AWS MCP Servers

• To get the correct results, you should enable the appropriate MCP servers in your local command line configuration.

---

Analyze and Visualize AWS Costs

Analyze AWS Cost Distribution

Analyze my AWS costs for the past 3 months, breaking down expenses by service, region, and usage tier. Identify the top 5 cost drivers and show how they've trended over this period. Include any anomalies or unexpected spikes in usage.

Generate Service-Specific Cost Analysis

Create a detailed cost analysis for our EC2 and RDS usage across all regions. Show how costs are distributed between on-demand, reserved, and spot instances. Highlight opportunities where we could optimize by changing instance types or purchase options.

Terraform Project Cost Analysis

Analyze the AWS services and resources in my Terraform project located at '/path/to/project' and provide a comprehensive cost estimate. Break down projected costs by service and identify any potentially expensive configurations.

CDK Project Cost Analysis

Review my CDK infrastructure code in '/path/to/cdk/project' and generate a detailed cost projection. Identify which constructs will generate the highest costs and suggest alternative approaches that might be more cost-effective.

Query Cost Data with Natural Language

Natural Language Cost Query

What's our current monthly spend on Lambda functions that process more than 1 million invocations, and how does that compare to using EC2 for similar workloads?

Service Pricing Comparison

Compare the cost of running our application on ECS Fargate versus EKS for an estimated 50 containers running 24/7 with 2vCPU and 4GB memory each. Include data transfer costs assuming 5TB monthly.

Reserved Instance Analysis

Show me how much we could save by converting our on-demand EC2 instances to 1-year and 3-year reserved instances based on our current usage patterns. Include upfront costs and break-even analysis.

Regional Cost Optimization

Which AWS region would be most cost-effective for deploying our data processing pipeline that uses S3, EMR, and Redshift,
considering our primary users are in Europe and Asia?

Generate Cost Reports and Insights

Comprehensive Infrastructure Cost Report

Generate a detailed cost report for our planned infrastructure deployment that includes 3 EKS clusters, Aurora PostgreSQL
databases, and an API Gateway with Lambda backend. Include both fixed and variable costs, and estimate scaling costs as traffic increases.

Cost Optimization Recommendations

Review our current AWS architecture and provide actionable cost optimization recommendations. Prioritize suggestions based on potential savings and implementation complexity. Include specific service configurations we should adjust.

Multi-Service Cost Projection

Create a 12-month cost projection for our planned migration from on-premises to AWS, including EC2, RDS, S3, CloudFront, and Lambda usage. Account for expected 15% monthly growth in traffic and data storage needs.

Bedrock Application Cost Analysis

Estimate the monthly cost of deploying a generative AI application using Amazon Bedrock with Claude 3.5 Haiku, processing
approximately 10,000 requests per day with an average of 1,000 input tokens and 500 output tokens per request. Include all
associated infrastructure costs.

---

AWS Diagram MCP Server

For each AWS Diagram MCP Server feature, provide top 5 professional PROMPT for each of them for the **AWS-Shared-Services account**: The Diagrams MCP Server provides the following capabilities:
* Generate Diagrams: Create professional diagrams using Python code
* Multiple Diagram Types: Support for AWS architecture, sequence diagrams, flow charts, class diagrams, and more
* Customization: Customize diagram appearance, layout, and styling
* Security: Code scanning to ensure secure diagram generation

---

AWS Diagram MCP for AWS-Shared-Services account

Generate Diagrams: Create professional diagrams using Python code

1. Shared Services Account Architecture

Create a comprehensive AWS architecture diagram for our Shared Services account that illustrates centralized services including IAM Identity Center, AWS Organizations, Security Hub, GuardDuty, and cross-account networking components. Show how these services connect to workload accounts and include relevant IAM roles and trust relationships.

2. Cross-Account Resource Access Pattern

Generate a detailed diagram showing the cross-account access patterns from our Shared Services account to workload accounts.
Include IAM roles, resource policies, and AWS RAM (Resource Access Manager) shared resources. Highlight the principle of least privilege implementation and emergency access paths.

3. Centralized Logging Architecture

Create a diagram depicting our centralized logging architecture managed from the Shared Services account. Show log flows from workload accounts to centralized CloudWatch Logs, S3 buckets, and Security Lake. Include Kinesis Data Firehose for log transformation and the integration with our SIEM solution.

4. Network Connectivity Hub

Design a network architecture diagram showing our Shared Services account as the central connectivity hub. Include Transit Gateway connections, VPC peering relationships, Direct Connect links, and VPN connections. Show traffic flows between on-premises, shared services, and workload accounts with relevant route tables and security groups.

5. Shared Services Cost Allocation

Generate a diagram illustrating our cost allocation model for shared services. Show how centralized services in the Shared Services account are distributed and charged back to workload accounts using AWS Organizations, Cost Categories, and Cost Allocation Tags. Include the reporting workflow and optimization feedback loop.

Multiple Diagram Types: Support for AWS architecture, sequence diagrams, flow charts, class diagrams, and more

1. Account Provisioning Sequence Diagram

Create a sequence diagram showing the complete workflow for provisioning a new AWS account through our Shared Services account.
Include interactions between Service Catalog, Organizations API, Control Tower, IAM Identity Center, and automated configuration scripts. Show validation steps and error handling paths.

