=true
ENABLE_COST_EXPLORER_MCP=false
Local Development
# Navigate to the AWS agent directory
cd ai_platform_engineering/agents/aws
# Run the MCP server in stdio mode
make run-a2a
✨ Features
EKS Cluster Management
- Cluster Operations: Create, describe, and delete EKS clusters using CloudFormation
- Template Generation: Generate CloudFormation templates with best practices
- Lifecycle Management: Manage cluster lifecycle and configuration
- Networking: Handle VPC, networking, and security group setup
Security & IAM
- IAM Management: Manage IAM roles and policies for EKS
- RBAC Configuration: Configure Kubernetes RBAC
- Service Accounts: Handle service account permissions
- Security Best Practices: Implement security best practices
Cost Management & FinOps
- Cost Analysis: Analyze AWS costs by service, region, and time period
- Reporting: Generate detailed cost reports and breakdowns
- Optimization: Identify cost optimization opportunities
- Trend Analysis: Track cost trends and forecasts
- Budget Monitoring: Monitor budget alerts and cost anomalies
🎯 Example Use Cases
Ask the agent natural language questions like:
EKS Operations
- Cluster Management: "Create a new EKS cluster called 'production-cluster' in us-west-2"
- Template Generation: "Generate a CloudFormation template for a 3-node EKS cluster"
- Cluster Status: "Show me the status of all EKS clusters in my account"
Security Operations
- IAM Setup: "Create an IAM role for EKS cluster access"
- RBAC Configuration: "Set up RBAC for the development team"
- Security Audit: "Check the security groups for my EKS cluster"
Cost Management
- Cost Analysis: "Show me the AWS costs for the last 30 days"
- Service Breakdown: "Break down costs by AWS service"
- Optimization: "Identify opportunities to reduce EKS costs"