When is installing the full skills tree locally a bad idea compared with plugin-only or MCP discovery?

If your developers already struggle with skill drift and unreviewed third-party instructions, dumping every category into ~/.cursor/skills/ increases the chance an agent loads the wrong procedure for a task. Prefer plugin bundles (aws-core first) or runtime discovery via the managed AWS MCP Server when you want a single organizational pattern. Local full-tree installs make sense for air-gapped labs or when you are forking and curating a subset under change control.

Does the Agent Toolkit replace the need for IAM policies and human code review?

No. Skills are curated guidance, not authorization. A skill can describe a valid pattern that your SCPs still forbid, or suggest a security group change that violates your network standard. Treat skills like internal runbooks: helpful, not sovereign. Pair them with environment-separated roles, permission boundaries, and review gates—the same framing as GA MCP Server rollout.

What is the fastest way to mis-count or mis-quote the skill inventory?

Rely on a stale blog screenshot. The repository adds and splits skills over time; always clone main and search for SKILL.md yourself (or pin a commit SHA in your internal docs). As of snapshot commit 750230758fbf23acd60d075dedd7ead4092127ce we counted exactly 43 SKILL.md files—your checkout may differ after the next merge.

How does the Agent Toolkit relate to AWS Labs MCP servers I already use?

The README positions the Agent Toolkit for AWS as the successor path AWS recommends for enterprise controls: IAM condition keys scoped to agents, CloudWatch metrics, CloudTrail auditing, and skills that underwent structured evaluation—compared with earlier AWS Labs drops that still work but may not get the same product emphasis. Migrate when your security review asks for clearer agent-vs-human segregation in policy.

Which plugin should most teams install first—aws-core, aws-agents, or aws-data-analytics?

Unless you are building Bedrock-heavy agent applications or Glue/Athena data-lake pipelines this week, start with aws-core. It bundles the broadest day-to-day cloud delivery surface (selection, IaC patterns, SDK usage, observability hooks). Add aws-agents when AgentCore/Bedrock agent construction is on the critical path; add aws-data-analytics when analysts and data engineers—not app teams—are the primary agent users.

Can agents use AWS documentation search without AWS credentials?

AWS states documentation search and skill discovery paths can operate without credentials for onboarding friction reduction; invoking AWS APIs through the managed MCP Server still requires proper authenticated principals. Separate “read the map” from “move the infra” when you explain this to auditors.

AWS Agent Toolkit for AWS: Skills Catalog + Install Guide

The Agent Toolkit for AWS is AWS’s opinionated packaging layer for AI coding agents: managed MCP Server hooks, Agent Skills-format instructions, rules files for project defaults, plugins for Claude Code and Codex, and npx / uvx paths for everyone else.

On May 6, 2026, the managed AWS MCP Server hit general availability in two Regions—US East (N. Virginia) and Europe (Frankfurt)—with IAM guardrails, Amazon CloudWatch metrics, AWS CloudTrail logging, and no additional charge for the MCP Server itself (you still pay for underlying API and resource usage). That announcement and the March 25, 2026 Agent Plugin for AWS Serverless are the product headlines; this post is the field guide to the official open-source aws/agent-toolkit-for-aws repository—what lives where, how 43 atomic SKILL.md files (as of 750230758fbf23acd60d075dedd7ead4092127ce on main) nest under 13 top-level folders, and how to evaluate the bundle without drowning in context window.

Recommendations below come from public AWS documentation, the toolkit README, and an explicit checkout of main at that commit—not a substitute for your threat model.

