SKILL.md
AWS Cost & Operations
This skill provides comprehensive guidance for AWS cost optimization, monitoring, observability, and operational excellence with integrated MCP servers.
AWS Documentation Requirement
Always verify AWS facts using MCP tools (mcp__aws-mcp__* or mcp__*awsdocs*__*) before answering. The aws-mcp-setup dependency is auto-loaded — if MCP tools are unavailable, guide the user through that skill's setup flow.
Integrated MCP Servers
This plugin provides 3 MCP servers:
Bundled Servers
#### 1. AWS Pricing MCP Server ( pricing )
Purpose: Pre-deployment cost estimation and optimization
- Estimate costs before deploying resources
- Compare pricing across regions
- Calculate Total Cost of Ownership (TCO)
- Evaluate different service options for cost efficiency
#### 2. AWS Cost Explorer MCP Server ( costexp )
Purpose: Detailed cost analysis and reporting
- Analyze historical spending patterns
- Identify cost anomalies and trends
- Forecast future costs
- Analyze cost by service, region, or tag
#### 3. Amazon CloudWatch MCP Server ( cw )
Purpose: Metrics, alarms, and logs analysis
- Query CloudWatch metrics and logs
- Create and manage CloudWatch alarms
- Troubleshoot operational issues
- Monitor resource utilization
Note: The following servers are available separately via the Full AWS MCP Server (see aws-mcp-setup skill) and are not bundled with this plugin:
- AWS Billing and Cost Management MCP — Real-time billing details
- CloudWatch Application Signals MCP — APM and SLOs
- AWS Managed Prometheus MCP — PromQL queries for containers
- AWS CloudTrail MCP — API activity audit
- AWS Well-Architected Security Assessment MCP — Security posture assessment
When to Use This Skill
Use this skill when:
- Optimizing AWS costs and reducing spending
- Estimating costs before deployment
- Monitoring application and infrastructure performance
- Setting up observability and alerting
- Analyzing spending patterns and trends
- Investigating operational issues
- Auditing AWS activity and changes
- Assessing security posture
- Implementing operational excellence
Cost Optimization Best Practices
Pre-Deployment Cost Estimation
Always estimate costs before deploying:
- Use AWS Pricing MCP to estimate resource costs
- Compare pricing across different regions
- Evaluate alternative service options
- Calculate expected monthly costs
- Plan for scaling and growth
Example workflow:
"Estimate the monthly cost of running a Lambda function with
1 million invocations, 512MB memory, 3-second duration in us-east-1"Cost Analysis and Optimization
Regular cost reviews:
- Use Cost Explorer MCP to analyze spending trends
- Identify cost anomalies and unexpected charges
- Review costs by service, region, and environment
- Compare actual vs. budgeted costs
- Generate cost optimization recommendations
Cost optimization strategies:
- Right-size over-provisioned resources
- Use appropriate storage classes (S3, EBS)
- Implement auto-scaling for dynamic workloads
- Leverage Savings Plans and Reserved Instances
- Delete unused resources and snapshots
- Use cost allocation tags effectively
Budget Monitoring
Track spending against budgets:
- Use Billing and Cost Management MCP to monitor budgets
- Set up budget alerts for threshold breaches
- Review budget utilization regularly
- Adjust budgets based on trends
- Implement cost controls and governance
Monitoring and Observability Best Practices
CloudWatch Metrics and Alarms
Implement comprehensive monitoring:
- Use CloudWatch MCP to query metrics and logs
- Set up alarms for critical metrics:
- CPU and memory utilization
- Error rates and latency
- Queue depths and processing times
- API gateway throttling
- Lambda errors and timeouts
- Create CloudWatch dashboards for visualization
- Use log insights for troubleshooting
Example alarm scenarios:
- Lambda error rate > 1%
- EC2 CPU utilization > 80%
- API Gateway 4xx/5xx error spike
- DynamoDB throttled requests
- ECS task failures
Application Performance Monitoring
Monitor application health:
- Use CloudWatch Application Signals MCP for APM
- Track service-level objectives (SLOs)
- Monitor application dependencies
- Identify performance bottlenecks
- Set up distributed tracing
Container and Kubernetes Monitoring
For containerized workloads:
- Use AWS Managed Prometheus MCP for metrics
- Monitor container resource utilization
- Track pod and node health
- Create PromQL queries for custom metrics
- Set up alerts for container anomalies
Audit and Security Best Practices
CloudTrail Activity Analysis
Audit AWS activity:
- Use CloudTrail MCP to analyze API activity
- Track who made changes to resources
- Investigate security incidents
- Monitor for suspicious activity patterns
- Audit compliance with policies
Common audit scenarios:
- "Who deleted this S3 bucket?"
