What Is Agent Toolkit for AWS?
is an open-source venture developed by AWS that helps AI coding brokers work with AWS extra reliably. With the current addition of the newly launched MCP server as a part of the Toolkit, coding brokers utilizing the Toolkit can now entry the AWS-specific context, workflows, guardrails, and instruments they should construct, deploy, debug, and function cloud techniques with out relying solely on common mannequin information, which is usually old-fashioned.
As an alternative of asking a coding agent to improvise from reminiscence, the Toolkit provides it curated, task-specific directions. These are packaged as expertise, plugins, guidelines, and an MCP server configuration.
Abilities are centered instruction packs. They information the agent by means of particular AWS duties, resembling creating an S3 Tables lakehouse desk, deploying a serverless app, debugging Lambda timeouts, connecting AWS Glue to a database, or including reminiscence to an AgentCore agent.
Plugins group associated expertise collectively. For instance, aws-core covers common AWS growth, aws-agents covers Bedrock AgentCore workflows, and aws-data-analytics covers S3 Tables, Glue, Athena, knowledge discovery, and vector storage.
Guidelines recordsdata set the agent’s default AWS behaviour. They will inform the agent to choose infrastructure-as-code, test AWS documentation when not sure, and use AWS MCP instruments when accessible.
AWS MCP Server integration gives brokers with entry to reside AWS documentation, AWS APIs, sandboxed script execution, and auditing by way of AWS-native controls.
The end result must be higher techniques, with extra resilience.
Why It Issues
Trendy coding brokers can write believable AWS CLI instructions, Terraform, CDK, Lambda handlers, Glue jobs, or IAM insurance policies. Usually, these will probably be right and usable immediately, however there’s a potential downside, and it’s the identical situation that ALL coding brokers wrestle with. Information cut-off.
When brokers are educated, they’re uncovered to the newest info accessible at the moment, however when the fashions are launched, that info is usually many months old-fashioned. For instance, OpenAI’s newest mannequin on the time of writing is GPT 5.5. It was launched in the direction of the top of April 2026, however its information cut-off knowledge was the first December 2025. And in the course of the intervening interval, new companies are launched, and present techniques, API calls, documentation, and so on., are up to date.
Cloud growth is filled with particulars which will appear small however can break actual techniques. For instance, when creating an analytics desk with Amazon S3 Tables, a generic agent may generate an Athena DDL assertion with a LOCATION clause as a result of this sample is frequent for exterior tables. However with S3 Tables, that’s improper: the service manages desk storage. The right sample is to maintain the SQL clear and go the S3 Tables catalogue by means of Athena’s question execution context.
The Agent Toolkit for AWS helps keep away from that sort of mistake. Its expertise information the agent to:
- Verify what already exists earlier than creating new assets
- Use the proper AWS APIs
- Keep away from patterns that AWS doesn’t help
- Confirm assumptions in opposition to present AWS documentation
- Produce tighter IAM insurance policies
- Run checks after making adjustments
- Observe the correct troubleshooting path when one thing breaks
That issues most in AWS work, the place the laborious half just isn’t writing code. It’s writing code that matches the particular AWS service, permissions mannequin, and working atmosphere.
Putting in Agent Toolkit in your coding agent
The agent toolkit is offered for many trendy coding brokers, resembling Claude Code, Cursor, Kiro, and VS Code. Pattern set up directions for every agent are within the AWS Toolkit repo, which I’ll hyperlink to on the finish of the article.
My favorite coding agent to make use of proper now could be Codex, in order that’s what I’ll use in my instance. Set up that first if you wish to comply with alongside.
To put in the Toolkit for Codex, kind the next right into a terminal window,
$ codex plugin market add aws/agent-toolkit-for-awsSubsequent, open the Codex app and sort the next.
/pluginsRelying on what you’ll have beforehand put in, it is best to see one thing like this.
AI Brokers on AWS
AWS Core
AWS Information Analytics
Browser
Paperwork
Shows
SpreadsheetsMeaning all of the required AWS-related plugins can be found on your agent to make use of. Bear in mind, for those who run into any points, simply ask your coding agent to repair them.
Utilizing the Toolkit together with your coding agent
That is the straightforward half, as you actually simply inform Codex in English what you wish to obtain.