Why the Agent Toolkit matters

Agents touching AWS APIs are an infrastructure supply chain. The question is no longer whether the prose in chat sounds plausible—it is whether the principal is scoped, changes are auditable, and mistakes have bounded blast radius. Tooling that pairs skills with managed MCP, IAM patterns, CloudTrail, and CloudWatch speaks that language explicitly.
Curated Agent Skills beat ad hoc prompts for repeatability. A shared skill Pack is closer to an internal runbook than a one-off Copilot suggestion: fewer wrong invocations (wrong region, deprecated API surface, leaky patterns) across employees and contractors.
Progressive disclosure is a cost-and-review control. As described upstream, agents load short descriptions until a skill matches—so you can install many skills without stuffing every SKILL.md into each request. Fewer oversized contexts means cheaper tokens and clearer review scope when someone asks “what did the agent rely on?”
AWS packages the toolkit next to GA MCP. The May 6, 2026 MCP GA story (two Regions, centralized guardrails and logging) and this repository’s plugins + skills + rules are the same headline from different angles—surface versus instruction set.
InnerSource wins when you fork a subset. Mature enterprises often prune or extend skill text under change control rather than letting every developer maintain a private Markdown “cheat sheet” that contradicts SOC2 evidence.

None of this replaces your threat model—it narrows the variance between humans and agents when everyone pulls from the same instruction graph.

What sits at the repo root

Path	Purpose
`plugins/`	aws-core, aws-agents, aws-data-analytics — marketplace-oriented bundles tying MCP wiring to skill sets (aws-core, aws-agents, aws-data-analytics).
`skills/`	Atomic skills: each subdirectory contains a `SKILL.md` (+ optional `references/` and `scripts/`). Install whole tree or cherry-pick folders.
`rules/`	Project-facing agent rules (how to prioritize MCP, docs search, defaults). Browse before you blindly paste snippets.
`tools/`	Supporting tooling the maintainers ship alongside skills (inspect for your agent platform).

Opinion: treat plugins/ as the product SKU installer and skills/ as the source you fork when InnerSource teams want to prune, extend, or sign off on procedural text under change control.

How an atomic skill behaves (why 43 packs do not mean 43× context)

Skills use progressive disclosure (skills/README.md):

At startup the agent reads name + short description (tens of tokens per skill—not the full prose).
When a task matches, it loads SKILL.md instructions.
Deeper references/*.md (or scripts/) loads only when the workflow needs them.
When the task ends, skill context drops.

Net: installing 43 skill directories does not linearly inflate every prompt—but mistaken skill selection still wastes tokens and can still suggest the wrong architecture. Governance is which skills you bless, not only how many exist.

Install paths (verify against the live README)

Commands below are copied from the upstream quickstart pattern; marketplace names and CLI packages change—open README.md before you paste into production runbooks.

Claude Code: add marketplace aws/agent-toolkit-for-aws, then /plugin install the plugin you need (for example aws-core@agent-toolkit-for-aws).
Codex: codex plugin marketplace add aws/agent-toolkit-for-aws, then install aws-core from /plugins.
Kiro / generic MCP JSON: README shows uvx running mcp-proxy-for-aws@latest against the managed endpoint with optional --metadata AWS_REGION=...—you need uv installed.
Any agent that supports Agent Skills: npx skills add aws/agent-toolkit-for-aws/skills or copy selected skill directories into the per-tool paths listed in skills/README.md (Claude Code, Codex, Cursor global vs project locations).

We recommend piloting with read-only IAM in a sandbox account before you connect prod roles—same principle as the MCP GA companion post.

The three plugins in one paragraph

aws-core — default start here: services, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, deployment.
aws-agents — Bedrock + AgentCore-shaped agent construction and operations.
aws-data-analytics — data lake, AWS Glue, Amazon Athena, S3 Tables-class workflows.

If you are not building analytics pipelines or Bedrock agents this month, aws-core is still the right first install.

Skill categories (13 folders) — what each is for

Category folder	What agents use it for	Source
analytics-skills	Data lake discovery, ingestion, catalog exploration, Clean Rooms–style collaboration patterns	tree
application-integration-skills	Event-driven and streaming integration (messaging, buses, stream patterns)	tree
cloud-financial-management-skills	Cost and billing operations, FinOps-friendly API workflows	tree
compute-skills	Serverless, containers, EC2, API Gateway wiring, Lambda debugging	tree
database-skills	Aurora, RDS export patterns	tree
developer-tools-skills	AWS CDK, AWS SDK for Python, JavaScript v3, Swift	tree
frontend-skills	AWS Amplify front-end / fullstack delivery	tree
generative-ai-skills	Amazon Bedrock (models, agents, knowledge bases, guardrails, AgentCore references)	tree
management-tools-skills	AWS CloudFormation authoring and operations	tree
migration-and-modernization-skills	AWS Transform / migration assistance	tree
networking-and-content-delivery-skills	VPC design, peering, endpoints, Lambda egress	tree
operations-skills	Observability, CloudTrail multi-Region, CloudWatch alarms, failure triage	tree
security-and-identity-skills	IAM, Secrets Manager best practices	tree
storage-skills	S3 hardening and troubleshooting, EFS triage, vector storage/query	tree

