Agent Plugins for AWS
AWS Agent Plugins let AI coding agents deploy, architect, and operate on AWS. Here's what that means for the future of DevOps.
Cloud Enthusiast working as Cloud Infrastructure Consultant. My Hobby is to build and destroy Cloud Projects for Blogs. Love to share my learning journey about DevOps, AWS and Azure.
Subscribe and Follow up with "CloudCubes".
Thank you and Happy Learning !!
Let's imagine a developer has just finished building an Express.js API. It works perfectly on their laptop. Endpoints respond, data flows, everything looks solid. Now comes the hard part: getting it onto AWS.
What should be simple quickly turns into friction, which raises Cloud/DevOps's Teams tasks with
• Choosing the right infrastructure between ECS, App Runner, or EC2
• Setting up IAM roles and networking
• Estimating costs in spreadsheets and rightsizing as per requirements
• Figuring out and writing CloudFormation, Terraform, or CDK modules before a feature reaches users.
In February 2026, AWS introduced Agent Plugins for AWS: a new way to let AI coding assistants like Claude Code and Cursor take over the heavy lifting of cloud deployment.
Instead of stitching everything together manually, you can now simply say:
“Deploy this app to AWS.”
From there, the Agent Plugin will,
• Understands your codebase
• Recommends the right AWS services
• Estimates cost before deployment
• Generates infrastructure-as-code
• And executes the deployment
All through a single, natural language interaction.
The Bigger Shift
What we’re witnessing isn’t just a new tool, it’s a fundamental shift.
The long-standing gap between “writing code” and “running code in the cloud” is collapsing in real time.
Agent Plugins don’t just reduce friction, they redefine the workflow.
And for DevOps Team and Cloud architects, this changes everything.
What exactly are AWS agent plugins?
Think of agent plugins as skill packs for your AI coding assistant. Your AI agent is smart, but it doesn't natively know the best AWS service for your specific app, the current price of App Runner per vCPU-hour, or the CDK pattern for a containerized Node backend with RDS.
An agent plugin bundles all that domain expertise into a reusable, versioned package. If your AI agent is a brilliant but generalist contractor, agent plugins are the specialist subcontractors they can now call on. The AWS plugin is your cloud architect on speed dial, available instantly, always up to date, and it never charges by the hour.
When you install the deploy-on-aws plugin, your coding agent gains:
Agent Skills: Structured deployment workflows and best practices
MCP Servers: Live AWS documentation, pricing, and IaC guidance
Hooks: Guardrails and automated validations
References: Configuration defaults and curated knowledge
Evolution of Deployments before and after Agent Plugin
Feature | Traditional Deployment | Agent Plugins for AWS |
Research | Hours of documentation deep-dives | Instant architecture recommendations |
Cost Estimation | Manual, error-prone spreadsheets | Real-time pricing via MCP server |
Infrastructure | Handwriting CloudFormation / Terraform YAML | Auto-generated CDK , Terraform Modules |
Prompting | Repeated context-pasting & manual input | Versioned skills with zero prompt bloat |
Expertise | Senior DevOps knowledge required | AWS best practices baked in |
Beyond individual productivity, this matters at the team level. Instead of every engineer independently pasting AWS guidance into prompts (with wildly different results), teams can standardize on shared plugins that encode approved patterns, security posture, and cost guardrails. Deterministic and dependency at scale, that's what architects really want.
Architecture breakdown: how it actually works
Here's the end-to-end flow
The three MCP servers powering the initial release do different jobs:
MCP Server | What it contributes |
AWS Knowledge | Architecture guidance, service docs, and best practices |
AWS Pricing | Real-time cost estimates before you commit |
AWS IaC | CDK and CloudFormation patterns and generation |
Hands-on walkthrough: from zero to deployed
Let's get practical. Here's how to go from nothing to a deployed Express.js + React + PostgreSQL app on AWS using the deploy-on-aws plugin.