For my instance, I needed to:
- Create an Iceberg orders desk utilizing Amazon S3 Tables
- Ingest order knowledge from a JDBC supply with AWS Glue
- Validate and question the iceberg desk with Athena.
This may look like a reasonably easy request, however once you break it down, it’s much more concerned than you suppose. For starters, I don’t have an present JDBC knowledge supply, so I additionally needed to ask Codex to create an RDS database first and populate it with some dummy knowledge. That alone spawns a bunch of different necessities, since my RDS database desk is non-public, I wanted a VPC, safety teams, IAM permissions, and so on.
You get the purpose, and this will probably be a well known situation with anybody studying this who makes use of AWS in anger. Even a reasonably easy AWS system normally requires a fancy setup, as it’s important to account for safety, authorisation, and permissions.
However as you will notice, the AWS Toolkit does all of the heavy lifting for us.
Be aware: Agent Toolkit for AWS runs inside your coding-agent atmosphere. When it wants to examine, create or or change AWS assets, it makes use of the AWS credentials configured in that atmosphere. For native growth, that normally means AWS CLI credentials, SSO, or atmosphere variables, so make sure that one or different of those strategies is about up earlier than you begin
To get began, I fired up my Codex utility and typed within the following:
Create an Iceberg orders desk utilizing Amazon S3 Tables, ingest order knowledge
from a JDBC supply with AWS Glue, and validate the desk with Athena.
The very first thing to do is about up a personal JDBC supply for the above with all
required VPC, networking and safety infrastructure. Populate the JDBC supply
with pattern knowledge,then every little thing elseAfter that, the agent simply… sort of will get on with it. Listed here are a few of the outputs it produced for me. I gained’t embrace all of them, because it was a reasonably lengthy checklist
Labored for 32m 49s
I will use the AWS Information Analytics expertise for the JDBC supply, S3 Tables/Iceberg
desk creation, ingestion, and Athena validation. I am first checking the
workspace form so the implementation matches what's already right here.
The present workspace already has an aws-data-lake listing, so I am
inspecting it earlier than deciding whether or not to increase it or create a separate
deployment bundle. I additionally have to confirm native AWS tooling and credentials
earlier than any actual AWS assets could be created.
...
...
...
Applied recordsdata:
orders-private-jdbc-source.yaml: VPC, non-public Aurora PostgreSQL supply,
NAT/S3 endpoint, safety teams, Glue connection/job, IAM roles, seed knowledge
customized useful resource.
glue_orders_jdbc_to_s3tables.py: Glue 5.1 JDBC-to-S3-Tables ingestion script.
deploy-orders-end-to-end.ps1: deploys stack, uploads Glue script, grants
Lake Formation permissions, runs Glue, validates Athena.
README.md: up to date runbook and validation outcomes.
Validation accomplished:
CloudFormation stack: orders-private-jdbc-source
Glue job: orders-lake-jdbc-to-s3tables-orders
Profitable Glue run: jr_a5c6e33544a452a107429f0f7613d5522d8f145062fbb40ad77507529a26263c
Goal desk: s3tablescatalog/mytablebucket.retail.orders
Athena row depend: 6
Athena date vary: 2026-04-01 to 2026-05-03
Athena pattern rows returned ord-1001 by means of ord-1005
...
...The entire course of was very complete and took simply over half-hour from begin to end.
However did it work?
Sure, and right here’s the proof.
Cloudformation
That is the service that AWS makes use of to automate the creation of all assets wanted to construct a specific system. It’s a single supply of reality as to what was truly achieved. We will use the AWS CLI to test what CloudFormation did.
aws cloudformation describe-stacks --stack-name orders-private-jdbc-source --region us-east-2 --query "Stacks[0].StackStatus" --output textual content
# Output
UPDATE_COMPLETEWe will additionally get a full checklist of all of the companies and assets that CloudFormation constructed on our behalf. I’ve proven the command for this beneath, however please observe I’ve prettified its output to make it extra readable.
