I tried out the Agent Toolkit for AWS integration feature of the AWS CLI
This page has been translated by machine translation. View original
Shibata here.
While checking for AWS CLI updates as usual, I noticed that the aws agent-toolkit command was added starting from Ver.2.35.9, which was released a little while ago.
Since I had no idea what this command was at first glance, I'm sharing the results of my investigation in this article.
What is this command?
After looking into it, I found that this command is used to configure Agent Toolkit for AWS (currently skill management) from the AWS CLI.
For details about Agent Toolkit for AWS, please see the article by our colleague Ishikawa.
Note that AWS CLI v1, which will soon enter maintenance mode, is not supported, so please be aware of this.
What you can do now
With this aws agent-toolkit command, you can manage installation, download, and other operations for each skill provided by Agent Toolkit for AWS.
The agents supported as of today are:
- Claude Code
- Cline
- Codex
- Cursor
- Gemini CLI (support for Antigravity CLI seems uncertain)
- Kiro
- OpenClaw
- OpenCode
- Pi
- Windsurf (support for Devin Desktop seems uncertain)
Perhaps due to development timing, this also includes Gemini CLI, which is scheduled for deprecation, and Windsurf, which is being rebranded to Devin Desktop.
From a quick read of the source code on GitHub, support for the successor tools of both seemed a bit uncertain, so I expect they will be addressed in future versions.
Detection of each agent is determined by whether the designated configuration folder (for example, ~/.claude/) exists in the home directory, and you can also select which agents to use with the newly added aws configure agent-toolkit command.
(By default, it appears that all installed agents are targeted.)
Trying it out
From here, I think it will be easier to understand by seeing the actual results of trying it out.
Test environment and issues in Japanese Windows environments
For this time, I used my local environment (64-bit Japanese Windows 11) as the test environment, with the following tools already installed.
- AWS CLI v2.35.10
- Claude Code v2.1.187
- Kiro IDE v0.12.333
PS C:\> aws --version
aws-cli/2.35.10 Python/3.14.5 Windows/11 exe/AMD64
PS C:\> claude --version
2.1.187 (Claude Code)
PS C:\> kiro --version
0.12.333
c7e35289ee989c7c61a1e9440d48b51361d95a10
x64
However, in a Japanese Windows environment, encoding issues can occur during command output and when saving agent configuration files, so I set the PYTHONUTF8 environment variable to enable UTF-8 mode.
# An encoding-related error occurs when running the command
aws: [ERROR]: 'cp932' codec can't encode character '\u2014' in position 21: illegal multibyte sequence
To enable UTF-8 mode in a PowerShell environment, do the following.
# Set the PYTHONUTF8 environment variable. If you want it to persist, add it to your profile.
$env:PYTHONUTF8=1
Technically, the PYTHONUTF8 environment variable is not supported in AWS CLI v2, and it is recommended to set the AWS_CLI_FILE_ENCODING environment variable instead, but in this case the error could not be resolved without specifying the PYTHONUTF8 environment variable.
In addition, due to an oversight in the AWS CLI implementation[1], the MCP server configuration feature could not be used on non-English Windows environments.
I plan to open an Issue on GitHub about this at a later date.
aws configure agent-toolkit command
When you first run the aws configure agent-toolkit command, you can see the currently installed agents and specify which ones to use.
The installation status of available agents + a selection field for choosing which agents to actually use is displayed
In the agent selection field at the bottom of the screen, you can press the space key to uncheck (or check) an item, and press Enter to confirm.
When I tried selecting only Claude Code here, it resulted in a region-not-specified error as shown below.
aws: [ERROR]: An error occurred (NoRegion): You must specify a region. You can also configure your region by running "aws configure".
This is because after specifying the agent to use, it attempts to install several skills by default.
And since the only region currently supported for skill management is US East (N. Virginia) (us-east-1), specifying a different region, for example:
# Specifying a region other than N. Virginia like --region ap-northeast-1 will cause an error
aws configure agent-toolkit --region ap-northeast-1
will result in yet another error.
aws: [ERROR]: AgentToolkit is only available in us-east-1
For this reason, at this point specifying --region us-east-1 is practically mandatory.
I hope this will be improved in the future.
# At this point, specifying --region us-east-1 is practically mandatory
aws configure agent-toolkit --region us-east-1
After specifying the US East (N. Virginia) region and selecting the agents to use, you will be prompted to install 14 default skills.
Prompted to install 14 skills
This time I went ahead and installed them as prompted.
Prompted to configure the MCP server next
Next, when I tried to save the MCP server configuration, it resulted in an error as mentioned earlier, so I finished without saving this time.
