General AWS management in VS Code using awsclaw extension. Covers AWS connectivity, session management, profiles, regions, endpoints, file operations, testing connections, safety model, cross-service discovery, and extension capabilities.
Awsclaw is a VS Code extension that provides AI-assisted AWS management capabilities. It allows users to interact with AWS services using natural language prompts directly within VS Code.
Use this skill when the user:
OpenS3Explorer commandOpenCloudWatchLogView commandawsclaw.mcp.disabledTools settingSetAwsReadonlyMode to block all write operationsAwsclaw uses the standard AWS SDK credential provider chain:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)aws sso login~/.aws/credentials)~/.aws/config)Important: No credentials are ever sent to AI services. All API calls execute locally.
TestAwsConnectionTool to verify connectivitySessionTool with ListProfiles to see available profilesSessionTool with SetSession to configure profile and regionGet or set AWS session values (AwsProfile, AwsEndPoint, AwsRegion), list available profiles, or refresh cached credentials.
Read current session values (profile, region, endpoint).
{ "command": "GetSession", "params": {} }
Parameters: None required.
Update session values. Omit any param to leave it unchanged.
{ "command": "SetSession", "params": { "AwsProfile": "my-profile", "AwsRegion": "us-west-2" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| AwsProfile | string | No | AWS profile name to set |
| AwsEndPoint | string | No | Custom AWS/S3-compatible endpoint to set (e.g., LocalStack) |
| AwsRegion | string | No | AWS region to set (e.g., us-east-1, eu-west-1) |
Return profile names detected from AWS config/credentials files.
{ "command": "ListProfiles", "params": {} }
Parameters: None required.
Clear and reload cached credentials. Use after aws sso login or credential rotation.
{ "command": "RefreshCredentials", "params": {} }
Parameters: None required.
Perform local file operations: read, write, append, get metadata, list directories, create zip archives.
Read file content with optional encoding.
{ "command": "ReadFile", "params": { "filePath": "/path/to/file.txt" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File path to read |
| encoding | string | No | File encoding (default: utf-8) |
Create or overwrite a file.
{ "command": "WriteFile", "params": { "filePath": "/path/to/file.txt", "content": "Hello World" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File path to write |
| content | string | Yes | Content to write |
| encoding | string | No | File encoding |
| overwrite | boolean | No | Allow overwriting existing files |
| ensureDir | boolean | No | Create parent directories when missing |
Append content to an existing file.
{ "command": "AppendFile", "params": { "filePath": "/path/to/file.txt", "content": "new line" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File path to append to |
| content | string | Yes | Content to append |
| encoding | string | No | File encoding |
| ensureDir | boolean | No | Create parent directories when missing |
Get file metadata (size, type, modified date) without reading content.
{ "command": "ReadFileStream", "params": { "filePath": "/path/to/file.txt" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File path |
Read file content as Base64 encoded string.
{ "command": "ReadFileAsBase64", "params": { "filePath": "/path/to/image.png" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File path to read |
Get file statistics (size, creation time, modification time, etc.).
{ "command": "GetFileInfo", "params": { "filePath": "/path/to/file.txt" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File path |
List contents of a directory.
{ "command": "ListFiles", "params": { "dirPath": "/path/to/dir", "recursive": true } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| dirPath | string | Yes | Directory path to list |
| recursive | boolean | No | Recursively list files in subdirectories |
Create a zip archive of a file or directory.
{ "command": "ZipTextFile", "params": { "filePath": "/path/to/dir" } }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| filePath | string | Yes | File or directory path to zip |
| outputPath | string | No | Custom output path for zip file |
Tests AWS connectivity using STS GetCallerIdentity. Returns true if the connection is successful.
{ "region": "us-east-1" }
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| region | string | No | AWS region to test (default: us-east-1) |
Many AWS services produce logs, metrics, and resources that can be found through other services. Use this guide to navigate between related services.
| AWS Service | Log Group Pattern | How to Find |
|---|---|---|
| Lambda | /aws/lambda/{functionName} | Use CloudWatchLogTool with DescribeLogGroups prefix /aws/lambda/ |
| API Gateway | API-Gateway-Execution-Logs_{restApiId}/{stageName} | Use CloudWatchLogTool with prefix API-Gateway-Execution-Logs_ |
| Glue | /aws-glue/jobs/output | Use CloudWatchLogTool with prefix /aws-glue/ |
| RDS | /aws/rds/instance/{instanceId}/{logType} | Use CloudWatchLogTool with prefix /aws/rds/ |
| ECS | /ecs/{serviceName} or custom | Use CloudWatchLogTool with prefix /ecs/ |
| Step Functions | /aws/vendedlogs/states/{stateMachineName} | Use CloudWatchLogTool with prefix /aws/vendedlogs/states/ |
| CloudTrail | aws-cloudtrail-logs-{accountId} | Use CloudWatchLogTool with prefix aws-cloudtrail-logs- |
| VPC Flow Logs | Custom log group (check EC2 flow log config) | Use EC2Tool DescribeFlowLogs to find log group |
| From Service | Related Service | How to Navigate |
|---|---|---|
| Lambda Function | CloudWatch Logs | Log group: /aws/lambda/{functionName} |
| Lambda Function | SQS/SNS/DynamoDB/Kinesis | Use LambdaTool ListEventSourceMappings to find event sources |
| Lambda Function | IAM Role | Check GetFunctionConfiguration for Role field |
| EC2 Instance | VPC, Subnet, Security Groups | Instance metadata contains vpcId, subnetId, securityGroups |
| EC2 Instance | CloudWatch | VPC Flow Logs → CloudWatch Log Group |
| API Gateway | Lambda | Integration targets in GetIntegration response |
| API Gateway | CloudWatch | Execution logs: API-Gateway-Execution-Logs_{id}/{stage} |
| Glue Job | CloudWatch Logs | Output logs: /aws-glue/jobs/output |
| Glue Job | S3 | Job scripts and data stored in S3 |
| Step Functions | Lambda/ECS/Glue/SNS/SQS/DynamoDB | Task states reference other services by ARN |
| CloudFormation | All Services | DescribeStackResources lists all managed resources |
| CloudFormation | Templates | GetTemplate returns the infrastructure definition |
| IAM Role | All Services | Roles are used by Lambda, EC2, Glue, Step Functions, etc. |
| RDS | RDS Data API | Use RDSDataTool for SQL execution on Aurora Serverless |
| RDS | CloudWatch | RDS logs → CloudWatch, Enhanced Monitoring → CloudWatch |
| S3 |
DescribeStackResources to discover all related resources in a stackIAMTool GetRole and ListAttachedRolePolicies to understand what services a role can access| SNS/SQS/Lambda |
| Event notifications trigger other services |
| SNS | SQS/Lambda/HTTP | Subscriptions deliver to other service endpoints |
| SQS | Lambda | SQS queues as Lambda event sources |
| SQS | Dead Letter Queue | ListDeadLetterSourceQueues finds failed message sources |
| EMR | S3/EC2/CloudWatch | Clusters use S3 for data, EC2 for compute, CW for logs |