aws cloudformation list-stack-resources --stack-name orders-private-jdbc-source --region us-east-2 --output desk
# Modified Output
+------------------------------------------------------+-------------------------------+-----------------+
| Service Deployed | ResourceType | ResourceStatus |
+------------------------------------------------------+-------------------------------+-----------------+
| S3 bucket (artifact/scripts bucket) | AWS::S3::Bucket | CREATE_COMPLETE |
| Safety group rule (ingress) | AWS::EC2::SecurityGroupIngress | CREATE_COMPLETE |
| Secrets and techniques Supervisor secret (DB credentials) | AWS::SecretsManager::Secret | CREATE_COMPLETE |
| Safety group (database SG) | AWS::EC2::SecurityGroup | CREATE_COMPLETE |
| RDS DB subnet group (Aurora subnets) | AWS::RDS::DBSubnetGroup | CREATE_COMPLETE |
| IAM position (Glue job execution position) | AWS::IAM::Position | UPDATE_COMPLETE |
| Safety group (Glue/Spark SG) | AWS::EC2::SecurityGroup | CREATE_COMPLETE |
| Safety group rule (egress) | AWS::EC2::SecurityGroupEgress | CREATE_COMPLETE |
| Safety group rule (ingress) | AWS::EC2::SecurityGroupIngress | CREATE_COMPLETE |
| Safety group rule (egress) | AWS::EC2::SecurityGroupEgress | CREATE_COMPLETE |
| Web Gateway (VPC IGW) | AWS::EC2::InternetGateway | CREATE_COMPLETE |
| IAM position (Lake Formation / S3 Tables entry position) | AWS::IAM::Position | CREATE_COMPLETE |
| Elastic IP (for NAT Gateway) | AWS::EC2::EIP | CREATE_COMPLETE |
| NAT Gateway | AWS::EC2::NatGateway | CREATE_COMPLETE |
| Aurora DB cluster (PostgreSQL) | AWS::RDS::DBCluster | CREATE_COMPLETE |
| Aurora DB occasion (author/occasion) | AWS::RDS::DBInstance | CREATE_COMPLETE |
| Glue job (JDBC -> S3 Tables ingestion) | AWS::Glue::Job | CREATE_COMPLETE |
| Glue JDBC connection (to Aurora/Postgres) | AWS::Glue::Connection | CREATE_COMPLETE |
| Route (non-public default route, sometimes to NAT) | AWS::EC2::Route | CREATE_COMPLETE |
| Route desk (non-public) | AWS::EC2::RouteTable | CREATE_COMPLETE |
| Subnet (non-public subnet 1) | AWS::EC2::Subnet | CREATE_COMPLETE |
| Route desk affiliation (non-public subnet 1) | AWS::EC2::SubnetRouteTableAssoc| CREATE_COMPLETE |
| Subnet (non-public subnet 2) | AWS::EC2::Subnet | CREATE_COMPLETE |
| Route desk affiliation (non-public subnet 2) | AWS::EC2::SubnetRouteTableAssoc| CREATE_COMPLETE |
| Route (public default route, sometimes to IGW) | AWS::EC2::Route | CREATE_COMPLETE |
| Route desk (public) | AWS::EC2::RouteTable | CREATE_COMPLETE |
| Subnet (public subnet 1) | AWS::EC2::Subnet | CREATE_COMPLETE |
| Route desk affiliation (public subnet 1) | AWS::EC2::SubnetRouteTableAssoc| CREATE_COMPLETE |
| VPC endpoint (S3 Gateway Endpoint) | AWS::EC2::VPCEndpoint | CREATE_COMPLETE |
| Customized useful resource (seed orders knowledge step) | Customized::SeedOrdersData | CREATE_COMPLETE |
| Lambda perform (seeds pattern orders into DB) | AWS::Lambda::Operate | CREATE_COMPLETE |
| IAM position (Lambda execution position for seeding) | AWS::IAM::Position | CREATE_COMPLETE |
| VPC | AWS::EC2::VPC | CREATE_COMPLETE |
| VPC gateway attachment (connect IGW to VPC) | AWS::EC2::VPCGatewayAttachment | CREATE_COMPLETE |
+------------------------------------------------------+-------------------------------+-----------------+
I gained’t go over ALL the companies that have been created, however here’s a checklist of an important ones with verification.