For reference, the error below occurred because it tried to open the UTF-8 configuration file ~/.claude.json, which contains a character not supported by CP932 (in this case, EM dash 0xE28094), as CP932.
Error when trying to configure the MCP server
aws: [ERROR]: 'cp932' codec can't decode byte 0x94 in position 17949: illegal multibyte sequence
If you choose not to save the MCP server configuration, the command ends here.
Exiting without configuring the MCP server
aws agent-toolkit command group
The various aws agent-toolkit commands allow you to manage skills.
aws agent-toolkit list-installed-skills
The aws agent-toolkit list-installed-skills command lists the installed skills.
# Get a list of installed skills
PS C:\> aws agent-toolkit list-installed-skills
{
"skills": [
{
"agent": "Claude Code",
"name": "amazon-bedrock",
"path": "C:\\Users\\shibata/.claude/skills\\amazon-bedrock\\SKILL.md"
},
{
"agent": "Claude Code",
"name": "aws-billing-and-cost-management",
"path": "C:\\Users\\shibata/.claude/skills\\aws-billing-and-cost-management\\SKILL.md"
},
{
"agent": "Claude Code",
"name": "aws-blocks",
"path": "C:\\Users\\shibata/.claude/skills\\aws-blocks\\SKILL.md"
},
# ・・・(omitted)・・・
{
"agent": "Claude Code",
"name": "aws-serverless",
"path": "C:\\Users\\shibata/.claude/skills\\aws-serverless\\SKILL.md"
},
{
"agent": "Claude Code",
"name": "signing-in-to-aws",
"path": "C:\\Users\\shibata/.claude/skills\\signing-in-to-aws\\SKILL.md"
}
]
}
aws agent-toolkit list-available-skills
The aws agent-toolkit list-available-skills command retrieves a list of available skills.
The --region us-east-1 option is required since it searches for skills from an AWS service endpoint.
# Get all available skills
PS C:\> aws agent-toolkit list-available-skills --region us-east-1
{
"skills": [
{
"name": "amazon-aurora-mysql",
"description": "Amazon Aurora MySQL — creates, modifies, and advises on Aurora MySQL clusters specifically (MySQL-compatible engine, Aurora serverless, parallel query). Trigger for Aurora MySQL cluster operations, ACU sizing, I/O-Optimized storage, commitment pricing, or MySQL upgrade planning. Aurora MySQL uses full (VPC-based) configuration — express configuration is PostgreSQL-only. For Aurora PostgreSQL, use amazon-aurora-postgresql instead. Contains safety guardrails and response templates that override defaults.",
"skillVersion": "v1",
"categories": []
},
# ・・・(omitted)・・・
{
"name": "troubleshooting-s3-files",
"description": "Diagnoses and resolves Amazon S3 Files issues including mount failures, permission errors, synchronization problems, and performance issues. Use when the user has an S3 file system that is not mounting, returning access denied, not syncing changes to S3, showing files in lost+found, or performing slower than expected.\n",
"skillVersion": "v1",
"categories": []
}
]
}
aws agent-toolkit search-skills
Using the aws agent-toolkit search-skills command, you can search for skills using conditions specified in the --search-query parameter.
This command also requires the --region us-east-1 option.
# Search available skills
PS C:\> aws agent-toolkit search-skills --search-query ec2 --region us-east-1
{
"skills": [
{
"name": "launching-ec2-instance-with-best-practices",
"description": "Launches an EC2 instance with secure, cost-efficient defaults including AMI selection, burstable instance sizing, least-privilege IAM roles, hardened security groups, encrypted EBS volumes, and comprehensive tagging. Use when deploying new EC2 instances following AWS best practices for security and cost optimization.",
"skillVersion": "v1",
"categories": []
},
# ・・・(omitted)・・・
{
"name": "connecting-vpcs-with-peering",
"description": "Establishes VPC peering connections between two VPCs for direct private network connectivity. Always use this skill when creating or managing VPC peering — it validates CIDR overlap, updates all route tables in both VPCs, configures DNS resolution, and provides security group guidance that are critical for correct connectivity.",
"skillVersion": "v1",
"categories": []
}
]
}
aws agent-toolkit get-skill-file
Using the aws agent-toolkit get-skill-file command, you can get the contents of a file used internally by a skill.
This command also requires the --region us-east-1 option.
I made a mistake when I first saw this, but you need to specify a relative path within the skill for the --file-path parameter.
For example, to get the contents of SKILL.md at the root, you would specify --file-path SKILL.md.
The retrieved content is displayed in standard output, so if you want to save it, please use redirection or similar.