Every atomic skill (43), grouped by category

Each line is one SKILL.md pack. Follow the link to read the authoritative instructions and references.

analytics-skills (7)

aws-cleanrooms — collaborate on joined data with AWS Clean Rooms constraints.
connecting-to-data-source — wire catalogs and queries to upstream sources.
creating-data-lake-table — define and publish lake tables.
exploring-data-catalog — navigate Glue/Athena catalog objects.
finding-data-lake-assets — discover datasets and locations.
ingesting-into-data-lake — land data into the lake with correct partitioning hygiene.
querying-data-lake — run analytical queries with performance guardrails.

application-integration-skills (1)

aws-messaging-and-streaming — integrate queues, topics, buses, and streams without reinventing primitives.

cloud-financial-management-skills (1)

aws-billing-and-cost-management — cost exploration, anomaly awareness, budgeting APIs.

compute-skills (10)

aws-containers — ECS/EKS-ish delivery patterns agents should default to.
aws-serverless — Lambda + event-centric architecture defaults.
connecting-lambda-to-api-gateway — edge-to-function wiring patterns.
connecting-lambda-to-dynamodb — function-to-table integrations.
creating-api-gateway-stage — stage/canary-adjacent API Gateway ops.
creating-ec2-image-builder-pipeline — golden AMI automation.
debugging-lambda-timeouts — timeout triage playbook.
launching-ec2-instance-with-best-practices — hardened instance bootstrap patterns.
routing-traffic-with-route53-and-cloudfront — DNS + CDN fronting.
setting-up-ec2-instance-profiles — instance role posture.

database-skills (2)

creating-amazon-aurora-db-cluster-with-instances — provision Aurora clusters sanely.
exporting-rds-to-s3 — snapshot/export flows to object storage.

developer-tools-skills (4)

aws-cdk — CDK constructs, stacks, deployments.
aws-sdk-js-v3-usage — idiomatic JS v3 clients.
aws-sdk-python-usage — boto3 ergonomics for agents emitting scripts.
aws-sdk-swift-usage — Swift SDK guidance for Apple-side stacks.

frontend-skills (1)

aws-amplify — Amplify Gen-style web/mobile delivery.

generative-ai-skills (1) — flagship depth below

amazon-bedrock — full Bedrock surface: models, converse APIs, agents, KBs, guardrails, AgentCore references.

management-tools-skills (1)

aws-cloudformation — template authoring + stack operations.

migration-and-modernization-skills (1)

aws-transform — Transform-oriented migrations.

networking-and-content-delivery-skills (4)

configuring-vpc-endpoints-for-private-aws-service-access — PrivateLink-style private access.
connecting-vpcs-with-peering — peering stitching.
creating-production-vpc-multi-az — baseline VPC layout.
enabling-lambda-vpc-internet-access — NAT / egress correctness for VPC Lambdas.

operations-skills (4)

aws-observability — metrics, logs, traces patterns.
setting-up-cloudtrail-multi-region — audit trail completeness.
setting-up-cloudwatch-alarm-notifications — alarming that humans actually respond to.
troubleshooting-application-failures — cross-service triage playbook.

security-and-identity-skills (2)

aws-iam — identity and least-privilege patterns.
creating-secrets-using-best-practices — AWS Secrets Manager ergonomics.

storage-skills (4)

securing-s3-buckets — block public access, policy hygiene.
storing-and-querying-vectors — vector storage/query for RAG-style apps.
troubleshooting-efs — shared file system triage.
troubleshooting-s3-files — object storage failure modes.

Sanity check: 7+1+1+10+2+4+1+1+1+1+4+4+2+4 = 43 atomic skills—matches the reproducible command below.