VPC and networking
A VPC is like having your individual mini community inside the AWS ecosystem. Scaffolded round which might be companies like CIDR addresses, routing tables, subnets, and safety teams, which management which assets have entry to the VPC. Let’s see what was created.
aws ec2 describe-vpcs --region us-east-2 --query "Vpcs[?Tags[?Key=='aws:cloudformation:stack-name' && Value=='orders-private-jdbc-source']].[VpcId,CidrBlock]" --output desk
-------------------------------------------
| DescribeVpcs |
+------------------------+----------------+
| vpc-0165f765ce1af50c0 | 10.40.0.0/16 |
+------------------------+----------------+
aws ec2 describe-subnets --region us-east-2 --query "Subnets[?Tags[?Key=='aws:cloudformation:stack-name' && Value=='orders-private-jdbc-source']].[SubnetId,VpcId,CidrBlock,AvailabilityZone,MapPublicIpOnLaunch]" --output desk
-----------------------------------------------------------------------------------------------
| DescribeSubnets |
+---------------------------+-------------------------+----------------+-------------+--------+
| subnet-0a9e1bbeeb1e7f53d | vpc-0165f765ce1af50c0 | 10.40.11.0/24 | us-east-2b | False |
| subnet-07dc3d0e99f09cdc4 | vpc-0165f765ce1af50c0 | 10.40.0.0/24 | us-east-2a | True |
| subnet-0c640ae5d30fe00e9 | vpc-0165f765ce1af50c0 | 10.40.10.0/24 | us-east-2a | False |
+---------------------------+-------------------------+----------------+-------------+--------+
aws ec2 describe-security-groups --region us-east-2 --query "SecurityGroups[?Tags[?Key=='aws:cloudformation:stack-name' && Value=='orders-private-jdbc-source']].[GroupId,GroupName,VpcId]" --output desk
--------------------------------------------------------------------------------------------------------------------
| DescribeSecurityGroups |
+----------------------+-----------------------------------------------------------------+-------------------------+
| sg-0c56c3639a47dcbdb| orders-private-jdbc-source-DatabaseSecurityGroup-ZS9C0AJXzASB | vpc-0165f765ce1af50c0 |
| sg-0f1c55c20ebbf7acf| orders-private-jdbc-source-GlueSecurityGroup-XvKHWvTsRuap | vpc-0165f765ce1af50c0 |
+----------------------+-----------------------------------------------------------------+-------------------------+
IAM Roles
Id and Entry Administration (IAM) is a vital a part of AWS safety. It controls who and what has entry to which companies in AWS.
aws cloudformation list-stack-resources --stack-name orders-private-jdbc-source --region us-east-2 --query "StackResourceSummaries[?ResourceType=='AWS::IAM::Role' || ResourceType=='AWS::IAM::Policy'].[LogicalResourceId,ResourceType,PhysicalResourceId,ResourceStatus]" --output desk
# Output
----------------------------------------------------------------------------------------------------------------------------------------
| ListStackResources |
+---------------------------+-----------------+--------------------------------------------------------------------+-------------------+
| GlueJobRole | AWS::IAM::Position | orders-private-jdbc-source-GlueJobRole-7cOVpk9zf1nf | UPDATE_COMPLETE |
| LakeFormationS3TablesRole| AWS::IAM::Position | orders-private-jdbc-sourc-LakeFormationS3TablesRole-4NKeHFJ0VwBh | CREATE_COMPLETE |
| SeedOrdersFunctionRole | AWS::IAM::Position | orders-private-jdbc-source-SeedOrdersFunctionRole-LPniYBvOU4jt | CREATE_COMPLETE |
+---------------------------+-----------------+--------------------------------------------------------------------+-------------------+
We will see that the suitable roles have been created to allow us to create an S3 desk, populate our RDS database with knowledge utilizing a Lambda perform, and populate our S3 desk from the RDS database utilizing a Glue job.
RDS Database
This was created as an preliminary knowledge supply for our iceberg desk on S3. After creation, the database desk was seeded with dummy knowledge utilizing a Lambda perform.
The Lambda perform
This was used to “seed” the RDS database with dummy knowledge for ahead propagation to the S3 desk. I gained’t present the code, however the perform itself was round 70 strains of Python.
aws cloudformation list-stack-resources --stack-name orders-private-jdbc-source --region us-east-2 --query "StackResourceSummaries[?ResourceType=='AWS::Lambda::Function'].[LogicalResourceId,PhysicalResourceId,ResourceStatus]" --output desk
# Output
---------------------------------------------------------------------------------------------------------
| ListStackResources |
+--------------------+--------------------------------------------------------------+-------------------+
| SeedOrdersFunction| orders-private-jdbc-source-SeedOrdersFunction-aDuplePymvWQ | CREATE_COMPLETE |
+--------------------+--------------------------------------------------------------+-------------------+An Iceberg desk on S3
Our final purpose was to provide an iceberg desk on S3 that we might use to retailer, manipulate and analyse knowledge. The screenshot beneath reveals the desk knowledge, which precisely mirrors the supply knowledge within the RDS database.