Step 1 Prerequisites
Before installing, confirm you have:
Verify AWS CLI is configured $ aws sts get-caller-identity
Confirm Claude Code or Cursor is installed$ claude --version
Step 2: Install the plugin
In Claude Code:
\( /plugin marketplace add awslabs/agent-plugins \) /plugin install deploy-on-aws@awslabs-agent-plugins
In Cursor:
Open Settings → Plugins → search "aws" → click Add to Cursor.
There are other AWS Plugins available in Cursor to explore and use
Pro tip: Follow the principle of least privilege when configuring your AWS credentials. Create a scoped IAM role for the agent rather than using your root or admin credentials.
Step 3: The magic prompt
Open your project in Claude Code or Cursor and type:
Deploy this Express app to AWS
Step 4: Watch the 5-step flow execute
1 Analyze: Scans codebase: identifies Express.js, Node 20.x, PostgreSQL dependency, React build, env vars, expected traffic.
2 Recommend: Selects: App Runner (backend), RDS PostgreSQL (database), CloudFront + S3 (React frontend), Secrets Manager (credentials). With rationale for each choice.
3 Estimate: Shows live monthly cost breakdown using real AWS pricing. You see the number before anything is provisioned.
4 Generate: Produces CDK TypeScript, Dockerfile, migration scripts, env config, and a GitHub Actions CI/CD pipeline.
5 Deploy: On your confirmation, provisions all resources, deploys the container, sets up CloudFront, stores secrets, and hands you URLs + CloudWatch dashboard links.
Real-world use cases beyond "deploying an app"
Architect-level perspective: where does this fit?
Comparing Agent Plugins against the existing IaC ecosystem is a fair question. Here's how I think about it:
AWS Deployment Methodology Comparison
Tool | Best for | Learning Curve | Control Level |
Agent Plugins | Speed & onboarding | Near zero | Medium (review required) |
AWS CDK | Infrastructure at scale | Medium | High |
Terraform | Multi-cloud, enterprise IaC | High | Very high |
Manual Console | one-off tasks | Low | Full (but error-prone) |
Agent Plugins are not a Terraform replacement. They're best understood as a fast entry point. Use them to go from idea to running infrastructure quickly, then promote the generated CDK code into your standard IaC pipeline for ongoing management. Hybrid workflows will dominate.
Think of agent plugin output as a starting point, not a final commit. Run the generated CDK through your security scanning tools (Checkov, cfn-nag) and have a senior engineer review before merging to production. The plugin accelerates; human judgment validates.
Limitations and Pitfalls to watch out for
Important: AI-generated infrastructure outputs should always be reviewed before deployment against your security requirements, cost constraints, and resilience targets. The plugin is an accelerator, not an authority.
1. Blind trust in AI recommendations. The agent picks a reasonable default architecture, but it doesn't know your organization's compliance requirements, existing VPC setup, or Reserved Instance commitments. Always contextualize.
2. Skipping the cost estimate review. The plugin shows you estimated costs. Please actually read them. A misconfigured RDS Multi-AZ instance for a side project can be a nasty surprise.
3. No cost monitoring after deployment. Set up AWS Budgets alerts on day one. AI-deployed infrastructure is real infrastructure; billing doesn't care how it got there.
4. Deploying with over-privileged IAM credentials. Use a scoped IAM role with only the permissions the deployment actually needs. Least privilege always.
To Summarise
AWS is shipping more agent plugins in the coming weeks the deploy-on-aws is just the start. Think about what a full ecosystem looks like: plugins for cost optimization, security auditing, incident response, database tuning, and multi-region failover.
In two to three years, I expect "AI as DevOps co-pilot" to be the norm in Infrastructure engineering, not the exception. The interesting question isn't whether AI will write more infrastructure code, it's what the new high-value human skills will become.
Agent Plugins for AWS don't replace cloud architects, they give every developer on your team a cloud architect's first draft. What you do with that draft is still up to you.