Flagship deep-dive: amazon-bedrock (why it is larger than the others)

The amazon-bedrock skill is the generative AI anchor for the whole toolkit. The SKILL.md is the entry; references/ carries focused deep pages (for example AgentCore runtime, gateway, memory, registry/evaluations, Guardrails, Knowledge Bases, Converse API usage in Python and TypeScript, model selection, prompt caching, cost tracking, quota health).

Why it matters: agents without this pack hallucinate ARN formats, confuse on-demand vs provisioned throughput, and reach for IAM actions that conflict with enterprise SCPs—you still need Bedrock governance posts and multi-agent supervisor patterns, but this skill lowers the baseline error rate for tool-shaped workflows.

Second flagship for delivery teams: pair aws-cdk + aws-serverless when your bottleneck is repeatable IaC—not raw chat answers.

When the toolkit clashes with enterprise reality

What breaks — A platform team publishes “use Agent Toolkit everywhere,” but SOC rejects credential-less doc search misunderstandings—or infra realizes agents share the same IAM role as CI and doubles write volume during outages. Progressive disclosure fixes tokens, not blast radius.

Counter-case — Solo developers with read-only SSO profiles sometimes move faster without MCP indirection until they need centralized audit. Pick discovery vs. centralized MCP deliberately; Kiro’s agent IDE model is a adjacent pattern worth comparing for local-vs-managed trust boundaries.

Opinion: we recommend centralized MCP + narrow roles once three or more teams—or external contractors—touch the same accounts; below that threshold, README-only skills might be plenty.

Platform review pattern — three questions auditors actually ask

Governance rehearsal (no client named) — (1) Can security prove agents are distinguishable principals in IAM and CloudTrail? (2) Can engineering ship without pasting root keys into laptops? (3) Can finance anticipate multiplied AWS API bills when incidents trigger agent retries? The toolkit’s docs and skills support coherent answers—they do not eliminate policy work.

Cross-read AWS MCP Server GA: what changed for the CloudTrail / CloudWatch framing that pairs with this repository.

Reproduce the inventory (pin your own verdict)

Ubuntu/macOS/Linux with git:

# Context: ephemeral clone; rerun after major merges to refresh counts.
git clone --depth 1 https://github.com/aws/agent-toolkit-for-aws.git
cd agent-toolkit-for-aws
git rev-parse HEAD   # compares to snapshot 750230758fbf23acd60d075dedd7ead4092127ce
find skills -name 'SKILL.md' -type f | wc -l   # expects 43 at that snapshot

If your count differs, your tree is fresher—or forked. Update internal runbooks accordingly.

What to do this week

Open aws/agent-toolkit-for-aws and pick plugin vs. plain skills deliberately (aws-core first).
Re-run the find recipe above; paste the commit SHA into your ADR.
Align with the May 6, 2026 GA MCP Server post—two Regions at GA, org-wide logging expectations.
Prune skills you have not reviewed; fork and diff when InnerSource needs sign-off.
Pair Bedrock agent work with supervisor pattern and provisioned throughput economics before production load tests.

If you only do one thing

Install aws-core (or copy a reviewed skill subset) and enforce a dedicated read-only agent role in a sandbox before anyone connects production. Skills make agents competent; IAM makes them safe.

AWS MCP Server GA + Serverless plugin — IAM, logging, plugin pairing.
Kiro IDE and AWS agentic coding — spec-driven agents + SSO reality.
Bedrock multi-agent supervisor pattern — orchestration beyond single agents.
Why Bedrock is the fastest path to enterprise GenAI — procurement + governance framing.
Bedrock provisioned throughput break-even — cost discipline for steady workloads.

What this post doesn’t cover

Line-by-line transcription of every references/*.md file under amazon-bedrock—the GitHub tree is the source.
Per-assistant MCP JSON samples that rot weekly (use the README you cloned).
A full AgentCore production architecture—start at AWS runtime docs plus AWS MCP + AgentCore pointer in the companion post.
Legal review of third-party assistants; your DPA and AI addenda still govern external models.

Need help curating skills, agent IAM, or Bedrock rollout? FactualMinds is an AWS Select Tier Consulting Partner—tell us what you are building.