Athena
It’s no good having an S3 desk with knowledge until we will question, replace or delete that knowledge. That’s precisely what AWS’s Athena service means that you can do. Sadly, I did come throughout a difficulty when attempting to make use of Athena initially. After I checked the Athena console, I couldn’t see the brand new S3 desk within the checklist of databases and tables, so I couldn’t question it. Nevertheless, after just a little little bit of forwards and backwards with Codex, it will definitely discovered this:
The important thing mismatch is now clear: database/desk permissions are current, however
catalog-level Lake Formation permissions are empty. AWS's Athena S3 Tables
docs say the Athena principal additionally wants permissions on the S3 Tables catalog
itself. I'll grant ALL on xxxxxxxxxxxx:s3tablescatalog/mytablebucket
to the basis consumer, then confirm it.After that, entry was high quality.
aws athena list-data-catalogs --region us-east-2 --output desk
# Output
---------------------------------------------------------
| ListDataCatalogs |
+-------------------------------------------------------+
|| DataCatalogsSummary ||
|+-------------------------+-------------------+-------+|
|| CatalogName | Standing | Kind ||
|+-------------------------+-------------------+-------+|
|| AwsDataCatalog | CREATE_COMPLETE | GLUE ||
|| mytablebucket_s3tables | CREATE_COMPLETE | GLUE ||
|+-------------------------+-------------------+-------+|
And I used to be capable of question the desk within the Athena console.
Glue & Spark
Glue is AWS’s ETL instrument and has two principal functions. It may catalogue knowledge sources, making them accessible to different AWS companies resembling Athena. Glue may use Spark or Pandas to learn knowledge sources (resembling RDS databases) and use any knowledge it finds to create and populate knowledge shops on different companies, resembling S3 tables and objects.
aws glue get-connection --name orders-lake-orders-aurora-postgres --region us-east-2 --output json
# Output
{
"Connection": {
"Identify": "orders-lake-orders-aurora-postgres",
"Description": "Personal Aurora PostgreSQL orders supply for S3 Tables ingestion.",
"ConnectionType": "JDBC",
"ConnectionProperties": {
"JDBC_ENFORCE_SSL": "false",
"JDBC_CONNECTION_URL": "jdbc:postgresql://orders-private-jdbc-source-ordersdbcluster-wxxm5ygu3dig.cluster-chfygkamm03d.us-east-2.rds.amazonaws.com:5432/ordersdb",
"SECRET_ID": "arn:aws:secretsmanager:us-east-2:XXXXXXXXXXXX:secret:DatabaseSecret-AYWd1SzbgdsG-3K7a0X"
},
"PhysicalConnectionRequirements": {
"SubnetId": "subnet-0c640ae5d30fe00e9",
"SecurityGroupIdList": [
"sg-0f1c55c20ebbf7acf"
],
"AvailabilityZone": "us-east-2a"
},
"CreationTime": "2026-05-08T21:27:26.593000+01:00",
"LastUpdatedTime": "2026-05-08T21:27:26.593000+01:00",
"LastUpdatedBy": "consumer/administrator",
"ConnectionSchemaVersion": 1
}
}Codex additionally generated the Spark code in Glue to load knowledge from the RDS database into Iceberg. I gained’t present the entire code, because it’s virtually 100 strains, however right here’s a snippet.
import sys
from datetime import datetime, timezone
import boto3
from awsglue.context import GlueContext
from awsglue.job import Job
from awsglue.utils import getResolvedOptions
from pyspark.context import SparkContext
from pyspark.sql.features import col, lit, to_date
args = getResolvedOptions(
sys.argv,
[
"JOB_NAME",
"connection_name",
"source_table",
"target_table",
"watermark_bucket",
"watermark_key",
],
)
sc = SparkContext()
...
...
