Can I use AWS as a CLI?

Yes. KosmoKrator exposes a AWS CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose AWS through MCP?

Yes. The KosmoKrator MCP gateway can expose selected AWS tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are AWS credentials stored?

AWS credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for AWS MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

other

AWS CLI for Headless Automation

Use the AWS CLI for headless automation with headless JSON commands, schema discovery, credentials, and permission controls.

8 functions 7 read 1 write Bearer token auth

Submit AWS feedback View package source

AWS CLI for Headless Automation

Use KosmoKrator as a non-interactive integration runtime for local automations and wrappers.

Use headless automation when another tool needs a stable local command surface. The AWS CLI uses the same integration registry as the TUI, Lua runtime, and MCP gateway, but returns predictable command output for automation.

Command Shape

# AWS CLI for Headless Automation
kosmokrator integrations:configure aws --set access_token="$AWS_ACCESS_TOKEN" --enable --read allow --write ask --json
kosmo integrations:call aws.aws_list_s3_buckets '{"region":"example_region"}' --json

Discovery Before Execution

Agents and scripts can inspect AWS docs and schemas before choosing a function.

kosmo integrations:docs aws --json
kosmo integrations:docs aws.aws_list_s3_buckets --json
kosmo integrations:schema aws.aws_list_s3_buckets --json
kosmo integrations:search "AWS" --json
kosmo integrations:list --json

Useful AWS CLI Functions

Function	Type	Parameters	Description
`aws.aws_list_s3_buckets`	Read	region	List all S3 buckets in the AWS account. Returns bucket names, creation dates, and regions.
`aws.aws_list_ec2_instances`	Read	instance_ids, filters, region	Describe EC2 instances in the AWS account. Returns instance IDs, types, states, and metadata. Supports filtering by instance IDs, states, or tags.
`aws.aws_list_lambda_functions`	Read	max_items, region	List all Lambda functions in the AWS account. Returns function names, runtimes, descriptions, and configuration.
`aws.aws_invoke_lambda`	Write	function_name, payload, invocation_type, region	Invoke an AWS Lambda function with an optional payload. Supports synchronous (RequestResponse) and asynchronous (Event) invocation modes.
`aws.aws_list_dynamodb_tables`	Read	limit, exclusive_start_table_name, region	List all DynamoDB tables in the AWS account. Returns table names and can be used with pagination to enumerate all tables.
`aws.aws_get_cloudwatch_metrics`	Read	namespace, metric_name, statistics, start_time, end_time, period, dimensions, region	Get CloudWatch metric data for AWS resources. Supports querying metrics by namespace, metric name, dimensions, and time range with configurable statistics and periods.
`aws.aws_list_sns_topics`	Read	next_token, region	List all SNS notification topics in the AWS account. Returns topic ARNs and names.
`aws.aws_get_current_user`	Read	none	Get the current IAM user identity. Returns user ARN, account ID, and user ID. Useful for verifying credentials and understanding which AWS account is being accessed.

Automation Notes

Use --json for machine-readable output.
Keep credentials out of argv by using environment variables or stored KosmoKrator configuration.
Configure read/write policy before unattended runs; use --force only for trusted automation.
Use the MCP gateway instead when the agent needs dynamic tool discovery inside a conversation.

Related AWS CLI Pages

CI AWS CLI for CI. Cron Jobs AWS CLI for cron jobs. Shell Scripts AWS CLI for shell scripts. Coding Agents AWS CLI for coding agents.