2. Security Incident Response Flow Chart

Generate a flow chart visualizing our security incident response process managed from the Shared Services account. Show detection paths from GuardDuty, Security Hub, and CloudTrail, triage steps, remediation actions, and cross-account response capabilities. Include decision points for different severity levels.

3. Shared Services Dependency Class Diagram

Design a class diagram showing the relationships and dependencies between core services in our Shared Services account. Include service interfaces, shared data models, and integration patterns. Highlight critical dependencies that require high availability and redundancy.

4. Infrastructure as Code Deployment Flow

Create a flow diagram showing how our Infrastructure as Code (IaC) deployments work from the Shared Services account to workload accounts. Include the CI/CD pipeline, approval gates, cross-account role assumptions, and rollback mechanisms. Show parallel deployment paths for multi-region resources.

5. Backup and Recovery Process Diagram

Generate a comprehensive process diagram for our centralized backup and recovery system managed from the Shared Services account. Show AWS Backup plans, cross-account backup vaults, retention policies, and recovery procedures. Include automated testing of backups and compliance verification steps.

Customization: Customize diagram appearance, layout, and styling

1. Service Ownership Visualization

Create a color-coded AWS architecture diagram of our Shared Services account where each component is styled according to the team responsible for its management (Security: red, Network: blue, Identity: green, Operations: orange). Include a legend and use different border styles to indicate criticality levels.

2. Multi-Region Shared Services

Generate a diagram showing our Shared Services architecture across multiple AWS regions with consistent styling but different background colors for each region. Use directional arrows to show replication flows and failover paths. Group services by functional area rather than by region to emphasize the global design.

3. Service Maturity Heatmap

Design a heatmap-style diagram of our Shared Services account where each service is color-coded based on its maturity level ( Experimental: yellow, Production: green, Legacy/Deprecating: red). Include custom icons to indicate compliance status and use different edge styles to show integration maturity.

4. Cost Optimization Focus

Create a Shared Services architecture diagram with custom styling that highlights cost optimization opportunities. Use dollar sign icons of varying sizes to indicate relative cost, green highlights for optimized services, and red highlights for services requiring cost attention. Include annotations with specific optimization recommendations.

5. Compliance-Focused Styling

Generate a diagram of our Shared Services account with custom styling that emphasizes compliance controls. Use different border styles for different compliance frameworks (SOC2: solid, PCI: dashed, HIPAA: dotted), background colors for data classification zones, and custom icons to indicate where compliance evidence is collected.

Security: Code scanning to ensure secure diagram generation

1. Secure IAM Structure Documentation

Create a secure diagram of our IAM structure in the Shared Services account showing role relationships and permission
boundaries without exposing actual policy details or sensitive principals. Use abstraction to represent the principle of least privilege while still conveying the access control design.

2. Security Controls Visualization

Generate a diagram showing the security controls implemented in our Shared Services account and how they extend to workload accounts. Ensure the diagram excludes specific detection thresholds, rule configurations, or bypass mechanisms while still effectively communicating our defense-in-depth approach.

3. Secure Cross-Account Access Patterns

Design a diagram illustrating cross-account access patterns from our Shared Services account that follows security
documentation guidelines. Show trust relationships and access paths without exposing actual role names, account IDs, or specific permission details that could be exploited.

4. Sensitive Data Flow Mapping

Create a data flow diagram showing how sensitive information moves through services in our Shared Services account. Ensure the diagram follows security best practices by abstracting actual data values, encryption keys, or specific security rules while still communicating the protection mechanisms in place.

5. Secure Network Controls Documentation

Generate a network security diagram for our Shared Services account showing security groups, NACLs, and traffic flow controls without exposing specific IP ranges, port numbers, or rule configurations that could create security risks. Use abstraction to convey the security design while protecting sensitive details.

---

For each AWS Diagram MCP Server feature, provide top 5 professional PROMPT for each of them for the **AWS management-account account** in a multi-organization/multi-account AWS environment with Okta IdP, Direct Connect, and Transit Gateway integration: The Diagrams MCP Server provides the following capabilities:
* Generate Diagrams: Create professional diagrams using Python code
* Multiple Diagram Types: Support for AWS architecture, sequence diagrams, flow charts, class diagrams, and more
* Customization: Customize diagram appearance, layout, and styling
* Security: Code scanning to ensure secure diagram generation

---

AWS Diagram MCP Server for AWS Management-Account

1. Generate Diagrams: Create professional diagrams using Python code

Create a diagram showing the AWS management account architecture with Okta IdP integration, highlighting the authentication flow from users to AWS resources across multiple accounts.

Generate a network topology diagram for our AWS multi-account organization that illustrates Direct Connect connectivity from our on-premises data center to the management account and Transit Gateway connections to member accounts.

Design a comprehensive security architecture diagram for our AWS management account showing IAM roles, permission boundaries, and cross-account access patterns using the AWS Organizations service.