# The contents of SKILL.md are output to standard output
PS C:\> aws agent-toolkit get-skill-file --skill-name aws-serverless --file-path SKILL.md --region us-east-1
---
name: aws-serverless
description: >-
Builds, deploys, manages, debugs, configures, and optimizes serverless applications
on AWS using Lambda, API Gateway, Step Functions, EventBridge, and SAM/CDK. Covers
cold starts, CORS debugging, event source mappings, troubleshooting, concurrency,
SnapStart, Powertools, function URLs, EventBridge Scheduler, Lambda layers, and
production readiness. Triggers on mentions of Lambda, API Gateway, Step Functions,
SAM templates, CDK serverless stacks, DynamoDB stream triggers, SQS event sources,
cold starts, timeouts, 502/504 errors, throttling, concurrency, CORS, Powertools,
or any event-driven architecture on AWS, even without the word "serverless." Does
not apply to EC2, ECS/Fargate containers, or Amplify hosting.
version: 1
---
# ・・・(remainder omitted)・・・
# Use redirection or similar if you want to save the file
PS C:\> aws agent-toolkit get-skill-file --skill-name aws-serverless --file-path SKILL.md --region us-east-1 > C:\temp\SKILL.md
aws agent-toolkit get-skill-metadata
Using the aws agent-toolkit get-skill-metadata command, you can retrieve the metadata of a skill.
This command also requires the --region us-east-1 option.
# Get the metadata of the aws-serverless skill
PS C:\> aws agent-toolkit get-skill-metadata --skill-name aws-serverless --region us-east-1
{
"name": "aws-serverless",
"skillVersion": "v1",
"description": "Builds, deploys, manages, debugs, configures, and optimizes serverless applications on AWS using Lambda, API Gateway, Step Functions, EventBridge, and SAM/CDK. Covers cold starts, CORS debugging, event source mappings, troubleshooting, concurrency, SnapStart, Powertools, function URLs, EventBridge Scheduler, Lambda layers, and production readiness. Triggers on mentions of Lambda, API Gateway, Step Functions, SAM templates, CDK serverless stacks, DynamoDB stream triggers, SQS event sources, cold starts, timeouts, 502/504 errors, throttling, concurrency, CORS, Powertools, or any event-driven architecture on AWS, even without the word \"serverless.\" Does not apply to EC2, ECS/Fargate containers, or Amplify hosting.",
"categories": [
"aws-core"
],
"files": [
{
"path": "SKILL.md"
},
{
"path": "assets/powertools-handler.py"
},
{
"path": "references/api-gateway.md"
},
{
"path": "references/architecture.md"
},
{
"path": "references/concurrency.md"
},
{
"path": "references/deployment.md"
},
{
"path": "references/event-sources.md"
},
{
"path": "references/lambda.md"
},
{
"path": "references/orchestration.md"
},
{
"path": "references/production.md"
},
{
"path": "references/troubleshooting.md"
}
]
}
aws agent-toolkit add-skill
Using the aws agent-toolkit add-skill command, you can install a new skill.
This command also requires the --region us-east-1 option.
You can specify the target agent with the --agent parameter and the version to install with the --skill-version parameter.
# Add the amazon-aurora-mysql skill to Claude Code
PS C:\> aws agent-toolkit add-skill --skill-name amazon-aurora-mysql --agent claude-code --region us-east-1
Installed amazon-aurora-mysql (v1) to Claude Code — C:\Users\shibata/.claude/skills.
aws agent-toolkit update-skill
Using the aws agent-toolkit update-skill command, you can update an installed skill.
This command also requires the --region us-east-1 option.
You can limit the target agent with the --agent parameter.
# Update the amazon-aurora-mysql skill installed in Claude Code
PS C:\> aws agent-toolkit update-skill --skill-name amazon-aurora-mysql --agent claude-code --region us-east-1
amazon-aurora-mysql is already up to date (v1).
aws agent-toolkit remove-skill
Using the aws agent-toolkit remove-skill command, you can uninstall an installed skill.
You can limit the target agent with the --agent parameter.
# Uninstall the amazon-aurora-mysql skill from Claude Code
PS C:\> aws agent-toolkit remove-skill --skill-name amazon-aurora-mysql --agent claude-code
Removed amazon-aurora-mysql from Claude Code — C:\Users\shibata/.claude/skills.
Closing
That's all.
There were some parts that didn't work in a Japanese Windows environment, but since it looks like a useful feature for managing skills, it's worth trying out if you get the chance.
In the processing around https://github.com/aws/aws-cli/blob/2.35.10/awscli/customizations/agenttoolkit/agents.py#L250-L267, instead of using a function defined internally in AWS CLI (compat_open), it opens directly with open, which means the agent configuration file cannot be opened with the expected encoding... ↩︎
