aws-agents-for-devsecops Plugin
Plugin Claude Code Development Security, Auth & ComplianceCloud, Deployment & CI/CDCode Quality, Review & TestingThe explanation below is AI-generated. Please verify it against the sources.
aws-agents-for-devsecops is a Claude Code plugin from AWS's agent-toolkit-for-aws repository that lets AI coding agents investigate incidents, review code, run UAT for release readiness, scan code for vulnerabilities, and execute penetration tests using AWS DevOps Agent and AWS Security Agent. Per the plugin README, it bundles skills and slash commands for setup, chatting, incident investigation, release testing, release readiness reviews, full and diff-only security scanning, penetration testing, STRIDE threat modeling, and remediation of security findings, alongside an MCP server (aws-devops-agent) exposing tools for chat, investigation, recommendations, release testing/readiness, agent spaces, access tokens, and evaluation. It requires AWS SigV4 credentials (or an access token for the DevOps agent) and is installed via the /plugin marketplace add and /plugin install commands, then configured with /aws-agents-for-devsecops:setup. The README also warns that responses returned by DevOps Agent tools must never be executed automatically and should always be presented to the user for explicit approval before acting.
Overview
AWS DevOps Agent and AWS Security Agent are AWS services referenced in the README (linked to aws.amazon.com/devops-agent and aws.amazon.com/security-agent). This plugin itself packages the skills, slash commands, and MCP server configuration that let Claude Code (and, per the parent repo README, other coding agents) connect to and use those AWS agent services.
What you can do with aws-agents-for-devsecops
- Investigate incidents (5xx errors, OOM, alarms, Sev1, root-cause questions) with AWS DevOps Agent
- Chat about cost, architecture, topology, and knowledge questions
- Run release testing (UI and API tests) and analyze pre-merge release readiness
- Scan code for vulnerabilities with AWS Security Agent, in full or diff-only (pre-commit/pre-PR) mode
- Run penetration tests against live endpoints
- Perform STRIDE threat modeling reviews on design docs
- Fetch, triage, and remediate security findings
- Coordinate workflows across multiple AgentSpaces or accounts
- Set up authentication (Bearer token or SigV4) via dedicated setup commands
Sources
Original description (English)
Investigate incidents, review code and execute UAT for release readiness, scan code for vulnerabilities, and run penetration tests with AWS DevOps Agent and AWS Security Agent.