Create a diagram depicting our AWS management account's centralized logging and monitoring infrastructure, showing how
CloudTrail, CloudWatch, and Security Hub aggregate data from multiple member accounts.

Generate a disaster recovery architecture diagram for our AWS management account showing multi-region failover capabilities and how Transit Gateway enables cross-region connectivity.

2. Multiple Diagram Types: Support for AWS architecture, sequence diagrams, flow charts, class diagrams, and more

Create a sequence diagram showing the authentication flow from an end user through Okta IdP to the AWS management account and subsequent access to resources in member accounts.

Generate a flow chart illustrating the AWS account provisioning process in our multi-account organization, from request approval to account creation and baseline configuration.

Design a class diagram showing the relationship between our custom AWS resource management tools, focusing on how they interact with Organizations, IAM, and member accounts.

Create an AWS architecture diagram showing our management account's networking setup with Direct Connect, Transit Gateway, and connections to multiple VPCs across member accounts.

Generate a state diagram illustrating the lifecycle of cross-account IAM roles in our AWS organization, from creation to decommissioning.

3. Customization: Customize diagram appearance, layout, and styling

Create a color-coded AWS architecture diagram for our management account where production, staging, and development
environments are visually distinct, with custom icons for Okta IdP and Direct Connect components.

Generate a hierarchical diagram of our AWS organization structure with the management account at the top, organizational units as branches, and member accounts as leaves, using custom styling to indicate account types.

Design a network diagram with custom edge styling to indicate different bandwidth capacities for our Direct Connect links and Transit Gateway attachments across the AWS organization.

Create a diagram with custom node grouping to illustrate our AWS management account's security zones, with clear visual separation between public-facing, internal, and restricted resources.

Generate a diagram with custom layout direction (right-to-left) showing the data flow from member accounts through Transit Gateway to centralized logging services in the management account.

4. Security: Code scanning to ensure secure diagram generation

Create a security-focused diagram showing our AWS management account's guardrails and preventative controls, with code scanning validation to ensure no sensitive information is included in the diagram.

Generate a diagram illustrating our AWS organization's security groups and network ACL configurations across accounts, ensuring the code is scanned for any hardcoded credentials or sensitive IPs.

Design a diagram showing our AWS IAM permission boundaries and Service Control Policies across the organization, with security scanning to verify no actual policy ARNs or sensitive identifiers are exposed.

Create a diagram depicting our AWS management account's encryption key management system and how KMS keys are shared across accounts, with code scanning to prevent inclusion of actual key IDs.

Generate a diagram showing our AWS management account's security compliance monitoring setup across multiple accounts, with security scanning to ensure no compliance gaps are inadvertently documented in the diagram code.

---

Provide all of relevant professional PROMPTs for AWS Terraform MCP Server on AWS best practices, infrastructure as code patterns, and security compliance with Checkov; for the use-case: Connect to an Amazon EC2 instance in private-subnet by using Session Manager from https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/connect-to-an-amazon-ec2-instance-by-using-session-manager.html but using Terraform IaC

Lastly, you'll cross-check your solution against the AWS Prescriptive Guidance pattern for connecting an Amazon EC2 instance in private-subnet by using Session Manager at https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/connect-to-an-amazon-ec2-instance-by-using-session-manager.html using Terraform IaC. Then, let verify that your implementation meets all the requirements and best practices outlined in the guidance; as well as best practices, infrastructure as code patterns, and security compliance with Checkov from AWS Terraform MCP Server on AWS.

---

Provide all of relevant professional PROMPTs for AWS Terraform MCP Server on AWS best practices, infrastructure as code patterns, and security compliance with Checkov; for the use-case: Getting started with myApplications for Terraform-managed applications from AWS blog at https://aws.amazon.com/blogs/mt/getting-started-with-myapplications-for-terraform-managed-applications/

Provide all of relevant professional PROMPTs for AWS Labs Code Documentation Generation MCP Server for all of the files in terraform-aws folder

Prompts

1. Infrastructure Overview Documentation Prompt:

Generate comprehensive documentation for the AWS infrastructure defined in the terraform-aws repository, organizing by account numbers and describing the purpose of each resource.

2. Security Configuration Documentation Prompt:

Document all security groups, IAM roles, and access policies defined in the terraform-aws repository, highlighting security best practices implemented.

3. Network Architecture Documentation Prompt:

Create detailed network architecture documentation for all VPCs, subnets, transit gateways, and VPC endpoints defined in the terraform-aws repository.

4. Backup and Recovery Documentation Prompt:

Document all backup configurations, retention policies, and recovery procedures implemented across accounts in the terraform-aws repository.

5. Module Usage Documentation Prompt:

Generate documentation explaining how the custom and third-party modules are used throughout the terraform-aws repository, with examples of implementation.

6. Resource Tagging Documentation Prompt:

Document the tagging strategy implemented across AWS resources in the terraform-aws repository, including standard tags and their purposes.

7. State Management Documentation Prompt:

Create documentation explaining the Terraform state management approach used in the terraform-aws repository, including backend configurations and state file organization.

8. Cross-Account Resource Documentation Prompt:

Document all cross-account resource sharing and access configurations implemented in the terraform-aws repository.

---