...
row_count = changed_df.depend()
print(f"Discovered {row_count} modified rows")
if row_count > 0:
orders_df = changed_df.choose(
col("order_id").solid("string").alias("order_id"),
col("customer_id").solid("string").alias("customer_id"),
to_date(col("order_date")).alias("order_date"),
col("standing").solid("string").alias("standing"),
col("quantity").solid("double").alias("quantity"),
col("updated_at").solid("timestamp").alias("updated_at"),
lit(datetime.now(timezone.utc)).solid("timestamp").alias("load_timestamp"),
)
orders_df.writeTo(args["target_table"]).append()
new_watermark = changed_df.agg({"updated_at": "max"}).accumulate()[0][0]
s3.put_object(
Bucket=args["watermark_bucket"],
Key=args["watermark_key"],
Physique=str(new_watermark),
)
print(f"Up to date watermark to {new_watermark}")
else:
print("No new rows to ingest")
job.commit()Different concerns when utilizing the AWS toolkit
1/ Limiting the agent’s entry to sure AWS companies.
The Toolkit’s AWS MCP server makes use of your default IAM permissions to create and entry AWS companies. If you wish to prohibit entry to sure AWS companies, you may have a number of selections.
a) Two world situation context keys are mechanically added to all requests made by means of the AWS MCP Server:
- aws:ViaAWSMCPService – Set to true for any request that passes by means of an AWS-managed MCP server.
- aws:CalledViaAWSMCP – Incorporates the service principal of the particular AWS-managed MCP server (for instance, aws-mcp.amazonaws.com).
You need to use these context keys in your IAM insurance policies to permit or deny actions initiated by means of any AWS-managed MCP server. For instance, let’s say you needed to disclaim the MCP server the power to delete S3 buckets or objects. You might use this coverage,
{
"Impact": "Deny",
"Motion": ["s3:DeleteBucket", "s3:DeleteObject"],
"Useful resource": "*",
"Situation": {
"StringEquals": {
"aws:CalledViaAWSMCP": "aws-mcp.amazonaws.com"
}
}
}b) Another choice is to create a devoted position for the AWS toolkit. Connect no matter restricted insurance policies you wish to that position, then create a named AWS CLI profile for it utilizing the aws configure command.
Then, earlier than beginning your coding agent (e.g., Codex), set the AWS_PROFILE atmosphere variable to your new Codex-only profile identify.
2/ Observability
Monitoring the AWS Agent Toolkit is primarily achieved by means of the AWS MCP Server, because it’s the managed part that receives instrument calls and performs AWS actions. As such, the 2 principal AWS companies used for monitoring are the identical ones used for many different AWS companies – CloudWatch and CloudTrail.
The AWS MCP Server mechanically publishes metrics to CloudWatch within the AWS-MCP namespace. You’ll be able to see:
- Invocation: what number of instances a instrument was referred to as
- Success: profitable instrument calls
- UserError: client-side errors, typically IAM denied actions or dangerous parameters
- SystemError: server-side failures
- Throttle: throttled requests
CloudTrail information the precise AWS API calls made in your account. That is the place you’ll be able to test:
- Who made the decision
- What API was referred to as
- When it occurred
- The supply IP
- The assumed position or IAM principal
- Whether or not the motion succeeded or failed
Conclusion
When you’re a knowledge engineer, knowledge architect or a DevOps specialist, utilizing the AWS Toolkit is an actual boon. By the plug-ins and instruments it gives, you’ll be able to entry all AWS companies and over 15,000 API calls.
In brief, when used with a coding agent, the AWS toolkit can,
- Create AWS assets, write code, and deploy apps. The toolkit helps it select the correct companies and comply with AWS finest practices.
- Get entry to up-to-date AWS docs, APIs, and repair particulars.
- For complicated duties resembling IAM insurance policies, knowledge pipelines, or serverless apps, the agent follows examined, documented AWS workflows somewhat than guessing.
- Your agent may help examine failed deployments, errors, or price spikes through the use of AWS logs, metrics, stack standing, and troubleshooting steerage.
- You’ll be able to monitor agent exercise, management entry with IAM, and set guardrails resembling read-only entry or blocking particular AWS actions.
- Work with many various coding brokers which might be MCP-compatible, together with Claude Code, Cursor, Codex, Kiro, Windsurf, and so on.
Nevertheless, as the problem I confronted with my Athena set-up reveals, the Toolkit, while a fantastic time-saver, isn’t infallible, so, as with all agentic outputs, test your work earlier than placing something into manufacturing.
For extra info on the Agent Toolkit for AWS, try the official GitHub repo.