- "Show all IAM role changes in the last 24 hours"
- "List failed login attempts"
- "Find all actions by a specific user"
- "Track modifications to security groups"
Security Assessment
Regular security reviews:
- Use Well-Architected Security Assessment MCP
- Assess security posture against best practices
- Identify security gaps and vulnerabilities
- Implement recommended security improvements
- Document security compliance
Security assessment areas:
- Identity and Access Management (IAM)
- Detective controls and monitoring
- Infrastructure protection
- Data protection and encryption
- Incident response preparedness
Using MCP Servers Effectively
Cost Analysis Workflow
- Pre-deployment: Use Pricing MCP to estimate costs
- Post-deployment: Use Billing MCP to track actual spending
- Analysis: Use Cost Explorer MCP for detailed cost analysis
- Optimization: Implement recommendations from Cost Explorer
Monitoring Workflow
- Setup: Configure CloudWatch metrics and alarms
- Monitor: Use CloudWatch MCP to track key metrics
- Analyze: Use Application Signals for APM insights
- Troubleshoot: Query CloudWatch Logs for issue resolution
Security Workflow
- Audit: Use CloudTrail MCP to review activity
- Assess: Use Well-Architected Security Assessment
- Remediate: Implement security recommendations
- Monitor: Track security events via CloudWatch
MCP Usage Best Practices
- Cost Awareness: Check pricing before deploying resources
- Proactive Monitoring: Set up alarms for critical metrics
- Regular Reviews: Analyze costs and performance weekly
- Audit Trails: Review CloudTrail logs for compliance
- Security First: Run security assessments regularly
- Optimize Continuously: Act on cost and performance recommendations
Operational Excellence Guidelines
Cost Optimization
- Tag Everything: Use consistent cost allocation tags
- Review Monthly: Analyze spending trends and anomalies
- Right-size: Match resources to actual usage
- Automate: Use auto-scaling and scheduling
- Monitor Budgets: Set alerts for cost overruns
Monitoring and Alerting
- Critical Metrics: Alert on business-critical metrics
- Noise Reduction: Fine-tune thresholds to reduce false positives
- Actionable Alerts: Ensure alerts have clear remediation steps
- Dashboard Visibility: Create dashboards for key stakeholders
- Log Retention: Balance cost and compliance needs
Security and Compliance
- Least Privilege: Grant minimum required permissions
- Audit Regularly: Review CloudTrail logs for anomalies
- Encrypt Data: Use encryption at rest and in transit
- Assess Continuously: Run security assessments frequently
- Incident Response: Have procedures for security events
Additional Resources
For detailed operational patterns and best practices, refer to the comprehensive reference:
File: references/operations-patterns.md
This reference includes:
- Cost optimization strategies
- Monitoring and alerting patterns
- Observability best practices
- Security and compliance guidelines
- Troubleshooting workflows
CloudWatch Alarms Reference
File: references/cloudwatch-alarms.md
Common alarm configurations for:
- Lambda functions
- EC2 instances
- RDS databases
- DynamoDB tables
- API Gateway
- ECS services
- Application Load Balancers