aws-network-ops

AWS Network Operations

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "aws-network-ops" with this command: npx skills add automateyournetwork/netclaw/automateyournetwork-netclaw-aws-network-ops

AWS Network Operations

You have access to AWS cloud networking via the AWS Network MCP server. This is a read-only server with 27 tools for inspecting VPCs, Transit Gateways, Cloud WAN, VPN connections, Network Firewalls, and flow logs.

MCP Server

  • Command: uvx awslabs.aws-network-mcp-server@latest (stdio transport)

  • Requires: AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY , AWS_REGION (or AWS_PROFILE )

  • Read-only: All operations are Describe/Get/List — no create/modify/delete

Available Tools (27)

General (3)

Tool What It Does

get_path_trace_methodology

Guidance for tracing network paths across AWS resources

find_ip_address

Find which VPC/subnet/ENI an IP address belongs to

get_eni_details

Get Elastic Network Interface details — security groups, subnet, routes

VPC (3)

Tool What It Does

list_vpcs

List all VPCs in the account/region

get_vpc_network_details

Full VPC details — subnets, route tables, IGW, NAT GW, endpoints, NACLs

get_vpc_flow_logs

Query VPC flow logs for traffic analysis

Transit Gateway (7)

Tool What It Does

list_transit_gateways

List all Transit Gateways

get_tgw_details

Transit Gateway details — attachments, route tables, associations

get_tgw_routes

Get routes from a specific TGW route table

get_all_tgw_routes

Get routes from all TGW route tables

get_tgw_flow_logs

Query Transit Gateway flow logs

list_tgw_peerings

List TGW peering connections

detect_tgw_inspection

Detect if traffic inspection is configured on a TGW

Cloud WAN (10)

Tool What It Does

list_core_networks

List all Cloud WAN core networks

get_cloudwan_details

Core network details — segments, policies, attachments

get_cloudwan_routes

Get routes from a Cloud WAN segment

get_all_cloudwan_routes

Get routes from all Cloud WAN segments

get_cloudwan_attachment_details

Details for a specific Cloud WAN attachment

detect_cloudwan_inspection

Detect inspection configuration on Cloud WAN

list_cloudwan_peerings

List Cloud WAN peering connections

get_cloudwan_peering_details

Details for a specific Cloud WAN peering

get_cloudwan_logs

Query Cloud WAN logs

simulate_cloud_wan_route_change

Simulate a route change and predict impact

VPN (1)

Tool What It Does

list_vpn_connections

List all site-to-site VPN connections with tunnel status

Network Firewall (3)

Tool What It Does

list_network_firewalls

List all AWS Network Firewalls

get_firewall_rules

Get firewall rule groups and policies

get_network_firewall_flow_logs

Query Network Firewall flow logs

Workflow: VPC Network Audit

When a user asks "show me our AWS network" or "audit the VPCs":

  • List VPCs: list_vpcs to see all VPCs in the region

  • For each VPC: get_vpc_network_details — subnets, route tables, gateways, NACLs

  • Check TGW: list_transit_gateways to see cross-VPC connectivity

  • Check VPN: list_vpn_connections for hybrid connectivity

  • Check firewalls: list_network_firewalls for security posture

  • Report: Formatted summary of the cloud network architecture

Workflow: Troubleshoot Connectivity

When a user asks "why can't EC2 instance X reach Y?":

  • Find the IPs: find_ip_address for both source and destination

  • Get ENI details: get_eni_details to check security groups, subnet, routes

  • Check route tables: get_vpc_network_details to see routing

  • Check flow logs: get_vpc_flow_logs to see if traffic is being dropped

  • Check firewalls: get_firewall_rules if traffic crosses a Network Firewall

  • Check TGW: get_tgw_routes if traffic crosses Transit Gateway

  • Report: Root cause analysis with fix recommendation

Workflow: Transit Gateway Health

When checking multi-VPC connectivity:

  • List TGWs: list_transit_gateways

  • Get details: get_tgw_details for attachments and route tables

  • Check routes: get_all_tgw_routes for route table completeness

  • Check peerings: list_tgw_peerings for cross-region/cross-account

  • Check inspection: detect_tgw_inspection for security posture

  • Flow logs: get_tgw_flow_logs for traffic analysis

Workflow: VPN Tunnel Monitoring

When checking hybrid connectivity:

  • List VPNs: list_vpn_connections

  • Check tunnel status: Up/Down for each tunnel (redundancy check)

  • Check routes: TGW or VGW routes for the VPN prefixes

  • Flow logs: VPC flow logs for traffic across VPN

  • Report: VPN health summary with any down tunnels flagged

Important Rules

  • Read-only — this MCP cannot create, modify, or delete any AWS resources

  • Region-specific — results are scoped to the configured AWS_REGION

  • IAM permissions required — EC2 Describe, Network Manager, Network Firewall Describe, CloudWatch Logs

  • Record in GAIT — log all AWS network investigations for audit trail

Environment Variables

  • AWS_ACCESS_KEY_ID — AWS access key

  • AWS_SECRET_ACCESS_KEY — AWS secret key

  • AWS_REGION — AWS region (e.g., us-east-1)

  • Or AWS_PROFILE — Named AWS CLI profile

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

aws-security-audit

No summary provided by upstream source.

Repository SourceNeeds Review
10-automateyournetwork
General

pyats-topology

No summary provided by upstream source.

Repository SourceNeeds Review
9-automateyournetwork
General

grafana-observability

No summary provided by upstream source.

Repository SourceNeeds Review
9-automateyournetwork
General

subnet-calculator

No summary provided by upstream source.

Repository SourceNeeds Review
8-automateyournetwork